In Cloud Computing This Week [Aug 27th 2021]

AWS Updates and Releases

Amazon Aurora PostgreSQL-Compatible Edition now supports PostgreSQL major version 13. PostgreSQL 13  includes improved functionality and performance from enhancements such as de-duplication of B-tree index entries, improved performance for queries that use partitioned tables, incremental sorting to accelerate data sorts, parallel processing of indexes with the VACUUM command, more ways to monitor activity within a PostgreSQL database, new security capabilities, and more. This release also adds support for bool_plperl, which simplifies writing Perl procedures.

Amazon Textract is a managed service that leverages computer vision and machine learning to automatically extract printed and handwritten text, tables and forms data from scanned documents with no machine learning experience necessary. Today, we are excited to announce that effective September 1, 2021, customers will see a price reduction of up to 32% and save even more on the use of AnalyzeDocument and DetectDocumentText requests in eight global AWS Regions.

AWS Compute Optimizer now helps customers understand impact of migrating to Graviton2-based instances by recommending up to 3 Graviton2-based instance type options for x86-based Linux instances.

The AWS Snowcone service is now available for customer orders in the AWS Asia Pacific (Singapore) and, AWS Asia Pacific (Tokyo) Regions. With this launch, Snowcone is now available for order in AWS Asia Pacific (Singapore), Asia Pacific (Tokyo), Canada (Central), Asia Pacific (Sydney), EU (Frankfurt), EU (Ireland), US East (N. Virginia), and US West (Oregon) Regions. AWS Snowcone is the smallest member of the AWS Snow Family of edge computing, edge storage, and data transfer devices. Snowcone is portable, rugged, and secure – small and light enough to fit in a backpack, and able to withstand harsh environments. Customers use Snowcone to deploy applications at the edge, and to collect data, process it locally, and move it to AWS either offline (by shipping the device to AWS) or online (by using AWS DataSync on Snowcone to send the data to AWS over the network).

Amazon Rekognition is a machine learning (ML) based service that can analyze images and videos to detect objects, people, faces, text, scenes, activities, and inappropriate content. Celebrity Recognition  makes it easy for customers to automatically recognize tens of thousands of well-known personalities in images and videos using ML. Celebrity recognition significantly reduces the repetitive manual effort required to tag produced media content and make it readily searchable. Starting today, customers can get higher accuracy (lower false detections and rejections) and increased coverage of global celebrities. In addition, customers get three new attributes for each celebrity recognized: presentation of gender, expression, and smile. This metadata helps further refine content search and filtering workflows. For example, customers can now easily search for images where a particular actor is smiling, or measure the coverage of female versus male celebrities in event photos to ensure fair representation.

The Amazon EC2 Instance Metadata Service, Amazon Time Sync Service, and Amazon VPC DNS server can now be accessed over IPv6 endpoints by instances built on the Nitro System . These local instance services have IPv6 addresses that can be accessed from your Amazon EC2 instances. These IPv6 endpoints use Unique Local Addresses (ULA); IPv6 for local instance services is useful for running software and containers in an IPv6-only single stack configuration. Additionally, if you are starting your transition to IPv6 in a dual-stack environment, the endpoints for the Instance Metadata Service, Amazon Time Sync Service, and Amazon VPC DNS are available over both IPv4 and IPv6.

Amazon Elasticsearch Service (Amazon ES) now enables you to deploy your instances across three Availability Zones (AZs) providing better availability for your domains. If you enable replicas for your Elasticsearch indices, Amazon Elasticsearch Service distributes the primary and replica shards across nodes in different AZs to maximize availability.

When you create an AWS DataSync task to transfer your data to and from AWS Storage, you can now specify include filters as well as exclude filters, providing you with even greater control over how your data is transferred. With this enhancement, you can now schedule tasks that utilize both exclude and include filters to transfer only a subset of files in your source location. Additionally, you can now queue multiple executions of a task when the filter settings differ between executions.

The new Amazon DynamoDB console is now your default experience to help you manage data and resources more easily through simpler navigation and by providing you richer contextual information.

IAM Access Analyzer helps you achieve least privilege by generating fine-grained policies that specify the required actions for more than 50 services. In April 2021, IAM Access Analyzer added policy generation to help you create IAM policies based on your AWS CloudTrail activity. Now, we are extending policy generation to identify actions used for more than 50 services such as Amazon ECR, Amazon Athena, and AWS Security Hub. When you request a policy, IAM Access Analyzer gets to work and generates a policy by analyzing your AWS CloudTrail logs to identify actions used. For other services, IAM Access Analyzer helps you by identifying the services used and guides you to add the necessary actions. The generated policy makes it easier to grant only the required permissions for your workloads.

Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to analyze text documents and identify insights such as sentiment, entities, and topics in text. Today, we are announcing support for tagging with analysis jobs. In order to scale AI/ML within organizations, it is important to tag analysis jobs so that organizations can track jobs and users using the service. Now, a user can add tags during an analysis job creation in Amazon Comprehend. They can subsequently use these tags to charge back costs associated with the job to the appropriate cost center or user, analyze the number of jobs associated with a given project, or keep their AI/ML analyses organized with appropriate access control.

Amazon Managed Streaming for Apache Kafka (Amazon MSK) now offers greater insight into the usage of Amazon MSK resources through 19 new metrics published to Amazon CloudWatch. These metrics offer customers additional visibility into resource utilization across CPU, storage, and the network, enabling customers to maximize the performance and uptime of their Apache Kafka applications interacting with Amazon MSK.

This week, AWS announced the AWS Level 1 MSSP Competency to support AWS customers looking for AWS Partners with deep specialization and expertise protecting and monitoring essential AWS resources on behalf of their customers.

Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for you to add speech-to-text capabilities to your applications. Starting today, you can assign tags to easily organize, track, or control access your resources. This can be used to allocate costs or get detailed billing reports across your Transcribe jobs. You can attach tags to resources such as transcription jobs, vocabulary, vocabulary filter, and custom language models within Transcribe.

AWS Backup announces AWS Backup Audit Manager, a new feature that allows you to audit and report on the compliance of your data protection policies to help you meet your business and regulatory needs. AWS Backup enables you to centralize and automate data protection policies across AWS services based on organizational best practices and regulatory standards, and AWS Backup Audit Manager helps you maintain and demonstrate compliance with those policies.

Amazon Polly is a service that turns text into lifelike speech. Today, we are excited to announce the general availability of Aria, Polly’s first New Zealand English voice. Aria is a neural text-to-speech (NTTS) voice that is expressive, natural and easy to follow.

Retained messages is a standard MQTT feature that provides an easy way for you to store the latest important message on a topic for future subscribers. With AWS IoT Core, you can now use retained messages to easily push configuration information or important updates to devices without knowing exactly when they will come online.

AWS Database Migration Service (AWS DMS) expands functionality by adding support for Redis and Amazon ElastiCache for Redis as a target. Redis is a fast, open-source, in-memory key-value data store for use as a database, cache, message broker, and queue. Amazon ElastiCache for Redis combines the speed, simplicity, and versatility of open-source Redis with manageability, security, and scalability from Amazon to power the most demanding real-time applications. Using AWS DMS, you can now migrate data live from any AWS DMS supported sources  to Redis data store with minimal downtime.

AWS Database Migration Service (AWS DMS) expands functionality by adding support for MongoDB 4.2 and 4.4 as a source. Using AWS DMS, you can now migrate data live from MongoDB 4.2 and 4.4 clusters to any AWS DMS supported targets  including Amazon DocumentDB (with MongoDB compatibility) with minimal downtime.

AWS Database Migration Service (AWS DMS) expands its functionality by supporting parallel threads when using Redshift as a target during full load. Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. By taking advantage of the multithreaded full load task settings, you can improve the performance of your initial migration from any DMS supported sources  to Amazon Redshift.

AWS Database Migration Service (AWS DMS) expands functionality by supporting automatic segmentation using MongoDB and Amazon DocumentDB (with MongoDB compatibility) as a source. Using AWS DMS, you can configure DMS tasks to segment the collection of a MongoDB cluster automatically and migrate them in parallel to any AWS DMS supported target  including Amazon DocumentDB (with MongoDB compatibility) with minimal downtime.

Starting this week, AWS customers will be able to automatically deprecate their Amazon Machine Images (AMIs) with Amazon Data Lifecycle Manager (Amazon DLM). Deprecating an AMI prevents outdated images from being accessed by new users after a specific time, helping to ensure that any new EC2 Instances are launched from only the most up-to-date AMIs. With Amazon DLM, customers can automate when to deprecate their AMIs, removing the need for complicated custom scripts.

Starting this week, Amazon EC2 M6i instances are available in additional AWS Regions US West (N. California) and Asia Pacific (Tokyo). Designed to provide a balance of compute, memory, storage and network resources, M6i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances. These instances are SAP-Certified and are ideal for workloads such as web and application servers, back-end servers supporting enterprise applications (e.g. Microsoft Exchange Server and SharePoint Server, SAP Business Suite, MySQL, Microsoft SQL Server, and PostgreSQL databases), gaming servers, caching fleets, as well as for application development environments.

AWS IoT Greengrass is an Internet of Things (IoT) edge runtime and cloud service that helps customers build, deploy, and manage device software. Our version 2.4 release includes two new sets of features that simplify the provisioning of large fleets of IoT devices and allow fine-grained control of IoT device system resources from the cloud:

You can now send data from SAP ERP applications (ECC, BW, BW4/HANA and S/4HANA) to AWS services in just a few clicks using Amazon AppFlow and SAP Operational data provisioning (ODP) framework.

The asmcli script is now available in preview. With this script you can install and upgrade Anthos Service Mesh on GKE and On-premises. For more information, see About the asmcli.

Google-managed data plane is now available in preview as a part of managed Anthos Service Mesh. Google-managed data plane helps you upgrade data plane proxies automatically. For more information see Configure managed Anthos Service Mesh.

Anthos Service Mesh for Compute Engine VMs now uses gcloud commands and supports Google-managed control planes. For more information, see Add Compute Engine virtual machines to Anthos Service Mesh.

1.10.4-asm.6 is now available.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2021-016. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

• • Upgrading on GKE or On-premises using the asmcli script.
  • Upgrading on GKE using the install_asm script
  • Upgrading on Anthos clusters on VMware

BigQuery Admin Resource Charts are now generally available (GA) for reservation users, enabling administrators to more easily monitor and troubleshoot their BigQuery environment. They provide visibility into key metrics such as slot consumption, job concurrency, job execution time, job errors, and bytes processed across the entire organization.

BigQuery Slot Estimator is now in Preview for reservation users. This tool analyzes slot utilization data to help administrators estimate the right number of slots to purchase, and provides insights on how job performance might be impacted by adding or reducing slot capacity for the entire organization or specific reservations.

Cloud Functions has added support for a new runtime, Node 16, at the Preview release level.

Cloud Functions offers a native integration with Secret Manager, available at the Preview release level. For more information, see the blog post.

Added Terraform examples to automate load balancer configuration:

• • External HTTP(S) Load Balancing
  • Internal HTTP(S) Load Balancing
  • Internal TCP/UDP Load Balancing

Deploying to Cloud Run from source code is now at General Availability (GA).

New sub-minor versions of Dataproc images: 1.4.69-debian10, 1.4.69-ubuntu18, 1.5.44-centos8, 1.5.44-debian10, 1.5.44-ubuntu18, 2.0.18-centos8, 2.0.18-debian10, and 2.0.18-ubuntu18.

Configured YARN ResourceManager to use port 8554 and Druid to use port 17071 for JMX Remote RMI port.

Backported the following Trino (PrestoSQL) BigQuery connector patches in image 2.0:

• • Make BigQuery views cache ttl configurable
  • Move DestinationTableBuilder to BigQueryClient
  • Fix wrong result due to column position mismatch in BigQuery
  • Escape single quote in BigQuery string condition
  • Fix information_schema query failures in BigQuery connector
  • Add support for CREATE and DROP SCHEMA in BigQuery
  • Fasten listing tables in BigQuery connector
  • Implement case insensitive name matching for BigQuery
  • Add BigQuerySqlExecutor and refactor tests to use it
  • Add view_definition system table for BigQuery view
  • Prefer ImmutableMap to Map
  • Add test for aggregating BigQuery view more than once
  • Upgrade Google Could library bom to 16.3.0
  • Fix TestBigQueryIntegrationSmokeTest.testShowCreateTable
  • Enable views in BigQuery tests
  • Fix incorrect result when aggregating count BigQuery view
  • Remove dependency on presto-tests from Druid, BigQuery
  • Refactor unused var in presto-bigquery
  • Fix projection pushdown in BigQuery connector
  • Add test for yearly partitioned table in BigQuery
  • Upgrade BigQuery library to 11.0.0
  • Add BigQuery smoke test for HOUR-ly partitioned table
  • Redact bigquery.credentials-key config
  • Update BigQuery dependencies to support HOURLY partitioning of tables

Identity Service for GKE (Preview) is available. Identity Service for GKE extends existing identity solutions for authentication into GKE clusters by supporting OpenID Connect (OIDC). For more information, see Authenticating with Identity Service for GKE.

You can now enable Google Virtual NIC in a new GKE cluster on GPU nodes. For more information, see Using Google Virtual NIC.

Using Private Service Connect with consumer HTTP(S) service controls to access supported regional service endpoints is now available in Preview.

Converting a single-region legacy network to a VPC network is now available in Preview.