This week's roundup of all the cloud news.
Here's a cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday August 5th 2022.
This week at Hava we've rolled out a few more under the hood performance tweaks which will make the generation and diagram loading process a lot quicker.
To stay in the loop, make sure you subscribe using the box on the right of this page.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
Amazon QuickSight now supports API-based allow listing of domains where QuickSight data visualizations can be embedded. With this new capability, developers can scale their embedded analytics offerings including visuals, dashboards, QuickSight Q (natural language querying), and authoring experience across different applications for their different customers quickly. All of this is done without any infrastructure setup or management, while scaling to millions of users. For further details, visit the blog and the documentation.
The new API-based domain allow listing is available in Amazon QuickSight Enterprise Edition in all regions where QuickSight is available
Amazon ElastiCache now supports AWS Graviton2-based T4g, M6g and R6g node types in the Europe (Paris) and Europe (Milan) regions. Customers choose Amazon ElastiCache for workloads that require blazing-fast performance with sub-millisecond latency and high throughput. Now, with Graviton2 T4g, M6g and R6g instances, customers can enjoy up to a 45% price/performance improvement over previous generation instances.
Additionally, you can now use data tiering for Amazon ElastiCache for Redis as a lower cost way to scale your clusters to up to hundreds of terabytes of capacity in the Europe (Paris) region. Data tiering provides a new price-performance option for Redis workloads by utilizing lower-cost solid state drives (SSDs) in each cluster node in addition to storing data in memory. It is ideal for workloads that access up to 20% of their overall dataset regularly, and for applications that can tolerate additional latency when accessing data on SSD. ElastiCache data tiering is available when using Redis version 6.2 and above on Graviton2-based R6gd nodes. R6gd nodes have nearly 5x more total capacity (memory + SSD) and can help you achieve over 60% savings when running at maximum utilization compared to R6g nodes (memory only).
Amazon Relational Database Service (Amazon RDS) for PostgreSQL now supports PostgreSQL minor versions 14.3, 13.7, 12.11, 11.16, and 10.21. We recommend you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of PostgreSQL, and to benefit from the bug fixes, performance improvements, and new functionality added by the PostgreSQL community. Please refer to the PostgreSQL community announcement for more details about the release.
This PostgreSQL release also includes updates for existing supported PostgreSQL extensions: pglogical extension is updated to 2.4.1, pg_hint_plan extension is updated to 1.4, and hll extension is updated to 2.16. Please see the list of supported extensions in the Amazon RDS User Guide for specific versions.
You can leverage automatic minor version upgrades to automatically upgrade your databases to more recent minor versions during scheduled maintenance windows. Learn more about upgrading your database instances, including automatic minor version upgrades, in the Amazon RDS User Guide.
Amazon RDS for PostgreSQL makes it easy to set up, operate, and scale PostgreSQL deployments in the cloud. See Amazon RDS for PostgreSQL Pricing for pricing details and regional availability. Create or update a fully managed Amazon RDS database in the Amazon RDS Management Console.
Third-party data providers on AWS Data Exchange can now import Amazon S3 assets up to 100GB in size, an increase from the former limit of 10GB. The increased asset size unlocks new use cases in Healthcare and Life Sciences, Financial Services, and Retail among other industries, because providers can now license genomics data, high volume financial data, and satellite imagery, which are often stored as assets that exceed 10GB.
This increased limit applies to all AWS regions where AWS Data Exchange is available. To learn more about AWS Data Exchange, a service that helps customers find, subscribe to and use third-party data in the cloud, please visit this page.
Amazon Keyspaces (for Apache Cassandra), a scalable, highly available, and fully managed Cassandra-compatible database service, is now available in the AWS GovCloud (US) Regions.
With Amazon Keyspaces, you can run your Cassandra workloads on Amazon Web Services (AWS) using the same Cassandra application code and developer tools that you use today. You don’t have to provision, patch, or manage servers, and you don’t have to install, maintain, or operate software. Amazon Keyspaces is serverless, so you pay for only the resources you use and the service can automatically scale tables up and down in response to application traffic. You can build applications that serve thousands of requests per second with virtually unlimited throughput and storage. When you use Amazon Keyspaces, data is encrypted by default and you can back up your table data continuously using point-in-time recovery.
AWS Lambda now provides tiered pricing for monthly Lambda function duration i.e. GB-Seconds of usage. The two additional pricing tiers provide discounts on your aggregate monthly on-demand function duration. Tiered pricing takes effect in the monthly billing cycle starting on Aug 1st, 2022.
Customers can now save up to 20% on Lambda function duration based on their monthly usage, for functions running on both x86, and Arm (powered by AWS Graviton). The pricing tiers are applied separately for duration of functions running on x86 and Arm, respectively, in each region. For example, if you are running x86 Lambda functions in the US East (Ohio) region, you will pay $0.0000166667 for every GB-second for the first 6 billion GB-seconds per month, $0.0000150000 for every GB-second for the next 9 billion GB-seconds per month, and $0.0000133334 for every GB-second over 15 billion GB-seconds per month, in that region. Pricing for Requests, Provisioned Concurrency, and Provisioned Concurrency Duration remains unchanged. Tiered pricing is applied automatically to your monthly bill - there is no action required on your part and no change to the AWS Management Console, AWS CLI, or AWS SDKs. If you’re taking advantage of Compute Savings Plans for your Lambda functions, tiered pricing discounts will be applied to your usage first, followed by Compute Savings Plans discounts.
AWS IoT Core now offers a new device provisioning console experience that enables customers a more intuitive way to select the best provisioning option for their IoT solution. You can now more easily navigate the device provisioning scenarios and follow a simple flow to create a provisioning template and configure permissions for a single or many devices. The updated user interface also gives you access to documentation, product information, and resources to assist you in choosing, creating, and managing your device provisioning flows in the same place.
AWS IoT Core is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices. When building an IoT solution, customers must provision their devices with X.509 certificates before securely connecting and communicating with AWS IoT Core. Provisioning refers to the process of registering devices with their digital certificates and permissions to access cloud resources and associating contextual information such as device serial numbers and location with registered digital identities. For example, for smart home applications, devices such as TVs, light bulbs, and thermostats must be provisioned with the cloud to prove their identities and interact with other cloud-connected products such as intelligent voice assistants.
Amazon Connect now includes the ability to report on agent schedule adherence, adding to the existing forecasting, capacity planning, and scheduling capabilities already in preview. With schedule adherence, you can measure how closely agents follow their planned schedule, providing insights that help you take action to improve agent productivity and customer satisfaction. For example, if agents were busier than expected, supervisors can use Amazon Connect schedule adherence to identify agents who forgot to take their breaks and remind them do so in the future to maintain performance and avoid burn out.
Amazon CloudWatch custom metrics now supports a 50x higher capacity allowing you to send up to 1,000 metrics per call at a 3x faster default call rate and specify 3x more dimensions (up to 30) per metric. Customers rely on CloudWatch custom metrics to capture application-specific data that complements the automatic metrics provided by CloudWatch based on the AWS services you are using. With these improvements, customers can send the same volume of data with fewer API requests, leading to reduced costs.
Modernizing applications often results in increased resources to monitor that generate more metrics. Likewise, customers often need to collect hundreds of metrics from applications running on their compute resources. With these custom metrics improvements, customers can batch metrics more efficiently when sending data to CloudWatch, resulting in fewer API requests and lower costs. The best way to optimize efficiency is to use the CloudWatch Agent which will automatically take advantage of these latest improvements to reduce API calls.
With the increased complexity of managing modern applications, customers need more flexibility when defining and analyzing custom metrics. Consequently, the maximum number of metric dimensions has been increased from 10 to 30. Customers can now add additional context to their metrics which can be used to troubleshoot issues using CloudWatch Metrics Insights. Customers can also create custom metrics from Embedded Metric Format (EMF) logs with up to 30 dimensions.
Amazon Lookout for Metrics uses machine learning (ML) to automatically monitor the metrics critical to your businesses with greater speed and accuracy than traditional methods used for anomaly detection. The service makes it easier to diagnose the root cause of anomalies such as unexpected dips in revenue, high rates of abandoned shopping carts, spikes in payment transaction failures, increases in new user sign-ups, and many more.
AWS Lookout for Metrics announces the increased in fixed quota from 50,000 to 500,000 metrics for you to ingest large dataset for anomaly detection and root cause analysis. Increase in fixed quota for 1 hour and 1 day detector will reduce the need to create multiple detectors and manually splitting the data before ingestion. You can request for the increased limits via submitting the form. The increased limits (after request is processed) will be reflected in your accounts automatically.
Amazon Comprehend is making it easier for customers to get started with custom entity recognition by reducing the annotation requirements for training their models. Amazon Comprehend is a natural language processing (NLP) service that provides APIs to extract key phrases, contextual entities, events, and sentiment from text. Entities refer to things in your document such as people, places, organizations, credit card numbers, and so on. Custom entity recognition (CER) in Amazon Comprehend enables you to train models with entities unique to your business in just a few easy steps. You can identify almost any kind of entity, simply by providing a sufficient number of details to train your model effectively.
Until today, you had to train an Amazon Comprehend custom entity recognizer with a minimum of 250 documents and 100 annotations per entity. Starting today, we are reducing the minimum requirements to train an Amazon Comprehend custom entity recognition model to 25 annotations per entity type. With our improved modeling behind the scenes, you can now start running your experiments with as low as 3 annotated documents, analyze preliminary results, and iterate by including additional annotations and documents. The reduced limits apply to the custom entity recognition models for plain-text documents only.
Amazon OpenSearch Service, with the availability of OpenSearch 1.3., now gives customers the ability to organize their logs, traces and visualizations in an application-centric view. Customers can also benefit from enhanced log monitoring support with live tailing of logs, the ability to see surrounding log data, and the ability to do powerful ad-hoc analysis of unformatted log data at query time.
Currently, developers managing observability data from multiple applications have no insights into their application context. They have to analyze logs and traces in separate interfaces, and use filters to limit scope to their application of interest, making it more difficult to correlate log and trace data. With the new application analytics interface, customers can now bring together logs, metrics and trace data under a configurable application context that simplifies the correlation and analysis of these data points. Customers can also set up multiple application views and visualize the relevant logs and traces in one place. Application views also make it easy to correlate logs and traces with new OpenTelemetry TraceID correlation capabilities. Users can set thresholds for application availability, receive alerts and drill into the details of application behavior across traces and logs. Please see the documentation for more information on application analytics.
Today, developers interested in going beyond log analysis to log monitoring must use external tools for log tailing and log surround. Log tailing allows users to see a continuously updated stream of log data without having to manually refresh their view. Log surround means users no longer have to manually determine which events are connected because contextual information is accessible with a single click. This release supports log tailing and log surround features to help users cut down on root cause analysis (RCA) time.
AWS are excited to announce the general availability of AWS Compute Optimizer in 5 additional regions — Asia Pacific (Osaka), Asia Pacific (Hong Kong), Middle East (Bahrain), Africa (Cape Town), and Europe (Milan).
AWS Compute Optimizer helps you choose optimal configurations for three types of AWS resources, Amazon Elastic Compute Cloud (EC2) instance types, Amazon Elastic Block Store (EBS) volumes, and AWS Lambda functions, based on your utilization data.
AWS Compute Optimizer is now available in a total of 21 AWS Regions. You can start using AWS Compute Optimizer through the AWS Management Console, AWS CLI, or AWS SDK. For more information about AWS Compute Optimizer, please visit the homepage and the user guide.
AWS Microservice Extractor for .NET simplifies the process of refactoring older monolithic applications into smaller code projects to build a microservices-based architecture. Modernize and transform your applications with an assistive tool that analyzes source code and runtime metrics to create a visual representation of your application and its dependencies. With Microservice Extractor providing automated recommendations, developers get guided experience to refactor legacy applications. Instead of the developer needing to identify and group classes in source code manually for extraction, Microservice Extractor now identifies common extraction candidates using heuristics-based techniques, and highlights those in visualization. These recommendations can be used as is or used as a starting point to extract microservices off of monolithic codebase. Thus, automated recommendations from Microservice Extractor helps to speed up refactoring large applications even if the developer is unfamiliar with the codebase.
The recommendations are based on three common patterns seen in the codebase.
User interface adjacent nodes: Microservice Extractor highlights classes that are directly invoked from the legacy application’s user-interface (UI) layer, such as controller type classes in MVC (Model-View-Controller) type application. These classes can be the starting point for any extraction because those allow the developer to create a microservice based on the first user touchpoint within the application.
Data adjacent nodes: Microservice Extractor categorizes classes that are data adjacent. Any class that is pulling data from a persistent storage such as database or file system will be labelled as a data adjacent node. For MVC applications, these are Entity Framework (EF) nodes.
Domain nodes: Microservice extractor heuristically detects domain objects in an application (e.g., Product, Customer, etc...). These objects, following domain driven design concepts, allows developer to carve out a microservice based on each domain object.
Learn more on our product page and in the documentation, and download today to start modernizing your .NET applications with AWS.
Amazon Relational Database Service (Amazon RDS) for Oracle now supports the April 2022 Patch Set Update (PSU) for Oracle Database 12.1 and Release Updates (RU) for Oracle Database 19c and 21c.
Oracle PSUs contain bug fixes and other critical security updates. Beginning with Oracle Database version 188.8.131.52, Amazon RDS for Oracle supports Release Updates (RU) in place of the PSU. To learn more about the Oracle PSUs supported on Amazon RDS for each engine versions, see the Amazon RDS for Oracle Release notes. If the auto minor version upgrade (AmVU) option is enabled, the DB instance is upgraded to the latest quarterly PSU or RU six to eight weeks after it is made available by Amazon RDS for Oracle in your AWS region. These upgrades will happen during the maintenance window. To learn more, see the Amazon RDS maintenance window documentation.
AWS are happy to announce the preview of Amazon WorkSpaces integration with SAML 2.0. WorkSpaces is a fully managed desktop virtualization service for Windows and Linux that enables you to access resources from any supported device. As an administrator, you can now enable SAML 2.0 authentication on your WorkSpaces directory to control end user access to desktops by using your SAML 2.0 identity provider (IdP).
With SAML 2.0 authentication, your end users can access their WorkSpaces desktops by authenticating to your IdP using their default web browser. The feature enables a consistent and familiar experience for end users who already authenticate to your IdP to access other enterprise applications in addition to WorkSpaces. SAML 2.0 authentication allows you to extend security features available from your IdP to WorkSpaces, including multi-factor authentication (MFA) and contextual access.
There are no additional charges for using SAML 2.0 authentication with WorkSpaces. The SAML 2.0 authentication preview is available in US East (N Virginia), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), and Europe (London) Regions. End users will be able to access their WorkSpaces with SAML 2.0 authentication by using the latest WorkSpaces client application versions for Windows and macOS.
Join the preview
To learn more and get started with SAML 2.0 authentication for WorkSpaces, see Networking and access in the Amazon WorkSpaces Administration Guide. During the preview, you can configure SAML 2.0 authentication on your WorkSpaces directory using the AWS CLI or WorkSpaces API.
Connections to AWS Secrets Manager now support hybrid post-quantum key establishment using Kyber for transport layer security (TLS) from Round 3 of the NIST Post-Quantum Cryptography (PQC) selection process. This allows you to measure the potential performance impact of the post-quantum algorithm. You can also benefit from the longer-term confidentiality afforded by hybrid post-quantum TLS.
Hybrid post-quantum TLS combines a classical key agreement, such as ECDHE, with a post-quantum key encapsulation mechanism, in this case Kyber, which NIST has selected for future standardization. The result is that your TLS connections inherit the security properties of both the classical and post-quantum key exchanges.
Hybrid post-quantum TLS for connecting to AWS Secrets Manager is available in all AWS Regions except for AWS GovCloud (US), AWS China (Beijing) region, operated by Sinnet, and AWS China (Ningxia) region, operated by NWCD. This hybrid post-quantum TLS cipher performs an additional post-quantum key exchange during the TLS handshake while connecting to Secrets Manager API endpoints
AWS Config now supports an easier way to author custom AWS Config rules using AWS CloudFormation Guard (cfn-guard). With this release, users with limited programming experience can use Guard to define and review custom policies that check your resources have desired configurations. AWS Config rules are a way of creating and implementing compliance policies against resource configurations. Currently, AWS Config offers both managed rules, which AWS builds and maintains to meet common compliance use cases, and custom rules, which users create to meet their specific compliance needs. Guard is an open source tool offering policy-as-code, such that users can define policies to validate JSON- or YAML-formatted data using a domain-specific language (DSL).
Previously, to create a custom rule, you would have to define an AWS Lambda function, typically in languages such as Java or Python. Now, you can author AWS Config custom rules using Guard DSL without needing to develop AWS Lambda functions. Security and compliance administrators have a simpler way to write custom logic which reflects the compliance needs your organization has defined for itself.
To get started, you can use the AWS Config console to create your own AWS Config rule through the ‘Add rule’ workflow. The rule logic will be validated for correctness prior to deployment such that you do not have to perform error checking for oversized configuration items or deleted resources; Guard also simplifies permissioning to place the rules in your account. As a result, AWS Config rules using Guard removes the complexity of rule authoring, reducing overall development time for rules. Once the rule is deployed, you will be able to view logs of resource compliance status based on your rule evaluations in AWS Config.
AWS Amplify is announcing a developer preview to expand Flutter support to web and desktop, starting with the Authentication category. With this release, developers can use Amplify to create new Flutter apps that support web and desktop in addition to mobile platforms. Developers can also extend existing mobile Amplify Flutter projects to support web and desktop.
With this developer preview version, developers can use a single codebase with the Amplify Authentication category to build Flutter apps that target iOS, Android, web, and desktop (Mac, Linux, Windows). Our Authenticator UI library has also been upgraded to support Flutter web and desktop, providing developers with a sign in/sign up experience that works across iOS, Android, web, and desktop with minimal configurations. We will be expanding web and desktop support for the rest of Amplify Flutter categories in future releases.
AWS now offers fully-compliant, Amazon-provided licenses for Microsoft Visual Studio Enterprise 2022 and Microsoft Visual Studio Professional 2022 Amazon Machine Images (AMIs) on Amazon Elastic Compute Cloud (Amazon EC2). These AMIs are now available on the Amazon EC2 console and on AWS Marketplace, to launch instances on-demand without any long-term licensing commitments. Amazon EC2 provides a broad choice of instances and you not only have the flexibility of paying for what your end users use, you can also provide the capacity and right hardware to your end-users. For enterprises that employ large teams of contractors, you can easily provision standardized development machines managed by your IT with no compromises on security and compliance.
IT administrators or license administrators can easily manage Visual Studio access for their end users via AWS License Manager. Administrators have the flexibility to modify the end user access on a monthly basis. For example, based on the stage of development, you can spin up additional instances and provide access to end users or similarly, stop instances and remove user access. Customers using this feature will be billed per vCPU for the EC2 License Included Windows Server instance, and per-user per-month (non-prorated) for Visual Studio and Remote Desktop Services (RDS) Subscriber Access License (SAL) licenses.
VM Import/Export now supports migration of virtual machines that use Windows 11 operating system on AWS and launch instances using the imported images on EC2 Dedicated Hosts, and EC2 Dedicated Instances.
Windows 11 sets new hardware requirements for Unified Extensible Firmware Interface (UEFI), Trusted Platform Module (TPM) 2.0 and Secure Boot support. Using VM Import/Export, you can now import your Windows 11 images by specifying the boot mode to uefi.
There is no additional cost for using VM Import/Export. VMIE support for Windows 11 is available in AWS GovCloud (US) and all public AWS Regions, with the exception of Amazon Web Services Asia Pacific (Jakarta) Region. For more information on migrating Windows 11 - UEFI based virtual machines, refer to the VM Import/Export documentation. Read this blog to learn more about importing the Windows 11 images using VM Import/Export.
AWS Security Hub now allows you to designate an aggregation Region in AWS GovCloud (US) and link some or all regions to that aggregation region. This gives you a centralized view of all your security findings across your accounts and linked regions. After you link a region to the aggregation region, your findings are continuously synchronized between the regions. Any update to a finding in a linked region is replicated to the aggregation region, and any update to a finding in the aggregation region is replicated to the linked region where the finding originated.
Previously, you needed to have a separate Security Hub tab open for each AWS GovCloud (US) Region. Now, your Security Hub administrator or delegated administrator account can view and manage all of your findings in the aggregation region. Individual Security Hub member accounts in the aggregation region can also view and manage all of their findings across all linked regions.
Your Amazon EventBridge feed in your administrator account and aggregation region also now includes all of your findings across all member accounts and linked regions. This allows you to simplify integrations with ticketing, chat, incident management, logging, and auto-remediation tools by consolidating those integrations into your aggregation region. There is no additional cost to use this feature.
Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Config, AWS Health, AWS IAM Access Analyzer, as well as from over 65 AWS Partner Network (APN) solutions. You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. In addition, you can take action on these findings by investigating findings in Amazon Detective or AWS Systems Manager OpsCenter or by sending them to AWS Audit Manager or AWS Chatbot. You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.
Bottlerocket, a Linux-based operating system designed to run container workloads, is now available in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD.
Bottlerocket is an open-source Linux distribution purpose-built to host containers. It is optimized for this workload by including only the essential components and permissions needed to support the orchestrator and container runtime, yielding a rapid startup, smaller footprint, and reduced potential attack surface and lower overall management overhead.
Bottlerocket is an open source distribution with an open development model and community participation. Bottlerocket is available at no additional cost and is fully supported by Amazon Web Services. Please refer to the guides for EKS and ECS to get started using Bottlerocket.
Amazon Connect now enables contact center managers to view historical contact volumes and average handling time (AHT) in the forecasting UI. This new feature is part of Amazon Connect forecasting, capacity planning, and scheduling (preview) that helps contact center managers predict contact volumes and AHT, determine optimal staffing levels, and plan agent schedules to ensure they have the right agents at the right time. The ability to view historical contact volumes in the forecasting UI provides a quick way for contact center managers to identify any abnormality within forecasts and actuals.
Contact center managers can leverage this feature to compare forecasts with recent actuals (contact volume and AHT) and prior year actuals in the same view. When checking the “Variance” box in the forecasting setting UI, customers can also see a bar chart that shows where there are differences between forecasts and actuals, so that it’s easier for them to identify the gap, zoom into the specific time range, and override any actuals or forecasts if needed.
AWS Support launches a new AWS Support Center console URL https://support.console.aws.amazon.com/. Using this new URL ensures you can always contact AWS Support via the AWS Support Center Console, which is built using the latest architecture standards for high availability and region redundancy.
Customers on the AWS Commercial partition will be directed to this new URL when accessing AWS Support Center Console. In the unlikely event that you have specific firewall rules to access AWS Support, these rules must be updated to allow the new domain: “support.console.aws.amazon.com”.
QuickSight Authors can now customize the look and feel of their maps by changing to any of the new base maps supported by Amazon QuickSight.
Streets - Authors can now add location details with streets base map. This base map emphasizes legible styling for highways, major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.
Dark gray canvas - Authors can now choose between light (existing base) and dark (new) gray canvas letting them align maps to the overall style of the dashboard. With minimal colors, labels, and features, dark gray canvas base map is designed to draw attention to your data.
Imagery - Authors can choose to add more visual context to their map by choosing the Imagery base map. The satellite view of the world will help authors increase the understanding of the location data.
Google Cloud Releases and Updates
Access Approval supports Secret Manager in Preview stage.
Anthos clusters on AWS
You can now launch clusters with the following Kubernetes versions:
Anthos clusters on Azure
You can now launch clusters with the following Kubernetes versions:
Anthos clusters on bare metal
Anthos clusters on bare metal 1.12.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.1 runs on Kubernetes 1.23.
Increased default memory limits for coredns, metallb-controller, metallb-speaker, metrics-server, anthos-cluster-operator, and cap-controller-manager.
Modified the dashboards Anthos cluster pod status and Anthos cluster node status. Specifically, the following changes were made:
Replaced cadvisor resource metrics with summary API resource metrics.
Added cpu, memory, and volume utilization metrics.
If you have already installed these dashboards in a project, you need to download the JSON files Anthos-cluster-pod-status.json and Anthos-cluster-node-status.json from the Dashboards for Anthos GitHub repository. You then need to import these JSON files into Cloud Monitoring.
Apigee API Hub
On August 3, 2022 Apigee hub released a new version of the software.
The max_staleness materialized view option helps you achieve consistently high performance with controlled costs when processing large, frequently changing datasets. This feature is now in preview.
Cloud Data Loss Prevention
Cloud Functions has released Cloud Functions (2nd gen), available at the General Availability release level. Cloud Functions (2nd gen) is Google Cloud's next-generation Functions-as-a-Service offering. This new version of Cloud Functions comes with an advanced feature set, giving you more powerful infrastructure, advanced control over performance and scalability, more control around the functions runtime, and triggers from over 90 event sources.
See Cloud Functions version comparison for details.
Dedicated Interconnect support is available in the following colocation facilities:
- NXDATA-1 Bucharest Romania (BU1), Bucharest
- TIS Lammed, Tel Aviv
- Bitech SDS, Tel Aviv
For more information, see the Locations table.
Cloud Load Balancing
Customer-managed encryption key (CMEK) organization policy constraints are now generally available (GA).
- allows you to control which resources require the use of CMEK.
constraints/gcp.restrictCmekCryptoKeyProjectsallows you to control the projects from which a Cloud KMS key can be used to validate requests.
- You can use both constraints together to enforce the use of CMEK from allowed projects.
New commands are now available
gcloud alpha storage.
- Commands include the ability to create buckets, view metadata for buckets and objects, and edit metadata for buckets and objects.
- Note that all Cloud Storage
gcloudcommands continue to be in Preview.
Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:
- Ashburn, Virginia, North America:
For more information about using GPUs on Compute Engine, see GPU platforms.
New sub-minor versions of Dataproc images:
Upgraded Hadoop to version 3.2.3 in 2.0 images.
Upgraded Hadoop to version 2.10.2 version 2.10.2 in 1.5 images.
Default MySQL instance root password changed to a random value in 1.5 and 2.0 images. New password is now stored in MySQL configuration file accessible only by the OS level root user.
Backported the patch for KNOX-1997 in 2.0 images.
Backported the patch for HIVE-19048 in 2.0 images.
The following versions are now available in the Stable channel:
Version 1.21.12-gke.2200 is now the default version in the Stable channel.
GKE total size control is now available in GKE version 1.24 clusters. For autoscaled node pools you can now set the minimum and maximum number of the total number of nodes across all zones, rather than specify a per zone limit. To learn more, see Cluster autoscaler.
The maximum number of Pods that can run on each node has increased from 110 to 256 with GKE version 1.23.5-gke.1300 or later. To learn more, see Optimizing IP address allocation.
Migrate to Virtual Machines
Several updates to Migrate to Virtual Machines:
Serving controls can now be imported from and exported to files. This allows you to move serving controls between projects and do bulk edits and additions of serving controls within a project. This feature is available in Preview.
See the new documentation:
TensorFlow Profiler integration: Debug model training performance for your custom training jobs. For details, see Profile model training performance using Profiler.
Workflows is available in the following additional regions:
southamerica-east1(Osasco, São Paulo, Brazil)
us-east4(Ashburn, Virginia, United States)
us-west4(Las Vegas, Nevada, United States)
Microsoft Azure Releases And Updates
Public preview enhancements and updates released for Azure SQL in early August 2022
Use the new migration tool to migrate workloads from Single to Flexible Server on Azure Database for PostgreSQL, a managed service running the open-source Postgres database on Azure.
Audit your restore actions on continuous mode in Azure Cosmos DB accounts.
Gain powerful tools for working with JSON formatted data in Redis through the RedisJSON module.
Azure Load Testing is in public preview in West US 2.
Use an Azure Policy to block the deployment of vulnerable images on AKS.
You can now completely stop specific user node pools and pick up later where you left off with a switch of a button, saving time and costs.
You can now create Windows-based node pools with FIPS 140-2 enabled.
General availability: Azure App Service Environment v3 support for custom domain suffix
Announcing the .NET 7 support for Azure functions in isolated process in public preview for Linux Consumption Plan.
Container insights customers using basic logs on the ContainerLogV2 schema (preview) can now get the same drill-in querying experience in the portal as with analytics logs at a reduced cost.
Public preview: Enable VM insights using Azure Monitor agent
Public preview for a version of VM insights that makes use of the new Azure Monitor agent and would replace the existing Log Analytics agent.
Introducing support for Azure Ultra Disks on Azure Dedicated Host.
Azure Monitor metric alerts with dynamic thresholds detection, leverages advanced machine learning (ML) to learn metrics' historical behavior and identify patterns and anomalies that indicate…
Azure Firewall Premium Intrusion Prevention System (IPS) certification from ICSA Labs is now generally available.
Log Analytics, a feature of Azure Monitor, is now generally available for you to start collecting telemetry and analyzing your services for health and usage in China North 3 and China East 3.
Set the configuration of your Azure Virtual Machine or Azure Arc-enabled server using the enforcement mode of machine configuration (formerly guest configuration).
Application Insights, a part of Azure Monitor, is now generally available in China North 3 and China East 3 regions for you to collect telemetry and analyze your service health in production environments.
Peer Route Server with network virtual appliances (NVAs) deployed behind an Azure Internal Load Balancer (ILB).
Announcing the public preview of confidential node pools on AKS with AMD SEV-SNP confidential VMs.
Pricing adjustment to bring value to our Azure customers in western US regions.
TARGET RETIREMENT DATE: DECEMBER 31, 2022
Updated announcement for Azure StorSimple 8000/1200 series end of life.
Decrease the cost of your transition to IPv6 when Azure Public IPv6 offerings go free on July 31 2022.
Have you tried Hava automated diagrams for AWS, Azure, GCP and Kubernetes. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure, GCP accounts or stand alone K8s clusters. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here: