In Cloud Computing This Week [Aug 5th 2022]

Amazon QuickSight launches API-based domain allow listing for developers to scale embedded analytics across different applications

Amazon QuickSight now supports API-based allow listing of domains where QuickSight data visualizations can be embedded. With this new capability, developers can scale their embedded analytics offerings including visuals, dashboards, QuickSight Q (natural language querying), and authoring experience across different applications for their different customers quickly. All of this is done without any infrastructure setup or management, while scaling to millions of users. For further details, visit the blog and the documentation.

The new API-based domain allow listing is available in Amazon QuickSight Enterprise Edition in all regions where QuickSight is available

Amazon ElastiCache now supports AWS Graviton2-based T4g, M6g, R6g instances in the Europe (Paris, Milan) regions and R6gd instances in the Europe (Paris) region

Amazon RDS for PostgreSQL supports new minor versions 14.3, 13.7, 12.11, 11.16, and 10.21

Amazon Relational Database Service (Amazon RDS) for PostgreSQL now supports PostgreSQL minor versions 14.3, 13.7, 12.11, 11.16, and 10.21. We recommend you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of PostgreSQL, and to benefit from the bug fixes, performance improvements, and new functionality added by the PostgreSQL community. Please refer to the PostgreSQL community announcement for more details about the release.
This PostgreSQL release also includes updates for existing supported PostgreSQL extensions: pglogical extension is updated to 2.4.1, pg_hint_plan extension is updated to 1.4, and hll extension is updated to 2.16. Please see the list of supported extensions in the Amazon RDS User Guide for specific versions.
You can leverage automatic minor version upgrades to automatically upgrade your databases to more recent minor versions during scheduled maintenance windows. Learn more about upgrading your database instances, including automatic minor version upgrades, in the Amazon RDS User Guide.
Amazon RDS for PostgreSQL makes it easy to set up, operate, and scale PostgreSQL deployments in the cloud. See Amazon RDS for PostgreSQL Pricing for pricing details and regional availability. Create or update a fully managed Amazon RDS database in the Amazon RDS Management Console.

AWS Data Exchange increases the asset size limit to 100GB

Third-party data providers on AWS Data Exchange can now import Amazon S3 assets up to 100GB in size, an increase from the former limit of 10GB. The increased asset size unlocks new use cases in Healthcare and Life Sciences, Financial Services, and Retail among other industries, because providers can now license genomics data, high volume financial data, and satellite imagery, which are often stored as assets that exceed 10GB.

This increased limit applies to all AWS regions where AWS Data Exchange is available. To learn more about AWS Data Exchange, a service that helps customers find, subscribe to and use third-party data in the cloud, please visit this page.

Amazon Keyspaces is now available in AWS GovCloud (US) Regions

Amazon Keyspaces (for Apache Cassandra), a scalable, highly available, and fully managed Cassandra-compatible database service, is now available in the AWS GovCloud (US) Regions.

With Amazon Keyspaces, you can run your Cassandra workloads on Amazon Web Services (AWS) using the same Cassandra application code and developer tools that you use today. You don’t have to provision, patch, or manage servers, and you don’t have to install, maintain, or operate software. Amazon Keyspaces is serverless, so you pay for only the resources you use and the service can automatically scale tables up and down in response to application traffic. You can build applications that serve thousands of requests per second with virtually unlimited throughput and storage. When you use Amazon Keyspaces, data is encrypted by default and you can back up your table data continuously using point-in-time recovery.

AWS Lambda announces tiered pricing

AWS Lambda now provides tiered pricing for monthly Lambda function duration i.e. GB-Seconds of usage. The two additional pricing tiers provide discounts on your aggregate monthly on-demand function duration. Tiered pricing takes effect in the monthly billing cycle starting on Aug 1st, 2022.

Customers can now save up to 20% on Lambda function duration based on their monthly usage, for functions running on both x86, and Arm (powered by AWS Graviton). The pricing tiers are applied separately for duration of functions running on x86 and Arm, respectively, in each region. For example, if you are running x86 Lambda functions in the US East (Ohio) region, you will pay $0.0000166667 for every GB-second for the first 6 billion GB-seconds per month, $0.0000150000 for every GB-second for the next 9 billion GB-seconds per month, and $0.0000133334 for every GB-second over 15 billion GB-seconds per month, in that region. Pricing for Requests, Provisioned Concurrency, and Provisioned Concurrency Duration remains unchanged. Tiered pricing is applied automatically to your monthly bill - there is no action required on your part and no change to the AWS Management Console, AWS CLI, or AWS SDKs. If you’re taking advantage of Compute Savings Plans for your Lambda functions, tiered pricing discounts will be applied to your usage first, followed by Compute Savings Plans discounts.

AWS IoT Core launches a new device provisioning console experience

AWS IoT Core now offers a new device provisioning console experience that enables customers a more intuitive way to select the best provisioning option for their IoT solution. You can now more easily navigate the device provisioning scenarios and follow a simple flow to create a provisioning template and configure permissions for a single or many devices. The updated user interface also gives you access to documentation, product information, and resources to assist you in choosing, creating, and managing your device provisioning flows in the same place.

AWS IoT Core is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices. When building an IoT solution, customers must provision their devices with X.509 certificates before securely connecting and communicating with AWS IoT Core. Provisioning refers to the process of registering devices with their digital certificates and permissions to access cloud resources and associating contextual information such as device serial numbers and location with registered digital identities. For example, for smart home applications, devices such as TVs, light bulbs, and thermostats must be provisioned with the cloud to prove their identities and interact with other cloud-connected products such as intelligent voice assistants.

Amazon Connect schedule adherence, now available in preview.

Amazon Connect now includes the ability to report on agent schedule adherence, adding to the existing forecasting, capacity planning, and scheduling capabilities already in preview. With schedule adherence, you can measure how closely agents follow their planned schedule, providing insights that help you take action to improve agent productivity and customer satisfaction. For example, if agents were busier than expected, supervisors can use Amazon Connect schedule adherence to identify agents who forgot to take their breaks and remind them do so in the future to maintain performance and avoid burn out.

Amazon CloudWatch metrics increases throughput by 150x

AWS Lookout for Metrics announcing increased quota from 50K to 500K metrics

Amazon Lookout for Metrics uses machine learning (ML) to automatically monitor the metrics critical to your businesses with greater speed and accuracy than traditional methods used for anomaly detection. The service makes it easier to diagnose the root cause of anomalies such as unexpected dips in revenue, high rates of abandoned shopping carts, spikes in payment transaction failures, increases in new user sign-ups, and many more.

AWS Lookout for Metrics announces the increased in fixed quota from 50,000 to 500,000 metrics for you to ingest large dataset for anomaly detection and root cause analysis. Increase in fixed quota for 1 hour and 1 day detector will reduce the need to create multiple detectors and manually splitting the data before ingestion. You can request for the increased limits via submitting the form. The increased limits (after request is processed) will be reflected in your accounts automatically.

AWS Comprehend lowers annotation limits for training custom entity recognition models

Amazon Comprehend is making it easier for customers to get started with custom entity recognition by reducing the annotation requirements for training their models. Amazon Comprehend is a natural language processing (NLP) service that provides APIs to extract key phrases, contextual entities, events, and sentiment from text. Entities refer to things in your document such as people, places, organizations, credit card numbers, and so on. Custom entity recognition (CER) in Amazon Comprehend enables you to train models with entities unique to your business in just a few easy steps. You can identify almost any kind of entity, simply by providing a sufficient number of details to train your model effectively.

Until today, you had to train an Amazon Comprehend custom entity recognizer with a minimum of 250 documents and 100 annotations per entity. Starting today, we are reducing the minimum requirements to train an Amazon Comprehend custom entity recognition model to 25 annotations per entity type. With our improved modeling behind the scenes, you can now start running your experiments with as low as 3 annotated documents, analyze preliminary results, and iterate by including additional annotations and documents. The reduced limits apply to the custom entity recognition models for plain-text documents only.

Amazon OpenSearch Service now includes advanced log and application analytics

Amazon OpenSearch Service, with the availability of OpenSearch 1.3., now gives customers the ability to organize their logs, traces and visualizations in an application-centric view. Customers can also benefit from enhanced log monitoring support with live tailing of logs, the ability to see surrounding log data, and the ability to do powerful ad-hoc analysis of unformatted log data at query time.

Currently, developers managing observability data from multiple applications have no insights into their application context. They have to analyze logs and traces in separate interfaces, and use filters to limit scope to their application of interest, making it more difficult to correlate log and trace data. With the new application analytics interface, customers can now bring together logs, metrics and trace data under a configurable application context that simplifies the correlation and analysis of these data points. Customers can also set up multiple application views and visualize the relevant logs and traces in one place. Application views also make it easy to correlate logs and traces with new OpenTelemetry TraceID correlation capabilities. Users can set thresholds for application availability, receive alerts and drill into the details of application behavior across traces and logs. Please see the documentation for more information on application analytics.

Today, developers interested in going beyond log analysis to log monitoring must use external tools for log tailing and log surround. Log tailing allows users to see a continuously updated stream of log data without having to manually refresh their view. Log surround means users no longer have to manually determine which events are connected because contextual information is accessible with a single click. This release supports log tailing and log surround features to help users cut down on root cause analysis (RCA) time.

AWS Compute Optimizer is now available in 5 additional AWS Regions

AWS are excited to announce the general availability of AWS Compute Optimizer in 5 additional regions — Asia Pacific (Osaka), Asia Pacific (Hong Kong), Middle East (Bahrain), Africa (Cape Town), and Europe (Milan).

AWS Compute Optimizer helps you choose optimal configurations for three types of AWS resources, Amazon Elastic Compute Cloud (EC2) instance types, Amazon Elastic Block Store (EBS) volumes, and AWS Lambda functions, based on your utilization data.

AWS Compute Optimizer is now available in a total of 21 AWS Regions. You can start using AWS Compute Optimizer through the AWS Management Console, AWS CLI, or AWS SDK. For more information about AWS Compute Optimizer, please visit the homepage and the user guide.

AWS Microservice Extractor for .NET now provides automated refactoring recommendations

AWS Microservice Extractor for .NET simplifies the process of refactoring older monolithic applications into smaller code projects to build a microservices-based architecture. Modernize and transform your applications with an assistive tool that analyzes source code and runtime metrics to create a visual representation of your application and its dependencies. With Microservice Extractor providing automated recommendations, developers get guided experience to refactor legacy applications. Instead of the developer needing to identify and group classes in source code manually for extraction, Microservice Extractor now identifies common extraction candidates using heuristics-based techniques, and highlights those in visualization. These recommendations can be used as is or used as a starting point to extract microservices off of monolithic codebase. Thus, automated recommendations from Microservice Extractor helps to speed up refactoring large applications even if the developer is unfamiliar with the codebase.

The recommendations are based on three common patterns seen in the codebase.

User interface adjacent nodes: Microservice Extractor highlights classes that are directly invoked from the legacy application’s user-interface (UI) layer, such as controller type classes in MVC (Model-View-Controller) type application. These classes can be the starting point for any extraction because those allow the developer to create a microservice based on the first user touchpoint within the application.
Data adjacent nodes: Microservice Extractor categorizes classes that are data adjacent. Any class that is pulling data from a persistent storage such as database or file system will be labelled as a data adjacent node. For MVC applications, these are Entity Framework (EF) nodes.
Domain nodes: Microservice extractor heuristically detects domain objects in an application (e.g., Product, Customer, etc...). These objects, following domain driven design concepts, allows developer to carve out a microservice based on each domain object.
Learn more on our product page and in the documentation, and download today to start modernizing your .NET applications with AWS.

Amazon RDS for Oracle now supports April 2022 patch set update (PSU) for 12.1 and release updates (RU) for 19c & 21c

Amazon Relational Database Service (Amazon RDS) for Oracle now supports the April 2022 Patch Set Update (PSU) for Oracle Database 12.1 and Release Updates (RU) for Oracle Database 19c and 21c.

Oracle PSUs contain bug fixes and other critical security updates. Beginning with Oracle Database version 12.2.0.1, Amazon RDS for Oracle supports Release Updates (RU) in place of the PSU. To learn more about the Oracle PSUs supported on Amazon RDS for each engine versions, see the Amazon RDS for Oracle Release notes. If the auto minor version upgrade (AmVU) option is enabled, the DB instance is upgraded to the latest quarterly PSU or RU six to eight weeks after it is made available by Amazon RDS for Oracle in your AWS region. These upgrades will happen during the maintenance window. To learn more, see the Amazon RDS maintenance window documentation.

Now in Preview - Amazon WorkSpaces Integration with SAML 2.0

AWS are happy to announce the preview of Amazon WorkSpaces integration with SAML 2.0. WorkSpaces is a fully managed desktop virtualization service for Windows and Linux that enables you to access resources from any supported device. As an administrator, you can now enable SAML 2.0 authentication on your WorkSpaces directory to control end user access to desktops by using your SAML 2.0 identity provider (IdP).

With SAML 2.0 authentication, your end users can access their WorkSpaces desktops by authenticating to your IdP using their default web browser. The feature enables a consistent and familiar experience for end users who already authenticate to your IdP to access other enterprise applications in addition to WorkSpaces. SAML 2.0 authentication allows you to extend security features available from your IdP to WorkSpaces, including multi-factor authentication (MFA) and contextual access.

There are no additional charges for using SAML 2.0 authentication with WorkSpaces. The SAML 2.0 authentication preview is available in US East (N Virginia), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), and Europe (London) Regions. End users will be able to access their WorkSpaces with SAML 2.0 authentication by using the latest WorkSpaces client application versions for Windows and macOS.

Join the preview
To learn more and get started with SAML 2.0 authentication for WorkSpaces, see Networking and access in the Amazon WorkSpaces Administration Guide. During the preview, you can configure SAML 2.0 authentication on your WorkSpaces directory using the AWS CLI or WorkSpaces API.

AWS Secrets Manager connections now support the latest hybrid post-quantum TLS with Kyber

Connections to AWS Secrets Manager now support hybrid post-quantum key establishment using Kyber for transport layer security (TLS) from Round 3 of the NIST Post-Quantum Cryptography (PQC) selection process. This allows you to measure the potential performance impact of the post-quantum algorithm. You can also benefit from the longer-term confidentiality afforded by hybrid post-quantum TLS.
Hybrid post-quantum TLS combines a classical key agreement, such as ECDHE, with a post-quantum key encapsulation mechanism, in this case Kyber, which NIST has selected for future standardization. The result is that your TLS connections inherit the security properties of both the classical and post-quantum key exchanges.

Hybrid post-quantum TLS for connecting to AWS Secrets Manager is available in all AWS Regions except for AWS GovCloud (US), AWS China (Beijing) region, operated by Sinnet, and AWS China (Ningxia) region, operated by NWCD. This hybrid post-quantum TLS cipher performs an additional post-quantum key exchange during the TLS handshake while connecting to Secrets Manager API endpoints

Build AWS Config rules using AWS CloudFormation Guard

AWS Config now supports an easier way to author custom AWS Config rules using AWS CloudFormation Guard (cfn-guard). With this release, users with limited programming experience can use Guard to define and review custom policies that check your resources have desired configurations. AWS Config rules are a way of creating and implementing compliance policies against resource configurations. Currently, AWS Config offers both managed rules, which AWS builds and maintains to meet common compliance use cases, and custom rules, which users create to meet their specific compliance needs. Guard is an open source tool offering policy-as-code, such that users can define policies to validate JSON- or YAML-formatted data using a domain-specific language (DSL).

Previously, to create a custom rule, you would have to define an AWS Lambda function, typically in languages such as Java or Python. Now, you can author AWS Config custom rules using Guard DSL without needing to develop AWS Lambda functions. Security and compliance administrators have a simpler way to write custom logic which reflects the compliance needs your organization has defined for itself.

To get started, you can use the AWS Config console to create your own AWS Config rule through the ‘Add rule’ workflow. The rule logic will be validated for correctness prior to deployment such that you do not have to perform error checking for oversized configuration items or deleted resources; Guard also simplifies permissioning to place the rules in your account. As a result, AWS Config rules using Guard removes the complexity of rule authoring, reducing overall development time for rules. Once the rule is deployed, you will be able to view logs of resource compliance status based on your rule evaluations in AWS Config.

AWS Amplify Flutter announces web and desktop support (Developer Preview) for Authentication

Announcing the availability of license included Microsoft Visual Studio Amazon Machine Images (AMIs) on Amazon EC2

AWS now offers fully-compliant, Amazon-provided licenses for Microsoft Visual Studio Enterprise 2022 and Microsoft Visual Studio Professional 2022 Amazon Machine Images (AMIs) on Amazon Elastic Compute Cloud (Amazon EC2). These AMIs are now available on the Amazon EC2 console and on AWS Marketplace, to launch instances on-demand without any long-term licensing commitments. Amazon EC2 provides a broad choice of instances and you not only have the flexibility of paying for what your end users use, you can also provide the capacity and right hardware to your end-users. For enterprises that employ large teams of contractors, you can easily provision standardized development machines managed by your IT with no compromises on security and compliance.
IT administrators or license administrators can easily manage Visual Studio access for their end users via AWS License Manager. Administrators have the flexibility to modify the end user access on a monthly basis. For example, based on the stage of development, you can spin up additional instances and provide access to end users or similarly, stop instances and remove user access. Customers using this feature will be billed per vCPU for the EC2 License Included Windows Server instance, and per-user per-month (non-prorated) for Visual Studio and Remote Desktop Services (RDS) Subscriber Access License (SAL) licenses.

VM Import/Export now supports Windows 11

VM Import/Export now supports migration of virtual machines that use Windows 11 operating system on AWS and launch instances using the imported images on EC2 Dedicated Hosts, and EC2 Dedicated Instances.
Windows 11 sets new hardware requirements for Unified Extensible Firmware Interface (UEFI), Trusted Platform Module (TPM) 2.0 and Secure Boot support. Using VM Import/Export, you can now import your Windows 11 images by specifying the boot mode to uefi.
There is no additional cost for using VM Import/Export. VMIE support for Windows 11 is available in AWS GovCloud (US) and all public AWS Regions, with the exception of Amazon Web Services Asia Pacific (Jakarta) Region. For more information on migrating Windows 11 - UEFI based virtual machines, refer to the VM Import/Export documentation. Read this blog to learn more about importing the Windows 11 images using VM Import/Export.

AWS Security Hub now supports cross-Region aggregation of findings in AWS GovCloud (US)

AWS Security Hub now allows you to designate an aggregation Region in AWS GovCloud (US) and link some or all regions to that aggregation region. This gives you a centralized view of all your security findings across your accounts and linked regions. After you link a region to the aggregation region, your findings are continuously synchronized between the regions. Any update to a finding in a linked region is replicated to the aggregation region, and any update to a finding in the aggregation region is replicated to the linked region where the finding originated.

Previously, you needed to have a separate Security Hub tab open for each AWS GovCloud (US) Region. Now, your Security Hub administrator or delegated administrator account can view and manage all of your findings in the aggregation region. Individual Security Hub member accounts in the aggregation region can also view and manage all of their findings across all linked regions.

Your Amazon EventBridge feed in your administrator account and aggregation region also now includes all of your findings across all member accounts and linked regions. This allows you to simplify integrations with ticketing, chat, incident management, logging, and auto-remediation tools by consolidating those integrations into your aggregation region. There is no additional cost to use this feature.

Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Config, AWS Health, AWS IAM Access Analyzer, as well as from over 65 AWS Partner Network (APN) solutions. You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. In addition, you can take action on these findings by investigating findings in Amazon Detective or AWS Systems Manager OpsCenter or by sending them to AWS Audit Manager or AWS Chatbot. You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.

Bottlerocket is now available in Amazon Web Services China Regions

Bottlerocket, a Linux-based operating system designed to run container workloads, is now available in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD.

Bottlerocket is an open-source Linux distribution purpose-built to host containers. It is optimized for this workload by including only the essential components and permissions needed to support the orchestrator and container runtime, yielding a rapid startup, smaller footprint, and reduced potential attack surface and lower overall management overhead.

Bottlerocket is an open source distribution with an open development model and community participation. Bottlerocket is available at no additional cost and is fully supported by Amazon Web Services. Please refer to the guides for EKS and ECS to get started using Bottlerocket.

Amazon Connect launches historical actuals in the forecasting UI

AWS Support launches a new AWS Support Center console domain

AWS Support launches a new AWS Support Center console URL https://support.console.aws.amazon.com/. Using this new URL ensures you can always contact AWS Support via the AWS Support Center Console, which is built using the latest architecture standards for high availability and region redundancy.

Customers on the AWS Commercial partition will be directed to this new URL when accessing AWS Support Center Console. In the unlikely event that you have specific firewall rules to access AWS Support, these rules must be updated to allow the new domain: “support.console.aws.amazon.com”.

Amazon QuickSight launches new base maps for geospatial visualizations

QuickSight Authors can now customize the look and feel of their maps by changing to any of the new base maps supported by Amazon QuickSight.

Streets - Authors can now add location details with streets base map. This base map emphasizes legible styling for highways, major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.
Dark gray canvas - Authors can now choose between light (existing base) and dark (new) gray canvas letting them align maps to the overall style of the dashboard. With minimal colors, labels, and features, dark gray canvas base map is designed to draw attention to your data.
Imagery - Authors can choose to add more visual context to their map by choosing the Imagery base map. The satellite view of the world will help authors increase the understanding of the location data.

The max_staleness materialized view option helps you achieve consistently high performance with controlled costs when processing large, frequently changing datasets. This feature is now in preview.

The trigonometric SQL function CBRT is now generally available (GA). With this function, you can compute the cube root of a value.

The LOAD DATA statement is now available for Preview in Google Standard SQL for BigQuery. You can use the LOAD DATA statement to load data from one or more files into a table.

Cloud DLP can de-identify sensitive data stored in Cloud Storage. This feature is in Preview. For more information, see De-identification of sensitive data in storage.

Cloud Functions has released Cloud Functions (2nd gen), available at the General Availability release level. Cloud Functions (2nd gen) is Google Cloud's next-generation Functions-as-a-Service offering. This new version of Cloud Functions comes with an advanced feature set, giving you more powerful infrastructure, advanced control over performance and scalability, more control around the functions runtime, and triggers from over 90 event sources.

See Cloud Functions version comparison for details.

Dedicated Interconnect support is available in the following colocation facilities:

• NXDATA-1 Bucharest Romania (BU1), Bucharest
• TIS Lammed, Tel Aviv
• Bitech SDS, Tel Aviv

For more information, see the Locations table.

Cloud Storage