Hava Blog and Latest News

In Cloud Computing This Week [Feb 10th 2023]

Written by Team Hava | February 10, 2023



How's your February progressing? Let's hope you're kicking butt and taking names.

Here's a cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday Feb 10th 2023.

To stay in the loop, make sure you subscribe using the box on the right of this page.

All the lastest Hava news can be found on our Linkedin Newsletter.

Of course we'd love to keep in touch at the other usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.

AWS Updates and Releases

Source: aws.amazon.com

AWS launches AWS SAM connectors as a resource parameter

Serverless application developers can now use the new Connectors attribute available in AWS Serverless Application Model (AWS SAM) to simplify authoring connectors and help keep SAM templates readable and maintainable over time. Previously, SAM customers could only define SAM connectors as a AWS::Serverless::Connector resource.

While these resources simplified granting the appropriate level of access to the resources in their application’s infrastructure, customers also wanted to define the connections needed by a resource as part of the resource itself.

Now, SAM customers can use SAM Connectors resource attribute on a connector’s source resource to define the destination resource and permissions that should be granted between any resource type supported by SAM connectors, such as S3 buckets or StateMachines.

By defining the permissions needed as part of the source resource, SAM templates are more readable and easier to update over time.

Amazon SNS now supports AWS X-Ray active tracing to visualize, analyze, and debug application performance

Amazon Simple Notification Service (Amazon SNS), a messaging service that provides high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications, now supports active tracing with AWS X-Ray. Customers can now view traces that flow through Amazon SNS topics to destination services, such as Amazon Simple Queue Service, AWS Lambda, and Amazon Kinesis Data Firehose, in addition to traversing the application topology in Amazon CloudWatch ServiceLens. Customers can enable AWS X-Ray active tracing using the Amazon SNS SetTopicAttributes API, Amazon SNS Management Console, or via AWS CloudFormation.

With AWS X-Ray active tracing enabled for Amazon SNS, customers can identify bottlenecks and monitor the health of event-driven applications by looking at segment details for Amazon SNS topics, such as resource metadata, faults, errors, and message delivery latency for each subscriber.

Amazon GameLift expands SDK support to Go and .NET 6

AWS are excited to announce the update to the Amazon GameLift Server SDK to include support for Go and .NET 6 to integrate with your Windows or Linux game servers. Amazon GameLift is a fully managed solution that allows you to manage and scale dedicated game servers for session-based multiplayer games. With this release, Amazon GameLift Server SDK now supports Unity 2020.3, Unreal 4.26, Go language, and custom C++ and C# engines. 

In addition to making it easier for customers to integrate their Go based game servers with the GameLift service, the updated Amazon GameLift Server SDK for C# now includes two variants: one for game servers built on .NET 4 and another for game servers built on .NET 6. Each of these Server SDKs are built to work with GameLift Anywhere and use the latest GameLift Server SDK 5.0 version. 

Announcing enhanced I/O multiplexing for Amazon ElastiCache for Redis

Amazon ElastiCache for Redis 7 now includes enhanced I/O multiplexing, which delivers significant improvements to throughput and latency at scale. Enhanced I/O multiplexing is ideal for throughput-bound workloads with multiple client connections, and its benefits scale with the level of workload concurrency.

As an example, when using r6g.xlarge node and running 5200 concurrent clients, you can achieve up to 72% increased throughput (read and write operations per second) and up to 71% decreased P99 latency, compared with ElastiCache for Redis 6.

For throughput-bound workloads with multiple client connections, network I/O processing can become a limiting factor in the ability to scale. Since March 2019, ElastiCache for Redis optimizes compute utilization by handling network I/O on dedicated threads, allowing the Redis engine to focus on processing commands.

With this launch, each dedicated network I/O thread pipelines commands from multiple clients into the Redis engine, taking advantage of Redis' ability to efficiently process commands in batches.

Enhanced I/O multiplexing is automatically available when using ElastiCache for Redis 7, in all AWS regions, and at no additional cost. No application or service configuration changes are required to use ElastiCache for Redis enhanced I/O multiplexing. 

AWS Config now supports 20 new resource types

AWS Config now supports 20 more resource types for services, including Amazon Elastic Kubernetes Service (Amazon EKS), AWS Glue, AWS IoT Core, AWS IoT TwinMaker, AWS IoT Analytics, AWS IoT SiteWise, Amazon Interactive Video Service (Amazon IVS), Amazon Kinesis Data Analytics, Amazon Relational Database Service (Amazon RDS), and Amazon Simple Storage Service (Amazon S3).

With this launch, AWS customers can now use AWS Config to monitor configuration data for the following newly supported resource types:

1. AWS::EKS::IdentityProviderConfig
2. AWS::EKS::Addon
3. AWS::Glue::MLTransform
4. AWS::IoT::Policy
5. AWS::IoT::MitigationAction
6. AWS::IoTTwinMaker::Workspace
7. AWS::IoTTwinMaker::Entity
8. AWS::IoTAnalytics::Dataset
9. AWS::IoTAnalytics::Pipeline
10. AWS::IoTAnalytics::Channel

11. AWS::IoTSiteWise::Dashboard
12. AWS::IoTSiteWise::Project
13. AWS::IoTSiteWise::Portal
14. AWS::IoTSiteWise::AssetModel
15. AWS::IVS::Channel
16. AWS::IVS::RecordingConfiguration
17. AWS::IVS::PlaybackKeyPair
18. AWS::KinesisAnalyticsV2::Application
19. AWS::RDS::GlobalCluster
20. AWS::S3::MultiRegionAccessPoint

Amazon CloudFront now supports OAC with Elemental MediaStore origins

Amazon CloudFront enhanced its Origin Access Control (OAC) feature by adding support for AWS Elemental MediaStore. This enables customers to secure MediaStore origins with improved security, allowing only authorized CloudFront distributions to access them. Customers can now enable AWS Signature Version 4 (SigV4) on CloudFront requests for MediaStore origins and set when and if CloudFront should sign the requests.

Customers using AWS Elemental MediaStore and CloudFront to deliver media content previously had to configure both services with shared secrets to restrict access to their MediaStore containers. Although this option works, it presents scalability challenges, since the manual configuration and periodic rotation of secrets were required to follow security best practices.

With OAC on MediaStore origins, customers can instruct CloudFront to sign requests using SigV4 and forward them to MediaStore for signature matching, eliminating the need to use and rotate secrets. This ensures that requests are automatically verified before media content is served, making the delivery of media content through Elemental MediaStore and CloudFront simpler and more secure.

CloudFront's Origin Access Control feature for Elemental MediaStore is now available globally, except for AWS China regions. It can be accessed through the CloudFront console, APIs, SDK, or CLI, and there are no additional fees for its use. 

Announcing the general availability of the AWS CRT HTTP Client in the AWS SDK for Java 2.x

The AWS Common Runtime (CRT) HTTP Client is now available in the AWS SDK for 2.x. The AWS CRT HTTP Client is the asynchronous, non-blocking HTTP client built on top of the AWS Common Runtime libraries. It is an alternative to the Netty implementation of the SdkAsyncHttpClient interface that can be used to communicate with AWS services or any HTTP servers.

The AWS CRT HTTP client allows you to send HTTP requests with improved startup time and overall request latency. It also offers enhanced connection management, connection health monitoring, and DNS load balancing that enable automatic failover in the unlikely event of a slow endpoint or server outage.

Amazon EMR on EKS adds support for job execution retries

This week, AWS are introducing a new capability for Amazon EMR on EKS to increase job execution resiliency. Until now, users had to build their own custom job execution retry mechanism outside of Amazon EMR on EKS, to make sure their Spark jobs keep running in case of failure. With this feature, users can now save time and keep their business-critical and long-running streaming workloads running, by having Amazon EMR on EKS automatically re-submit jobs in case of failure.

With job retries, once you define a retry policy by providing the amount of attempts to limit executions to, Amazon EMR on EKS will enforce and monitor this policy during each job execution, giving you visibility via the DescribeJobRun API and AWS CloudWatch events of each retry being performed. 

Job execution retries is now generally available in all AWS regions where Amazon EMR on EKS is, starting with Amazon EMR 6.9 and later releases. 

Amazon EMR Serverless now supports HIPAA, HITRUST, SOC, and PCI DSS workloads

Amazon EMR Serverless is a serverless option in Amazon EMR that allows data engineers to process and analyze large datasets using popular open-source frameworks such as Apache Spark and Apache Hive without having to configure, manage, and scale clusters. 

This week, AWS were excited to announce that Amazon EMR Serverless is now Health Insurance Portability and Accountability Act (HIPAA) eligible, Health Information Trust Alliance (HITRUST) certified, System and Organization Controls (SOC), and Payment Card Industry Data Security Standard (PCI DSS) compliant.

Now you can process sensitive healthcare, life sciences, and payment processing data on Amazon EMR Serverless through features such as encryption, audit logging via AWS CloudTrail, and access management through AWS Identity and Access Management.

For detailed information and best practices on configuring AWS HIPAA Eligible Services to store, process, and transmit protected health information (PHI), visit the AWS services compliance page, AWS compliance resources, and see the whitepaper Architecting for HIPAA Security and Compliance on Amazon Web Services

AWS Control Tower provides updates to access logging and exceptions to more global services for Region Deny

This week AWS Control Tower is launching Landing Zone 3.1. A landing zone is a well-architected, multi-account AWS environment that is a starting point from which you can deploy workloads and applications. AWS Control Tower automates the setup of a new landing zone using AWS best-practices blueprints for identity, federated access, logging, monitoring, and account structure.

Landing Zone 3.1 includes security best practice updates for Amazon Simple Storage Service (Amazon S3) access logging and updates to exceptions in the Region Deny control. 

Landing Zone version 3.1 disables unnecessary access logging on the S3 bucket where access logs are stored while continuing to enable server access logging for S3 buckets. This update aligns with the AWS Security Hub recommendation for Amazon S3 bucket server access logging.

This version also includes updates to Region Deny that allow additional actions for global services such as AWS Support Plans and AWS Artifact. Certain global AWS services and service features are exempt from the region deny control.

The region deny control prevents provisioning resources in unwanted AWS Regions by restricting access to AWS APIs through service control policies (SCPs) built and managed by AWS Control Tower. 

AWS Lambda launches new CloudWatch metrics for asynchronous invocations

AWS Lambda has launched three new metrics AsyncEventsReceived, AsyncEventAge and AsyncEventsDropped, to monitor the performance of asynchronous event processing. Until now, Lambda customers had little visibility into the processing of asynchronous requests and had to rely on Lambda service teams to resolve any processing delays leading to inefficiencies in asynchronous event processing.

With these new metrics customers have better visibility into their asynchronous invocations and can track the events sent to Lambda, monitor delays in event processing and take corrective actions if required.

AsyncEventsReceived is a measure of the total number of events Lambda was able to successfully queue for processing. This metric provides transparency into the number of events sent to the Lambda function for asynchronous invocation. Developers can monitor this metric and alarm on undesirable number of events sent by an event source to diagnose trigger misconfigurations or runaway functions.

AsyncEventAge is a measure of time between Lambda successfully queuing the event and invoking the function. This metric increases, if events are getting retried due to execution failures or throttles. This metric provides transparency into the event processing time of your asynchronous Lambda invocations. Developers can monitor this metric and alarm on different statistics for processing delays.

AsyncEventsDropped is a measure of the total number of events that were dropped without successfully executing the function. If an OnFailure destination or Dead-Letter-Queue (DLQ) is configured, events are sent to it before being dropped. Events could be dropped for multiple reasons such as Maximum Event Age exceeded, Maximum Retry Attempts exhausted or function with reserved concurrency set to 0.

To learn more about these metrics visit Lambda Developer Guide and AWS Compute Blog. Lambda sends metrics to Amazon CloudWatch at no cost to you. However, charges apply for CloudWatch Metric Streams and CloudWatch Alarms. See CloudWatch pricing for information.

Amazon ElastiCache for Redis now supports auto scaling in six new regions

Amazon ElastiCache for Redis now supports auto scaling in the following six regions - Middle East (UAE), Europe (Spain), Europe (Zurich), Asia Pacific (Hyderabad), Asia Pacific (Melbourne) and Asia Pacific (Jakarta). With auto scaling, ElastiCache for Redis automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost.

You can automatically scale your cluster horizontally by adding or removing shards or replica nodes. ElastiCache for Redis uses AWS Application Auto Scaling to manage scaling and Amazon CloudWatch metrics to determine when it is time to scale up or down.

ElastiCache for Redis supports target tracking and scheduled auto scaling policies. With target tracking, you define a target metric and ElastiCache for Redis adjusts resource capacity in response to live changes in resource utilization. The intention is to provide enough capacity to maintain utilization at the target value specified.

For instance, when memory utilization rises, ElastiCache for Redis will add nodes to your cluster to increase memory capacity and reduce utilization back to the target level. This enables your cluster to adjust capacity automatically to maintain high performance.

Conversely, when memory utilization drops below the target amount, ElastiCache for Redis will remove nodes from your cluster to reduce over-provisioning and lower costs. With scheduled scaling, you can set specific days and times for ElastiCache to scale your cluster to accommodate predictable workload capacity changes.

Amazon EC2 R6gd instances now available in AWS Region Europe (London)

Starting this week, Amazon Elastic Compute Cloud (Amazon EC2) R6gd instances are available in AWS Region Europe (London). These instances are powered by AWS Graviton2 processors, and they are built on AWS Nitro System.

The Nitro System is a collection of AWS designed hardware and software innovations that enables the delivery of efficient, flexible, and secure cloud services with isolated multi-tenancy, private networking, and fast local storage. R6gd instances provide local SSD storage and are ideal for memory-intensive workloads such as open-source databases, in-memory caches, and real time big data analytics that need access to high-speed, low latency storage.

Amazon EC2 R6gd instances offer up to 25 Gbps of network bandwidth, up to 19 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS), and up to 3.8 TB of NVMe-based SSD storage.

Amazon GuardDuty now available in AWS Europe (Spain) Region

Amazon GuardDuty is now available in the Europe (Spain) Region. You can now continuously monitor and detect security threats in this additional region to help protect your AWS accounts, workloads, and data.

Customers across many industries and geographies use Amazon GuardDuty, including more than 90% of AWS’s 2,000 largest customers. GuardDuty continuously monitors for malicious or unauthorized behavior to help protect your AWS resources, including your AWS accounts, EC2 workloads, access keys, EKS clusters, and data stored in Amazon S3 and Amazon Aurora.

GuardDuty can identify unusual or unauthorized activity like crypto-currency mining, access to data stored in S3 from unusual locations, or unauthorized access to Amazon Elastic Kubernetes Service (EKS) clusters. GuardDuty Malware Protection adds file scanning for workloads utilizing Amazon Elastic Block Store (EBS) volumes to detect the presence of malware.

GuardDuty continually evolves its techniques to identify indicators of compromise, such as updating machine learning (ML) models, adding new anomaly detections, and growing integrated threat intelligence to identify and prioritize potential threats.

AWS CloudFormation announces spotlight for latest news on CloudFormation features, blogs, and workshops

This week, AWS CloudFormation added a Spotlight tab on the AWS Management Console for CloudFormation to give quick access to curated articles on CloudFormation. You can now find AWS CloudFormation articles from multiple official AWS channels at a single location. You can use this feature to discover the editor’s choice articles from the AWS team on CloudFormation. With this launch, you can find the latest information on CloudFormation features, blogs, and workshops.

You can filter these articles using tags such as Getting Started, Podcast and more. You can sort these articles by newest to oldest. You can click on the editor’s choice button to discover AWS-recommended articles on CloudFormation. You can bookmark articles for future reference.

AWS announces new AWS Direct Connect location in Kolkata, India

This week, AWS announced the opening of a new AWS Direct Connect location in Kolkata, India. By connecting your network to AWS at the new Kolkata location, you gain private, direct access to all public AWS Regions (except those in China), AWS GovCloud Regions, and AWS Local Zones.

The Direct Connect service enables you to establish a private, physical network connection between AWS and your data center, office, or colocation environment. These private connections can provide a more consistent network experience than those made over the public internet. The new Direct Connect location in Kolkata is the seventh in India and offers dedicated 1 Gbps and 10 Gbps connections, with MACsec encryption available for 10 Gbps.

Using this new Direct Connect location to reach resources running in the Kolkata AWS Local Zone is an ideal solution for applications that require single-digit millisecond latency or local data processing.

AWS Service Management Connector for Jira Service Management customer portal

Starting this week, AWS customers can search, provision, terminate, update and use self-service actions on products from AWS Service Catalog through Atlassian’s Jira Service Management Cloud customer portal via AWS Service Management Connector. This feature enables Jira Service Management end users who are registered users of the Atlassian site but are not Jira agents to provision resources using the AWS Service Catalog integration.

With this connector, administrators can use existing AWS Service Catalog configurations, including curated products, portfolios, constraints, and tagging, and expose them to Jira Service Management Cloud administrators and users. Jira Service Management customers can browse and request provisioning of AWS Service Catalog products in their familiar IT Service Management (ITSM) tooling.

In addition to the AWS Service Catalog integration, the connector also provides existing integrations with AWS Systems Manager Incident Manager and AWS Security Hub. These AWS CloudOps integrations help simplify cloud provisioning, operations and resource management as well as streamline Service Management governance and oversight over AWS services.

The AWS Service Management Connector are available as plugins/apps to install at no-cost from the Atlassian Marketplace. Customers may incur cost for the AWS services used as well as the licensing for the ITSM tools.

AWS DataSync is now available in 3 additional AWS Regions

AWS DataSync is now available in the Europe (Spain), Europe (Zurich), and Asia Pacific (Hyderabad) AWS Regions. You can now use DataSync to copy data between on-premises, edge, or other cloud storage and AWS Storage services, as well as between AWS Storage services, within each of these new AWS Regions.

AWS DataSync simplifies, automates, and accelerates online data transfers. It uses a purpose-built network protocol and scale-out architecture to accelerate data movement and provides encryption of data in-transit and at-rest, along with end-to-end data integrity verification.

You can use DataSync to migrate active datasets to AWS, archive data to AWS to free up on-premises storage capacity, replicate data to AWS for business continuity, or transfer data to the cloud for analysis and processing. DataSync provides control and monitoring capabilities such as data transfer scheduling and include and exclude filters, and gives you granular visibility into the transfer process through Amazon CloudWatch metrics, logs, and events.

Amazon Kendra now available in Asia-Pacific (Tokyo) AWS region

Starting today, AWS customers can use Amazon Kendra to build intelligent search applications in the Asia Pacific (Tokyo) AWS Region.

Amazon Kendra is a highly accurate intelligent search service powered by machine learning. Kendra reimagines enterprise search for your websites and applications so your employees and customers can easily find the content they are looking for, even when it’s scattered across multiple locations and content repositories within your organization.

Amazon RDS for MySQL supports new minor versions 5.7.41 and 8.0.32

Amazon Relational Database Service (Amazon RDS) for MySQL now supports MySQL minor versions 5.7.41 and 8.0.32. AWS recommend that you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of MySQL, and to benefit from the numerous fixes, performance improvements, and new functionality added by the MySQL community.

You can leverage automatic minor version upgrades to automatically upgrade your databases to more recent minor versions during scheduled maintenance windows. Learn more about upgrading your database instances, including automatic minor version upgrades, in the Amazon RDS User Guide.

Amazon RDS for MySQL makes it straightforward to set up, operate, and scale MySQL deployments in the cloud. Learn more about pricing details and regional availability at Amazon RDS for MySQL. Create or update a fully managed Amazon RDS for MySQL database in the Amazon RDS Management Console.

AWS SimSpace Weaver now supports CloudFormation

With today’s announcement, you can now use CloudFormation templates to setup, run, and clean-up AWS SimSpace Weaver simulations. AWS SimSpace Weaver is a fully managed compute service that helps customers deploy large spatial simulations in the cloud. 

Launched at AWS re:Invent 2022, AWS SimSpace Weaver allows customers to create seamless virtual worlds with millions of objects that can interact with one another in real time without worrying about managing the back-end infrastructure. AWS CloudFormation is a service that enables you to model, provision, and manage AWS and third-party resources by treating infrastructure as code.

You can create CloudFormation templates to provision new simulations, or to quickly launch a series of simulations with different settings and schemas. You can use a template to build an entire architecture that combines your SimSpace Weaver resources with other AWS services. CloudFormation makes it simple to clean-up your cloud resources when you no longer need them.

AWS SimSpace Weaver support for AWS CloudFormation is generally available in US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Europe (Frankfurt), Europe (Ireland), and Europe (Stockholm).

To learn more and get started, see the following resources:

Amazon EC2 C7g metal instances are now available

Starting this week, Graviton3-based Amazon Elastic Compute Cloud (Amazon EC2) C7g instances are available in bare metal size. C7g instances deliver up to 25% better compute performance, up to 2x higher floating-point performance, up to 2x faster cryptographic performance, and up to 3x faster CPU-based machine learning (ML) performance compared to AWS Graviton2 processors, including support for bfloat16.

C7g instances feature the latest DDR5 memory, which provides 50% more memory bandwidth compared to DDR4. They are built on the AWS Nitro System, a collection of AWS designed hardware and software innovations that enables the delivery of efficient, flexible, and secure cloud services with isolated multi-tenancy, private networking, and fast local storage. C7g instances are built for workloads including batch processing, ad serving, video encoding, gaming, scientific modelling, data analytics, and CPU-based artificial intelligence and machine learning (AI/ML) inference.

Bare metal instances allow EC2 customers to run applications that benefit from deep performance analysis tools, specialized workloads that require direct access to bare metal infrastructure, legacy workloads not supported in virtual environments, and licensing-restricted business critical applications.

Workloads on bare metal instances continue to take advantage of all the comprehensive services and features of the AWS Cloud, such as Elastic Load Balancer (ELB), and Amazon Virtual Private Cloud (VPC). C7g metal size comes with 64 vCPUs and 128 GiB of memory. They offer up to 30 Gbps enhanced networking bandwidth and up to 20 Gbps of bandwidth to the Amazon Elastic Block Store (EBS).

Amazon RDS for PostgreSQL now supports seg extension

Amazon Relational Database Service (Amazon RDS) for PostgreSQL now supports the seg extension which provides the "seg" data type for representing line segments or floating point intervals.

PostgreSQL extensions are libraries that supply extra functions, operators, or data types to the core database engine. The seg extension provides a data type with operators that allow for storing and querying of line segments or intervals with arbitrary variable precision. This is useful for applications needing to represent laboratory measurements. Please see the list of supported extensions in the Amazon RDS User Guide for specific versions.

Amazon RDS for PostgreSQL makes it simple to set up, operate, and scale PostgreSQL deployments in the cloud.

AWS Systems Manager Change Calendar now provides a more comprehensive calendar view of operational events

Change Calendar, a capability of AWS Systems Manager, now helps customers view their operational events, such as maintenance windows, state manager associations, and planned automation executions alongside their business-critical events. Using Change Calendar, you can schedule calendar events to control the changes made to your AWS resources during events, such as public marketing promotions and when you expect high demand on your resources.

To help you get a comprehensive view of operational changes, Change Calendar integrates with other Systems Manager capabilities, such as Automation, Maintenance Windows, State Manager, and Change Manager, and pre-populates your Change Calendar with the operational events view. This new feature automatically displays operational events alongside your business-critical events to help customers become aware of restricted periods while scheduling new tasks.

To get started, choose Change Calendar in the Systems Manager console on the left navigation menu. Your existing or new change calendars will be pre-populated with the previously mentioned operational events by default.

AWS Firewall Manager is now available in the Asia Pacific (Jakarta) and Middle East (UAE) Regions

AWS Firewall Manager is now available in the Asia Pacific (Jakarta) and Middle East (UAE) regions, bringing AWS Firewall Manager to a total of 25 AWS commercial regions, 2 GovCloud regions, and all Amazon CloudFront edge locations.

Firewall Manager is a security management service that enables customers to centrally configure and manage firewall rules across their accounts and resources. Using Firewall Manager, customers can manage AWS WAF rules, AWS Shield Advanced protections, and VPC security groups across their entire AWS Organizations. Firewall Manager ensures that all firewall rules are consistently enforced, even as new accounts and resources are created.

Amazon Fraud Detector introduces Cold Start model training for customers with limited historical data

This week, Amazon Fraud Detector (AFD) announced the launch of the Cold Start feature. Now customers can start training a sign-up or a transaction frauds detection model with minimal historical-data. Up to now, AFD customers were required to provide 10K+ labeled events with at least 400 examples of fraud to train a model.

With the release of Cold Start only 50 labeled fraud events and 50 unlabeled events are necessary. The new feature introduces intelligent methods for treating your unlabeled data and optimizes model training with small datasets.

The most significant obstacle for any organization looking to leverage machine learning in its business is the requirement to have rich, consistently formatted historical data. Lack of significant historical data may be regarded as a data ‘cold-start’ scenario for training a ML model.

Now with AFD, customers can get started quickly with a quality fraud detection model when there is only limited model training data available. Customers can then start iterating on fraud tagging and continuously re-training their model with growing datasets to increase model performance.

Amazon Fraud Detector (AFD) is a fully managed service that makes it easy to identify potentially fraudulent online activities, such as the creation of fake accounts or online payment fraud. Using ML under the hood and based on over 20+ years of fraud detection expertise from AFD automatically identifies potentially fraudulent activity in milliseconds.

AWS Systems Manager Change Manager now supports a more flexible way of approving change requests

Change Manager, a capability of AWS Systems Manager, helps customers request, approve, implement, and report on operational changes to their application configuration and infrastructure on AWS and on premises. With this launch, customers can now set a required number of approvers for a change request before adding all eligible approvers.

This provides requesters with additional flexibility to add multiple approvers for the request and get the change approved as soon as the required number is achieved. For example, customers can require three approvals for a level but specify up to five approvers. Approvals from any three of those approvers are sufficient to approve the level.

To get started, choose Change Manager from the AWS Systems Manager console in the left navigation menu to create a change template. While adding approvers at a change template or change request level, customers can add the required number of approvers and proceed to add all eligible approvers. After the required number of approvers is reached, the change is completed.

Amazon EC2 High Memory instances are now available in South America (Sao Paulo) region

Starting this week, Amazon EC2 High Memory instances with 12TiB (u-12tb1.112xlarge) of memory are now available in South America (Sao Paulo) region. Customers can start using these new High Memory instances with On Demand and Savings Plan purchase options.

Amazon EC2 High Memory instances are certified by SAP for running Business Suite on HANA, SAP S/4HANA, Data Mart Solutions on HANA, Business Warehouse on HANA, and SAP BW/4HANA in production environments. For details, see the Certified and Supported SAP HANA Hardware Directory.

For information on how to get started with your SAP HANA migration to EC2 High Memory instances, view the Migrating SAP HANA on AWS to an EC2 High Memory Instance documentation. To hear from Steven Jones, GM for SAP on AWS on what this launch means for our SAP customers, you can read his launch blog.

Amazon EKS is now available in Europe (Zurich), Europe (Spain), and Asia Pacific (Hyderabad) AWS Regions

Amazon Elastic Kubernetes Service (EKS) customers can now create and manage clusters in Europe (Zurich), Europe (Spain), and Asia Pacific (Hyderabad) AWS regions.

Amazon EKS is a managed Kubernetes service that makes it easier for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or worker nodes. Amazon EKS is certified Kubernetes conformant, so existing applications running on upstream Kubernetes are compatible with Amazon EKS. You can also migrate standard Kubernetes application to EKS without needing to refactor your code.

AWS Glue Crawlers now support MongoDB Atlas

AWS Glue Crawlers support MongoDB to extract the data schema and automatically populate the AWS Glue Data Catalog, which keeps the metadata current. This week AWS are expanding the support to include MongoDB Atlas. This feature makes it much simpler to bring the managed MongoDB Atlas metadata into the AWS Glue Data Catalog, so that data engineers can integrate MongoDB Atlas data with S3 based data lakes and extract meaningful insights. 

With today’s launch, you can create and schedule a Glue Crawler to crawl MongoDB Atlas. In the Glue Crawler console, you can select MongoDB as a datasource. You can then create a Glue connection with the connection type “DocumentDB/MongoDB” and provide the MongoDB Atlas cluster information and credentials.

Once the configuration is created, you can specify the MongoDB Atlas database and collections to crawl. With each run of the crawler, the crawler inspects specified collections and catalogs information. This includes updates or deletes to MongoDB Atlas collections, views, and materialized views in the AWS Glue Data Catalog. With AWS Glue, you can now use AWS Glue Data Catalog as a source to pull data from MongoDB Atlas and populate an Amazon S3 target.

AWS Elemental MediaTailor now supports fast schedule updates in Channel Assembly

You can now make changes to an AWS Elemental MediaTailor Channel closer to the live edge. When a channel is running and content is playing, it is often necessary to amend the schedule quickly in reaction to unplanned or non-determined events.

For example, cutting from a live source to a VOD source after a live event has concluded or adjusting what source plays for an upcoming program a few minutes before it begins. From today, you can make certain program updates in a channel’s schedule to take effect 60 seconds or more in the future. 

Using Channel Assembly with MediaTailor, you can create linear channels that are delivered over-the-top (OTT) in a cost-efficient way, even for channels with low viewership. You can create virtual linear streams with a low running cost by using existing multi-bitrate encoded and packaged live or VOD content. You can also monetize Channel Assembly linear streams by inserting ad breaks without having to condition the content with SCTE-35 markers.

Amazon CloudWatch now supports high resolution metric extraction from structured logs

Amazon CloudWatch now supports high resolution metric extraction with up to 1 second granularity from structured logs using Embedded Metric Format (EMF). Customers can now provide an optional “StorageResolution” parameter within EMF specification logs with a value of 1 or 60 (default) to indicate the desired resolution (in seconds) of the metric. 

Structured Log Format within CloudWatch Logs allows customers to emit metrics within their logs which are extracted and published to CloudWatch via EMF. Customers can leverage the extracted metrics for real-time incident detection using visualizations and alarming while also being able to perform deeper analysis on the underlying logs using CloudWatch Logs Insights.

This week’s launch further simplifies the metric instrumentation for customers as they can now publish both standard resolution (60 seconds) and high resolution (1 second) metrics via EMF, enabling granular visibility into their applications’ health and performance.

AWS Customers can start leveraging EMF by sending EMF logs to CloudWatch natively from their applications, using client libraries and/or using CloudWatch Agent in all AWS regions where CloudWatch is available. There are no additional charges for using this feature, and you simply pay for usage of CloudWatch logs and metrics.


Google Cloud Releases and Updates
Source: cloud.google.com


Artifact Registry

Container Analysis automatic scanning for Java and Go vulnerabilities in container images is now generally available. If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry for Java and Go vulnerabilities, in addition to operating system vulnerabilities.

Container Analysis returns Java and Go vulnerability results for images that have a supported or unsupported operating system. When you push new versions of images to the registry, you might see more successful vulnerability scans and corresponding charges against images without a supported operating system.

For more information, see the Types of scanning in the Container Analysis documentation

Anthos Clusters on bare metal


Anthos clusters on bare metal 1.12.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.7 runs on Kubernetes 1.23..

Apigee Integration


JavaScript task (Preview)

The JavaScript task lets you write custom JavaScript code snippets for your integration.

Using the JavaScript Editor, you can code complex data mapping logic for your integration, perform variable assignments, and add or modify integration variables.

For more information, see JavaScript task.

Delete integration

You can now delete an entire integration without the need to individually delete all the respective integration versions.

When you delete an integration, you permanently delete all the versions of that integration, including all the integration variables, configured triggers, tasks, and data mappings.

For more information, see Delete integrations.

Apigee X

The VerifyAPIKey policy and the VerifyAccessToken action of the OAuth2 policy now support CacheExpiryInSeconds. Setting this variable enforces TTL on the cache and enables customization of the time period for cached token expiry


Application Integration

JavaScript task

The JavaScript task lets you write custom JavaScript code snippets for your integration.

Using the JavaScript Editor, you can code complex data mapping logic for your integration, perform variable assignments, and add or modify integration variables.

For more information, see JavaScript task.

Delete integration

You can now delete an entire integration without the need to individually delete all the respective integration versions.

When you delete an integration, you permanently delete all the versions of that integration, including all the integration variables, configured triggers, tasks, and data mappings.

For more information, see Delete integrations.

New Overview page

A new Overview page is now introduced in Application Integration. It's the first place you land when opening Application Integration in your Google Cloud console, and helps you understand and get started with setting up Application Integration in your Google Cloud project.


You can now apply four new types of dynamic data masking to table columns in BigQuery. These new data masking types include date year, email, first four characters, and last four characters masks. This feature is generally available (GA).

Autoscaling slot reservations are now available in preview. You can create autoscaling reservations and associated commitments using slots autoscaling.

Cloud console updates: In the Explorer pane, you can now refresh the contents of a resource (project or dataset). To refresh the contents of a resource, click more_vert View actions, and then click Refresh contents.

You can now view information related to query processing to monitor and optimize queries with the query_info column in INFORMATION_SCHEMA.JOBS, JOBS_BY_FOLDER and JOBS_BY_ORGANIZATION views. This feature is generally available (GA).



Chronicle has released additional ingestion scripts, written in Python, that can be deployed as Cloud Functions. These scripts ingest data from the following log sources, listed by name and ingestion label:

  • Aruba Central (ARUBA_CENTRAL)
  • Azure Event Hub (configurable log type)
  • Cloud Storage (configurable log type)
  • Proofpoint (configurable log type)
  • Tenable.io (TENABLE_IO)
  • Trend Micro Cloud App Security (configurable log type)
  • Trend Micro Vision One audit logs (TREND_MICRO_VISION_AUDIT)

The scripts can be used as-is or as templates to customize and ingest logs from another product. They are located in the Chronicle GitHub repository. See Use ingestion scripts deployed as Cloud Functions for instructions about how to configure and deploy the scripts in your environment.

Cloud Build

You can now create and manage repository connections using Terraform when using Cloud Build repositories (2nd gen). Cloud Build repositories (2nd gen) is available for GitHub and GitHub Enterprise repositories at the preview release stage. To learn more, see the Repositories overview page.

Cloud Deploy

The ability to deploy to Cloud Run is now generally available.

Cloud Data Loss Prevention 

To better understand the size and shape of your BigQuery data that's in scope for data profiling, you can run an estimation. Each estimate provides the approximate table count, data size, and profiling cost. For more information on running an estimation, see the following:

For more information on data profiling, see Data profiles for BigQuery data.

Cloud Interconnect

Dataplane v2 for Cloud Interconnect is fully available for customers using Dedicated Interconnect or Partner Interconnect in the following regions:

  • us-west3 (Salt Lake City)
  • europe-west1 (Belgium)

All new VLAN attachments that you create in these regions are automatically provisioned on Dataplane v2. Existing VLAN attachments for these regions can be migrated to Dataplane v2. You can migrate existing attachments yourself by re-creating the attachments, or you can request and schedule an assisted migration. Contact Google Cloud Support for assistance.

For the list of all regions that are Dataplane v2-enabled, see the Locations table (Dedicated Interconnect) or Supported service providers (Partner Interconnect).

Cloud Monitoring

The Observability tab is now available for GKE Deployments. To view the tab, navigate to the Kubernetes Engine Workloads page, click on the name of a Deployment, and then click the Observability tab.

Cloud Spanner

The Google Cloud console for Spanner now displays the status and progress of copy backup long-running operations that you have initiated in the console. The operation is visible for 7 days.

Cloud Spanner now autocompletes and validates the syntax of your DDL statements when you use the Google Cloud console to write DDL statements for your PostgreSQL-dialect databases.

Cloud Spanner now supports regional endpoints. You can use regional endpoints if your data location must be restricted and controlled to comply with regulatory requirements.

Cloud SQL for MySQL / PostgreSQL / Server

The Cloud SQL Auth proxy is a utility for ensuring secure connections to your Cloud SQL instances. The v2 release offers improvements in performance, stability, and telemetry. Among the new features, there's support for:

GCP recommend all customers upgrade to v2 and have released a migration guide. For more information, see Cloud SQL Auth proxy.

Cloud Workstations

Cloud Workstations now supports Customer-Managed Encryption Keys (CMEK), which provides user encryption control over Cloud Workstation Persistent Disks.

Compute Engine

Preview: You can modify the description, schedule frequency, or labels for a snapshot schedule instead of creating a new snapshot schedule. For more information, see Change a snapshot schedule


Dialogflow CX now provides flow import options for resolving resource conflicts.



You can filter and search for instructions to create an Eventarc trigger based on the event provider, event destination, and event type.


For clusters running on GKE version 1.21—which reaches end of life on January 31, 2023—you can apply a one-time maintenance exclusion to prevent the cluster from being upgraded until April 30, 2023. For more information, see the note at When does GKE resume automatic upgrades?

Google Cloud Marketplace Partners

As part of a limited Preview program, you can turn on automatic offer approval for software as a service (SaaS) products. This enables you to schedule specific start dates for new private offers, or amendments to existing private offers.

Retail API

Retail Search catalog support for Korean, Polish, and Turkish is now generally available (GA). For a list of all languages supported by the Retail Search catalog, see the FAQ.

Security Command Center

Event Threat Detection, a built-in service of Security Command Center, launched the Persistence: New API Method rule to General Availability. This rule detects anomalous usage of Google Cloud services by IAM service accounts. For more information, see Event Threat Detection rules.


GCP are removing SpeechContext.strength field within the next 4 weeks, because it has been deprecated and unused for more than a year. The documentation doesn't have references to this field anymore, and the clients aren't supposed to use it.


Text-to-Speech now offers Studio voices. This voice type is designed specifically for use with long-form texts such as narration and news reading. See the supported voices page for a complete list of voices and audio samples.

  1. cloud-en-US-Studio-M
  2. cloud-en-US-Studio-O

Vertex AI Workbench

M104 Release

The M104 release of Vertex AI Workbench managed notebooks includes the following:

  • Added a fix for a security vulnerability in single-user managed notebooks instances.
  • Made enhancements to the network selection user experience in the managed notebooks executor.
  • Minor bug fixes and improvements.

Workload Manager

Preview: While creating a new evaluation, you can now choose how frequently you want to run the evaluation.

Microsoft Azure Releases And Updates
Source: azure.microsoft.com

Now available: "Find my partner" for Azure Data Explorer

Find partners for Azure Data Explorer. Our new partner program aims to connect customers and partners with ease.

Generally Available: Serverless Real-Time Inference in Azure Databricks

Serverless Real-Time Inference in Azure Databricks for model serving is now generally available.

In development: New planned datacenter region in Saudi Arabia (Saudi Arabia Central)

The new datacenter region will also include Availability Zones, providing customers with high availability and additional tolerance to datacenter failures. 



Have you tried Hava automated diagrams for AWS, Azure, GCP and Kubernetes.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.

Not knowing exactly what is in your cloud accounts, or those of your client's can be a worry. What exactly is running in there and what is it costing? What obsolete resources are you still being charged for? What legacy dev/test environments can be switched off? What open ports are inviting in hackers? You can answer all these questions with Hava.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure, GCP accounts or stand alone K8s clusters. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here (No credit card required and includes a forever free tier):