In Cloud Computing This Week [Feb 3rd 2023]

AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, and AD Connector are now available in the AWS Europe (Spain), Europe (Zurich) and Asia Pacific (Hyderabad) Regions.

Built on actual Microsoft Active Directory (AD), AWS Managed Microsoft AD enables you to migrate AD-aware applications while reducing the work of managing AD infrastructure in the AWS Cloud. You can use your Microsoft AD credentials to connect to AWS applications such as Amazon Relational Database Service (RDS) for SQL Server, RDS for PostgreSQL, and RDS for Oracle databases. You can keep your identities in your existing Microsoft AD or create and manage identities in your AWS managed directory.

AD Connector is a proxy that enables AWS applications to use your existing on-premises AD identities without requiring AD infrastructure in the AWS Cloud. You can also use AD Connector to join Amazon EC2 instances to your on-premises AD domain and manage these instances using your existing group policies.

Starting this week, customers can use Amazon Kinesis Data Firehose in the Europe (Zurich), Europe (Spain), Asia Pacific (Hyderabad) AWS Regions.

Amazon Kinesis Data Firehose makes it easier to reliably load streaming data into data lakes, data stores, and analytics services. You can use it to capture, transform, and deliver streaming data to Amazon S3, Amazon Redshift, Amazon OpenSearch, and third party providers like Splunk and Datadog etc. enabling near real-time analytics.

With Amazon Kinesis Data Firehose, you don't need to write applications or manage resources. You can configure your producers to automatically deliver your data to the destination that you specify. You can also configure Amazon Kinesis Data Firehose to transform your data before delivering it. 

AWS Elemental MediaLive now supports decoding audio from sources with Dolby E compressed tracks. Dolby E supports delivery of eight discrete audio source channels in a PCM (pulse code modulated) stereo pair. With this feature you can deliver content with different language tracks and/or high channel count spatial audio from a single high-quality source. This is useful for international syndication of sports and events where commentary and immersive audio are present.

For more information on how to enable this feature, visit the MediaLive documentation for Dolby E input audio. Dolby E audio decoding is available via the MediaLive Advanced Audio add-on functionality.

AWS Elemental MediaLive is a broadcast-grade live video processing service. It lets you create high-quality live video streams for delivery to broadcast televisions and internet-connected multiscreen devices, like connected TVs, tablets, smartphones, and set-top boxes.

The MediaLive service functions independently or as part of AWS Media Services, a family of services that form the foundation of cloud-based workflows and offer you the capabilities you need to transport, create, package, monetize, and deliver video. Visit the AWS region table for a full list of AWS Regions where AWS Elemental MediaLive is available.

This week, AWS AppConfig announced integrations with AWS Secrets Manager and AWS Key Management Service (AWS KMS), providing customers with additional configuration sources and encryption capabilities. In addition to its own AWS AppConfig Hosted Configuration store, AWS AppConfig already integrates with Amazon Simple Storage Service (Amazon S3), AWS CodePipeline, AWS Systems Manager Parameter Store, and AWS Systems Manager Documents as data sources.

Now customers can use Secrets Manager as a single source to safely and securely deploy sensitive data. All sensitive data retrieved from Secrets Manager via AWS AppConfig can be encrypted at deployment time using an AWS KMS Customer Managed Key (CMK). In addition, AWS AppConfig now offers support for CMK encryption for other configuration data.

The integration with AWS KMS enables support for Amazon S3 objects encrypted with a customer managed key or secure strings from AWS Systems Manager Parameter Store encrypted with a customer managed key. 

Using AWS AppConfig to manage runtime configuration, customers can change the way an application behaves without deploying new code. This practice is useful for enabling new features using feature flags, as well as updating sensitive configuration data such as database passwords, API keys, tokens, and more. 

Previously, customers had to separately manage non-sensitive data in AWS AppConfig and sensitive data in Secrets Manager. With these integrations, customers now have a comprehensive method for retrieving all of the configuration data that their application needs.

AWS IoT Core announced General Availability of the capability to send device logs from Internet of Things (IoT) devices to Amazon CloudWatch Logs in batches, enabling you to optimize the cost of using CloudWatch Log Action in IoT Rules.

AWS IoT Core is a fully managed service that you can use to connect billions of IoT devices to AWS cloud without provisioning and managing cloud infrastructure. Rules Engine is a feature of AWS IoT Core through which you can filter, decode, and process IoT device data, and route that data to 20 AWS services (including CloudWatch Logs) and to any number of customer-defined HTTP APIs.

To get started, use the AWS IoT Core console, Command Line Interface (CLI) or SDKs to connect your IoT devices to AWS IoT Core, define IoT Rules to process and filter the device data, and create a CloudWatch Log Action to route the device logs to CloudWatch Logs.

Additionally, you must batch device logs in your IoT device before routing the logs to AWS IoT Core. If your IoT device logs are batched, you can select the batching option in AWS IoT Core console, CLI or SDKs to deliver those batches to CloudWatch Logs.

Batching of CloudWatch Logs Actions is available in all AWS Regions including AWS GovCloud (US) Regions where AWS IoT Core is available. These Regions are US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), Middle East (UAE), South America (Sao Paulo), and AWS GovCloud (US-East) and AWS GovCloud (US-West). For more information

Amazon Relational Database Service (Amazon RDS) for PostgreSQL now supports PostgreSQL minor versions 14.6, 13.9, 12.13, 11.18, and 10.23. We recommend you upgrade to the latest minor version to fix known security vulnerabilities in prior versions of PostgreSQL, and to benefit from the bug fixes, performance improvements, and new functionality added by the PostgreSQL community. Please refer to the PostgreSQL community announcement for more details about the release.

With this release, RDS for PostgreSQL adds two new extensions: (1) tcn - an extension that provides a trigger function that sends an asynchronous notification for every write on a table, and (2) seg - an extension that provides the "seg" data type used for storing and querying line segments.

This release also includes updates for existing supported PostgreSQL extensions: orafce is updated to 3.24, rdkit is updated to 4.2.0, and wal2json is updated to 2.5. Please see the list of supported extensions in the Amazon RDS User Guide for specific versions.

You are able to leverage automatic minor version upgrades to automatically upgrade your databases to more recent minor versions during scheduled maintenance windows. Learn more about upgrading your database instances, including automatic minor version upgrades, in the Amazon RDS User Guide.

This week, AWS CloudFormation StackSets added a new parameter in DescribeStackSet API to improve visibility to the list of Regions where a given stack set is deployed. You can now access the list of Regions directly through your management or delegated administrator AWS account.

AWS Customers use stack sets to provision and manage stacks in multiple AWS accounts and Regions in a single operation. Previously, customers had to manually aggregate the list of Regions where stack instances were deployed, or build custom code for similar functions. With this launch, you use the Regions parameter in DescribeStackSet to return a compiled list of Regions where a given stack set is deployed programmatically.

For example, if your stack set is deployed across 100+ AWS accounts in us-east-1 and eu-west-2, you can use the new parameter and return an array [“us-east-1”, “us-west-2”]. You can use this information to strategize for future deployments such as deploying dependent resources or stacks, and more.

Amazon OpenSearch Service now supports enabling Security Assertion Markup Language (SAML) authentication for OpenSearch Dashboards during domain creation. SAML authentication for OpenSearch Dashboards enables users to integrate directly with identity providers (IDPs) such as Okta, Ping Identity, OneLogin, Auth0, Active Directory Federation Services (ADFS) and Azure Active Directory.

Previously this authentication method could be configured only after domain creation. Now, this feature can be enabled at domain creation using AWS Console/SDK or using AWS CloudFormation templates, giving you the ability to enable programmatically in fewer steps.

With this feature, users can leverage their existing usernames and passwords to log in to OpenSearch Dashboards, and roles from your IDP can be used for controlling privileges, including what operations they can perform and what data they can search and visualize.

SAML authentication for OpenSearch Dashboards is available on any Amazon OpenSearch Service domain with fine-grained access control enabled. To learn more, please see the documentation.

Starting this week, you can configure your NAT Gateway to support up to 440,000 concurrent connections to a unique destination by adding multiple IP addresses to same NAT Gateway.

A NAT Gateway enables instances in a private subnet to connect to services outside the subnet using the IP address associated with the NAT Gateway. Prior to this launch, you could associate one IP address to your NAT Gateway which supports 55,000 concurrent connections to a unique destination.

A unique destination is identified by a unique combination of destination IP address, the destination port, and the protocol (TCP/UDP/ICMP). This feature allows you to associate up to a total of eight IP addresses to further increase this limit by eight times to 440,000 concurrent connections to a single destination.

Amazon SageMaker Training reduces the time and cost to train and tune machine learning (ML) models at scale without the need to manage infrastructure. In addition to providing built-in libraries and tools, SageMaker works with popular open-source foundation models such as GPT, BERT, and DALL·E and ML frameworks, such as PyTorch and TensorFlow.

AWS are excited to announce that SageMaker Training now supports using images with pre-installed frameworks or algorithms stored in your private Docker registry to build ML models.

Typically, machine learning practitioners working in enterprises want to use a registry for their container image since it is an organization-wide practice to maintain a central location for their images and artifacts. Amazon ECR is a standard example of such a centralized registry used by enterprise teams.

For some teams, there is a need to run training jobs using different third party registries that they have built and maintained outside of AWS. With this new feature, data scientists have the flexibility to train customized machine learning/deep learning (ML/DL) models, using any private Docker registry of their choice.

SageMaker model training can now authenticate with your private Docker registry so that you can have an additional layer of security and the peace of mind that requests to your container images are serviced only for authorized entities. For a step by step instructions, please read our documentation.

AWS App Runner now supports incoming requests based on HTTP 1.0 protocol for applications running on App Runner.

App Runner makes it easier for developers to quickly deploy containerized web applications and APIs to the cloud, at scale, and without managing infrastructure. Until now, App Runner services only supported HTTP 1.1 protocol. Now, you can also run web applications and APIs that use HTTP 1.0 protocol on App Runner. With App Runner, you do not need to configure TLS cipher suites or any other parameters. App Runner manages the TLS termination for you.

Amazon Omics now supports AWS PrivateLink and AWS CloudFormation. You can now use AWS PrivateLink to privately access Amazon Omics APIs from your Amazon Virtual Private Cloud (VPC). Creating VPC Endpoints incurs charges.

See the AWS PrivateLink pricing page for more information. With CloudFormation support, you can now use AWS CloudFormation templates to create, update, and delete your Amazon Omics resources. This helps you automate and standardize DevOps processes across your AWS accounts and AWS Regions for Amazon Omics.

Amazon Omics is a fully managed service that helps healthcare and life science organizations and their software partners store, query, and analyze genomic, transcriptomic, and other omics data and then generate insights from that data to improve health and advance scientific discoveries. 

Amazon Inspector is now available in both AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. You can now continuously monitor your AWS workloads including Amazon Elastic Compute Cloud (EC2) instances, container images in Amazon Elastic Container Registry (ECR), and AWS Lambda functions for software vulnerabilities in these additional regions.

Amazon Inspector is a vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure across your entire AWS Organization. Once activated, Amazon Inspector automatically discovers all of your Amazon Elastic Compute Cloud (EC2) instances, container images in Amazon Elastic Container Registry (ECR), and AWS Lambda functions, at scale, and continuously monitors them for known vulnerabilities, giving you a consolidated view of vulnerabilities across your compute environments.

Amazon Inspector also provides a highly-contextualized vulnerability risk score by correlating vulnerability information with environmental factors such as external network accessibility to help you prioritize the highest risks to address. 

Amazon Connect now supports AWS CloudFormation for instance management, in addition to previously launched CloudFormation support for instance creation and data storage APIs. You can now use AWS CloudFormation templates to manage Amazon Connect instances for associating Lex bots (and Lex v2), Lambda functions, Security keys, and Approved origins —along with the rest of your AWS infrastructure—in a secure, efficient, and repeatable way. 

For more information, see Amazon Connect Resource Type Reference in the AWS CloudFormation User Guide.

AWS CloudFormation support for Amazon Connect instance management is available in all AWS regions where Amazon Connect is offered. To learn more about Amazon Connect, the AWS contact center as a service solution on the cloud, please visit the Amazon Connect website.

The new third-party reports tab on the AWS Artifact Reports page provides on-demand access to security compliance reports of Independent Software Vendors (ISVs) who sell their products through AWS Marketplace.

AWS customers interested in buying third-party software products from AWS Marketplace can download and review the security compliance reports shared by the ISV via AWS Artifact on-demand to accelerate their procurement cycle. ISV compliance reports will only be accessible to those AWS customers who have been granted access to AWS Marketplace Vendor Insights for a specific ISV. To learn more about AWS Marketplace Vendor Insights, please visit here.

Third-party compliance reports are available in all commercial AWS Regions where AWS Artifact is available.

AWS CloudTrail Lake now supports ingesting activity events from non-AWS sources, making CloudTrail Lake a single location to immutably store user and API activity events for auditing and security investigations across AWS and hybrid environments. You can consolidate activity events from AWS and non-AWS sources – such as in-house applications and SaaS applications running in the cloud or on-premises – without having to maintain multiple log aggregators and analysis tools.

CloudTrail Lake records all events in a prescribed CloudTrail schema, immutably stores them for up to seven years, and provides an integrated SQL experience to query your activity events. This makes it easier for you to manage and diagnose security, audit, and operational incidents in AWS and hybrid environments.

With this launch, AWS CloudTrail Lake has added 15 new integration partners which are: Cloud Storage Security, Clumio, CrowdStrike, CyberArk, GitHub, Kong Inc, LaunchDarkly, Netskope, Nordcloud, MontyCloud, Okta, One Identity, Shoreline.io, Snyk, and Wiz. You can find and add partner integrations to start receiving activity events from these applications in a few steps using the CloudTrail console, without having to build and maintain custom integrations.

For sources other than the available partner integrations, you can use the new CloudTrail Lake APIs to set up your own integrations and push events to CloudTrail Lake. To get started, see Working with CloudTrail Lake in the CloudTrail User Guide. For partners interested in building an integration, see the CloudTrail Partner Onboarding Guide.

Amazon Web Services(AWS) today announced support for Credential Guard, a Windows Virtualization Based Security (VBS) feature. Credential guard uses VBS isolation to prevent the extraction of Windows login credentials from OS memory.

When Credential Guard is turned on, login credentials cannot be used from another host or after a user has logged out. With the availability of this capability, enterprises running Windows Server, especially those that operate in regulated industries, no longer have to choose between meeting compliance requirements and being able to move to the cloud to innovate faster; they can get both on EC2.

Customers running Windows Server on Amazon EC2 can now turn on Credential Guard. When Windows is run on EC2, Credential Guard uses the Nitro system to protect Windows login credentials by enabling the creation of isolated environments to protect security assets.

Amazon CloudWatch now supports metric extraction from structured logs using Embedded Metric Format (EMF) without requiring customers to provide special header declaration while publishing logs.

Structured Log Format within CloudWatch Logs allows customers to emit metrics within their logs which are extracted and published to CloudWatch via EMF. Customers can leverage the extracted metrics for real-time incident detection using visualizations and alarming while also being able to perform deeper analysis on the underlying logs using CloudWatch Logs Insights.

With this week’s launch, AWS customers no longer need to add a special header and CloudWatch will automatically detect and extract metrics from structured logs aligning with the EMF specification. This simplification will enable customers to leverage EMF across more of their deployments and use cases.

AWS Customers can start leveraging EMF by sending EMF logs to CloudWatch natively from their applications, using client libraries or using ADOT collector in all AWS regions where CloudWatch is available. There are no additional charges for using this feature, and you simply pay for usage of CloudWatch logs and metrics. 

Amazon Redshift Concurrency Scaling is now available in the China (Beijing, operated by Sinnet), and China (Ningxia, operated by NWCD) Regions.

Amazon Redshift Concurrency Scaling elastically scales query processing power to provide consistently fast performance for hundreds of concurrent queries. Concurrency Scaling resources are added to your Redshift cluster transparently in seconds, as concurrency increases, to process queries without wait time.

Amazon Redshift customers with an active earn one hour of free Concurrency Scaling credit for every 24 hours the cluster is running, which is sufficient for the concurrency needs of most customers. Concurrency scaling allows you to specify usage control providing customers with predictability in their month-to-month cost, even during periods of fluctuating analytical demand. Refer to the Amazon Redshift pricing for more details.

To enable Concurrency Scaling, set the Concurrency Scaling Mode to Auto in your AWS Management Console, as described in the Redshift Cluster Management Guide. You can allocate Concurrency Scaling usage to specific user groups and workloads, control the number of Concurrency Scaling clusters that can be used, and monitor Cloudwatch performance and usage metrics.

This week AWS were excited to announce integration of Systems Manager Automation with Systems Manager Change Calendar. Customers can now reduce the risks associated with changes to their production environment by allowing Automation runbooks to run during an allowed time window.

With this feature, users in your account can only run automations during the time periods allowed by your Change Calendar. For example, you can avoid the risk of application downtime due to system update during high traffic time period, by blocking the time period in Change Calendar and enforcing Automation to check Change Calendar before updating your Amazon EC2 instance types. 

You can start using the feature by enabling the Change Calendar integration in the Automation Preferences page and selecting a calendar. Once enabled, Automation runbooks will run only if Change Calendar allows changes, else the user will get an error message describing the restriction. 

You can now hibernate Elastic Block Storage-backed Amazon EC2 I3en, M6i, M6id, C6i, and C6id instances. Hibernation provides you with the convenience of pausing your instances and resuming them later from a saved state.

Hibernation is just like closing and opening your laptop lid — your application will start right from where it left off. By using hibernation, you can maintain a fleet of pre-warmed instances that can get to a productive state faster without modifying your existing applications. 

Upon hibernation, your instance’s EBS root volume and any attached EBS data volumes are persisted. The data from memory (RAM) is also saved to your EBS root volume. When your hibernated instance is resumed, the EBS root volume is restored from its prior state, and the RAM content is reloaded along with previous data volumes. 

Hibernation is available for On-Demand Instances and Reserved Instances running on C3, C4, C5, C6i, C6id, I3, I3en, M3, M4, M5, M5a, M5ad, M6i, M6id, R3, R4, R5, R5a, R5ad, and T2 instances running Amazon Linux, Amazon Linux 2, Ubuntu 16.04 and 18.04 LTS, and Windows Server 2012, 2012R2, 2016, and 2019. For Windows, hibernation is supported for instances with up to 16 GB of RAM. For other operating systems, hibernation is supported for instances with less than 150 GB of RAM. These instances can be hibernated in any region where EC2 Hibernate is supported.

Amazon Elasticache for Redis now offers an availability Service Level Agreement (SLA) of 99.99% when using a Multi-Availability Zone (Multi-AZ) configuration. Previously, ElastiCache for Redis offered an SLA of 99.9% for Multi-AZ configurations. With this launch, ElastiCache for Redis has updated its Multi-AZ SLA to provide 10x higher levels of availability.

The updated SLA for ElastiCache applies to all regions where ElastiCache is generally available, at no additional cost. To get started, create a new cluster using the AWS Management Console, CLI, or SDKs using Redis version 6.2 or above, or upgrade an existing cluster to the latest available engine service update of Redis version 6.2 or above, and enable Multi-AZ.

Starting this week, you can use Amazon Athena to query data in Google Cloud Storage. With Athena’s data source connectors, you can run SQL queries on data stored in relational, non-relational, object, and custom data sources without the need to move data to S3 or learn a new query dialect. Google Cloud Storage is a managed service designed to store data in buckets, similar to Amazon S3.

You can now use Athena’s connector for Google Cloud Storage to query data stored in Parquet and comma-separated value (CSV) formats. This makes it simple to leverage Google Cloud Storage data for use cases such as interactive analysis and visualization in your preferred business intelligence application.

To get started, use the Athena console to create a secure connection to Google Cloud Storage, register your data with the AWS Glue Data Catalog, and then run your queries.

Amazon OpenSearch Service adds a new connection mode for cross-cluster connection, simplifying the setup required to remote reindex between a local domain and remote VPC domains. Remote reindex enables you to migrate data from a source domain to a target domain. Remote reindex is also useful when you have to upgrade your clusters across multiple major versions. 

Previously, to use remote reindex, you needed to confirm that the source domain was accessible from the target domain. If the remote domain was VPC enabled, you set up a publicly accessible reverse proxy for the remote domain, even when the domains were located within the same VPC. 

With this release, you can create a new connection between a local domain and a remote VPC domain using the connection mode ‘VPC endpoint’, and then use the provided endpoint in the remote reindex operation. You do not need a proxy, and the traffic between domains remains within the Amazon Networking Backbone--at no extra cost.

The new connection mode is available for local domains running OpenSearch versions 1.3 and above. To learn more about the new connection mode and how to use it for remote reindex please refer to the documentation.

Amazon Polly is a service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products. This week, AWS are excited to announce the general availability of Ruth and Stephen, two new US English neural Text-to-speech (NTTS) voices.

Amazon Polly now offers two more voices supporting US English: Ruth is a new neural female voice and Stephen is a new neural male voice. They expand our portfolio for this locale to 6 female voices and 4 male voices. We created Ruth and Stephen as different voice personas, compared to other available US voices, to give our customers a wider range of female and male voice options to choose from.

Amazon SageMaker Automatic Model Tuning now supports three new completion criteria to help you customize your tuning jobs based on your desired trade-off between accuracy, cost, and runtime. 

With SageMaker Automatic Model Tuning, you can help optimize your machine learning (ML) model by searching for the optimal set of hyperparameter configurations for your dataset using various search strategies. Before this launch, you could choose to specify either max training jobs or a target objective metric to complete the tuning jobs.

However, if your tuning job has to be completed before a certain time, it is not trivial to decide how many training jobs to run. You may also not know what target objective metric is reasonable and would rather have the tuning job complete once the objective metric stops improving.

Starting this week, SageMaker Automatic Model Tuning offers three additional completion criteria for your tuning jobs. You can now specify MaxRuntimeInSeconds, which will automatically complete a tuning job after a specified amount of time. To stop a tuning job when the best objective is not improving fast enough, you can now also specify MaxNumberOfTrainingJobsNotImproving.

Additionally, if you are not sure about what settings to use for these completion criteria, you can now specify a CompleteOnConvergence parameter to automatically stop the tuning job when the objective metric is not improving in subsequent trials. All these new completion criteria allow you to strike your desired balance between cost, runtime and accuracy.

In addition, SageMaker Automatic Model Tuning now includes information in the describe API response to assess these completion criteria. This includes total runtime in seconds, number of training jobs not improving the objective so far, and an indicator of whether the tuning job converged. This information is available regardless of your completion criteria settings, which simplifies your decision making process and helps you determine when to stop your tuning jobs.

Amazon MemoryDB for Redis now offers an availability Service Level Agreement (SLA) of 99.99% when using a Multi-Availability Zone (Multi-AZ) configuration. Previously, MemoryDB offered an SLA of 99.9% for Multi-AZ configurations. With this launch, MemoryDB has updated its Multi-AZ SLA to provide 10x higher levels of availability.

The updated SLA for MemoryDB applies to all regions where MemoryDB is generally available, at no additional cost. All MemoryDB Multi-AZ clusters are eligible for the 99.99% SLA with no action required.

Amazon AppFlow announces the release of 4 new connectors that include Braintree, Microsoft Dynamics 365, Oracle HCM and Zoho CRM. Amazon AppFlow is continually expanding its catalog of connectors to popular SaaS applications and these four new data connectors make it easier for customers to access their data for use cases across marketing, eCommerce, customer service, and more. 

Amazon AppFlow is a fully-managed integration service that enables you to securely transfer data between Software-as-a-Service (SaaS) applications like Salesforce, SAP, Google Analytics, Facebook Ads, and ServiceNow, and AWS services like Amazon S3, Amazon Redshift and Amazon SageMaker without writing code. 

