55 min read

In Cloud Computing This Week [Feb 3rd 2023]

February 3, 2023




Wow February already, what happened?

Putting the existential crisis at the realisation on one's own mortality aside for a minute, here's a cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday Feb 3rd 2023.

To stay in the loop, make sure you subscribe using the box on the right of this page.

All the lastest Hava news can be found on our Linkedin Newsletter.

Subscribe On Linkedin

Of course we'd love to keep in touch at the other usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.


AWS Updates and Releases

Source: aws.amazon.com


AWS Directory Service for Microsoft Active Directory and AD Connector are now available in the AWS Europe (Spain), Europe (Zurich) and Asia Pacific (Hyderabad) Regions

AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, and AD Connector are now available in the AWS Europe (Spain), Europe (Zurich) and Asia Pacific (Hyderabad) Regions.

Built on actual Microsoft Active Directory (AD), AWS Managed Microsoft AD enables you to migrate AD-aware applications while reducing the work of managing AD infrastructure in the AWS Cloud. You can use your Microsoft AD credentials to connect to AWS applications such as Amazon Relational Database Service (RDS) for SQL Server, RDS for PostgreSQL, and RDS for Oracle databases. You can keep your identities in your existing Microsoft AD or create and manage identities in your AWS managed directory.

AD Connector is a proxy that enables AWS applications to use your existing on-premises AD identities without requiring AD infrastructure in the AWS Cloud. You can also use AD Connector to join Amazon EC2 instances to your on-premises AD domain and manage these instances using your existing group policies.

Amazon Kinesis Data Firehose is now available in Europe (Zurich), Europe (Spain), Asia Pacific (Hyderabad) AWS regions

Starting this week, customers can use Amazon Kinesis Data Firehose in the Europe (Zurich), Europe (Spain), Asia Pacific (Hyderabad) AWS Regions.

Amazon Kinesis Data Firehose makes it easier to reliably load streaming data into data lakes, data stores, and analytics services. You can use it to capture, transform, and deliver streaming data to Amazon S3, Amazon Redshift, Amazon OpenSearch, and third party providers like Splunk and Datadog etc. enabling near real-time analytics.

With Amazon Kinesis Data Firehose, you don't need to write applications or manage resources. You can configure your producers to automatically deliver your data to the destination that you specify. You can also configure Amazon Kinesis Data Firehose to transform your data before delivering it. 

AWS Elemental MediaLive adds Dolby E audio decoding

AWS Elemental MediaLive now supports decoding audio from sources with Dolby E compressed tracks. Dolby E supports delivery of eight discrete audio source channels in a PCM (pulse code modulated) stereo pair. With this feature you can deliver content with different language tracks and/or high channel count spatial audio from a single high-quality source. This is useful for international syndication of sports and events where commentary and immersive audio are present.

For more information on how to enable this feature, visit the MediaLive documentation for Dolby E input audio. Dolby E audio decoding is available via the MediaLive Advanced Audio add-on functionality.

AWS Elemental MediaLive is a broadcast-grade live video processing service. It lets you create high-quality live video streams for delivery to broadcast televisions and internet-connected multiscreen devices, like connected TVs, tablets, smartphones, and set-top boxes.

The MediaLive service functions independently or as part of AWS Media Services, a family of services that form the foundation of cloud-based workflows and offer you the capabilities you need to transport, create, package, monetize, and deliver video. Visit the AWS region table for a full list of AWS Regions where AWS Elemental MediaLive is available.

AWS AppConfig expands encryption capabilities, integrating with AWS Secrets Manager and AWS KMS

This week, AWS AppConfig announced integrations with AWS Secrets Manager and AWS Key Management Service (AWS KMS), providing customers with additional configuration sources and encryption capabilities. In addition to its own AWS AppConfig Hosted Configuration store, AWS AppConfig already integrates with Amazon Simple Storage Service (Amazon S3), AWS CodePipeline, AWS Systems Manager Parameter Store, and AWS Systems Manager Documents as data sources.

Now customers can use Secrets Manager as a single source to safely and securely deploy sensitive data. All sensitive data retrieved from Secrets Manager via AWS AppConfig can be encrypted at deployment time using an AWS KMS Customer Managed Key (CMK). In addition, AWS AppConfig now offers support for CMK encryption for other configuration data.

The integration with AWS KMS enables support for Amazon S3 objects encrypted with a customer managed key or secure strings from AWS Systems Manager Parameter Store encrypted with a customer managed key. 

Using AWS AppConfig to manage runtime configuration, customers can change the way an application behaves without deploying new code. This practice is useful for enabling new features using feature flags, as well as updating sensitive configuration data such as database passwords, API keys, tokens, and more. 

Previously, customers had to separately manage non-sensitive data in AWS AppConfig and sensitive data in Secrets Manager. With these integrations, customers now have a comprehensive method for retrieving all of the configuration data that their application needs.

AWS IoT Core’s Rules Engine now supports batching of device logs while routing logs from IoT devices to Amazon CloudWatch Logs

AWS IoT Core announced General Availability of the capability to send device logs from Internet of Things (IoT) devices to Amazon CloudWatch Logs in batches, enabling you to optimize the cost of using CloudWatch Log Action in IoT Rules.

AWS IoT Core is a fully managed service that you can use to connect billions of IoT devices to AWS cloud without provisioning and managing cloud infrastructure. Rules Engine is a feature of AWS IoT Core through which you can filter, decode, and process IoT device data, and route that data to 20 AWS services (including CloudWatch Logs) and to any number of customer-defined HTTP APIs.

To get started, use the AWS IoT Core console, Command Line Interface (CLI) or SDKs to connect your IoT devices to AWS IoT Core, define IoT Rules to process and filter the device data, and create a CloudWatch Log Action to route the device logs to CloudWatch Logs.

Additionally, you must batch device logs in your IoT device before routing the logs to AWS IoT Core. If your IoT device logs are batched, you can select the batching option in AWS IoT Core console, CLI or SDKs to deliver those batches to CloudWatch Logs.

Batching of CloudWatch Logs Actions is available in all AWS Regions including AWS GovCloud (US) Regions where AWS IoT Core is available. These Regions are US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), Middle East (UAE), South America (Sao Paulo), and AWS GovCloud (US-East) and AWS GovCloud (US-West). For more information

Amazon RDS for PostgreSQL now supports new minor versions 14.6, 13.9, 12.13, 11.18, and 10.23

Amazon Relational Database Service (Amazon RDS) for PostgreSQL now supports PostgreSQL minor versions 14.6, 13.9, 12.13, 11.18, and 10.23. We recommend you upgrade to the latest minor version to fix known security vulnerabilities in prior versions of PostgreSQL, and to benefit from the bug fixes, performance improvements, and new functionality added by the PostgreSQL community. Please refer to the PostgreSQL community announcement for more details about the release.

With this release, RDS for PostgreSQL adds two new extensions: (1) tcn - an extension that provides a trigger function that sends an asynchronous notification for every write on a table, and (2) seg - an extension that provides the "seg" data type used for storing and querying line segments.

This release also includes updates for existing supported PostgreSQL extensions: orafce is updated to 3.24, rdkit is updated to 4.2.0, and wal2json is updated to 2.5. Please see the list of supported extensions in the Amazon RDS User Guide for specific versions.

You are able to leverage automatic minor version upgrades to automatically upgrade your databases to more recent minor versions during scheduled maintenance windows. Learn more about upgrading your database instances, including automatic minor version upgrades, in the Amazon RDS User Guide.

AWS CloudFormation StackSets gives quick access to list of Regions for stack instances of a stack set

This week, AWS CloudFormation StackSets added a new parameter in DescribeStackSet API to improve visibility to the list of Regions where a given stack set is deployed. You can now access the list of Regions directly through your management or delegated administrator AWS account.

AWS Customers use stack sets to provision and manage stacks in multiple AWS accounts and Regions in a single operation. Previously, customers had to manually aggregate the list of Regions where stack instances were deployed, or build custom code for similar functions. With this launch, you use the Regions parameter in DescribeStackSet to return a compiled list of Regions where a given stack set is deployed programmatically.

For example, if your stack set is deployed across 100+ AWS accounts in us-east-1 and eu-west-2, you can use the new parameter and return an array [“us-east-1”, “us-west-2”]. You can use this information to strategize for future deployments such as deploying dependent resources or stacks, and more.

Amazon OpenSearch Service now supports enabling SAML during domain creation

Amazon OpenSearch Service now supports enabling Security Assertion Markup Language (SAML) authentication for OpenSearch Dashboards during domain creation. SAML authentication for OpenSearch Dashboards enables users to integrate directly with identity providers (IDPs) such as Okta, Ping Identity, OneLogin, Auth0, Active Directory Federation Services (ADFS) and Azure Active Directory.

Previously this authentication method could be configured only after domain creation. Now, this feature can be enabled at domain creation using AWS Console/SDK or using AWS CloudFormation templates, giving you the ability to enable programmatically in fewer steps.

With this feature, users can leverage their existing usernames and passwords to log in to OpenSearch Dashboards, and roles from your IDP can be used for controlling privileges, including what operations they can perform and what data they can search and visualize.

SAML authentication for OpenSearch Dashboards is available on any Amazon OpenSearch Service domain with fine-grained access control enabled. To learn more, please see the documentation.

Amazon increases NAT Gateway’s capacity to support concurrent connections to a unique destination

Starting this week, you can configure your NAT Gateway to support up to 440,000 concurrent connections to a unique destination by adding multiple IP addresses to same NAT Gateway.

A NAT Gateway enables instances in a private subnet to connect to services outside the subnet using the IP address associated with the NAT Gateway. Prior to this launch, you could associate one IP address to your NAT Gateway which supports 55,000 concurrent connections to a unique destination.

A unique destination is identified by a unique combination of destination IP address, the destination port, and the protocol (TCP/UDP/ICMP). This feature allows you to associate up to a total of eight IP addresses to further increase this limit by eight times to 440,000 concurrent connections to a single destination.

Use your own training image in a private Docker registry with Amazon SageMaker

Amazon SageMaker Training reduces the time and cost to train and tune machine learning (ML) models at scale without the need to manage infrastructure. In addition to providing built-in libraries and tools, SageMaker works with popular open-source foundation models such as GPT, BERT, and DALL·E and ML frameworks, such as PyTorch and TensorFlow.

AWS are excited to announce that SageMaker Training now supports using images with pre-installed frameworks or algorithms stored in your private Docker registry to build ML models.

Typically, machine learning practitioners working in enterprises want to use a registry for their container image since it is an organization-wide practice to maintain a central location for their images and artifacts. Amazon ECR is a standard example of such a centralized registry used by enterprise teams.

For some teams, there is a need to run training jobs using different third party registries that they have built and maintained outside of AWS. With this new feature, data scientists have the flexibility to train customized machine learning/deep learning (ML/DL) models, using any private Docker registry of their choice.

SageMaker model training can now authenticate with your private Docker registry so that you can have an additional layer of security and the peace of mind that requests to your container images are serviced only for authorized entities. For a step by step instructions, please read our documentation.

AWS App Runner now supports HTTP 1.0 protocol

AWS App Runner now supports incoming requests based on HTTP 1.0 protocol for applications running on App Runner.

App Runner makes it easier for developers to quickly deploy containerized web applications and APIs to the cloud, at scale, and without managing infrastructure. Until now, App Runner services only supported HTTP 1.1 protocol. Now, you can also run web applications and APIs that use HTTP 1.0 protocol on App Runner. With App Runner, you do not need to configure TLS cipher suites or any other parameters. App Runner manages the TLS termination for you.

Amazon Omics Supports PrivateLink & CloudFormation

Amazon Omics now supports AWS PrivateLink and AWS CloudFormation. You can now use AWS PrivateLink to privately access Amazon Omics APIs from your Amazon Virtual Private Cloud (VPC). Creating VPC Endpoints incurs charges.

See the AWS PrivateLink pricing page for more information. With CloudFormation support, you can now use AWS CloudFormation templates to create, update, and delete your Amazon Omics resources. This helps you automate and standardize DevOps processes across your AWS accounts and AWS Regions for Amazon Omics.

Amazon Omics is a fully managed service that helps healthcare and life science organizations and their software partners store, query, and analyze genomic, transcriptomic, and other omics data and then generate insights from that data to improve health and advance scientific discoveries. 

Amazon Inspector is now available in the AWS GovCloud (US) Regions

Amazon Inspector is now available in both AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. You can now continuously monitor your AWS workloads including Amazon Elastic Compute Cloud (EC2) instances, container images in Amazon Elastic Container Registry (ECR), and AWS Lambda functions for software vulnerabilities in these additional regions.

Amazon Inspector is a vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure across your entire AWS Organization. Once activated, Amazon Inspector automatically discovers all of your Amazon Elastic Compute Cloud (EC2) instances, container images in Amazon Elastic Container Registry (ECR), and AWS Lambda functions, at scale, and continuously monitors them for known vulnerabilities, giving you a consolidated view of vulnerabilities across your compute environments.

Amazon Inspector also provides a highly-contextualized vulnerability risk score by correlating vulnerability information with environmental factors such as external network accessibility to help you prioritize the highest risks to address. 

Amazon Connect launches AWS CloudFormation support for instance management APIs

Amazon Connect now supports AWS CloudFormation for instance management, in addition to previously launched CloudFormation support for instance creation and data storage APIs. You can now use AWS CloudFormation templates to manage Amazon Connect instances for associating Lex bots (and Lex v2), Lambda functions, Security keys, and Approved origins —along with the rest of your AWS infrastructure—in a secure, efficient, and repeatable way. 

For more information, see Amazon Connect Resource Type Reference in the AWS CloudFormation User Guide.

AWS CloudFormation support for Amazon Connect instance management is available in all AWS regions where Amazon Connect is offered. To learn more about Amazon Connect, the AWS contact center as a service solution on the cloud, please visit the Amazon Connect website.

AWS Artifact on-demand access to third-party compliance reports is now generally available

The new third-party reports tab on the AWS Artifact Reports page provides on-demand access to security compliance reports of Independent Software Vendors (ISVs) who sell their products through AWS Marketplace.

AWS customers interested in buying third-party software products from AWS Marketplace can download and review the security compliance reports shared by the ISV via AWS Artifact on-demand to accelerate their procurement cycle. ISV compliance reports will only be accessible to those AWS customers who have been granted access to AWS Marketplace Vendor Insights for a specific ISV. To learn more about AWS Marketplace Vendor Insights, please visit here.

Third-party compliance reports are available in all commercial AWS Regions where AWS Artifact is available.

AWS CloudTrail Lake now supports ingestion of activity events from non-AWS sources

AWS CloudTrail Lake now supports ingesting activity events from non-AWS sources, making CloudTrail Lake a single location to immutably store user and API activity events for auditing and security investigations across AWS and hybrid environments. You can consolidate activity events from AWS and non-AWS sources – such as in-house applications and SaaS applications running in the cloud or on-premises – without having to maintain multiple log aggregators and analysis tools.

CloudTrail Lake records all events in a prescribed CloudTrail schema, immutably stores them for up to seven years, and provides an integrated SQL experience to query your activity events. This makes it easier for you to manage and diagnose security, audit, and operational incidents in AWS and hybrid environments.

With this launch, AWS CloudTrail Lake has added 15 new integration partners which are: Cloud Storage Security, Clumio, CrowdStrike, CyberArk, GitHub, Kong Inc, LaunchDarkly, Netskope, Nordcloud, MontyCloud, Okta, One Identity, Shoreline.io, Snyk, and Wiz. You can find and add partner integrations to start receiving activity events from these applications in a few steps using the CloudTrail console, without having to build and maintain custom integrations.

For sources other than the available partner integrations, you can use the new CloudTrail Lake APIs to set up your own integrations and push events to CloudTrail Lake. To get started, see Working with CloudTrail Lake in the CloudTrail User Guide. For partners interested in building an integration, see the CloudTrail Partner Onboarding Guide.

AWS announces Credential Guard support for Windows instances on Amazon EC2

Amazon Web Services(AWS) today announced support for Credential Guard, a Windows Virtualization Based Security (VBS) feature. Credential guard uses VBS isolation to prevent the extraction of Windows login credentials from OS memory.

When Credential Guard is turned on, login credentials cannot be used from another host or after a user has logged out. With the availability of this capability, enterprises running Windows Server, especially those that operate in regulated industries, no longer have to choose between meeting compliance requirements and being able to move to the cloud to innovate faster; they can get both on EC2.

Customers running Windows Server on Amazon EC2 can now turn on Credential Guard. When Windows is run on EC2, Credential Guard uses the Nitro system to protect Windows login credentials by enabling the creation of isolated environments to protect security assets.

Amazon CloudWatch now simplifies metric extraction from structured logs

Amazon CloudWatch now supports metric extraction from structured logs using Embedded Metric Format (EMF) without requiring customers to provide special header declaration while publishing logs.

Structured Log Format within CloudWatch Logs allows customers to emit metrics within their logs which are extracted and published to CloudWatch via EMF. Customers can leverage the extracted metrics for real-time incident detection using visualizations and alarming while also being able to perform deeper analysis on the underlying logs using CloudWatch Logs Insights.

With this week’s launch, AWS customers no longer need to add a special header and CloudWatch will automatically detect and extract metrics from structured logs aligning with the EMF specification. This simplification will enable customers to leverage EMF across more of their deployments and use cases.

AWS Customers can start leveraging EMF by sending EMF logs to CloudWatch natively from their applications, using client libraries or using ADOT collector in all AWS regions where CloudWatch is available. There are no additional charges for using this feature, and you simply pay for usage of CloudWatch logs and metrics. 

Amazon Redshift launches Concurrency Scaling in the China (Beijing, operated by Sinnet), and China (Ningxia, operated by NWCD) Regions

Amazon Redshift Concurrency Scaling is now available in the China (Beijing, operated by Sinnet), and China (Ningxia, operated by NWCD) Regions.

Amazon Redshift Concurrency Scaling elastically scales query processing power to provide consistently fast performance for hundreds of concurrent queries. Concurrency Scaling resources are added to your Redshift cluster transparently in seconds, as concurrency increases, to process queries without wait time.

Amazon Redshift customers with an active earn one hour of free Concurrency Scaling credit for every 24 hours the cluster is running, which is sufficient for the concurrency needs of most customers. Concurrency scaling allows you to specify usage control providing customers with predictability in their month-to-month cost, even during periods of fluctuating analytical demand. Refer to the Amazon Redshift pricing for more details.

To enable Concurrency Scaling, set the Concurrency Scaling Mode to Auto in your AWS Management Console, as described in the Redshift Cluster Management Guide. You can allocate Concurrency Scaling usage to specific user groups and workloads, control the number of Concurrency Scaling clusters that can be used, and monitor Cloudwatch performance and usage metrics.

AWS Systems Manager announces integration of Automation with Change Calendar

This week AWS were excited to announce integration of Systems Manager Automation with Systems Manager Change Calendar. Customers can now reduce the risks associated with changes to their production environment by allowing Automation runbooks to run during an allowed time window.

With this feature, users in your account can only run automations during the time periods allowed by your Change Calendar. For example, you can avoid the risk of application downtime due to system update during high traffic time period, by blocking the time period in Change Calendar and enforcing Automation to check Change Calendar before updating your Amazon EC2 instance types. 

You can start using the feature by enabling the Change Calendar integration in the Automation Preferences page and selecting a calendar. Once enabled, Automation runbooks will run only if Change Calendar allows changes, else the user will get an error message describing the restriction. 

EC2 Hibernate now supports Amazon EC2 C6i, C6id, M6i, M6id, and I3en instances

You can now hibernate Elastic Block Storage-backed Amazon EC2 I3en, M6i, M6id, C6i, and C6id instances. Hibernation provides you with the convenience of pausing your instances and resuming them later from a saved state.

Hibernation is just like closing and opening your laptop lid — your application will start right from where it left off. By using hibernation, you can maintain a fleet of pre-warmed instances that can get to a productive state faster without modifying your existing applications. 

Upon hibernation, your instance’s EBS root volume and any attached EBS data volumes are persisted. The data from memory (RAM) is also saved to your EBS root volume. When your hibernated instance is resumed, the EBS root volume is restored from its prior state, and the RAM content is reloaded along with previous data volumes. 

Hibernation is available for On-Demand Instances and Reserved Instances running on C3, C4, C5, C6i, C6id, I3, I3en, M3, M4, M5, M5a, M5ad, M6i, M6id, R3, R4, R5, R5a, R5ad, and T2 instances running Amazon Linux, Amazon Linux 2, Ubuntu 16.04 and 18.04 LTS, and Windows Server 2012, 2012R2, 2016, and 2019. For Windows, hibernation is supported for instances with up to 16 GB of RAM. For other operating systems, hibernation is supported for instances with less than 150 GB of RAM. These instances can be hibernated in any region where EC2 Hibernate is supported.

Amazon ElastiCache for Redis announces 99.99% availability Service Level Agreement

Amazon Elasticache for Redis now offers an availability Service Level Agreement (SLA) of 99.99% when using a Multi-Availability Zone (Multi-AZ) configuration. Previously, ElastiCache for Redis offered an SLA of 99.9% for Multi-AZ configurations. With this launch, ElastiCache for Redis has updated its Multi-AZ SLA to provide 10x higher levels of availability.

The updated SLA for ElastiCache applies to all regions where ElastiCache is generally available, at no additional cost. To get started, create a new cluster using the AWS Management Console, CLI, or SDKs using Redis version 6.2 or above, or upgrade an existing cluster to the latest available engine service update of Redis version 6.2 or above, and enable Multi-AZ.

Amazon Athena releases data source connector for Google Cloud Storage

Starting this week, you can use Amazon Athena to query data in Google Cloud Storage. With Athena’s data source connectors, you can run SQL queries on data stored in relational, non-relational, object, and custom data sources without the need to move data to S3 or learn a new query dialect. Google Cloud Storage is a managed service designed to store data in buckets, similar to Amazon S3.

You can now use Athena’s connector for Google Cloud Storage to query data stored in Parquet and comma-separated value (CSV) formats. This makes it simple to leverage Google Cloud Storage data for use cases such as interactive analysis and visualization in your preferred business intelligence application.

To get started, use the Athena console to create a secure connection to Google Cloud Storage, register your data with the AWS Glue Data Catalog, and then run your queries.

Amazon OpenSearch Service simplifies remote reindex for VPC domains

Amazon OpenSearch Service adds a new connection mode for cross-cluster connection, simplifying the setup required to remote reindex between a local domain and remote VPC domains. Remote reindex enables you to migrate data from a source domain to a target domain. Remote reindex is also useful when you have to upgrade your clusters across multiple major versions. 

Previously, to use remote reindex, you needed to confirm that the source domain was accessible from the target domain. If the remote domain was VPC enabled, you set up a publicly accessible reverse proxy for the remote domain, even when the domains were located within the same VPC. 

With this release, you can create a new connection between a local domain and a remote VPC domain using the connection mode ‘VPC endpoint’, and then use the provided endpoint in the remote reindex operation. You do not need a proxy, and the traffic between domains remains within the Amazon Networking Backbone--at no extra cost.

The new connection mode is available for local domains running OpenSearch versions 1.3 and above. To learn more about the new connection mode and how to use it for remote reindex please refer to the documentation.

Amazon Polly launches two new US English NTTS voices

Amazon Polly is a service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products. This week, AWS are excited to announce the general availability of Ruth and Stephen, two new US English neural Text-to-speech (NTTS) voices.

Amazon Polly now offers two more voices supporting US English: Ruth is a new neural female voice and Stephen is a new neural male voice. They expand our portfolio for this locale to 6 female voices and 4 male voices. We created Ruth and Stephen as different voice personas, compared to other available US voices, to give our customers a wider range of female and male voice options to choose from.

SageMaker Automatic Model Tuning now adds three new completion criteria for tuning jobs

Amazon SageMaker Automatic Model Tuning now supports three new completion criteria to help you customize your tuning jobs based on your desired trade-off between accuracy, cost, and runtime. 

With SageMaker Automatic Model Tuning, you can help optimize your machine learning (ML) model by searching for the optimal set of hyperparameter configurations for your dataset using various search strategies. Before this launch, you could choose to specify either max training jobs or a target objective metric to complete the tuning jobs.

However, if your tuning job has to be completed before a certain time, it is not trivial to decide how many training jobs to run. You may also not know what target objective metric is reasonable and would rather have the tuning job complete once the objective metric stops improving.

Starting this week, SageMaker Automatic Model Tuning offers three additional completion criteria for your tuning jobs. You can now specify MaxRuntimeInSeconds, which will automatically complete a tuning job after a specified amount of time. To stop a tuning job when the best objective is not improving fast enough, you can now also specify MaxNumberOfTrainingJobsNotImproving.

Additionally, if you are not sure about what settings to use for these completion criteria, you can now specify a CompleteOnConvergence parameter to automatically stop the tuning job when the objective metric is not improving in subsequent trials. All these new completion criteria allow you to strike your desired balance between cost, runtime and accuracy.

In addition, SageMaker Automatic Model Tuning now includes information in the describe API response to assess these completion criteria. This includes total runtime in seconds, number of training jobs not improving the objective so far, and an indicator of whether the tuning job converged. This information is available regardless of your completion criteria settings, which simplifies your decision making process and helps you determine when to stop your tuning jobs.

Amazon MemoryDB for Redis Announces 99.99% Availability Service Level Agreement

Amazon MemoryDB for Redis now offers an availability Service Level Agreement (SLA) of 99.99% when using a Multi-Availability Zone (Multi-AZ) configuration. Previously, MemoryDB offered an SLA of 99.9% for Multi-AZ configurations. With this launch, MemoryDB has updated its Multi-AZ SLA to provide 10x higher levels of availability.

The updated SLA for MemoryDB applies to all regions where MemoryDB is generally available, at no additional cost. All MemoryDB Multi-AZ clusters are eligible for the 99.99% SLA with no action required.

Amazon AppFlow announces 4 new data connectors

Amazon AppFlow announces the release of 4 new connectors that include Braintree, Microsoft Dynamics 365, Oracle HCM and Zoho CRM. Amazon AppFlow is continually expanding its catalog of connectors to popular SaaS applications and these four new data connectors make it easier for customers to access their data for use cases across marketing, eCommerce, customer service, and more. 

Amazon AppFlow is a fully-managed integration service that enables you to securely transfer data between Software-as-a-Service (SaaS) applications like Salesforce, SAP, Google Analytics, Facebook Ads, and ServiceNow, and AWS services like Amazon S3, Amazon Redshift and Amazon SageMaker without writing code. 

AWS Elemental MediaTailor now supports timeline logs for Channel Assembly

AWS Elemental MediaTailor Channel Assembly can now emit logs of a channel timeline to Amazon CloudWatch Logs. Starting today, you can configure a channel to emit an “As Run” timeline log. This will log important play out events such as source content, start times, ad breaks inserted, and more. Using Amazon CloudWatch Insights, you can also configure queries to build reports such as weekly As Run reports.

AWS Elemental MediaTailor logs take advantage of volume-based tiered pricing for vended logs. Please visit the Amazon CloudWatch pricing page to learn more about vended logs pricing available in all public regions. Please visit our documentation to learn more about Amazon CloudWatch.

Using Channel Assembly with MediaTailor, you can create linear channels that are delivered over-the-top (OTT) in a cost-efficient way, even for channels with low viewership. You can create virtual linear streams with a low running cost by using existing multi-bitrate encoded and packaged live or VOD content. You can also monetize Channel Assembly linear streams by inserting ad breaks without having to condition the content with SCTE-35 markers.

AWS Glue is now available in the AWS Middle East (UAE) Region

This week, AWS are launching AWS Glue in the AWS Middle East (UAE) Region, enabling customer to discover, prepare, and integrate their data at any scale.

AWS Glue is a serverless data integration service that makes it easy to discover, prepare, and combine data for analytics, machine learning, and application development. AWS Glue provides both visual and code-based interfaces to make data integration simpler so you can start analyzing your data and putting it to use in minutes instead of months.

Amazon RDS now supports increasing storage size when creating read replicas and restoring databases from snapshots

Amazon Relational Database Service (Amazon RDS) now supports increasing the allocated storage size when creating a read replica, when restoring a database from a snapshot, or when restoring a database instance to a point in time. This capability is supported on Amazon RDS for MariaDB, Amazon RDS for MySQL, Amazon RDS for PostgreSQL and Amazon RDS for Oracle databases.

You can specify the new storage size during creation of a read replica or restoration of a database instance. This is especially useful when your primary instances or snapshots are near their maximum allocated storage capacity. In addition, you can make any further storage modifications right after creation of the new database instance with new storage size.

Storage resize capability for DB instance replica and restore creations is available in all AWS Regions, including the AWS GovCloud (US) Regions. Storage resize is also supported by CreateDBInstanceReadReplica, RestoreDBInstanceFromDBSnapshot and RestoreDBInstanceToPointInTime APIs.

AWS Glue Studio Visual ETL now supports 5 new transforms

AWS Glue Studio now offers 5 new visual transforms: Flatten, Format timestamp, To timestamp, Add identifier, and Add UUID. AWS Glue Studio offers a visual extract-transform-and-load (ETL) interface that helps ETL developers to author, run, and monitor AWS Glue ETL jobs quickly. With this new feature ETL developers can prepare data for analysis faster without having to write any code.

The 5 new transformations solve a variety of data situations: flatten can extract data from nested structures, format timestamp converts raw strings into a timestamp of a specified format, to timestamp can convert an epoch or ISO string into a timestamp, and add identifier or UUID both help provide unique keys when they don’t previously exist. Finally, these new transforms work in both visual and code-based jobs.

Amazon Kendra Expanded Data Formats Support

Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. Starting this week, AWS customers can index documents of additional data types in addition to the five types previously supported.

Critical information across multiple data sources in an enterprise can be present in various data formats. Amazon Kendra customers can now use the Kendra web crawler to index documents with the formats RTF, XML, XSLT, Microsoft Excel, CSV, JSON and Markdown.

This is in addition to the previously supported formats which are, HTML, PDF, MS Word, MS PowerPoint, and Plain Text. Customers can search for information from content of all these data formats using Kendra Intelligent Search.

AWS Snow Family now supports Instance Metadata Service Version 2 for Amazon EC2 instances on Snow

AWS Snow Family now supports Instance Metadata Service Version 2 (IMDSv2) for Amazon EC2 instances on AWS Snowcone and AWS Snowball Edge devices. You can use AWS Snow Family devices to run storage, compute, and data-processing operations in locations with denied, disrupted, intermittent, and limited connectivity.

IMDSv2 is an enhancement to instance metadata access that requires session-oriented requests to add defense-in-depth against unauthorized metadata access. IMDSv2 requires a PUT request to initiate a session to the instance metadata service and retrieve a token.

With IMDSv2 for AWS Snow Family, you can securely configure and manage the running instance, and access the user specified data while launching your Amazon EC2 instance on Snow. You can also use instance metadata to build generic Amazon Machine Images (AMIs) that can be modified by configuration files supplied at launch time.

IMDSv2 provides increased service security through session authentication, offering protection against several vulnerabilities. To get started, configure the instance metadata options while launching the EC2 instance on Snow or while registering your AMI.

AWS Snow Family now supports Ubuntu 20 and 22 operating systems

AWS Snow Family now supports Ubuntu 20.04 Long Term Support (LTS) and Ubuntu 22.04 LTS on AWS Snowcone, AWS Snowball Edge Compute Optimized, and AWS Snowball Edge Storage Optimized devices. Ubuntu operating systems on Snow devices enable customers to deploy their edge compute workloads such as IoT, AI/ML, and Container workloads on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS versions.

To add Ubuntu 20.04 or Ubuntu 22.04 to your device, create an instance using Ubuntu 20.04 LTS or Ubuntu 22.04 LTS from AWS Marketplace and then create an image from the instance. Once the image is created in your account, you will be able to select it when creating your Snow jobs. To create a new Snow Family job, log into the AWS Snow Family console.

Bottlerocket now supports network bonding and VLAN tagging

Bottlerocket, a Linux-based operating system that is purpose built to host container workloads, now supports network bonding and VLAN tagging when used with Amazon Elastic Kubernetes Anywhere (Amazon EKS Anywhere) bare metal deployments. The added functionality allows customers using Bottlerocket on bare metal to avoid a single point of failure in the network stack and improves network performance.

Network bonding is a process of combining two or more network devices to act as one network interface. This process can improve network performance and availability because there is now more than one interface available to communicate. Bonding interfaces together is a common strategy to provide high availability for bare metal servers. VLAN tagging adds the ability to use the same network hardware but logically separates networks based upon VLAN tags.

AWS Outposts rack local gateway now supports VPC prefix lists to simplify routing policy management

AWS Outposts rack local gateway now supports Amazon Virtual Private Cloud (VPC) prefix lists, simplifying management of your routing policies to connect to your on-premises network.

AWS Outposts rack, a part of the AWS Outposts family, is a fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any on-premises data center or co-location space for a truly consistent hybrid experience. Each Outpost provides a local gateway that allows you to connect your Outpost resources with your on-premises networks.

Prefix lists allow you to group one or more CIDR blocks into a single object. You can group CIDRs that you frequently use in a prefix list, and reference this list as a route target in your local gateway route table. Previously, you needed to add individual routes when scaling your network to add a new CIDR block, which could be time-consuming and error-prone.

Now you can update the relevant prefix list by adding or removing CIDR blocks and all routes in the local gateway route table referencing the prefix list are automatically updated. As you scale your network, prefix lists can help simplify management of your local gateway on your Outpost. 

Google Cloud Releases and Updates
Source: cloud.google.com


Anthos Clusters on AWS / Azure

You can now launch clusters with the following Kubernetes versions:

  • 1.23.14-gke.1800
  • 1.24.9-gke.1500
  • 1.25.5-gke.1500
  • Upgraded containerd to version 1.6.12.
  • Upgraded storage drivers.

Anthos Clusters on VMware

Anthos clusters on VMware 1.14.1-gke.39 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.14.1-gke.39 runs on Kubernetes 1.25.5-gke.100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.14, 1.13, and 1.12.

  • In the admin cluster configuration file, gkeadm now prepopulates caCertPath and the service account key paths with absolute paths instead of relative paths.

  • In the vSphere CSI driver, enabled improved-csi-idempotency, and async-query-volume, and disabled trigger-csi-fullsync. This enhances the vSphere CSI driver to ensure volume operations are idempotent.

  • Fixed a known issue where the calico-node Pod is unable to renew the auth token in the calico CNI kubeconfig file.

  • Fixed a known issue where CIDR ranges cannot be used in the IP block file.

Anthos Service Mesh


You can now download 1.15.4-asm.4 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.15.4 subject to the list of supported features.

Apigee Hybrid

On February 1, 2023 we released an updated version of the Apigee hybrid software, v1.9.0.

Starting in version 1.9, Apigee hybrid offers new Kubernetes network policies to secure Cassandra and Redis pods within an Apigee Hybrid cluster. See Configuring Kubernetes network policies.

CSI Backup and Restore

Starting with Apigee hybrid 1.9, you can back up and restore your hybrid data using CSI (Container Storage Interface) snapshots. CSI backup generates disk snapshots and stores them as encrypted data in cloud storage. See Cassandra CSI backup and restore.

Custom ingress access logs

Starting in version 1.9, Apigee hybrid offers custom log formats for the Apigee Ingress gateway. See Customize Ingress access logs.

Target separate ingress gateways to virtual hosts

Starting in version 1.9, Apigee hybrid you can control how separate Apigee Ingress gateways map to specific virtual hosts. See Targeting an Apigee ingress to a virtual host.

Assured Workloads

The Israel Regions and Support compliance regime is now generally available.

Backup and DR

Backup and DR release is now available. This release includes bug fixes and supportability improvements.

Fixed issue where backup/recovery appliance deployment would fail in some limited circumstances

Adds project cleanup guidance where Backup and DR components are deleted or disabled.

Improves metrics reporting for ongoing management console and backup/recovery appliance supportability.


The BigQuery Data Transfer Service can now transfer data from Azure Blob Storage into BigQuery. This feature is now in preview.

Azure workload identity federation is now generally available (GA) for BigQuery Omni connections. You can now create a connection for federated identity using Google Cloud console.

Cloud console updates: When you create datasets, select locations to run specific queries, or create exchanges in Analytics Hub, you now see separate options for multi-region and specific regions. Based on your selection, you see a list with more options.

You can search for BigQuery partners in the BigQuery Partner Center. This feature is in Preview.


The Alerts in Search feature is the newest addition to the UDM Search capability. This new feature allows you to do the following:

  • View and investigate all alerts associated with the search query criteria
  • See which events are associated with one or more alerts
  • See details about alerts in Alert viewer and Alert details
  • Pivot to the new Alert view

This feature is being enabled for global customers in a phased manner and is expected to fully roll out over the next month.

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • 1Password (ONEPASSWORD)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Barracuda Email (BARRACUDA_EMAIL)
  • Carbon Black (CB_EDR)
  • Cisco Switch (CISCO_SWITCH)
  • Google Chrome Browser Cloud Management (CBCM) (N/A)
  • IBM Security Verify (IBM_SECURITY_VERIFY)
  • Imperva (IMPERVA_WAF)
  • Infoblox (INFOBLOX)
  • Infoblox DNS (INFOBLOX_DNS)
  • Linux Auditing System (AuditD) (AUDITD)
  • McAfee Web Gateway (MCAFEE_WEBPROXY)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Nutanix Prism (NUTANIX_PRISM)
  • Office 365 (OFFICE_365)
  • Okera Dynamic Access Platform (OKERA_DAP)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Proofpoint Observeit (OBSERVEIT)
  • Qualys VM (QUALYS_VM)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • Symantec Endpoint Protection (SEP)
  • WatchGuard (WATCHGUARD)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Sysmon (WINDOWS_SYSMON)

For details about changes in each parser, see Supported default parsers.

Geolocation enrichment from an IP address

Chronicle provides geolocation data enrichment (GeoIP data) for external IP addresses to enable more powerful rule detections and greater context for investigations. Chronicle uses location data provided by Google to provide an approximate geographic location for an external IP address.

Cloud CDN

Cloud CDN supports advanced traffic management using flexible pattern matching with Global External HTTP(S) Load Balancer. This capability allows you to use wildcards anywhere in your path matcher and customize origin routing for different types of traffic, request and response behaviors, and caching policies. In addition, you can use results from your pattern matching to rewrite the path that's sent to the origin. This feature is supported in Preview.

Cloud Data Loss Prevention


The SSL_CERTIFICATE infoType detector is available in all regions.

Cloud Functions

GCP added support dates for language runtimes that have reached end of support from their open source communities. Please refer to the Runtimes Support Schedule for future updates to runtime languages

Cloud Load Balancing

The global external HTTP(S) load balancer now supports advanced traffic management using flexible pattern matching. This allows you to use wildcards anywhere in your path matcher. You can use this to customize origin routing for different types of traffic, request and response behaviors, and caching policies. In addition, you can now use results from your pattern matching to rewrite the path that is sent to the origin.

For details, see URL maps overview: Wildcards and pattern matching operators in path templates for route rules.

This capability is available in Preview.

Cloud Logging

To help you manage your costs, the Logs Storage page now displays the billable storage for the current month for each log bucket. For reference, this page also displays each log bucket's ingested bytes for the current and previous months.

Cloud Natural Language API

Natural Language Content Classification v2 model is now Generally Available. This model supports an expanded taxonomy with 1091 content categories and 11 languages. The model is distilled from a Large Language Model with improved performance over the v1 offering.

Cloud Spanner

Table sizes statistics are now generally available. They help you get insights into the size of individual tables in your database. For more information, see Table sizes statistics.

Cloud SQL for MySQL / PostgreSQL / Server

Cloud SQL supports the preview version of the Underprovisioned instance recommender. This service helps you avoid bottlenecks from high CPU and memory usage and minimize the likelihood of out-of-memory events. It gives you recommendations to resize your instances to a machine tier that better suits your workload.

Cloud Storage

The issue for gsutil commands that use the -m global flag, which was documented on January 19, 2023, has been fixed in the most recent versions of the Cloud SDK and gsutil.

Cloud Tasks

Support for resource location organization policies for Cloud Tasks is now at General Availability. To learn more, see the Resource Manager entry for Cloud Tasks.

Compute Engine

Generally available: You can now use an instance template to define the properties of a reservation and the VMs that can consume the reservation in the same place. Learn how to create a reservation by specifying an instance template.



Dataplex business glossary is now available in Preview. Dataplex business glossary lets you manage business related terminologies and definitions across the organization, and use them for describing and discovering data entries.

Dataplex Attribute Store is now available in Preview. Dataplex Attribute Store lets you associate attributes (with behavior specifications, such as resource access and column access) with tables and columns.

Deep Learning Containers

M103 Release

  • Upgraded PyTorch to 1.13.1.
  • Minor bug fixes and improvements.


The Dialogflow CX flow stack limit has been increased to 25.

Document AI Warehouse

Add field to mark raw document file type as TIFF

Document table filter and text search state are synced with the URL to allow users to easily save and share filter settings.


GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Media CDN

The following Media CDN features are now Generally Available:

  • Configuring Media CDN to follow origin redirects
  • Manipulating headers on a per-origin basis

For more information, see Failover and timeouts and Example: Failover with redirect following.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.1.0 is now available for Android and iOS.

This version contains the following changes for both Android and iOS:

  • General stability fixes
  • Errors due to a race condition while calling init() repeatedly are fixed

This version contains the following changes for Android:

  • (BREAKING CHANGE): custom events are no longer prepended with "custom_"
  • Clients now return RecaptchaErrorCode.NETWORK_ERROR instead of RecaptchaErrorCode.INTERNAL_ERROR on network errors

This version contains the following changes for iOS:

  • iOS minimum is now iOS 11
  • getClient no longer crashes when called on a background thread

Security Command Center

Project-level activation of Security Command Center

The Security Command Center project-level activation feature is generally available. The feature lets you enable Security Command Center for individual Google Cloud projects yourself in the Cloud console. Billing for project-level activations of Security Command Center is based on resource consumption in the project and uses a pay-as-you-go billing model.

For more information, see Overview of project-level activation.


Microsoft Azure Releases And Updates
Source: azure.microsoft.com


Public Preview: Azure Native New Relic Service

Enable full stack cloud observability and app performance monitoring with Azure Native New Relic Service in public preview

General Availability: Microsoft Azure Load Testing is now Generally Available


Azure Load Testing is now Generally Available. Get started with Azure Load Testing today.

Public Preview: Azure Digital Twins

Public preview: User-assigned managed identities for routing events for Azure Digital Twins

Generally available: Azure Digital Twins in West US 3, Qatar, Japan, and Korea

Azure Digital Twins is now available in 14 Azure regions worldwide including West US 3, Qatar Central, Japan East, and Korea Central.

Generally available: New storage backend for Durable Functions — Microsoft Netherite & MSSQL

You can now use storage providers other than Azure Storage for Durable Functions.

Generally Available: Azure Functions support for Node.js 18

You can now use the latest version of Node.js with Azure Functions.

Generally Available: Azure Kubernetes Service introduces two pricing tiers: Free and Standard

Identify and use the most appropriate AKS tier for your projects.

Now Available: Azure Databricks is generally available in China North 3

Azure Databricks is now generally available in China North 3. 

Public preview: User-assigned managed identities for routing events for Azure Digital Twins

Azure Digital Twins now supports both system-assigned and user-assigned managed identities for authenticating to supported endpoints for routing digital twin events.

Generally available: Azure Digital Twins in West US 3, Qatar, Japan, and Korea

Azure Digital Twins is now available in 14 Azure regions worldwide including West US 3, Qatar Central, Japan East, and Korea Central.

General availability: Trusted launch for Azure VMs in Azure for US Government regions

Allows you to enable secure boot, vTPM, virtualization-based security, and Microsoft Defender for Cloud integration, providing additional layers of defense against sophisticated threats.

Azure Web PubSub Premium tier reaches General Availability

New plan offers greater resiliency, scalability, and flexibility - helping you add real-time two-way communication to your web and mobile apps.

Azure Red Hat OpenShift on Azure Government is now Generally Available

Azure Red Hat OpenShift is now generally available for Azure Government customers (federal, state, local governments, and their partners).

Generally available: Apply Azure storage access tiers to append blobs and page blobs with blob type conversion


Convert append blobs and page blobs to block blobs so that you can apply access tiers.

Chaos studio - Public preview updates for January 2023 

Public preview enhancements and updates released for Chaos Studio in January 2023.


Have you tried Hava automated diagrams for AWS, Azure, GCP and Kubernetes.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure, GCP accounts or stand alone K8s clusters. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here (includes forever free tier):

Learn More!


Topics: aws azure gcp news
Team Hava

Written by Team Hava

The Hava content team