In Cloud Computing This Week [Aug 26th 2022]

Amazon QuickSight announces fine-grained visual embedding

Amazon QuickSight now supports fine-grained visual embedding, allowing you to embed individual visuals from QuickSight dashboards in applications and portals to provide key insights to users where they’re needed most.

Visual embedding lets independent software vendors (ISVs) and developers bring insights to users anywhere in their applications through APIs. Enterprises and public entities can use the 1-click embedding feature to embed visuals in their internal portals and public sites. This can be accomplished without any infrastructure setup or management, while scaling to millions of users. You simply copy the embed code, paste it in your site, and start consuming the insights right away.

AWS IoT TwinMaker launches enhancements for scaling digital twins and building data connectors

AWS IoT TwinMaker is launching enhancements to simplify their customers’ experience as they scale their digital twins and build data connectors. AWS IoT TwinMaker makes it easier for developers to create digital twins of real-world systems such as buildings, factories, industrial equipment, and production lines. Digital twins are virtual representations of physical systems that can be regularly updated with real-world data to mimic the structure, state, and behaviour of the systems they represent to drive business outcomes.

Prior to this launch, customers had to submit a request in order to support more than 1k entities per workspace. To make it easier for AWS customers to scale their digital twins, they have increased the service quota to support up to 10k entities per workspace. You can review the new AWS IoT TwinMaker service quotas here.

AWS have also have created a new guide to provide customers detailed instructions on developing time-series data connectors and how to connect that data to their digital twins faster. Lastly, they added a new built-in component for Amazon Kinesis Video Streams to help customers quickly connect and easily steam video to their digital twin.

Amazon CloudFront launches Origin Access Control (OAC)

Amazon CloudFront now offers Origin Access Control, a new feature that enables CloudFront customers to easily secure their S3 origins by permitting only designated CloudFront distributions to access their S3 buckets. Customers can now enable AWS Signature Version 4 (SigV4) on CloudFront requests to S3 buckets with the ability to set when and if CloudFront should sign requests. Additionally, customers can now use SSE-KMS when performing uploads and downloads through CloudFront.

Until now, customers were limited to using Origin Access Identity to restrict access to their S3 origins to CloudFront. Origin Access Control improves upon Origin Access Identity by strengthening security and deepening feature integrations. Origin Access Control provides stronger security posture with short term credentials, and more frequent credential rotations as compared to Origin Access Identity.

With Origin Access Control, customers can create granular policy configurations through resource-based policies, which provides better protection against confused deputy attacks. Customers can use Origin Access Control to fetch and put data into S3 origins in regions that require SigV4. Also, Origin Access Control allows customer to use SSE-KMS with their S3 origins, which was not possible using Origin Access Identity.
CloudFront supports both the new Origin Access Control and legacy Origin Access Identity. If you have a distribution configured to use Origin Access Identity, you can easily migrate the distribution to Origin Access Control with few simple clicks. Any distributions using Origin Access Identity will continue to work and you can continue to use Origin Access Identity for new distributions. Refer to CloudFront origin access migration documentation for upcoming region restrictions.

Amazon Connect launches the ability to configure business operation days per week for capacity planning

Amazon Connect now enables you to select and manage which days the contact center is open for the purpose of capacity planning. This new feature is part of Amazon Connect forecasting, capacity planning, and scheduling (preview) that helps you predict contact volumes and average handling time, determine optimal staffing levels, and plan agent schedules to ensure you have the right agents working at the right time.

Not every contact center is open for the same days. The ability to select working days in the capacity planning user interface (UI) reduces the manual process to adjust the number of required full time equivalent (FTE) agents. When checking the business operation days drop down list, you can select which days the contact center is open. The capacity planning module automatically adjusts the FTE requirement estimation and updates other related metrics, such as required overtime percent or required voluntary time off percent.

Announcing availability of AWS Outposts rack in Kenya and Oman

AWS Outposts rack can now be shipped and installed at your data center and on-premises locations in Kenya and Oman.
AWS Outposts rack, a part of the AWS Outposts family, is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any data center or co-location space for a truly consistent hybrid experience. Outposts rack is ideal for workloads that require low latency access to on-premises systems, local data processing, and migration of applications with local system interdependencies. Outposts rack can also help meet data residency requirements.

With the availability of Outposts rack in Kenya and Oman, you can use AWS services to run your workloads and data in country in your on-premises facilities and connect to your nearest AWS Region for management and operations.

Amazon EKS Anywhere Curated Packages now generally available

This week, AWS are excited to announce the general availability of the Amazon Elastic Kubernetes Service (EKS) Anywhere Curated Packages, which are software packages that extend the core functionalities of Kubernetes. You can now install the Harbor package as a local container registry, the Emissary-Ingress package as the ingress controller, and the MetalLB package as the service type load balancer.

While these software packages are open-source projects you can freely access, the EKS Anywhere Curated Packages are container images that Amazon builds from open-source source code and tests for compatibility at each new EKS Anywhere release. The images also undergo Amazon security scanning and are signed by Amazon. All Amazon-signed curated packages are supported by Amazon under the Amazon EKS Anywhere Enterprise Subscription. The EKS Anywhere Curated Packages are only available to customers with the Amazon EKS Anywhere Enterprise Subscription.

AWS Application Migration Service is now available in the Asia Pacific (Jakarta) Region

AWS Application Migration Service (AWS MGN) is now available in the Asia Pacific (Jakarta) Region. With this launch, Application Migration Service is available in all commercial AWS Regions.

Application Migration Service helps minimize time-intensive, error-prone manual processes by automating the conversion of your source servers from physical, virtual, and cloud infrastructure to run natively on AWS. It further simplifies your migration by allowing you to use the same automated process for a wide range of applications.

You can also use Application Migration Service to modernize your applications during the migration process by selecting built-in actions such as disaster recovery, CentOS to Rocky Linux conversion, and SUSE subscription conversion.

Amazon EC2 X2idn and X2iedn instances now available in Asia Pacific (Jakarta) region

Starting this week, memory optimized Amazon EC2 X2idn and X2iedn instances are available in Asia Pacific (Jakarta) region. X2idn and X2iedn instances, powered by 3rd generation Intel Xeon Scalable Processors (Ice Lake), are designed for memory-intensive workloads and deliver improvements in performance, price performance, and cost per GiB of memory compared to previous generation X1 instances. X2idn has a 16:1 ratio of memory to vCPU and X2iedn has a 32:1 ratio, making these instances a great fit for workloads such as in-memory databases and analytics, big data processing engines, and Electronic Design Automation (EDA) workloads. X2idn and X2iedn deliver up to 45% more SAPS than comparable X1 instances and are SAP-Certified for running Business Suite on HANA, SAP S/4HANA, Data Mart Solutions on HANA, Business Warehouse on HANA, SAP BW/4HANA, and SAP NetWeaver workloads on anyDB. You can view the certification data on the Certified and Supported SAP HANA Hardware Directory.
EC2 X2idn and X2iedn instances offer the highest Amazon Elastic Block Store (EBS) performance of Amazon EC2 instances with up to 80 Gbps bandwidth and 260k IOPS, and are designed to meet the reliability needs of mission-critical workloads. X2idn and X2iedn will also be available in bare metal. Workloads on bare metal instances will be able to take advantage of all the comprehensive services and features of the AWS Cloud, such as Amazon Elastic Block Store (EBS), Elastic Load Balancer (ELB), and Amazon Virtual Private Cloud (VPC).

X2idn and X2iedn instances offer a new 24xlarge size with 1.5TiB and 3TiB of memory respectively, enabling customers to right-size workloads and lower cost. X2idn and X2iedn instances offer 100Gbps networking throughput with EFA support, and are ideal for workloads like EDA and HPC that need high network performance. Amazon EC2 X2idn and X2iedn instances are built on the AWS Nitro System that offloads many of the traditional virtualization functions to dedicated hardware, delivering high performance, high availability, and highly-secure cloud instances.
With this launch, X2idn and X2iedn instances are available in the following AWS Regions: US East (Ohio, N. Virginia), US West (Oregon), Asia Pacific (Jakarta, Mumbai, Seoul, Singapore, Sydney, Tokyo), Canada (Central), Europe (Frankfurt, Ireland, London, Milan, Stockholm), South America (São Paulo) and AWS GovCloud (US). X2idn and X2iedn will be available for purchase with Savings Plans, Reserved Instances, Convertible Reserved, On-Demand, and Spot instances, or as Dedicated instances or Dedicated hosts.

AWS Glue is now available in the AWS Asia Pacific (Jakarta) Region

AWS Glue is now available in the AWS Asia Pacific (Jakarta) Region.

AWS Glue is a serverless data integration service that makes it easy to discover, prepare, and combine data for analytics, machine learning, and application development. AWS Glue provides both visual and code-based interfaces to make data integration simpler so you can start analyzing your data and putting it to use in minutes instead of months.

Customers can now pay upfront or with scheduled payments using AWS IQ

You can now pay your experts upfront or with scheduled payments on AWS IQ. With scheduling, you pay experts based on a preset schedule that is set in the proposal. With upfront, you pay for work in advance upon accepting the proposal. You can also pay as you go with milestone payments. As a customer, you review these different payment types in the proposal and can work with your expert to select the option that best fits your project needs.

Experts can now select a payment type while creating a proposal. After setting the proposal amount, select one of three payment types: milestone, upfront, or schedule. Milestone will allow you to send custom payments requests to your customer as work is completed throughout the length of the proposal. Upfront will request payment from your customer upon acceptance of the proposal. Schedule will request on-going payments based on the schedule you set in the proposal.

AWS WAF Fraud Control - Account takeover prevention for Amazon CloudFront

AWS WAF Fraud Control - Account Takeover Prevention now supports Amazon CloudFront. AWS WAF Fraud Control - Account Takeover Prevention protects your application’s login page against credential stuffing attacks, brute force attempts, and other anomalous login activities. Account Takeover Prevention enables you to proactively stop account takeover attempts at the network edge. With Account Takeover Prevention, you can prevent unauthorized access that may lead to fraudulent activities, or you can inform affected users so that they can take preventative action.

Account Takeover Prevention is offered through AWS Managed Rules. Once added to your AWS WAF web ACL, it compares usernames and passwords submitted to your application to credentials that have been compromised elsewhere on the web. It also monitors for anomalous login attempts coming from bad actors by correlating requests seen over time to detect and mitigate attacks like irregular login patterns, brute force attempts, and credential stuffing. Account Takeover Prevention is scoped down by default to act on your login page only. With optional JavaScript and iOS/Android SDK integrations, you can receive additional telemetry on devices that attempt to log in to your application to better protect your application against automated login attempts by bots. Account Takeover Prevention can also be used in conjunction with AWS WAF Bot Control and AWS Managed Rules to create a comprehensive defense layer against bots targeting your application.

AWS WAF Fraud Control - Account Takeover Protection is available in all commercial AWS regions (except the Asia Pacific (Jakarta) region) and AWS GovCloud (US) Regions and, with this launch, can now be used to protect Amazon CloudFront resources.

Amazon SageMaker Automatic Model Tuning now reuses SageMaker Training instances to reduce start-up overheads by 20x

Amazon SageMaker Automatic Model Tuning now reduces the start-up time of each training job launched to tune your models by 20x on average (from 2.5 minutes to 8 seconds). In scenarios where you have a large number of hyperparameter evaluations, the reuse of training instances can cumulatively save 2 hours for every 50 sequential evaluations.
SageMaker Automatic Model Tuning finds the best version of a model by running many training jobs on your dataset using specific ranges of hyperparameters that you choose for your algorithm. SageMaker Automatic Model Tuning then chooses the most optimal hyperparameter values that result in a model that performs the best.
Before this launch, every training job launched as part of the tuning would incur on average 2.5 minutes of overhead to spin up and prepare a new cluster of SageMaker Training instances. This could become a bottleneck especially when training jobs would take only a few minutes to complete and overall slow down your tuning job. Starting today, SageMaker Automatic Model Tuning automatically re-uses a fixed cluster of training instances within each tuning job, thus reducing the average start-up time of each training job by 20x.

Amazon RDS for Oracle now supports managed Oracle Data Guard Switchover and Automated Backups for replicas

Starting this week, Amazon Relational Database Service (Amazon RDS) for Oracle supports Oracle Data Guard Switchover and Automated Backups for replica instances (read-only and mounted) deployed within an Availability Zone, or in separate Availability Zones of a given Region, or in separate AWS Regions.

The Oracle Data Guard Switchover feature allows you to reverse the roles between the primary database and one of its standby databases (replicas) with no data loss and a brief outage. It provides a complete automation to reliably perform periodic disaster recovery drills when the primary is active, as well as any infrastructure maintenance of the primary environment. Once a switchover is initiated, the primary database transitions to a standby role, and the standby database transitions to the primary role. Bystander replicas that are not part of the switchover are reconfigured for replication from the new primary database.
Until today, with RDS for Oracle read and mounted replicas, in order to perform a disaster recovery drill, you needed to promote the replica as a new standalone database and then create a new replica to maintain the replication configuration. Managed Oracle Data Guard Switchover enhances the customer experience by simply reversing the roles of the databases without having to recreate the replicas.
You can also now create Automated Backups and manual DB snapshots of an RDS for Oracle replica, which reduces the time spent taking backups following a role transition. Furthermore, you can create a new DB instance by restoring from such DB snapshot or perform a point-in-time recovery.
Oracle Data Guard Switchover operation is available in all AWS Regions and incurs no additional cost.

Amazon Polly now offers Neural TTS support for Mandarin Chinese

Amazon Polly is a service that turns text into lifelike speech. This week, AWS are excited to announce the general availability of a neural version of Zhiyu, Polly’s Mandarin Chinese female text to speech (TTS) voice.

TTS voices simplify the way you can create, implement, update, and maintain your speech-enabled applications and products. You can use Amazon Polly to enhance the user experience and improve the accessibility of your text content with the power of voice. Common use cases include interactive voice response (IVR) systems, audiobooks, newsreaders, eLearning content, and virtual assistants.

Amazon Polly launched the Mandarin Chinese voice Zhiyu using standard technology in 2018, and as of today a neural version of Zhiyu is also available. The new voice offers a more natural intonation and better performance on English in code-mixing scenario. With this launch, the Amazon Polly portfolio now includes 95 voices across 33 languages and language variants, out of which 21 are supported by the neural engine.

AWS IoT SiteWise now supports non-unique asset names under different hierarchies

AWS IoT SiteWise now supports non-unique asset names under different hierarchies, allowing asset name reusability. The new feature simplifies scaling for companies creating asset hierarchies for more than one hierarchy tree within the same AWS account and AWS IoT SiteWise installation.

Before, asset names had to be unique across all models. This would require users to add a prefix in order to distinguish assets in different hierarchies, making it impossible to reuse the asset names for a new hierarchy. This feature will allow companies to use asset names as unique identifiers across different systems, avoiding the need to keep different code paths for engineering efficiency. However, customers are still required to have unique asset name under the same parent asset.

Amazon Forecast now supports what-if analyses

Amazon Connect launches API to search for security profiles by permission, description, and tags

Amazon Connect now provides a new API to search for security profiles in your Amazon Connect instance. This new API provides a programmatic and flexible way to search for security profiles by name, description, permissions, or tags. For example, you can now use this API to search for all security profiles that have permissions to edit contact flows.

Amazon SageMaker is now available in the AWS Asia Pacific (Jakarta) Region

Amazon SageMaker is now available in the AWS Asia Pacific (Jakarta) Region. Starting today, you can build, train, and deploy machine learning (ML) models in the region.

Amazon SageMaker is a fully managed platform that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. SageMaker removes the heavy lifting from each step of the machine learning process to make it easier to develop high quality models.

Amazon RDS now supports setting up connectivity between your RDS database and EC2 compute instance in 1-click

Starting this week, you have the option to automatically set up connectivity from Amazon Relational Database Services (Amazon RDS) and Amazon Aurora databases to an Amazon Elastic Compute Cloud (Amazon EC2) compute instance during database creation. When provisioning a database using the Amazon RDS console, you now have the option to select an EC2 instance and with a single click establish connectivity between the database and the EC2 instance, following AWS recommended best practices. Amazon RDS automatically sets up your VPC and related network settings during database creation to enable a secure connection between the EC2 instance and the RDS database.

This eliminates the additional networking tasks such as setting up a VPC, security groups, subnets, and ingress/egress rules manually to establish a connection between your application and database. It improves productivity for new users and application developers who can now quickly launch a database instance and seamlessly connect to an application on a compute instance within minutes.

Apigee Ingress gateway

Starting in version 1.8, Apigee hybrid offers a new feature to manage the ingress gateway for your hybrid installation, Apigee ingress gateway. Anthos Service Mesh is no longer a prerequisite for hybrid installation. With Apigee ingress gateway, Apigee will stop supplying routing configuration to Anthos Service Mesh. See Managing Apigee ingress.

ORG-level UDCA

Apigee hybrid now supports setting UDCA at the org level instead of at the environment level. See orgScopedUDCA in the Configuration property reference.

Support for newer versions of Anthos, Anthos Service Mesh, and Kubernetes

Starting in version 1.8, Apigee hybrid supports Anthos version 1.12, Anthos Service Mesh version 1.13, and Kubernetes version 1.23 on specific platforms. See Apigee hybrid supported platforms and versions for details.

KVM pagination

Apigee hybrid now supports KVM pagination (introduced in Apigee X on March 10, 2022). See REST Resource: organizations.keyvaluemaps and REST Resource: v1.organizations.environments.keyvaluemaps.

apigeectl now supports the --v option to set the log verbosity level

Starting in version 1.8, apigeectl includes a --v option to set log verbosity levels in the format --v=int, for example apigeectl apply --v=5. This option replaces the --verbose option (now deprecated). This is the same as the kubectl --v option. See apigeectl for details.

tools/apigee-pull-push.sh includes a –list option to list all images

Starting in version 1.8, The tools/apigee-pull-push.sh utility has a --list or -l option that will list all images in the gcr repo. See apigee-pull-push.sh for details.