AWS Elemental MediaTailor Channel Assembly can now emit logs of a channel timeline to Amazon CloudWatch Logs. Starting today, you can configure a channel to emit an “As Run” timeline log. This will log important play out events such as source content, start times, ad breaks inserted, and more. Using Amazon CloudWatch Insights, you can also configure queries to build reports such as weekly As Run reports.

AWS Elemental MediaTailor logs take advantage of volume-based tiered pricing for vended logs. Please visit the Amazon CloudWatch pricing page to learn more about vended logs pricing available in all public regions. Please visit our documentation to learn more about Amazon CloudWatch.

Using Channel Assembly with MediaTailor, you can create linear channels that are delivered over-the-top (OTT) in a cost-efficient way, even for channels with low viewership. You can create virtual linear streams with a low running cost by using existing multi-bitrate encoded and packaged live or VOD content. You can also monetize Channel Assembly linear streams by inserting ad breaks without having to condition the content with SCTE-35 markers.

This week, AWS are launching AWS Glue in the AWS Middle East (UAE) Region, enabling customer to discover, prepare, and integrate their data at any scale.

AWS Glue is a serverless data integration service that makes it easy to discover, prepare, and combine data for analytics, machine learning, and application development. AWS Glue provides both visual and code-based interfaces to make data integration simpler so you can start analyzing your data and putting it to use in minutes instead of months.

Amazon Relational Database Service (Amazon RDS) now supports increasing the allocated storage size when creating a read replica, when restoring a database from a snapshot, or when restoring a database instance to a point in time. This capability is supported on Amazon RDS for MariaDB, Amazon RDS for MySQL, Amazon RDS for PostgreSQL and Amazon RDS for Oracle databases.

You can specify the new storage size during creation of a read replica or restoration of a database instance. This is especially useful when your primary instances or snapshots are near their maximum allocated storage capacity. In addition, you can make any further storage modifications right after creation of the new database instance with new storage size.

Storage resize capability for DB instance replica and restore creations is available in all AWS Regions, including the AWS GovCloud (US) Regions. Storage resize is also supported by CreateDBInstanceReadReplica, RestoreDBInstanceFromDBSnapshot and RestoreDBInstanceToPointInTime APIs.

AWS Glue Studio now offers 5 new visual transforms: Flatten, Format timestamp, To timestamp, Add identifier, and Add UUID. AWS Glue Studio offers a visual extract-transform-and-load (ETL) interface that helps ETL developers to author, run, and monitor AWS Glue ETL jobs quickly. With this new feature ETL developers can prepare data for analysis faster without having to write any code.

The 5 new transformations solve a variety of data situations: flatten can extract data from nested structures, format timestamp converts raw strings into a timestamp of a specified format, to timestamp can convert an epoch or ISO string into a timestamp, and add identifier or UUID both help provide unique keys when they don’t previously exist. Finally, these new transforms work in both visual and code-based jobs.

Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. Starting this week, AWS customers can index documents of additional data types in addition to the five types previously supported.

Critical information across multiple data sources in an enterprise can be present in various data formats. Amazon Kendra customers can now use the Kendra web crawler to index documents with the formats RTF, XML, XSLT, Microsoft Excel, CSV, JSON and Markdown.

This is in addition to the previously supported formats which are, HTML, PDF, MS Word, MS PowerPoint, and Plain Text. Customers can search for information from content of all these data formats using Kendra Intelligent Search.

AWS Snow Family now supports Instance Metadata Service Version 2 (IMDSv2) for Amazon EC2 instances on AWS Snowcone and AWS Snowball Edge devices. You can use AWS Snow Family devices to run storage, compute, and data-processing operations in locations with denied, disrupted, intermittent, and limited connectivity.

IMDSv2 is an enhancement to instance metadata access that requires session-oriented requests to add defense-in-depth against unauthorized metadata access. IMDSv2 requires a PUT request to initiate a session to the instance metadata service and retrieve a token.

With IMDSv2 for AWS Snow Family, you can securely configure and manage the running instance, and access the user specified data while launching your Amazon EC2 instance on Snow. You can also use instance metadata to build generic Amazon Machine Images (AMIs) that can be modified by configuration files supplied at launch time.

IMDSv2 provides increased service security through session authentication, offering protection against several vulnerabilities. To get started, configure the instance metadata options while launching the EC2 instance on Snow or while registering your AMI.

AWS Snow Family now supports Ubuntu 20.04 Long Term Support (LTS) and Ubuntu 22.04 LTS on AWS Snowcone, AWS Snowball Edge Compute Optimized, and AWS Snowball Edge Storage Optimized devices. Ubuntu operating systems on Snow devices enable customers to deploy their edge compute workloads such as IoT, AI/ML, and Container workloads on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS versions.

To add Ubuntu 20.04 or Ubuntu 22.04 to your device, create an instance using Ubuntu 20.04 LTS or Ubuntu 22.04 LTS from AWS Marketplace and then create an image from the instance. Once the image is created in your account, you will be able to select it when creating your Snow jobs. To create a new Snow Family job, log into the AWS Snow Family console.

Bottlerocket, a Linux-based operating system that is purpose built to host container workloads, now supports network bonding and VLAN tagging when used with Amazon Elastic Kubernetes Anywhere (Amazon EKS Anywhere) bare metal deployments. The added functionality allows customers using Bottlerocket on bare metal to avoid a single point of failure in the network stack and improves network performance.

Network bonding is a process of combining two or more network devices to act as one network interface. This process can improve network performance and availability because there is now more than one interface available to communicate. Bonding interfaces together is a common strategy to provide high availability for bare metal servers. VLAN tagging adds the ability to use the same network hardware but logically separates networks based upon VLAN tags.

AWS Outposts rack local gateway now supports Amazon Virtual Private Cloud (VPC) prefix lists, simplifying management of your routing policies to connect to your on-premises network.

AWS Outposts rack, a part of the AWS Outposts family, is a fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any on-premises data center or co-location space for a truly consistent hybrid experience. Each Outpost provides a local gateway that allows you to connect your Outpost resources with your on-premises networks.

Prefix lists allow you to group one or more CIDR blocks into a single object. You can group CIDRs that you frequently use in a prefix list, and reference this list as a route target in your local gateway route table. Previously, you needed to add individual routes when scaling your network to add a new CIDR block, which could be time-consuming and error-prone.

Now you can update the relevant prefix list by adding or removing CIDR blocks and all routes in the local gateway route table referencing the prefix list are automatically updated. As you scale your network, prefix lists can help simplify management of your local gateway on your Outpost. 

You can now launch clusters with the following Kubernetes versions:

• 1.23.14-gke.1800
• 1.24.9-gke.1500
• 1.25.5-gke.1500

• Upgraded containerd to version 1.6.12.
• Upgraded storage drivers.

On February 1, 2023 we released an updated version of the Apigee hybrid software, v1.9.0.

• For information on upgrading, see Upgrading Apigee hybrid to version 1.9.
• For information on new installations, see The big picture.
  
  

  Kubernetes network policies

CSI Backup and Restore

Starting with Apigee hybrid 1.9, you can back up and restore your hybrid data using CSI (Container Storage Interface) snapshots. CSI backup generates disk snapshots and stores them as encrypted data in cloud storage. See Cassandra CSI backup and restore.

Custom ingress access logs

Starting in version 1.9, Apigee hybrid offers custom log formats for the Apigee Ingress gateway. See Customize Ingress access logs.

Target separate ingress gateways to virtual hosts

Starting in version 1.9, Apigee hybrid you can control how separate Apigee Ingress gateways map to specific virtual hosts. See Targeting an Apigee ingress to a virtual host.

Public preview: User-assigned managed identities for routing events for Azure Digital Twins

Generally available: Apply Azure storage access tiers to append blobs and page blobs with blob type conversion

Convert append blobs and page blobs to block blobs so that you can apply access tiers.

Chaos studio - Public preview updates for January 2023