This week's roundup of all the cloud news.
We're well and truly over the January hump and planning out 2021, revisiting our roadmap and hatching some dastardly plans around new capabilities and platforms. Stay tuned. If there's something you would love to see that would make your cloud documentation challenges easier, hit us up on email or twitter, we'd love to hear from you.
Here's a round up of all things AWS, Azure and Google Cloud Platform for the week ending Friday 22nd January 2021.
Amazon MSK now supports the ability to change the size or family of your Apache Kafka brokers
You can now scale your Amazon Managed Streaming for Apache Kafka (MSK) clusters on demand by changing the size or family of your brokers without reassigning Apache Kafka partitions. Changing the size or family of your brokers gives you the flexibility to adjust your MSK cluster’s compute capacity based on changes in your workloads, without interrupting your cluster I/O. In just a few clicks, you can scale up or scale down your Amazon MSK clusters’ compute capacity that includes CPU, memory, network throughput and I/O capacity. You will be charged for the chosen broker size or family per Amazon MSK standard pricing.
Resource Groups Tagging API launches ResourceARNList parameter for the GetResources operation
The GetResources operation of the Resource Groups Tagging API helps you return all the tagged or previously tagged resources located in the specified region in an AWS account. The GetResources operation now supports the ResourceARNList parameter. This new parameter accepts a list of up to 100 Amazon Resource Names (ARNs), and returns a list of the specified resources and the tag data attached to each. This new ResourceARNList parameter lets you keep track of the tag status of the AWS resources you care about. Instead of having to do multiple calls to check for each resource individually, and then assemble the results, this feature lets you check tag status for multiple ARNs and get the results using a single call.
Amazon Detective enhances IP Address Analytics
Amazon Detective now provides enhanced IP address analytics enabling faster security investigations. With this new capability you can answer questions about a specific IP address such as “how long has this IP address been interacting with the resources in my accounts”, “which of my EC2 instances did this IP address communicate with?”, “What were the data volumes exchanged with this IP address and which ports did the communication occur on?”, or “Which users and roles invoked API operations from this IP address?”. By providing answers to questions such as these, Detective empowers security analysts to quickly determine IP address behavior and diagnose security incidents.
Amazon RDS for MariaDB now supports version 10.5.8
Amazon Relational Database Service (Amazon RDS) for MariaDB now supports MariaDB version 10.5.8 in all AWS regions. This release includes fixes to bugs in MariaDB 10.5.7 affecting point-in-time restore, data replication, and tables with triggers that caused database crashes and data corruption. To read more about this version, please see the release notes for MariaDB 10.5.8 .
Announcing CDK Support for AWS Chalice
AWS Chalice now integrates with the AWS Cloud Development Kit (CDK). With CDK integration, you can now combine the familiar, decorator-based APIs of Chalice to write your application code with the entire CDK constructs to define your service infrastructure. This enables you to deploy your serverless application as a single, cohesive stack using the CDK.
New AWS IoT Device Client simplifies onboarding to AWS IoT Core, AWS IoT Device Management, and AWS IoT Device Defender
Amazon ECS announces increased service quotas for tasks per service and services per cluster
Amazon Elastic Container Service (Amazon ECS) today increased the default service quotas for ECS tasks per service and services per cluster. You can now launch up to 5,000 tasks per service and 5,000 services per cluster, an increase from 2,000 each.
Announcing date and time functions and timezone support in AWS IoT SiteWise
AWS were excited to announce that AWS IoT SiteWise now supports date and time functions, and global time zones for use in metric and transform computations in the AWS IoT SiteWise asset model. You can now use date and time expressions to retrieve the current timestamp of equipment data in UTC (Coordinated Universal Time) or in your local time zone, construct timestamps given input parameters such as year, month, day of the month and time, and extract different time fields such as year or month given a specific timestamp value. The date and time functions supported by AWS IoT SiteWise are listed below.
Introducing Federated Amazon EKS Clusters on AWS
Federated Amazon EKS Clusters on AWS is a new AWS Solutions Implementation that automates the deployment and federation of two Amazon Elastic Kubernetes Service (Amazon EKS) clusters across multiple AWS Regions, configuring highly available, low latency, and easily scalable applications. Over the last few years, Kubernetes has gained an increasing popularity for automating application deployment, scaling, and management, and while it has enabled more and more users, it also is taxing to properly configure its consistent use to deploy applications globally and to manage lots of clusters.
PCI DSS compliance for AWS Wavelength
PCI Eligible AWS services deployed in AWS Wavelength can now store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD), including merchants, processors, acquirers, issuers, and service providers. PCI DSS (Payment Card Industry Data Security Standard) is a proprietary information security standard administered by the PCI Security Standard Council . Many Wavelength use cases like interactive live video streams, AR/VR, and real-time gaming require in-app purchases. Starting today, you can use AWS Wavelength to build, deploy, and run applications that store and use sensitive payment card data in compliance with PCI DSS.
AWS Certificate Manager Private Certificate Authority now supports additional certificate customization
AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports additional customization options for issuing CA and end entity certificates to meet additional use cases such as identity certificates, including smart card certificates. Customers can now include certificate attributes via API calls at the time of issuance in addition to inclusion in the certificate signing request (CSR). Additionally, with this launch, customers can configure the certificate start date and time to account for clock skew and other situations in which IoT or other devices reset to a specific date in the past when they lose power.
AWS SDK for Go version 2 is now generally available
This week, the AWS SDKs and Tools announces general availability of the AWS SDK for Go, version 2 (v2) . This release has a modular architecture that allows customers to model service dependencies in their application and independently control service client updates using Go modules. A marked improvement in CPU and memory utilization provides more resources for application’s compute and memory intensive tasks.
Amazon CloudWatch Application Insights supports Oracle database monitoring
Now enterprises with Oracle databases can easily setup monitoring, alerting and dashboards for their EC2 and RDS Oracle instances on AWS with CloudWatch Application Insights. CloudWatch Application Insights is a capability that helps customers simply setup monitoring and enhanced observability for their enterprise applications running on AWS resources. The new feature automatically setups the metrics, telemetry and logs for monitoring the health and wellness of Oracle databases running in AWS.
Amazon ECS now supports VPC Endpoint policies
Amazon Elastic Container Service (ECS) now lets you attach IAM resource policies to VPC Endpoints. This allows you to control access to your ECS resources from VPC Endpoints, helping you meet compliance and regulatory requirements.
Google cloud run introduces websockets, http/2 and gRPC bidirectional streams
Google were excited this week to announce a broad set of new traffic serving capabilities for Cloud Run: end-to-end HTTP/2 connections, WebSockets support, and gRPC bidirectional streaming, completing the types of RPCs that are offered by gRPC. With these capabilities, you can deploy new kinds of applications to Cloud Run that were not previously supported, while taking advantage of serverless infrastructure. These features are now available in public preview for all Cloud Run locations.
More Google Cloud Releases and Updates
- Anthos 1.5.3 released
- Dialogflow CX system entities can now be extended
- VPC Service Controls integration with AI Platform Prediction is GA
- Anthos Service Mesh patch 1.7.6-asm.1 is now available
- IAM - you can now troubleshoot conditional role bindings directly from logs
- BigQuery now available in us-central1 (Iowa region)
- DB auditing in CloudSQL for PostgreSQL is GA via pgAudit extension
Announcing three new digital courses for Amazon S3
We’re excited to introduce three free digital courses that help you learn how to configure, optimize, secure, and audit your Amazon S3 implementation. Designed for cloud architects, storage architects, developers, and operations engineers, these intermediate courses include reading modules, demonstrations, quizzes, and optional self-paced labs. The self-paced labs cost up to 15 USD per lab (this cost is not included with free digital training on aws.training).
New self-paced course about designing data lakes on edX and Coursera
AWS Training and Certification has launched a new self-paced digital course: Introduction to Designing Data Lakes in AWS. This course is for learners ranging from storage administrators to data scientists who want to explore how to create and operate a data lake in a secure and scalable way.
New AWS digital course: Configuring and Deploying VPCs with Multiple Subnets
AWS were excited this week to announce a free new digital course: Configuring and Deploying VPCs with Multiple Subnets. The course covers how to create a secure AWS network environment with Amazon Virtual Private Cloud (Amazon VPC) service. This intermediate, one-hour course includes reading modules, video demonstrations, a quiz, and an optional self-paced lab. The course is designed for network engineers, solutions architects, and cloud architects.
New digital course and lab: AWS Cloud Development Kit (CDK) Primer
Learn how to define and provision cloud infrastructure using the AWS Cloud Development Kit (CDK) with our new digital course AWS Cloud Development Kit (CDK) Primer. This intermediate course is designed for developers that are familiar with AWS services, including AWS CloudFormation.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email firstname.lastname@example.org to book a callback or demo.