This week's roundup of all the cloud news.
Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 20th August 2021.
To stay in the loop, make sure you subscribe on the right - There's a new newsletter series starting later this year that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
You can now hibernate Amazon EC2 C5d, M5d, and R5d Instances. Hibernation allows you to pause your EC2 Instances and resume them at a later time, rather than fully terminating and restarting them. Resuming your instance lets your applications continue from where they left off so that you don’t have to restart your OS and application from scratch. Hibernation is useful for cases where rebuilding application state is time-consuming (e.g., developer desktops) or an application’s start-up steps can be prepared in advance of a scale-out.
Starting this week, you can split your shared costs within your AWS Cost Categories by defining Split Charge rules. AWS Cost Categories enables you to group your cost and usage information into meaningful categories based on dimensions such as accounts, tags, services, charge types, and even other Cost Categories. Every organization has a set of costs that are shared by multiple teams, business units, or financial owners, for instance, data transfer costs, enterprise support, or operational costs of a central infrastructure team. These costs are not directly attributable to a single owner, and so cannot be categorized into a singular Cost Category value. With Split Charge rules, you can now equitably allocate these costs across your Cost Category values.
EC2 VM IMPORT/EXPORT NOW SUPPORTS MIGRATION OF VIRTUAL MACHINES WITH UNIFIED EXTENSIBLE FIRMWARE INTERFACE (UEFI) BOOT TO AWS
EC2 VM Import/Export now supports migration of virtual machines that use Unified Extensible Firmware Interface (UEFI) boot. UEFI is a modern firmware that initializes your operating system. You can now use EC2 VM Import/Export APIs to bring your UEFI based virtual machines directly to AWS EC2 without converting to legacy BIOS.
AWS Managed Services (AMS) Accelerate Operations Plan is now available in the AWS Europe (Stockholm) Region
Amazon Managed Services (AMS) Accelerate Operations Plan now supports the AWS Europe (Stockholm) region. AMS Accelerate provides operational services including monitoring, incident management, security, patch, and backup to help you with day-to-day operations management of AWS resources so that your teams can focus on business transformation in the cloud.
Amazon MemoryDB for Redis is a new Redis-compatible, durable, in-memory database service that delivers ultra-fast performance. It is purpose-built for modern applications with microservices architectures. Amazon MemoryDB is compatible with Redis, a popular open source data store, enabling customers to quickly build applications using the same flexible and friendly Redis data structures, APIs, and commands that they already use today. With Amazon MemoryDB, all of your data is stored in memory, which enables you to achieve microsecond read and single-digit millisecond write latency and high throughput.
This week AWS were excited to announce that Amazon SageMaker notebook instance supports Amazon Linux 2. You can now choose Amazon Linux 2 for your new Amazon SageMaker notebook instance to take advantage of the latest update and support provided by Amazon Linux 2.
This week, AWS were pleased to announce AWS Glue version 3.0, a new version of AWS Glue Spark for your batch and streaming jobs that accelerates your data integration workloads in AWS. AWS Glue 3.0 introduces a performance-optimized Spark runtime that includes optimizations from AWS Glue and Amazon EMR, and is based on open-source Apache Spark 3.1.1 . The AWS Glue 3.0 runtime optimizes both read and write access to Amazon Simple Storage Service (Amazon S3), using faster vectorized readers and Amazon S3 optimized output committers. It also optimizes access to the AWS Glue Data Catalog with the use of partition predicates. For highly partitioned datasets, Glue 3.0 improves the execution speed by filtering out unnecessary partitions using partition indexes . AWS Glue 3.0 runtime is also fully integrated with AWS Lake Formation, so you can secure your data access in different granularities like database-, table-, column-, row-, and cell-level access control using resource names and AWS Lake Formation tag based access control . With AWS Glue 3.0, we also bring in new capabilities to improve user experience for monitoring, debugging, and tuning Spark applications. Spark 3.1.1 enables an improved Spark UI experience that includes new Spark executor memory metrics and Spark Structured Streaming metrics that are useful for AWS Glue streaming jobs. Similar to AWS Glue 2.0, AWS Glue 3.0 reduces startup latency and improve the overall job completion times.
AWS IoT Analytics is now available in the Asia Pacific (Mumbai) AWS Region, extending the footprint to 9 AWS Regions.
AWS Security Hub adds 18 new controls to its Foundational Security Best Practices standard and 8 new partners for enhanced cloud security posture monitoring
AWS Security Hub has released 18 new controls for its Foundational Security Best Practice standard to enhance customers’ cloud security posture monitoring. These controls conduct fully-automatic checks against security best practices for Amazon API Gateway, Amazon EC2, Amazon ECS, Elastic Load Balancing, Amazon Elasticsearch Service, Amazon RDS, Amazon Redshift, and Amazon SQS. If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these controls are enabled by default. Security Hub now supports 159 security controls to automatically check your security posture in AWS.
Amazon Connect Customer Profiles is now HIPAA (Health Insurance Portability and Accountability Act) eligible. Customer Profiles is designed to automatically bring together customer information from multiple applications and surface it to a contact agent at the moment they begin interacting with a customer. HIPAA eligibility means you can use Customer Profiles to provide agents with the Protected Health Information (PHI) data they need to resolve your customers’ questions or inquiries. You can ingest data from electronic health records (EHR) systems such as Epic, Cerner, and Siemens using Amazon S3 data connectors between EHR systems and Customer Profiles. Amazon Connect has been HIPAA eligible since 2017. Amazon Connect Customer Profiles is also ISO, IRAP certified.
Amazon WorkSpaces Renews Windows Desktop Experience with Windows Server 2019 bundles and 64-bit Microsoft Office 2019
Amazon WorkSpaces now offers new bundles powered by Windows Server 2019, providing a Windows 10 desktop experience along with a 64-bit Microsoft Office 2019 Professional Plus bundle option. The feature brings a refreshed Windows 10 desktop experience, and enables customers to run applications that require recent Windows versions.
AMAZON CODEGURU PROFILER EXTENDS VISUALIZATIONS CAPABILITY WITH A NEW COMPARE OPTION FOR APPLICATION PROFILE
Amazon CodeGuru is a developer tool powered by machine learning that provides intelligent recommendations for improving code quality and identifying an application’s most expensive lines of code. Developers can use Amazon CodeGuru Profiler to understand the runtime behavior of their applications, identify and remove code inefficiencies, improve performance, and significantly decrease compute costs.
NEW RELEASE OF AWS IOT DEVICE SDK FOR EMBEDDED C SIMPLIFIES AUTHENTICATION AND PROVISIONING OF IOT DEVICES
AWS IoT Device SDK for Embedded C (C-SDK) release 202108.00 includes the AWS SigV4 library and a refactored AWS IoT Fleet Provisioning client library for IoT applications. This release makes it easier for developers using C-SDK to authenticate inbound API requests to AWS services from IoT devices running HTTP, and provision IoT devices that do not have unique certificates.
AWS Transfer Family expands compatibility for FTPS/FTP clients and increases limit for number of servers
AWS Transfer Family now supports configuring a client side externally accessible IP address on an FTPS/FTP server, allowing clients behind a firewall or a NAT router to connect to the server. Additionally, customers can now easily scale up their workloads by creating up to 50 servers within AWS Transfer Family in a single AWS account and region, a fivefold increase in the previously supported limit of 10 servers.
AWS Systems Manager Fleet Manager, a capability in AWS Systems Manager (SSM) that helps you streamline and scale your remote server management processes, now offers the ability to generate at-a glance reporting on your SSM Managed Instances. The new feature enables you to customize the Fleet Manager information panel in which you can view alerts, status, and details of managed instances and download it for local viewing and analysis.
Amazon EC2 customers can now use ED25519 keys for authentication during instance connectivity operations
Starting this week, AWS customers can use ED25519 keys to prove their identity when connecting to EC2 instances. ED25519 is an elliptic curve based public-key system commonly used for SSH authentication.
AWS Elastic Beanstalk now supports Capacity Rebalancing for Amazon EC2 Auto Scaling groups (ASG) . This feature reduces Spot Instance interruptions to customers’ applications. When enabled, ASG Capacity Rebalancing is designed to automatically attempt to replace Spot Instances in an Auto Scaling group before they are interrupted.
AWS Directory Service now supports smart card authentication with AD Connector for Amazon WorkSpaces in 5 additional AWS Regions
Starting this week, you can use Common Access Card (CAC) and Personal Identity Verification (PIV) smart cards to authenticate users into Amazon WorkSpaces through your self-managed Active Directory (AD) and AWS Directory Service AD Connector in US East (Northern Virginia), US West (Oregon), Europe (Ireland), Asia Pacific (Tokyo), and Asia Pacific (Sydney) Regions. Additionally, you can now use the AWS Management Console to configure smart card authentication with AWS Directory Service. Previously, smart card authentication with AD Connector for Amazon WorkSpaces was only supported in the AWS GovCloud (US-West) Region and could only be configured through the AWS Directory Service API or CLI.
Amazon RDS for SQL Server now includes enhancements to the Auto Minor Version Upgrade feature for Amazon RDS for SQL Server database instances. Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available.
Amazon Web Services (AWS) announces the general availability of Amazon EC2 M6i instances, expanding the 6th generation EC2 instance portfolio to include x86-based compute options. Designed to provide a balance of compute, memory, storage, and network resources, M6i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances. M6i instances are powered by 3rd generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz, offer up to 15% better compute price performance over M5 instances, and always-on memory encryption using Intel Total Memory Encryption (TME). These instances are SAP-Certified and are ideal for workloads such as web and application servers, back-end servers supporting enterprise applications (e.g. Microsoft Exchange Server and SharePoint Server, SAP Business Suite, MySQL, Microsoft SQL Server, and PostgreSQL databases), gaming servers, caching fleets, as well as for application development environments.
AWS Lambda now supports Python 3.9 as both a managed runtime and a container base image. You can now author AWS Lambda functions in Python 3.9 and use its new features, such as support for TLS 1.3, new string and dictionary operations, and improved time zone support. Python 3.9 also includes performance optimizations that you can benefit from without making any code changes. For more information on Lambda’s support for Python 3.9, see our blog post at Python 3.9 runtime now available in AWS Lambda.
Google Cloud Releases and Updates
Java - Upgraded Jetty to version 9.4.43.v20210629
Node.js - The NodeJS 16 runtime for App Engine standard environment is now available in Public Preview.
Anthos cluster on bare metal
Anthos clusters on bare metal 1.7.3 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.7.3 runs on Kubernetes 1.19.
Google Cloud Armor integration with reCAPTCHA Enterprise is now available in Public Preview. See the Cloud Armor bot management overview and the Overview of reCAPTCHA Enterprise for WAF and Google Cloud Armor integration.
Users can now configure triggers that only execute a build when granted approval by a set of users. To learn how to create a trigger gated by approval, see Creating and managing triggers. To learn how to approve a build, see Approving builds.
Cloud Code Extension updated to v1.13.1
Updates includes a simplified combined Kubernetes Explorer and GKE Explorer experience, Managed Cloud SDK performance improvements, as well as improved Cloud Run local development webview. Review the Cloud Code release notes for a complete list of features/updates/bug fixes.
Cloud Shell Editor is now built with Theia 1.16.0
Review the Theia release notes for a complete list of features/updates/bug fixes.
Cloud Shell Editor Built-in Extensions Updated to 1.45.1
All built-in VS Code Extensions used by the Cloud Shell Editor have been updated to 1.45.1 to incorporate upstream changes.
The Flutter SDK now comes preinstalled in Cloud Shell.
Visit the Flutter Docs or simply enter
flutter in Cloud Shell to get started.
.Net 5.0 now comes preinstalled in Cloud Shell.
Checkout the dotnet-five documentation for more details.
Released Query Optimizer version 3. Query Optimizer v3 is currently set to off by default in production.
Cloud SQL for MySQL, PostgreSQL, SQL Server
MySQL 5.7.33 has been upgraded to 5.7.34.
Cloud SQL now offers faster maintenance, with connectivity dropping for less than 30 seconds on average.
Preview: Manually live migrate VMs from one host to another. For more information, see Manually live migrate sole-tenant VMs.
A simplified GKE API for configuring which logs and metrics are collected and sent to Cloud Logging and Cloud Monitoring is now available. The
gcloud container clusters create,
gcloud container clusters create-auto, and
gcloud container clusters update commands now support the
For example, to collect both system and workload logs in an existing cluster, use
gcloud container clusters update --logging=SYSTEM,WORKLOAD. Or, to create a new cluster with no metrics collected, use
gcloud container clusters create --monitoring=NONE.
These flags are available in Google Cloud SDK version 352.0.0 and later.
Microsoft Azure Releases And Updates
This feature helps administrators control costs through the automatic tiering and deletion of blobs via tiering including when the data was last read.
React to rehydration events on Azure Archive Storage with Azure Event Grid.
Take advantage of VM sizes that are now available when creating your Batch pools.
Start using the Azure Monitor agent instead of the Log Analytics agent before 31 August 2024.
Move to GPU accelerated virtual machines by 31 August 2022.
Simplify name resolution to your AKS clusters without compromising your Kubernetes API server security.
Secure your static web apps with Private Endpoints by limiting exposure to the public internet.
This new capability enables mounting Azure Storage as a network share in a built-in Linux container or a custom Linux container deployed to App Service for Linux.
Azure Kubernetes Service (AKS) users can now benefit from enhancements and capabilities in Kubernetes 1.21.
You can now access resource topology views and pre-built monitoring workbooks for Private Link, NAT Gateway, Public IP, and NIC resources in Azure, via Network Insights.
Natively leverage storage systems in Kubernetes using Container Storage Interface storage drivers.
Application Insights, an Application Performance Management (APM) observability feature of Azure Monitor, is announcing the release of several key features including .NET on Linux auto-instrumentation for .NET Core 3.1, .NET5, and preview of .NET6, including support for self-contained and framework-dependent deployments.
PgBouncer, a popular connection pooler for Postgres, is now part of the Azure Database for PostgreSQL - Hyperscale (Citus) managed service.
The restart server group capability is now available for Hyperscale (Citus) on Azure Database for PostgreSQL, a managed service running the Postgres open-source database on Azure.
Continuous backup mode for the Core (SQL) API and Azure Cosmos DB API for MongoDB feature means you can now perform your own granular restore capabilities.
AZURE DATABASE FOR POSTGRESQL | SCHEDULED MAINTENANCE FOR HYPERSCALE (CITUS) NOW GENERALLY AVAILABLE
Now Hyperscale (Citus) supports custom maintenance schedules with Azure Database for PostgreSQL, a managed service running the open source Postgres database.
Included with Citus 10, columnar compression is now supported in the Hyperscale (Citus) option in Azure Database for PostgreSQL, a managed service running the open source Postgres database on Azure.
Azure Database for PostgreSQL - Hyperscale (Citus): Same region read replicas now generally available
Now you can create read replicas of your Hyperscale (Citus) server group for enhanced read scalability with Azure Database for PostgreSQL, a managed service running the open source Postgres database.
Create Azure Database for PostgreSQL - Hyperscale (Citus) server groups with Postgres 12 and Postgres 13, in addition to previously supported Postgres 11.
The support of Citus 10, with columnar storage and more, is now included in Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open source Postgres database on Azure.
You can now provision Azure Database for PostgreSQL - Flexible Server in five new regions
You can now run Hyperscale (Citus) on a single node with Hyperscale (Citus) Basic for Azure Database for PostgreSQL, a managed service running the open source Postgres database.
The public preview Azure Database for MySQL - Flexible Server (Preview) is now supported in eight additional regions.
Choose your standby server zone location for Azure Database for MySQL – Flexible Server.
Azure Database for MySQL – Flexible Server enables users to monitor burstable credits using Azure monitor.
Flexible Server enables users to monitor burstable credits using Azure monitor on Azure Database for PostgreSQL, a managed service running the open source Postgres database.
Transition to new HPC virtual machines by 31 August 2022.
Transition to new HPC virtual machines by 31 August 2024.
Administrators can enable a daily or weekly inventory to be created to gain understanding of their blobs and containers.
IoT Central V2 is retiring 1 March 2022.
All standard Text-to-Speech voices will be retired on 31 August 2024.
We’ll be retiring version 3.x of the Azure Cosmos DB Java SDK on 31 August 2024.
Upgrade your skills to version 3 of Azure Cognitive Search sentiment analysis and entity recognition skills.
Azure Monitor’s Baseline and CalculateBaseline APIs will be retired on 30 November 2021, use the MetricBaselines API instead.
Placement policies enable admins to specify constraints or rules when allocating Virtual Machines within an Azure VMware Solution private cloud. With this update the creation and assignment of vSphere Distributed Resource Scheduler (DRS) rules for running Virtual Machines in an Azure VMware Solution SDDC has been simplified and is now executable directly from the Azure Portal for cloud admin roles.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: