This week's roundup of all the cloud news.
Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 10th December 2021
To stay in the loop, make sure you subscribe on the right - There's a new newsletter series starting soon that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
Amazon Route 53 is adding domain specific API actions: DeleteDomain and ListPrices. Sorting and filtering functions are also being added to the API action, ListDomains. The DeleteDomain API action is a function previously only available in the AWS Console.
AWS Network Firewall now supports AWS Managed Rules, which are groups of rules based on threat intelligence data, to enable you to stay up to date on the latest security threats without writing and maintaining your own rules.
The Amazon Elastic Block Store (EBS) Container Storage Interface (CSI) driver is now available in Amazon Elastic Kubernetes Service (Amazon EKS) add-ons in preview, enabling you to use the Amazon EKS console, CLI, and API to install and manage the add-on. This release is in addition to existing support for the Amazon VPC CNI networking plugin , CoreDNS and kube-proxy, and makes it easier to define consistent Kubernetes clusters and keep them up to date using Amazon EKS.
You can now enable data compression for capacity pool storage in Amazon FSx for NetApp ONTAP file systems
Amazon FSx for NetApp ONTAP now supports data compression for data stored within a file system’s capacity pool storage. Combined with FSx for ONTAP’s existing support for data deduplication and compaction, data compression enables you to reduce your storage costs for a wide spectrum of data sets — for example, you can reduce your costs for general-purpose file shares by 65%.
AWS App2Container (A2C) now supports containerization and deployment of .NET applications running on Linux. With this release, customers can use A2C to detect the .NET Core runtime version (.NET Core 3.1, .NET 5, .NET 6) and containerize the application using the corresponding runtime base images. Customers can take advantage of cost and performance benefits offered by Linux containers. Customers can continue to deploy these containerized applications to their choice of container platforms, Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), AWSFargate, and AWS App Runner using A2C.
Amazon Kinesis Data Analytics is now available in the Asia Pacific (Osaka) and Africa (Cape Town) regions.
Amazon Kinesis Data Analytics is now available in the Asia Pacific (Osaka) and Africa (Cape Town) regions.
Amazon FSx for NetApp ONTAP has now reduced the minimum file system throughput capacity from 512 MB/s to 128 MB/s, decreasing the minimum cost of an FSx for ONTAP file system by over 50%.
You can now use AWS Launch Wizard to lead you through a best practices deployment of Amazon Elastic Kubernetes Service (Amazon EKS). Amazon EKS runs the Kubernetes management infrastructure for you across multiple AWS Availability Zones to help eliminate a single point of failure. AWS Launch Wizard uses AWS Well-Architected Quick Start architectures to guide you through the sizing, configuration, and deployment of an Amazon EKS control plane, connecting worker nodes to the cluster, and configuring a bastion host for cluster admin operations. Additionally, the Launch Wizard deployment provides custom resources that enable you to deploy and manage your Kubernetes applications using AWS CloudFormation by declaring Kubernetes manifests or Helm charts directly in CloudFormation templates.
This week, Amazon Location Service added metadata for tracking position updates to help developers reduce cost, improve accuracy, and simplify the development of tracking applications. Amazon Location Service Trackers already make it easy for developers to build highly scalable device-tracking applications by enabling them to retrieve the current and historical location of their tracked devices, and automatically evaluate device-positions relative to linked areas of interest (geofences). With the new metadata feature, developers can enrich these applications with additional information about each device’s position, for example the speed, direction, or engine temperature of vehicles, by including three user-defined key-values pairs with each position update. They can retrieve this information for a device’s current or historical position directly from the Amazon Location Service Tracker, for example to analyze engine performance, without building additional systems and code to track this data. Developer can also receive this metadata in the Amazon EventBridge Entry and Exit event when tracked devices cross a geofence.
AWS IoT Core now supports caching of responses returned by customer’s Custom Authorizer Lambdas when using HTTP connections
You can now cache responses returned by your Custom Authorizer Lambdas when using AWS IoT Core Custom Authentication workflow for HTTP connections. Customers can now define a caching duration (i.e. refreshAfterInSecs) for responses returned by customers’ custom authorizer lambdas when using long-lived HTTP connections. AWS customers can set a “refreshAfterInSecs” between 5 mins and 24 hours to reduce custom authorizer lambda invocations. This feature enhancement helps customers reduce their custom authorizer lambda cost and makes the behavior for HTTP match with that of other protocols supported by AWS IoT Core.
Amazon Relational Database Service (Amazon RDS) for MariaDB now supports MariaDB minor versions 10.5.13, 10.4.22, 10.3.32, and 10.2.41. AWS recommend that you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of MariaDB, and to benefit from the numerous bug fixes, performance improvements, and new functionality added by the MariaDB community.
AWS Systems Manager announces new features for Session Manager to support maximum session timeout and annotate reason for starting the session
This week, AWS Systems Manager announced new features for Session Manager to support maximum session timeout and annotate the reason for starting a session. AWS Systems Manager is the operational hub for AWS, that provides a unified user interface to track and resolve operational issues across AWS applications from a central place. AWS Systems Manager Session Manager allows you to manage your EC2 instances, edge devices, and on-premise servers and virtual machines (VMs), using either an interactive browser based shell or command line.
You can now use AWS Launch Wizard to lead you through a best practices deployment of self-managed Remote Desktop Gateway (RD Gateway) on Amazon EC2. AWS Launch Wizard uses the AWS Well-Architected Framework to guide you through the sizing, configuration, and deployment of RD Gateway on the AWS Cloud, without the need to manually identify and provision individual AWS resources. RD Gateway employs Remote Desktop Protocol (RDP) over HTTPS which helps establishes a secure, encrypted connection between remote users and Amazon EC2 instances running Windows, without needing to configure a virtual private network (VPN). This helps reduce the attack surface on your Windows-based instances while providing a remote administration solution for administrators.
Starting today, Amazon EC2 C5n instances are available in AWS Africa (Cape Town) region.
Amazon DevOps Guru introduces enhanced analysis for Amazon Aurora databases and support for AWS tags as an application boundary
This week, AWS announced the general availability of AWS Wavelength on the Vodafone 4G/5G network in Germany. Wavelength Zones are now available in Berlin, Munich, and Dortmund. Developers, enterprises, and Independent Software Vendors (ISVs) can now use the AWS Wavelength Zones in Germany to build ultra-low latency applications for mobile devices and users. AWS Wavelength Zones on Vodafone’s 4G/5G network are now available in four cities across Europe, including the previously announced Wavelength Zone in London.
Right-size permissions for more roles in your account using IAM Access Analyzer to generate 50 fine-grained IAM policies per day
In April 2021, IAM Access Analyzer added policy generation to help you create IAM policies based on access activity found in your AWS CloudTrail. IAM Access Analyzer has now increased policy generation quotas to 50 per day to help you right-size permissions for more roles in your account. As you right-size permissions across multiple workloads in your account, you can now use policy generation across your roles to grant just the required permissions. To use IAM Access Analyzer policy generation, visit your role’s detail page and select “generate policy” to get started. When you request a policy, IAM Access Analyzer reviews your CloudTrail logs to identify the actions used and creates a fine-grained policy. Read the blog to learn more.
Amazon Comprehend Medical adds support for SNOMED CT and reduces pricing across all APIs by up to 90%
Amazon Comprehend Medical is a HIPAA-eligible natural language processing service that uses machine learning to extract health data from unstructured medical text accurately and quickly. Much of health data today is in free-form medical text like doctors’ notes, clinical trial reports, and patient health records. Manually extracting the data is a time consuming process that requires broad use of synonyms and nonstandard medical terms. As a result, data often remains unusable in large-scale analytics which is needed to advance healthcare and life sciences industry.
AWS End-of-support Migration Program (EMP) Now Supports Assisted Packaging for applications without installation media
AWS EMP now supports packaging for end-of-support (EOS) Windows Server applications where installation media is not available, through a guided user interface (UI) experience. With today’s release of the Guided Reverse Packaging (GRP) feature, customers can input files and folders related to the application and the tool will automatically search for dependencies such as registry keys and related files and present to the user for confirmation. Next, customers will have the ability to simulate typical application workflows to ensure the full scope of dependencies is captured. Customers can then generate the compatibility package needed to then be deployed onto a newer, supported version of Windows Server in EC2 with the running application.
Application Manager, a capability of AWS Systems Manager, announces a new feature for customers to report and visualize the cost of their applications through integration with AWS Cost Explorer. Application Manager is a central hub on AWS to create, view and operate applications from a single console. With Application Manager, customers can discover and manage their applications across multiple AWS services like AWS CloudFormation, AWS Launch Wizard, AWS Service Catalog App Registry, AWS Resource Groups, Amazon Elastic Kubernetes Service (Amazon EKS), and Amazon Elastic Container Service (Amazon ECS). Using this feature, IT professionals can now view the cost of their applications and application components within the Application Manager console.
This week, Amazon Location Service added Suggestions functionality.
The AWS Toolkit for VS Code now provides developers with convenient IDE functionality to connect to Amazon ECS containers and issue commands using Amazon ECS Exec . This allows VS Code users to directly interact with containers, such as running commands in or get a shell to an ECS container running on an Amazon EC2 instance or on AWS Fargate, without leaving their IDE. ECS Exec uses the AWS Systems Manager (SSM) Session Manager under the hood to establish a connection with the running container.
AWS Glue streaming extract, transform, and load (ETL) jobs can now read from AWS Glue Data Catalog tables created using the AWS Glue Schema Registry. With streaming ETL in AWS Glue, you can set up continuous ingestion pipelines to prepare streaming data on the fly and make it available for analysis in seconds. The AWS Glue Schema Registry allows you to centrally discover, control, and evolve data stream schemas. This integration streamlines the job setup process and simplifies schema enforcement.
This week AWS announced general availability of NICE EnginFrame 2021.0. NICE EnginFrame is an easy-to-use, web front-end that makes HPC job submission and management easier for customers. With this latest release, customers are able to use NICE EnginFrame across both on-premises and AWS environments using its new AWS HPC Connector feature. Where customers may have previously used NICE EnginFrame for these tasks on-premises and separately managed AWS resources for HPC using the AWS CLI or AWS Management Console, NICE EnginFrame customers can now manage all of these HPC workflows across both their on-premises and AWS environments using a single, unified interface.
Amazon Redshift has launched the ability to run a single-node RA3.xlplus cluster. Amazon Redshift RA3 clusters support many important features including Amazon Redshift Managed Storage (RMS), data sharing and AQUA. Single-node RA3.xlplus clusters allow you to take advantage of the most advanced Redshift features at a lower cost. You can migrate single-node DS2.xlarge or single-node DC2.large clusters to single-node RA3.xlplus clusters as part of a cross-instance Classic Resize function. You can also use cross-instance Classic Resize as part of the Reserved Instance (RI) Migration feature in the Amazon Redshift Console, CLI or API to migrate your single-node DS2.xlarge RI clusters to RA3.xlplus RI clusters without changes to the RI contract’s start or end dates and without incurring additional charges.
This week AWS released a new feature in AWS AppSync that allows customers to use custom domain names with their AWS AppSync GraphQL APIs.
Amazon S3 File Gateway now enables you to force-close locked files on SMB file shares on Amazon S3 File Gateway by providing access to local security groups. Amazon S3 File Gateway provides on-premises applications with file-based, cached access to virtually unlimited cloud storage using SMB and NFS protocols. End users and applications using files on SMB shares, may stop working on those files without closing them. This leaves the files in an open, or locked, state. Until now, gateway administrators did not have permissions to close these files.
AWS Systems Manager Fleet Manager now offers console based viewing and management of instance processes
Fleet Manager, a feature in AWS Systems Manager (SSM) that helps IT Admins streamline and scale their remote server management tasks, now offers an easy console-based experience for customers to view and manage processes on their instances. This new feature provides customers a consolidated view of the processes running on an instance coupled with the ability to assess their resource consumption in real-time and optimize operations through start/stop actions.
Amazon Polly is a service that turns text into lifelike speech. Today, we are excited to announce the general availability of a neural version of Takumi, Polly’s Japanese male text to speech (TTS) voice. Takumi neural TTS sounds natural, friendly and smooth. With this launch, you can now select from three unique Japanese TTS voices: Mizuki Standard, Takumi Standard and Takumi Neural.
Amazon Aurora R6g instances, powered by AWS Graviton2 processors, are now available in Europe (Milan), Europe (Paris), and Europe (Stockholm) Regions
AWS Graviton2-based R6g database instances are now available in Europe (Milan), Europe (Paris), and Europe (Stockholm) regions for Amazon Aurora MySQL-Compatible Edition and Amazon Aurora PostgreSQL-Compatible Edition.
You can now send AWS WAF logs directly to a CloudWatch Logs log group or to an Amazon S3 bucket. With this launch, we’re adding two new optional destinations for WAF logs in addition to Amazon Kinesis Data Firehose, which was already supported. When you use CloudWatch Logs as your WAF log destination, you can search and analyze WAF logs directly in the WAF console using CloudWatch Logs Insights. Using CloudWatch Logs Insights, you can view individual logs, compile aggregated reports, create visualizations, and construct dashboards.
Amazon Pinpoint now includes a one-time password (OTP) management feature. An OTP is an automatically generated string of characters that authenticates a user for a single login attempt or transaction. The OTP feature makes it easier to add OTP workflows to your application, site, or service. You can use this feature to generate new OTP codes and send them to your recipients as SMS text messages. Your applications can then call the Amazon Pinpoint API to validate that the OTP code the recipient entered is valid.
Google Cloud Releases and Updates
Access Transparency Logs
You can view Access Transparency logs for Google Workspace services in the Google Cloud Console. For more information, see Viewing Access Transparency logs for Google Workspace.
AI Platform Training
Runtime version 2.7 is available. You can use runtime version 2.7 to train with TensorFlow 2.7, scikit-learn 1.0.1, or XGBoost 1.5.0. Runtime version 2.7 supports training with CPUs, GPUs, or TPUs.
Anthos on Bare Metal
Anthos Config Management
The Config Sync feature to render Kustomize configurations and Helm charts is generally available (GA). To learn more, see Use a repo with Kustomize configurations and Helm charts.
The Policy Controller feature to support mutation is generally available (GA). To learn more, see Mutate Resources.
Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: c36e3d8).
nomos migrate to easily enable the RootSync and RepoSync APIs in the cluster. These APIs provide you with additional features and gives you the flexibility to sync to a single repository, or multiple repositories.
Added a new metric
pipeline_error_observed to capture if there is any error from different stages: rendering, sync, source, readiness.
nomos status surfaces messages from resource conditions when the managed resources are not ready or healthy.
Anthos Service Mesh
1.12.0-asm.3 is now available.
Managed Anthos Service Mesh isn't rolling out to the rapid release channel at this time. You can periodically check this page for the announcement of the rollout of Managed Anthos Service Mesh to the rapid channel. See Select a managed Anthos Service Mesh release channel for more information.
Anthos Service Mesh now supports the Certificate Authority Service integration on on-premises platforms (both Anthos on VMware and bare metal). See install and upgrade with default features and CA Service.
Anthos Service Mesh now supports deploying a proxy built on the distroless base image. The distroless base image ensures that the proxy image contains the minimal number of packages required to run the proxy. This improves security posture by reducing the overall attack surface of the image and gets cleaner results with CVE scanners. See Distroless proxy image for more information.
For unmanaged Anthos Service Mesh installations, the installer will automatically set up the default tag (the
istio-default-validator webhooks). When the default tag exists, it is possible to use the
istio-injection=enabled namespace label and the
sidecar.istio.io/inject workload label to enable sidecar injection for that revision.
App Engine standard environment Go
- Updated Go SDK to version 1.9.72.
- Added ARM version support for app-engine-go component.
GKEAnomaly detection in BigQuery ML is now generally available (GA). You can use the ML.DETECT_ANOMALIES function with the ARIMA_PLUS model to detect anomalies in time-series data. You can also use this function with the K-means, Autoencoder, or PCA models to detect anomalies in independent and identically distributed (IID) data.
Autoscaling for Cloud Bigtable is now generally available (GA). Autoscaling helps prevent over-provisioning or under-provisioning by letting Cloud Bigtable automatically add or remove nodes to a cluster when usage changes. In addition, new metrics are available to help you understand how autoscaling is working.
You can now use customer managed encryption keys (CMEK) in Cloud Bigtable instances that are replicated across multiple regions. Previously, CMEK was limited to instances that had clusters in a single region. This feature is generally available (GA).
Google delay switching Python 3.6 to Python 3.8 in Cloud Composer images with Airflow 1.10.15. This change will happen in February 2022. For existing environments, migration from Python 3.6 to 3.8 will happen during the upgrade process. New environments will use Python 3.8.
Cloud SQL for MySQL / PostgreSQL / SQL Server
Cloud SQL for MySQL now supports point-in-time recovery using a timestamp. See Point-in-time recovery.
You can now see the database minor version when viewing information about an instance. See Database versions and version policies for a list of the latest supported versions.
The Dialogflow CX simulator now provides page lifecycle navigation to help you understand the execution steps taken for each conversational turn.
- Version 1.20.11-gke.1300 is now the default version in the Stable channel.
Network Intelligence Center
It is now possible to export Firewall Insights data in CSV format. For details, see Exporting insights.
Extended topic retention allows you to retain published messages for a maximum of 31 days.
For more information, see Topic message retention.
Security Command Centre
Event Threat Detection, a built-in service of Security Command Center, released the Exfiltration: BigQuery Data Extraction rule. This rule is available in Preview. It detects events where an organization's BigQuery data is exported to an externally visible Cloud Storage bucket. For more information, see Event Threat Detection rules.
Storage Transfer Service
Storage Transfer Service now offers Preview support for detailed logging for objects copied between AWS S3, Azure Blob, ADLS Gen 2, and Cloud Storage. With detailed logs of individual objects available in Cloud Logging, you can verify what was transferred and perform additional data integrity checks. This launch simplifies monitoring, reporting, and troubleshooting. Read Configure transfer logs for details.
VPC Service Controls
Beta stage support for the following integration:
Resource limits for variable memory and argument size have been increased to 256 KB.
Microsoft Azure Releases And Updates
Azure Storage: Secure access to storage account from a virtual network/subnet in any region now in public preview
This preview enables secure access to your storage account by configuring virtual network rules in the storage firewall that allow access from subnets in any Azure region of your choice.
Azure Storage: Attribute-based Access Control (ABAC) conditions with principal attributes now in public preview
Attribute-based Access Control (ABAC) is an authorization mechanism that defines access levels based on attributes associated with security principals, resources, requests or the environment. You can now use Azure AD custom security attributes for principals in role assignment conditions for Azure Storage, along with resource and request attributes.
Improving customer interactions across apps with Microsoft Teams and Azure Communication Services interoperability.
TARGET AVAILABILITY: Q4 2023
Transition to the new Azure 'HDInsight API 2021-06-01' before 30 November 2024.
Immutable storage with versioning is now generally available. Set time-based policies or legal holds on data so that the data becomes non-erasable and non-modifiable and protect all versions of a blob.
Azure Monitor containers insights preview version for Azure Red Hat OpenShift v4.x will be retired by 31 May 2022
TARGET RETIREMENT DATE: JUNE 01, 2022
Transition to Container Insights by 31 May 2022.
A new feature now available in general availability includes Manage Azure Machine Learning resource using Hashicorp Terraform
Azure Availability Zones are now generally available in India Central. These three new zones provide customers with options for additional resiliency and tolerance to infrastructure impact.
Take multi-disk consistent point in time snapshots of all the disks attached to a VM for backup and disaster recovery purposes.
New enhancements and updates released for general availability (GA) in Microsoft Defender for Cloud in November 2021.
Public preview enhancements and updates released for Microsoft Defender for Cloud in November 2021.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: