In Cloud Computing This Week [Dec 10th 2021]

Amazon Route 53 is adding domain specific API actions: DeleteDomain and ListPrices. Sorting and filtering functions are also being added to the API action, ListDomains. The DeleteDomain API action is a function previously only available in the AWS Console.

AWS Network Firewall now supports AWS Managed Rules, which are groups of rules based on threat intelligence data, to enable you to stay up to date on the latest security threats without writing and maintaining your own rules.

The Amazon Elastic Block Store (EBS) Container Storage Interface (CSI) driver is now available in Amazon Elastic Kubernetes Service (Amazon EKS) add-ons in preview, enabling you to use the Amazon EKS console, CLI, and API to install and manage the add-on. This release is in addition to existing support for the Amazon VPC CNI networking plugin , CoreDNS and kube-proxy, and makes it easier to define consistent Kubernetes clusters and keep them up to date using Amazon EKS.

Amazon FSx for NetApp ONTAP now supports data compression for data stored within a file system’s capacity pool storage. Combined with FSx for ONTAP’s existing support for data deduplication and compaction, data compression enables you to reduce your storage costs for a wide spectrum of data sets — for example, you can reduce your costs for general-purpose file shares by 65%.

AWS App2Container (A2C) now supports containerization and deployment of .NET applications running on Linux. With this release, customers can use A2C to detect the .NET Core runtime version (.NET Core 3.1, .NET 5, .NET 6) and containerize the application using the corresponding runtime base images. Customers can take advantage of cost and performance benefits offered by Linux containers. Customers can continue to deploy these containerized applications to their choice of container platforms, Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), AWSFargate, and AWS App Runner using A2C.

Amazon Kinesis Data Analytics is now available in the Asia Pacific (Osaka) and Africa (Cape Town) regions.

Amazon FSx for NetApp ONTAP has now reduced the minimum file system throughput capacity from 512 MB/s to 128 MB/s, decreasing the minimum cost of an FSx for ONTAP file system by over 50%.

You can now use AWS Launch Wizard to lead you through a best practices deployment of Amazon Elastic Kubernetes Service (Amazon EKS). Amazon EKS runs the Kubernetes management infrastructure for you across multiple AWS Availability Zones to help eliminate a single point of failure. AWS Launch Wizard uses AWS Well-Architected Quick Start architectures to guide you through the sizing, configuration, and deployment of an Amazon EKS control plane, connecting worker nodes to the cluster, and configuring a bastion host for cluster admin operations. Additionally, the Launch Wizard deployment provides custom resources that enable you to deploy and manage your Kubernetes applications using AWS CloudFormation by declaring Kubernetes manifests or Helm charts directly in CloudFormation templates.

This week, Amazon Location Service added metadata for tracking position updates to help developers reduce cost, improve accuracy, and simplify the development of tracking applications. Amazon Location Service Trackers already make it easy for developers to build highly scalable device-tracking applications by enabling them to retrieve the current and historical location of their tracked devices, and automatically evaluate device-positions relative to linked areas of interest (geofences). With the new metadata feature, developers can enrich these applications with additional information about each device’s position, for example the speed, direction, or engine temperature of vehicles, by including three user-defined key-values pairs with each position update. They can retrieve this information for a device’s current or historical position directly from the Amazon Location Service Tracker, for example to analyze engine performance, without building additional systems and code to track this data. Developer can also receive this metadata in the Amazon EventBridge Entry and Exit event when tracked devices cross a geofence.

You can now cache responses returned by your Custom Authorizer Lambdas when using AWS IoT Core Custom Authentication workflow for HTTP connections. Customers can now define a caching duration (i.e. refreshAfterInSecs) for responses returned by customers’ custom authorizer lambdas when using long-lived HTTP connections. AWS customers can set a “refreshAfterInSecs” between 5 mins and 24 hours to reduce custom authorizer lambda invocations. This feature enhancement helps customers reduce their custom authorizer lambda cost and makes the behavior for HTTP match with that of other protocols supported by AWS IoT Core.

Amazon Relational Database Service (Amazon RDS) for MariaDB now supports MariaDB minor versions 10.5.13, 10.4.22, 10.3.32, and 10.2.41. AWS recommend that you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of MariaDB, and to benefit from the numerous bug fixes, performance improvements, and new functionality added by the MariaDB community.

This week, AWS Systems Manager announced new features for Session Manager to support maximum session timeout and annotate the reason for starting a session. AWS Systems Manager is the operational hub for AWS, that provides a unified user interface to track and resolve operational issues across AWS applications from a central place. AWS Systems Manager Session Manager allows you to manage your EC2 instances, edge devices, and on-premise servers and virtual machines (VMs), using either an interactive browser based shell or command line.

You can now use AWS Launch Wizard to lead you through a best practices deployment of self-managed Remote Desktop Gateway (RD Gateway) on Amazon EC2. AWS Launch Wizard uses the AWS Well-Architected Framework to guide you through the sizing, configuration, and deployment of RD Gateway on the AWS Cloud, without the need to manually identify and provision individual AWS resources. RD Gateway employs Remote Desktop Protocol (RDP) over HTTPS which helps establishes a secure, encrypted connection between remote users and Amazon EC2 instances running Windows, without needing to configure a virtual private network (VPN). This helps reduce the attack surface on your Windows-based instances while providing a remote administration solution for administrators.

Starting today, Amazon EC2 C5n instances are available in AWS Africa (Cape Town) region.

Amazon DevOps Guru now supports enhanced analysis for Amazon Aurora databases, a new Machine Learning (ML) powered capability, as part of Amazon DevOps Guru for RDS.

This week, AWS announced the general availability of AWS Wavelength on the  Vodafone 4G/5G network in Germany. Wavelength Zones are now available in Berlin, Munich, and Dortmund. Developers, enterprises, and Independent Software Vendors (ISVs) can now use the AWS Wavelength Zones in Germany to build ultra-low latency applications for mobile devices and users. AWS Wavelength Zones on Vodafone’s 4G/5G network are now available in four cities across Europe, including the previously announced Wavelength Zone in London.

In April 2021, IAM Access Analyzer added policy generation to help you create IAM policies based on access activity found in your AWS CloudTrail. IAM Access Analyzer has now increased policy generation quotas to 50 per day to help you right-size permissions for more roles in your account. As you right-size permissions across multiple workloads in your account, you can now use policy generation across your roles to grant just the required permissions. To use IAM Access Analyzer policy generation, visit your role’s detail page and select “generate policy” to get started. When you request a policy, IAM Access Analyzer reviews your CloudTrail logs to identify the actions used and creates a fine-grained policy. Read the blog to learn more.

Amazon Comprehend Medical is a HIPAA-eligible natural language processing service that uses machine learning to extract health data from unstructured medical text accurately and quickly. Much of health data today is in free-form medical text like doctors’ notes, clinical trial reports, and patient health records. Manually extracting the data is a time consuming process that requires broad use of synonyms and nonstandard medical terms. As a result, data often remains unusable in large-scale analytics which is needed to advance healthcare and life sciences industry.

AWS EMP now supports packaging for end-of-support (EOS) Windows Server applications where installation media is not available, through a guided user interface (UI) experience. With today’s release of the Guided Reverse Packaging (GRP) feature, customers can input files and folders related to the application and the tool will automatically search for dependencies such as registry keys and related files and present to the user for confirmation. Next, customers will have the ability to simulate typical application workflows to ensure the full scope of dependencies is captured. Customers can then generate the compatibility package needed to then be deployed onto a newer, supported version of Windows Server in EC2 with the running application.

Application Manager, a capability of AWS Systems Manager, announces a new feature for customers to report and visualize the cost of their applications through integration with AWS Cost Explorer. Application Manager is a central hub on AWS to create, view and operate applications from a single console. With Application Manager, customers can discover and manage their applications across multiple AWS services like AWS CloudFormation, AWS Launch Wizard, AWS Service Catalog App Registry, AWS Resource Groups, Amazon Elastic Kubernetes Service (Amazon EKS), and Amazon Elastic Container Service (Amazon ECS). Using this feature, IT professionals can now view the cost of their applications and application components within the Application Manager console.

This week, Amazon Location Service  added Suggestions functionality.

The AWS Toolkit for VS Code now provides developers with convenient IDE functionality to connect to Amazon ECS containers and issue commands using Amazon ECS Exec . This allows VS Code users to directly interact with containers, such as running commands in or get a shell to an ECS container running on an Amazon EC2 instance or on AWS Fargate, without leaving their IDE. ECS Exec uses the AWS Systems Manager (SSM) Session Manager under the hood to establish a connection with the running container.

AWS Glue streaming extract, transform, and load (ETL) jobs can now read from AWS Glue Data Catalog tables created using the AWS Glue Schema Registry. With streaming ETL in AWS Glue, you can set up continuous ingestion pipelines to prepare streaming data on the fly and make it available for analysis in seconds. The AWS Glue Schema Registry allows you to centrally discover, control, and evolve data stream schemas. This integration streamlines the job setup process and simplifies schema enforcement.

This week AWS announced general availability of NICE EnginFrame 2021.0. NICE EnginFrame is an easy-to-use, web front-end that makes HPC job submission and management easier for customers. With this latest release, customers are able to use NICE EnginFrame across both on-premises and AWS environments using its new AWS HPC Connector feature. Where customers may have previously used NICE EnginFrame for these tasks on-premises and separately managed AWS resources for HPC using the AWS CLI or AWS Management Console, NICE EnginFrame customers can now manage all of these HPC workflows across both their on-premises and AWS environments using a single, unified interface.

Amazon Redshift has launched the ability to run a single-node RA3.xlplus cluster. Amazon Redshift RA3 clusters support many important features including Amazon Redshift Managed Storage (RMS), data sharing and AQUA. Single-node RA3.xlplus clusters allow you to take advantage of the most advanced Redshift features at a lower cost. You can migrate single-node DS2.xlarge or single-node DC2.large clusters to single-node RA3.xlplus clusters as part of a cross-instance Classic Resize function. You can also use cross-instance Classic Resize as part of the Reserved Instance (RI) Migration feature in the Amazon Redshift Console, CLI or API to migrate your single-node DS2.xlarge RI clusters to RA3.xlplus RI clusters without changes to the RI contract’s start or end dates and without incurring additional charges.

This week AWS released a new feature in AWS AppSync that allows customers to use custom domain names with their AWS AppSync GraphQL APIs.

Amazon S3 File Gateway now enables you to force-close locked files on SMB file shares on Amazon S3 File Gateway by providing access to local security groups. Amazon S3 File Gateway provides on-premises applications with file-based, cached access to virtually unlimited cloud storage using SMB and NFS protocols. End users and applications using files on SMB shares, may stop working on those files without closing them. This leaves the files in an open, or locked, state. Until now, gateway administrators did not have permissions to close these files.

Fleet Manager, a feature in AWS Systems Manager (SSM) that helps IT Admins streamline and scale their remote server management tasks, now offers an easy console-based experience for customers to view and manage processes on their instances. This new feature provides customers a consolidated view of the processes running on an instance coupled with the ability to assess their resource consumption in real-time and optimize operations through start/stop actions.

Amazon Polly is a service that turns text into lifelike speech. Today, we are excited to announce the general availability of a neural version of Takumi, Polly’s Japanese male text to speech (TTS) voice. Takumi neural TTS sounds natural, friendly and smooth. With this launch, you can now select from three unique Japanese TTS voices: Mizuki Standard, Takumi Standard and Takumi Neural.

AWS Graviton2-based R6g database instances are now available in Europe (Milan), Europe (Paris), and Europe (Stockholm) regions for Amazon Aurora MySQL-Compatible Edition and Amazon Aurora PostgreSQL-Compatible Edition.

You can now send AWS WAF logs directly to a CloudWatch Logs log group or to an Amazon S3 bucket. With this launch, we’re adding two new optional destinations for WAF logs in addition to Amazon Kinesis Data Firehose, which was already supported. When you use CloudWatch Logs as your WAF log destination, you can search and analyze WAF logs directly in the WAF console using CloudWatch Logs Insights. Using CloudWatch Logs Insights, you can view individual logs, compile aggregated reports, create visualizations, and construct dashboards.

Amazon Pinpoint now includes a one-time password (OTP) management feature. An OTP is an automatically generated string of characters that authenticates a user for a single login attempt or transaction. The OTP feature makes it easier to add OTP workflows to your application, site, or service. You can use this feature to generate new OTP codes and send them to your recipients as SMS text messages. Your applications can then call the Amazon Pinpoint API to validate that the OTP code the recipient entered is valid. 

Azure Storage: Secure access to storage account from a virtual network/subnet in any region now in public preview

This preview enables secure access to your storage account by configuring virtual network rules in the storage firewall that allow access from subnets in any Azure region of your choice.

Azure Storage: Attribute-based Access Control (ABAC) conditions with principal attributes now in public preview

Attribute-based Access Control (ABAC) is an authorization mechanism that defines access levels based on attributes associated with security principals, resources, requests or the environment. You can now use Azure AD custom security attributes for principals in role assignment conditions for Azure Storage, along with resource and request attributes.

General availability: Azure Communication Services interoperability with Microsoft Teams

Improving customer interactions across apps with Microsoft Teams and Azure Communication Services interoperability.

Immutable storage with versioning for Blob Storage is now generally available

Immutable storage with versioning is now generally available. Set time-based policies or legal holds on data so that the data becomes non-erasable and non-modifiable and protect all versions of a blob.

Azure Machine Learning – December 2021 general availability

A new feature now available in general availability includes Manage Azure Machine Learning resource using Hashicorp Terraform

Public preview availability of Virtual Machine restore points

Take multi-disk consistent point in time snapshots of all the disks attached to a VM for backup and disaster recovery purposes.

Microsoft Defender for Cloud: General availability updates for November 2021

New enhancements and updates released for general availability (GA) in Microsoft Defender for Cloud in November 2021.

Microsoft Defender for Cloud: Public preview updates for November 2021

Public preview enhancements and updates released for Microsoft Defender for Cloud in November 2021.