Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 10th December 2021
To stay in the loop, make sure you subscribe on the right - There's a new newsletter series starting soon that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
Source: aws.amazon.com
Amazon Web Services (AWS) announced expansion of AWS Ground Station to the South America (São Paulo) Region with an AWS Ground Station antenna location in Punta Arenas, Chile in Preview. This is the 10th AWS Ground Station connected to the AWS Global Network. AWS Ground Station is a fully managed service that lets you control satellite communications, process satellite data, and scale your satellite operations. Global expansion to Punta Arenas now enables satellite owners and operators to connect with their satellites and process their space workloads more frequently. An additional AWS Ground Station location in the Southern Hemisphere reduces the time between contacts for Low-Earth Orbit satellites. Customers who operate from this region now have access to even lower latency processing capabilities. Governments, businesses, and universities can benefit from this more timely satellite data to make precise, data driven decisions.
This week, Amazon Lex announced language support for Portuguese, Brazilian Portuguese, and Mandarin Chinese. Amazon Lex is a service for building conversational interfaces into any application using voice and text. Amazon Lex provides deep learning powered automatic speech recognition (ASR) for converting speech to text, and natural language understanding (NLU) to recognize the intent of the text, to enable you to build applications with highly engaging user experiences and lifelike conversational interactions. With these new languages, you can build and expand your conversational experiences to better understand and engage your customer base.
Starting this week, Amazon Nimble Studio has added new features for customers deploying or updating their cloud-based studios. With additional support for Usage Based Licensing (UBL) from AWS Thinkbox Deadline, deeper Linux integration, and the Los Angeles Local Zone, Amazon Nimble Studio provides customers added functionality when deploying their cloud-based content creation studio.
This week, AWS announced the opening of two new Direct Connect locations in Jakarta, Indonesia. AWS customers in Indonesia can now establish dedicated network connections from their Indonesia premises to AWS to gain high-performance, secure access to other AWS Region (except Regions in China). With the announcement of Direct Connect locations in Indonesia, the Direct Connect Management Console and related documentation for Direct Connect have been localized to support the Bahasa language for Indonesia customers.
Amazon FinSpace now makes it even easier to start analyzing data with newly included financial services sample data, catalog configurations with taxonomy and metadata, capabilities to load your data into Amazon FinSpace, and the ability to run multiple Spark jobs in parallel.
Starting this week, Amazon EC2 C6i instances are available in these additional AWS Regions US West (N. California), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (London), Europe (Paris), and South America (São Paulo).C6i instances are powered by 3rd generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz, offering up to 15% better compute price performance over C5 instances for a wide variety of workloads, and always-on memory encryption using Intel Total Memory Encryption (TME). Designed for compute-intensive workloads, C6i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances. These instances are an ideal fit for compute-intensive workloads such as batch processing, distributed analytics, high performance computing (HPC), ad serving, highly scalable multiplayer gaming, and video encoding.
Amazon Lookout for Vision is excited to preview support for anomaly detection at the edge. Starting today, you can use your trained Amazon Lookout for Vision models on the edge by deploying these models to a hardware device of your choice. Your trained models can be deployed on any NVIDIA Jetson edge appliance or x86 compute platform running Linux with an NVIDIA GPU accelerator. You can use AWS IoT Greengrass to deploy and manage your edge compatible customized models on your fleet of devices. AWS IoT Greengrass is an open-source edge runtime and cloud service for building, deploying, and managing device software.
Starting this week, Amazon EC2 M6i instances are available in additional AWS Regions Canada (Central) and Europe (London). Designed to provide a balance of compute, memory, storage and network resources, M6i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances. These instances are SAP-Certified and are ideal for workloads such as web and application servers, back-end servers supporting enterprise applications (e.g. Microsoft Exchange Server and SharePoint Server, SAP Business Suite, MySQL, Microsoft SQL Server, and PostgreSQL databases), gaming servers, caching fleets, as well as for application development environments.
Amazon EMR now supports using multiple custom Amazon Machine Images (AMI) when you mix Arm-based AWS Graviton2-based instances with non-Graviton2 based instances in a single cluster. This capability allows you to diversify across more instance types when using custom AMIs, helping improve your access to EC2 capacity for large clusters. Prior to this release, you could still mix multiple instance types within a cluster, but could not do so when using Custom AMIs. Custom AMIs enable you to preload additional software and libraries required by your applications, customize cluster and node configurations, and encrypt the EBS root device volumes of EC2 instances in your cluster.
Starting this week, Amazon EC2 R6i instances are available in additional AWS Regions US West (N. California), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (London), and Europe (Paris). Designed for memory-intensive workloads, R6i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances. R6i instances are powered by 3rd generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz, offer up to 15% better compute price performance over R5 instances, and always-on memory encryption using Intel Total Memory Encryption (TME). These instances are SAP-Certified and are ideal for workloads such as SQL and noSQL databases, distributed web scale in-memory caches like Memcached and Redis, in-memory databases like SAP HANA, and real time big data analytics like Hadoop and Spark clusters.
Anthos on Bare Metal
Anthos clusters on bare metal 1.8.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.8.7 runs on Kubernetes 1.20.
Anthos clusters on AWS
Anthos Clusters on AWS aws-1.10.0-gke.5 (previous generation) is now available.
Anthos clusters on AWS aws-1.10.0-gke.5 (previous generation) clusters run the following Kubernetes versions:
This release supports creating instances in the c5a, c5ad, i3en, m5a, m5ad, r5a, r5ad, and t3a families.
Kubernetes 1.18 is no longer supported. You can no longer launch Kubernetes 1.17 clusters. Your existing 1.17 clusters will continue to run.
This release fixes the following security issues:
This release fixes an earlier issue with 1.21 clusters that use both OIDC and an HTTP proxy.
To install Anthos Service Mesh, follow the steps in Connecting to your cluster before starting your Anthos Service Mesh installation.
You no longer need the ServiceUsageViewer role to install Anthos clusters on AWS.
Anthos Service Mesh
Managed Anthos Service Mesh now supports VPC Service Controls (VPC-SC) as a preview feature in the rapid channel. For more information, see Configure VPC Service Control for Managed Anthos Service Mesh.
1.11.5-asm.3 is now available.
Anthos Service Mesh 1.11 includes the features of Istio 1.11 subject to the list of Anthos Service Mesh supported features.
BigQuery BI Engine
BigQuery BI Engine SQL interface is now generally availabile.
Chronicle
Role-based access control (RBAC)
Role-based access control (RBAC) enables you to tailor access to Chronicle features based on an employee's role in the organization. Assigning a role to a user grants that user the permissions associated with the role, which enables the user to access role-appropriate Chronicle features.
Cloud BigTable
A Cloud Bigtable instance can now have clusters in up to 8 regions. This lets you create an instance with as many clusters as there are zones in your chosen Bigtable regions. Previously, an instance was limited to 4 clusters.
Cloud Composer
Cloud Composer 2 is now generally available (GA).
Private Service Connect support is available in Preview for Cloud Composer 2.
Authorized networks support is available in Preview.
Cloud Database Migration Service
Database Migration Service now supports creating Cloud SQL for MySQL, Cloud SQL for PostgreSQL, and Cloud SQL for SQL Server instances with customer-managed encryption keys (CMEK) enabled. Click here to access the documentation.
Cloud Load Balancing
Internal TCP/UDP Load Balancing now allows you to configure a connection tracking policy for the load balancer's backend service. A connection tracking policy introduces the following new properties to let you customize your load balancer's connection tracking behavior:
To learn about how connection tracking works, see Traffic distribution.
This feature is available in General Availability.
Cloud Monitoring
The Slack notification channel for alerting is now generally available (GA). You can now test your connection from Google Cloud when adding new Slack channels. The notification has been updated with the latest template and now includes your resource, system, and user labels. For more information, see Creating channels.
The Pub/Sub notification channel for alerting is now generally available (GA). You can now test your connection from Google Cloud when adding new Pub/Sub channels. For more information, see Creating channels.
Cloud Run
The ability to configure Cloud Run services to have CPU allocated for the entire lifetime of container instances is now at general availability (GA).
Cloud SQL for MySQL / PostgreSQL / SQL Server
PostgreSQL version 14 is now generally available. To start using PostgreSQL 14, see Create instances.
A new feature enables more flexibility for integrating Cloud SQL for SQL Server with Managed Service for Microsoft Active Directory. You can integrate your SQL Server instance with a managed AD domain located in a different project.
Cloud Storage
Public Access Prevention is now in GA.
orgpolicy.policy.get permission is now included in certain Cloud Storage IAM roles.
Compute Engine
Generally available: When rolling out configuration or application updates to a stateful or stateless managed instance group, use the minimum and most disruptive allowed actions to control disruption to your workload.
Public preview: You can use the gcloud tool or API to configure stateful IP addresses in a managed instance group. Stateful IP addresses are preserved when VM instances in the group are autohealed, updated, and recreated.
Generally available: You can now share reservations of Compute Engine zonal resources between multiple projects. Learn about shared reservations and creating a shared reservation.
You can now save copies of all charts from the Observability tab on Compute Engine's VM instance details page to one of your custom dashboards. To save copies of the charts, click Add Charts to Dashboard. You then select a new or existing custom dashboard as the destination.
Config Connector
Config Connector 1.69.0 is now available
Added support for VPCAccessConnector resource
Added support for ComputePacketMirroring resource
Added support for PrivateCACAPool resource
Added support for IAMWorkloadIdentityPool resource
Added support for IAMWorkloadIdentityPoolProvider resource
Added support for CloudIdentityMembership resource
Rollout support for state-into-spec: absent to ContainerCluster resource (Issue #576)
Add billgProject flag in ConfigConnectorContext to specify a quota project to send along with user_project_override header, used for all requests sent from Config Connector. If set on a resource that supports sending the resource project, this value will supersede the resource project. This field can only be set if requestProjectPolicy takes BILLING_PROJECT value
Fixed the issues in config-connector export that the exported YAML now include zero primitives to match the Google Cloud resource live state
Fixed the issues in ContainerCluster with creating autopilot clusters
Dataproc
An Apache Log4j 2 vulnerability. that impacted Dataproc clusters has been addressed (see Recreate and update a cluster, which provides guidance to Dataproc users). Dataproc Metastore users do not need to take any action; the fix applied by Dataproc Metastore is sufficient to address the issue.
Dataproc has added new images, listed in this release note, to address an Apache Log4j 2 vulnerability Note: these images have been superseded. by the 12/16/21 images (see the December 16, 2021 release note). Also see Create a cluster and Recreate and update a cluster for more information.
New sub-minor versions of Dataproc images:
1.4.76-debian10, 1.4.76-ubuntu18,
1.5.51-centos8, 1.5.51-debian10, 1.5.51-ubuntu18,
2.0.25-centos8, 2.0.25-debian10, 2.0.25-ubuntu18
Datastream
Datastream now supports customer-managed encryption keys (CMEK). Click here to access the documentation.
DialogFlow
Dialogflow CX auto sync for agent collaboration is now GA (generally available).
Dialogflow CX change history is now GA (generally available).
The Dialogflow CX simulator now allows you to specify flow versions when interacting with the simulator.
Dialogflow CX now supports the asia-southeast1 (Jurong West, Singapore) and europe-west3 (Frankfurt, Germany) regions.
Eventarc
Eventarc for Cloud Run for Anthos is now available inPreview.
A dedicated user interface is now available in Preview.
Filestore
The following Filestore features are now generally available (GA):
Kf
Added buildDisableIstioSidecar configuration feature.
Added buildPodResources configuration feature.
Added controllerCACerts configuration feature.
Added buildRetentionCount configuration feature.
Added V3 Google stack as build option.
Added V3 kf-v2-to-v3-shim stack as build option.
Fixed an issue that could prevent SIGTERM from reaching an app.
Fixed an issue that caused extra reconciliation loops and logs.
Improved CLI performance.
Improved subresource API server resilience.
Updated Config Connect to v1.66.0.
Updated Tekton to v0.29.0.
Support for Anthos Service Mesh (ASM) v1.11+, which recommends ingress gateways be outside of the istio-system namespace.
Changed build ImagePullPolicy default from always download to prefer cached.
Improved Workload Identity reliability.
Network Intelligence Center
Security Command Centre
Event Threat Detection, a built-in service of Security Command Center, launched the Persistence: New API Method rule to Preview. This rule detects anomalous API behavior by examining Cloud Audit Logs for requests to Google Cloud services that a principal has not seen before. For more information, see Event Threat Detection rules.
Storage Transfer Service
Integration with AWS Security Token Service is now generally available (GA) for Storage Transfer Service.
Security conscious customers can use Storage Transfer Service to perform transfers from AWS S3 without passing long-term AWS S3 credentials, which have to be rotated or explicitly revoked when they are no longer needed. Refer to the Amazon S3 > Federated Identity tab when setting up access to your data source.
Creating and managing data transfers with the gcloud command-line tool is now available in Preview. You can use gcloud commands to perform agent installation, manage agent pool lifecycles, and orchestrate transfer jobs. This launch simplifies writing scripts to automate transfer workflow.
Traffic Director
Control plane observability is now in Preview. This lets you view logs and metrics for the Traffic Director control plane. For more information, see Control plane observability.
VMware Engine
Added ability to forward syslog messages of a desired severity (like Error or Warning) to Cloud Logging from NSX-T. You can set up alerts and dashboards based on those messages in Google Cloud's operations suite.
For details about this feature, see Configure a private cloud for syslog forwarding.
VPC
When you create a custom mode VPC network, you can select predefined firewall rules which address common use cases for connectivity to instances. This feature is available in General Availability.
Accessing published services using a Private Service Connect endpoint from on-premises hosts that are connected to a VPC network using Cloud VPN is now available in General Availability.
Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access managed services now correctly establishes for all service attachment configurations.
Microsoft Azure Releases And Updates
Source: azure.microsoft.com
If you have processes or tools to detect accidental deletion of files and directories for your Azure Data Lake Storage accounts, you can now also restore the deleted objects using soft delete for blobs capability. During the retention period that you specify, you can now restore a soft-deleted object to its state at the time it was deleted.
Placement policies enable admins to specify constraints or rules when allocating Virtual Machines within an Azure VMware Solution private cloud. With this update, the creation and assignment of vSphere Distributed Resource Scheduler (DRS) rules for running Virtual Machines in an Azure VMware Solution SDDC has been simplified and is now executable directly from the Azure Portal for cloud admin roles.
Automated key rotation in Key Vault allows security officers to improve data security.
General availability enhancements and updates released for Azure SQL for December 2021.
A new, simple, and flexible offer for Azure Stack HCI customers to acquire Windows Server guest licensing now for $0 while in public preview.
Developers can simplify the cross-channel user experiences within their applications with Azure Communication Services UI Library.
You can now enable and use GitOps to manage configuration and applications in AKS clusters.
Improve database performance by running IO tasks concurrently using the Azure Cosmos DB Python SDK async support capability.
New Toolkit certifications are now available on Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure.
Choose Azure Database for PostgreSQL - Single Server, Flexible Server, or Hyperscale (Citus) as an output for your Azure Stream Analytics jobs to store real time analytical data.
Take advantage of several new and improved Kubernetes related capabilities via the Microsoft Defender for Containers offering.
Use Azure diagnostic settings to log information on all client connections to your Azure Cache for Redis instance.
New regional availability of Azure HPC Cache expands access to low-latency compute.
The new release includes Slurm and VMSS improvements as well as seven new bug fixes.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: