This week's roundup of all the cloud news.
Here's a cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday 22nd July 2022.
This week at Hava we've added more GCP resources including Pub/Sub topics and subscriptions so you can now use the query builder to generate GCP Pub/Sub Diagrams.
To stay in the loop, make sure you subscribe using the box on the right of this page.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
AWS Transfer Family customers can now use ED25519 and ECDSA keys to authenticate users connecting to an AWS Transfer Family server. Previously, Transfer Family only supported RSA keys for user authentication.
ED25519 and ECDSA are both elliptic-curve based public-key systems commonly used for SSH authentication. They offer improved security and performance over the traditional RSA key type. You can now add any combination of ED25519, ECDSA, and RSA keys – up to 10 per user.
AWS Transfer Family supports ED22519 and ECDSA keys in all AWS Regions where it is available. You can configure a user's SSH public keys using the AWS Transfer Family API, AWS Management Console, AWS Command Line Interface (CLI), or AWS CloudFormation.
AWS Network Firewall now supports Amazon Virtual Private Cloud (VPC) prefix lists to simplify management of your firewall rules and policies across your VPCs. Prefix lists enable you to group one or more CIDR blocks into a single object. You can group IP addresses that you frequently use in a prefix list, and reference this list in AWS Network Firewall rule groups. Previously you needed to update individual firewall rules when scaling your network to add new IP addresses, which can be time-consuming and error-prone. Now you can update the relevant prefix list and all AWS Network Firewall rule groups that reference the prefix list are automatically updated. As you scale your network, you can use prefix lists to simplify management of your firewall rule groups and policies across multiple VPCs and accounts in the same AWS Region. You can use AWS-managed prefix lists or you can create and manage your own prefix lists.
AWS Network Firewall is a managed firewall service that makes it easy to deploy essential network protections for all your Amazon VPCs. This feature is available via the Amazon VPC Console or the Network Firewall API in all commercial AWS Regions where AWS Network Firewall is available. There is no additional charge for using prefix lists with AWS Network Firewall.
Amazon Athena users can now analyze and tune their queries using interactive, visual tools. Optimizing queries and debugging failures are challenging tasks that often require knowledge of query behavior and a careful approach to tuning query logic. With today’s launch, you can now use the Athena console to analyze your queries with tools that make it simpler to debug errors and improve performance.
To help you understand how a query will execute before it’s run, you can now access an interactive visualization of the query plan. With a single click, you can generate the query plan and use it to inspect the operators, joins, and data processed at each step in your query. After your query executes, new query-level metrics show the time spent in queuing, planning, and execution stages as well as the rows and size of data processed and output by your query. Metrics are displayed as an embedded console visualization but can also be accessed through a new query statistics API.
For queries that warrant deeper analysis, you can now examine granular execution details presented as an interactive graph that allows you to trace the flow of data through your query. Use the execution details to identify bottlenecks in complex queries, inspect operators and detailed performance statistics at each stage, validate the impact of query predicates, and more.
This week, AWS are excited to announce that Amazon Fraud Detector (AFD) now supports Account Takeover Insights (ATI) model, a low-latency fraud detection machine learning (ML) model specifically designed to detect accounts that have been compromised through stolen credentials, phishing, social engineering, or other forms of account takeover. The ATI model is designed to detect up to 4 times more ATI fraud than traditional rules-based account takeover solutions while minimizing the level of friction for legitimate users.
Each year, billions of accounts are compromised by bad actors. Many companies, even those with sophisticated fraud teams, lack any protections or use rules-based solutions to detect compromised accounts since they are simple to create and easy to scale.
The ATI model makes it easy for AWS customers to improve account takeover detection by incorporating ML models without needing to collect fraud labels or perform advanced data engineering. To get started, you can simply upload or stream raw unlabeled data from online logins. Behind the scenes, the ATI pipeline handles all of the necessary steps for validating and transforming data, building a model, and deploying it to production; the model is designed to learn from the behavioral patterns of the users and thereby distinguish familiar logins from the anomalous ones. Amazon Fraud Detector is designed to automatically scale to handle up to 200 fraud predictions per second (or more upon request) and can return fraud evaluations with minimal latency, helping you evaluate all of the production traffic synchronously and with less friction for your users.
The AWS IoT Device Client is a free, open-source, and modular device-side reference implementation written in C++ that you can compile and install on IoT devices. It allows device developers to access AWS IoT Core, AWS IoT Device Management, and AWS IoT Device Defender features with minimal device side code. The Device Client works on devices with common microprocessors (x86_64 and ARM architectures), and common Embedded Linux software environments (e.g. Debian, Ubuntu, and RHEL).
The latest version of the AWS IoT Device Client (v1.7) is now available for download. This new version makes four new capabilities available to you by default: provisioning with Secure Elements, connecting to AWS IoT from behind an HTTP Proxy, publishing sensor data over MQTT, and compatibility with IoT Core Named Shadows.
First, the AWS IoT Device Client now provides support for cryptographic hardware with the PKCS#11 interface. You can use it to provision IoT devices that come with inbuilt Secure Elements (SEs) like Hardware Security Modules (HSMs) or Trusted Platform Modules (TPMs). The client currently offers a reference integration with SoftHSM which can be replaced with any compatible PKCS#11 library at runtime.
Second, the device client now provides an optional configuration where you can specify your HTTP proxy server details and authentication credentials. This enables your IoT device to connect to AWS IoT from within your secure network through an HTTP Proxy.
Third, with the Device Client’s new Sensor Publish feature, you can now connect a sensor to your IoT device, define a configuration (e.g. a sampling frequency, a source UNIX domain socket, and a destination MQTT topic), and stream that sensor’s data directly to AWS IoT Core on an MQTT topic of your choice.
Lastly, you can now also use the Device Client’s Named Shadows feature to report and remotely manage your device properties, configuration or state from the cloud. The reference implementations provided with the Device Client are pre-built to work with AWS IoT Core Named Shadows on the cloud.
To get started on your device, download the AWS IoT Device Client source code from GitHub. Take advantage of the guided workshop to create a quick Proof-of-Concept and explore select AWS IoT features with the AWS IoT Device Client. To connect, manage, or secure your IoT devices on AWS, log in to the AWS IoT Management Console or use CLI.
AWS IoT Device Management Fleet Indexing now provides integration with two additional data sources, AWS IoT Core named shadows and AWS IoT Device Defender detect violations. Customers can now select specific named shadows to index only the data that is required for search queries. Also, detected violations can be indexed to target devices for troubleshooting or monitor the fleet-level anomalies trends with Fleet Metrics. These two additional data sources will help IoT customers who store IoT fleet data across different services and systems and regularly access the data for fleet monitoring, health checks, over-the-air (OTA) updates, and troubleshooting. With this release, supported data sources for Fleet Indexing increased to 5 from 3 (AWS IoT Core registry, shadows, and connectivity lifecycle events).
Now, AWS customers have more data source flexibility when monitoring and managing their devices from Fleet Indexing or from AWS IoT Device Management Fleet Hub. Customers can now set fleet metric alarms, perform queries, or target devices in their fleet with additional device state and behavior anomaly data. Moreover, the additional data sources for Fleet Indexing can help customers to focus their time and resources on high-value fleet monitoring analysis and troubleshooting and less time on building and maintaining DIY fleet management solutions.
AWS Managed Services (AMS) Accelerate Operations Plan is now available in Asia Pacific (Hong Kong) and Middle East (Bahrain) Regions. AMS helps you operate AWS efficiently and securely. It provides proactive, preventative, and detective capabilities that raise the operational bar and help reduce risk without constraining agility, allowing you to focus on innovation. AMS extends your team with operational capabilities including monitoring, incident detection and management, security, patch, backup, and cost optimization.
Changes to AWS CloudFormation-based stacks and resources are now available as event notifications in Amazon EventBridge. Customers can use these event notifications to build and scale loosely-coupled event-driven applications. With this feature, customers can trigger actions in real-time after they create, update, or delete either their CloudFormation stacks or resources in their CloudFormation stacks without having to write single-use custom code or develop new software.
Over one million customers use AWS CloudFormation every week to model, provision, and manage their cloud applications and infrastructure in a safe, predictable, and repeatable way. Customers use EventBridge to create scalable event-driven applications by routing events between their applications, third-party SaaS applications, and other AWS services. Now, customers do not need to periodically poll for changes to their CloudFormation stacks to create event-driven applications. Customers can avoid writing custom code for polling and save compute cost for cases when polling returns empty results. CloudFormation provides three event notification types in EventBridge, including CloudFormation Resource status change, CloudFormation Stack status change, and CloudFormation Drift Detection status change. Customers can create rules in EventBridge for these event notifications that will immediately trigger more than 20 targets, including AWS Lambda, Amazon Kinesis, and AWS Step Functions. This feature helps customers solve for multiple use cases. For example, customers can create an application that automatically remediates drift to CloudFormation stacks or create alerting applications that send notifications when developers make unintended changes to CloudFormation stacks.
AWS Backup now allows you to protect your Amazon Relational Database Service (Amazon RDS) Multi-AZ clusters with two readable standbys. Amazon RDS Multi-AZ clusters with one primary and two readable standby database (DB) instances across three Availability Zones (AZs) is designed to provide you up to 2x faster transaction commit latency, automated failovers, and readable standby instances. Now, all of the data protection capabilities in AWS Backup including automated lifecycle management, separate backup access policies, immutable backups with AWS Backup Vault Lock, and compliance monitoring with AWS Backup Audit Manager are available for Amazon RDS Multi-AZ clusters.
AWS Backup is a policy-based service that provides you a fully managed experience to centralize and automate data protection of your application data spanning across AWS services for compute, database, and storage. To start protecting your RDS Multi-AZ clusters with AWS Backup, add your RDS Multi-AZ clusters to your existing backup plans or create a new backup plan specifying backup frequency, lifecycle settings, and tagging preferences and attach your RDS clusters to the newly created backup plan.
Auto Scaling in AWS Glue Streaming ETL is now generally available. AWS Glue Streaming ETL jobs can now dynamically scale resources up and down based on the input stream. Auto Scaling helps customers reduce the cost and manual effort required to optimize resources by allocating the right resources necessary for Streaming ETL jobs.
AWS Glue Streaming ETL jobs continuously consume data from streaming sources, clean and transform the data in-flight, and make it available for analysis in seconds. AWS Glue Auto Scaling monitors each stage of the job run and turns workers off when they are idle or adds workers if additional parallel processing is possible. This helps AWS customers reduce cost for their streaming jobs and the manual effort required for optimizing resources
The AI Use Case Explorer is a business outcome centric web search tool that enables users to easily find the right artificial intelligence (AI) use cases, discover relevant customer success stories, and mobilize their teams towards AI deployments. The user friendly tool takes business problem descriptions as inputs and provides relevant, practical use cases and success stories as outputs.
With over 100 use cases and sub use cases, and 400 customer success stories, the tool will help every business overcome one of the main AI adoption barriers, identifying the right use case to get started. Once the use cases is identified, customers (or users) can read about success stories from around the world and kickstart deployment, from proof-of-concept to full production, by following an expert-curated action plan.
AWS CodeBuild’s support for Arm using Graviton2 is now available in: South America (São Paulo) and Europe (Stockholm).
In February 2021, CodeBuild launched an update for native Arm builds to use the second generation of AWS Graviton processors. Support for Graviton2 allows customers to build and test on Arm without the need to emulate or cross-compile. The upgrade delivered a major leap in performance and capabilities over first-generation AWS Graviton processors. They deliver 7x more performance, 4x more compute cores, 5x faster memory, and 2x larger caches.
Now, with two additional Standard Regions, more CodeBuild customers targeting Arm benefit from the capabilities of AWS Graviton2 processors.
AWS Lambda announces support for attribute-based access control (ABAC) for API actions that use Lambda function as the required resource. ABAC is an authorization strategy that defines access permissions based on tags which can be attached to IAM resources, such as IAM users and roles, and to AWS resources, like Lambda functions, to simplify permission management.
ABAC support for Lambda functions allows you to scale your permissions as your organization innovates and give granular access to developers without requiring a policy update when a user or project is added, removed or updated. With ABAC support for AWS Lambda, IAM policies can be used to allow or deny specific Lambda API actions when the IAM principal's tags match the tags on a Lambda function.
With this launch, AWS Lambda supports ABAC only for Lambda APIs that use function, function version and function alias as the main resource type. Please review the full list of Lambda API actions and resource types here. AWS Lambda supports ABAC in all public AWS Regions except for the AWS Govcloud (US) Regions and Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD.
Amazon Braket, the quantum computing service from AWS, makes it easier for customers to conduct scientific research and software development with quantum computers. This week, AWS are excited to announce the launch of a new cost tracking function in the Braket SDK, providing customers the ability to monitor their quantum computing costs more easily and quickly. Rather than waiting for an AWS bill, by adding only a few lines of code, estimated costs are now available immediately after each quantum task is processed, either on a quantum processing unit (QPU) or on-demand simulator.
Prior to this launch, customers had to derive quantum execution time and pricing information from different sources to track costs themselves, wait until the next billing cycle, or use cost optimization and budgeting tools such as the AWS Cost Management suite. Now, customers can use the tracker to get near real time cost estimates for specific quantum operations along with other information, such as execution duration. By incorporating the tracker in their code, customers can build out custom logic to implement spending limits to help manage budgets and avoid unexpected charges.
On July 19th, 2022 Amazon announced quarterly security and critical updates for Amazon Corretto Long-Term Supported (LTS) versions of OpenJDK. Corretto 18.0.2, 17.0.4, 11.0.16, 8u342 are now available for download. Amazon Corretto is a no-cost, multi-platform, production-ready distribution of OpenJDK.
AWS Snowball Edge (SBE) Storage Optimized devices now support high performance Network File System (NFS) data-transfer operations in the AWS GovCloud (US) Regions. With this launch, AWS GovCloud (US) customers can now transfer up to 80-TBs of data onto Snowball Edge Storage Optimized devices through file or object interfaces. The file interface exposes a Network File System (NFS) mount point for each Amazon S3 bucket on your AWS Snowball Edge Storage Optimized device. After mounting the file share, you can drag and drop files from your computer into S3 buckets on the Snowball Edge device.
Prior to this launch, file interface data transfer speeds were typically between 25 MB/s and 40 MB/s. For faster data transfer or large data sets, customers had to use an S3 adapter on Snow for transferring the data, which delivered data transfer rates between 250 MB/s and 400 MB/s. With the high performing NFS data-transfer capability, you can get similar data transfer speeds as the S3 adapter with the file interface on SBE devices. However, actual performance may vary based on multiple factors such as network speed, file size, data source performance, and tooling used.
To use this feature, place an order for a data import job and select a Snowball Edge Storage Optimized device in the AWS Snow Family management console. Next, select NFS in the data transfer mechanism option, and then select the appropriate S3 buckets for data transfer using NFS. Finally, select an S3 bucket that you can use in the field to load Amazon Machine Images (AMIs) to the SBE device.
This week, AWS Marketplace announced that Independent Software Vendors (ISVs) can now add a reseller contract and leverage standard Reseller Contract for AWS Marketplace (RCMP) template when authorizing channel partners to resell ISV products to AWS Marketplace buyers. This launch will help reduce redundancy in legal contract reviews when the two parties (ISVs and channel partners/consulting partners) onboard with each other. ISVs and channel partners can now further optimize their resell operations with this self-service feature of reseller contracts that defines a Consulting Partner Private Offer (CPPO) transaction.
At launch, ISVs can optionally attach an RCMP or their own customized contract when creating a reseller opportunity. Channel partners can then view and accept ISV's reseller contract when accepting a reseller opportunity to create a CPPO. Reseller Contracts for AWS Marketplace are strictly between channel partners and ISVs and will not be visible to the final buyer of a CPPO.
re:Post now expands the capability for experts community members to share technical guidance and knowledge beyond answering questions through the Articles feature. Using this feature, community members can share best practices, troubleshooting processes, and address customer needs around AWS technology in greater depth. The Articles feature is unlocked for community members who have achieved Rising Star status on re:Post or subject matter experts who built their reputation in the community based on their contributions and certifications. Every article published on re:Post contributes to the growth of AWS public knowledge, improving self-service guidance for all customers and helps accelerate their cloud journey.
The Articles feature allows customers to find technical guidance through longer-form community-generated content including supporting diagrams, How-To’s, and best practices to design, develop, and optimize AWS applications. Articles also give experts a place to document and address customer needs complementary to Q&As. re:Post customers can feel confident in the content provided in re:Post Articles because subject matter experts and authors are asked to review articles every six months to ensure freshness and accuracy. Customers are encouraged to provide feedback if they believe the article needs review. In addition, experts can document their knowledge and can point customers to best practices shared elsewhere on re:Post. Authors get reputation points for publishing articles and when they receive up-votes from community members. Authors can organize their articles within re:Post by tagging them to improve the ease of access. If you have a Rising Star status on re:Post, start writing articles now! All other members can unlock Rising Star status through community contributions or simply browse available articles today on re:Post.
This week, AWS were excited to announce Cloudscape Design System, an open source solution for building intuitive, engaging, and inclusive user experiences at scale. Cloudscape consists of an extensive set of guidelines to create web applications, along with the design resources and front-end components to streamline implementation.
Cloudscape was built for and is used by AWS products and services. AWS created it in 2016 to improve the user experience across AWS web applications, and also to help teams implement those applications faster. Since then, AWS have continued enhancing the system based on customer feedback and research. If you’ve ever used the AWS Management Console, you’ve seen Cloudscape in action.
AWS are releasing Cloudscape as open source so that anyone building cloud products can benefit from the design system, and also join a community of designers and developers who continually improve it. Whether you’re building a product that extends the AWS Management Console, designing a user interface for a hybrid cloud management system, or setting up an on-premises solution that uses AWS, Cloudscape offers a solid base of 60+ components, 30+ pattern guidelines, and 20+ demos to make your work easier. To customize your user experience, Cloudscape offers theming, dark mode, and content density modes.
AWS Single Sign-On (AWS SSO) now supports AWS Identity and Access Management (IAM) customer managed policies (CMPs) and permission boundary policies within AWS SSO permission sets. The new capability helps AWS SSO customers to improve their security posture by creating larger and finer-grained policies for least privilege access and by tailoring policies to reference the resources of the account to which they are applied. Using CMPs, AWS SSO customers can maintain the consistency of policies, as CMP changes apply automatically to all permission sets and roles that use the CMP. This enables customers to govern their CMPs and permissions boundaries centrally, and allows auditors to find, monitor, and review them. Customers, who have existing CMPs for roles they manage in AWS IAM, can reuse their CMPs without the need to create, review, and approve new in-line policies for permission sets.
AWS SSO permission sets are role definitions that manage access to multiple AWS accounts. Until now, to define the level of access in a permission set, administrators had to specify in-line policies which were limited to 10,240 characters. With this release, they can specify in the permission set the names of up to 10 CMPs and one permission boundary policy, each up to 6,144 characters long.
You can now use AWS PrivateLink to privately access the AWS Migration Hub Refactor Spaces APIs from your virtual private cloud (Amazon VPC). AWS PrivateLink provides private connectivity between VPCs, AWS services, and your on-premises networks. Starting this week, you can manage your Refactor Spaces resources using AWS PrivateLink and meet your organization’s security and compliance requirements. To use AWS PrivateLink, create an interface VPC endpoint for Refactor Spaces in your VPC using the Amazon VPC console, SDK, or CLI. You can also access the VPC endpoint from on-premises environments or from other VPCs using AWS VPN, AWS Direct Connect, or VPC Peering.
AWS Migration Hub Refactor Spaces is the starting point for incremental application refactoring to microservices in AWS. Refactor Spaces automates the creation of application refactor environments including all of the infrastructure, multi-account networking, and routing to incrementally modernize. Use Refactor Spaces to help reduce risk when evolving applications into microservices or extending existing applications with new features written in microservices.
Amazon QuickSight now supports Bookmarks in dashboards. Bookmarks allow QuickSight readers to save customized dashboard preferences into a list of Bookmarks for easy one-click access to specific views of the dashboard without having to manually make multiple filter and parameter changes every time. Combined with QuickSight’s “Share this view” functionality, readers can also now share their Bookmark views with other readers for easy collaboration and discussion. Bookmarks are available to all users of the QuickSight console interface.
AWS announces the general availability of Amazon EC2 R6a instances. Designed for memory-intensive workloads, R6a instances are built on the AWS Nitro System, which delivers almost all the compute and memory resources of the host hardware to your instances. R6a instances are powered by third-generation AMD EPYC processors with an all-core turbo frequency of up to 3.6 GHz. These memory-optimized instances, which are SAP certified, deliver up to 35% better compute price performance compared to R5a instances for a wide variety of workloads and offer 10% lower cost than comparable x86-based EC2 instances.
To meet customer demands for increased scalability, R6a instances provide two new sizes, the largest with 192 vCPUs and 1,536 GiB of memory, which is twice the size of the largest R5a instances. Each instance vCPU has 20% higher memory bandwidth compared to R5 instances. R6a instances also provide up to 50 Gbps of networking speed and 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS). You can use the Elastic Fabric Adapter (EFA) on the 48xlarge and bare metal sizes, which enables low latency and highly scalable internode communication.
Porting Assistant for .NET now supports assessment and porting of legacy .NET Framework applications written in VB.NET language. With this release, Porting Assistant will translate VB.NET class libraries, web APIs, and console applications to .NET Core 3.1, .NET 5, or .NET 6 to simplify the modernization of legacy .NET Framework applications written in VB.NET . Developers can use the Porting Assistant for .NET standalone tool or Porting Assistant for .NET Visual Studio IDE extension to modernize their legacy VB.NET applications. Support for VB.NET is added in addition to existing support for assessment and porting of C# based .NET Framework applications.
The Amazon Redshift ODBC driver is now open source and available for the user community under the Apache-2.0 license. With this release, customers will gain enhanced visibility to the driver implementation and can contribute to its development. Users can browse the code for the ODBC driver on the relevant AWS GitHub repository, submit driver functionality enhancements through Github pull requests, and report issues for review.
AWS are also introducing a binary protocol support for Amazon Redshift. With binary protocol enabled, data from the Amazon Redshift cluster is sent to the ODBC driver without being converted to textual format, and is kept in binary format. The binary format provides an average of 30% decrease in data sent over the wire resulting in faster end-to-end query performance for queries returning large result-sets. For example, internal tests have shown end-to-end query times for queries returning over 100 columns and over one million rows have had a 43% speed-up. Binary protocol is enabled by default for all users using the latest ODBC driver, as well as the latest JDBC & Python drivers.
The Amazon Redshift ODBC driver Github repository is located here. The driver currently supports Windows and Linux operating system. Mac OS support will be added in upcoming releases. Please note that the open source Amazon Redshift ODBC driver version has been updated to 2.x going forward, while the previous closed-source version (the 1.x version branch) will only be updated with critical security updates.
As your application needs change, Amazon EBS Elastic Volumes allows you to easily increase capacity, tune performance, and change the type of Amazon EBS volumes. Customers are using EBS Elastic Volumes to migrate to gp3 volumes and save up to 20% per GB compared to gp2 volumes.
Now, when AWS customers use Elastic Volumes to change volume type from gp2 to gp3, Amazon EBS will automatically provision the target gp3 volume with IOPS and throughput equivalent to the original gp2 volume. This new feature removes all guesswork out of provisioning gp3 performance for your applications, making it even easier to migrate to gp3 volumes and save costs. This feature is available today via the AWS Console, AWS CLI, or the SDKs. To learn more, visit AWS EBS General Purpose Volumes.
Amazon WorkSpaces Web is now generally available in AWS Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Tokyo) Regions. Creating a WorkSpaces Web portal in a local region provides a more responsive experience for users when streaming web content. It also enables customers to meet local data residency obligations. WorkSpaces Web is now available in a total of 7 regions.
WorkSpaces Web is a low-cost, fully managed workspace built specifically to facilitate secure access to internal websites and software-as-a-service (SaaS) applications from existing web browsers, without the administrative burden of appliances or specialized client software. With WorkSpaces Web, you can provide users with access to web-based productivity tools from any browser while protecting internal content with enterprise controls.
AWS Glue launches G.025X, a new quarter DPU worker type for streaming extract, transform, and load (ETL) jobs. This smaller worker type is suitable to process low volume and sporadic data streams.
AWS Glue streaming ETL jobs continuously consume data from streaming sources, clean and transform the data in-flight, and make it available for analysis in seconds. Sometimes, these streams have sporadic and low data volumes. Existing worker types may be excessive to process these data streams. With this new worker type, customers can process low data volume streams at one-fourth of the cost. Refer to the documentation for more details.
Google Cloud Releases and Updates
Anthos Clusters on VMware
Anthos clusters on VMware 1.9.7-gke.8 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.9.7-gke.8 runs on Kubernetes 1.21.5-gke.1200.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.
- Fixed a known issue in which the cluster backup feature affected the inclusion of always-on secrets encryption keys in the backup.
- Fixed a known issue of high-resource usage when AIDE runs as a cron job, by disabling AIDE by default. This fix affects compliance with CIS L1 Server benchmark 1.4.2:
Ensure filesystem integrity is regularly checked. Customers can opt in to re-enable the AIDE if needed. To re-enable the AIDE cron job, see Configure AIDE cron job.
Fixed the following vulnerabilities:
Anthos Service Mesh
kubernetes attributes were added to the
container attribute provides information about both Kubernetes and non-Kubernetes containers that are associated with a given finding. The
kubernetes attribute provides information about Kubernetes resources that are associated with a given finding.
For more information, see the Security Command Center API documentation for the
On July 19, 2022 GCP released an updated version of the Apigee UI.
The Needs Attention Table in Advanced API Security Scores now use links instead of buttons. This fixes font and alignment issues inside the table rows.
The Needs Attention Table in Advanced API Security Scores was not showing target components. This has been fixed.
App Engine standard environment
Updated the Java SDK to version 1.9.98.
(Java) Updated Jetty web server to version
- (PHP) The App Engine legacy bundled services for PHP 7+ are now available at the General Availability release level. These APIs can be accessed through language-idiomatic libraries. Calls to these API are billed according to the standard rates.
Analytics Hub is now available in additional regions across the Americas, Asia Pacific, and Europe. For more information, see Analytics Hub supported regions.
Cloud Composer 1.19.4 and 2.0.21 release started on July 18, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.
(Cloud Composer 2) Fixed a problem where an environment creation in the PSC configuration might fail with the "Composer backend timed out" message.
Cloud Composer 1.19.4 and 2.0.21 images are available:
- composer-1.19.4-airflow-1.10.15 (default)
Cloud Data Loss Prevention
A new detection model is available for the PERSON_NAME infoType detector. The new model offers improved detection quality. You can try it out by setting
latest when including the PERSON_NAME infoType in your
You can still use the old model by setting
stable or leaving it unset when using the PERSON_NAME infoType. In 30 days, the new model will be promoted to
You can now search your correlated log entries in the Logs Explorer. For more information, see Correlate log entries.
A new version of Managed Service for Prometheus is now available. Version 0.4.3-gke-0 of managed collection for Kubernetes has been released. Users who deploy managed collection using
kubectl should reapply the manifests. Users who deploy the service using
gcloud or the GKE UI will be upgraded on a rolling basis over the coming weeks. This release has no impact on users of self-deployed collection.
For details about the changes included, see the release page on GitHub.
Cloud Run now supports container images in the Open Container Initiative (OCI) image format.
Generally available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:
- Montréal, Québec, North America :
For more information about using GPUs on Compute Engine, see GPU platforms.
Generally available: Internal and external IPv6 addresses for Google Compute Engine instances are available in all regions.
For more information, see Configuring IPv6 for instances and instance templates and Creating instances with multiple network interfaces.
Data Catalog is now a part of Dataplex to provide a complete data management and governance experience with built-in data intelligence and automation capabilities. See Dataplex product overview.
Dataflow Prime is now in General Availability.
Dataplex is now unified with Data Catalog to provide a complete data management and governance experience with built-in data intelligence and automation capabilities. See Dataplex product overview.
Dataproc Metastore is available in the following regions:
us-west2 (Los Angeles),
us-west3 (Salt Lake City),
europe-west6 (Zürich), and
asia-east1 (Taiwan). For more information, see Dataproc Metastore locations.
Note that these services are immediately available through the gcloud CLI and the REST API. Cloud console availability will vary by region over the next few weeks.
Kubernetes control plane metrics are now Generally Available. You can now configure GKE clusters with control plane version 1.23.6-gke.1500 or later to export to Cloud Monitoring certain metrics emitted by the Kubernetes API server, scheduler, and controller manager.
These metrics are stored in Cloud Monitoring in a Prometheus-compatible format. They can be queried by sending either a PromQL or MQL query to the Cloud Monitoring API. They can also be used anywhere within Cloud Monitoring, including in custom dashboards or alerting rules.
You can now find legacy secret keys for all reCAPTCHA Enterprise keys in the Google Cloud console. These keys can be useful if you are using a third-party plug-in/implementation that does not yet call the reCAPTCHA Enterprise API. For more information, see FAQs.
Security Command Center
kubernetes attributes were added to the
container attribute provides information about both Kubernetes and non-Kubernetes containers that are associated with a given finding. The
kubernetes attribute provides information about Kubernetes resources that are associated with a given finding.
For more information, see the Security Command Center API documentation for the
Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, is generally available (GA). VM Threat Detection detects cryptocurrency mining software, which is among the most common types of software installed in compromised cloud environments.
Storage Transfer Service
Detailed logging for objects copied between AWS S3, Azure Blob Storage, ADLS Gen 2, and Cloud Storage with Storage Transfer Service is now generally available (GA).
With detailed logs of individual objects available in Cloud Logging, you can verify what was transferred and perform additional data integrity checks. This launch simplifies monitoring, reporting, and troubleshooting. Read Cloud Logging for Storage Transfer Service for details.
Microsoft Azure Releases And Updates
NVads A10 v5 series virtual machines are now generally available. These are ideal for graphic, video, and AI workloads and include GPU portioning, making them perfect for any size workload.
Move to Azure Monitor based alerts for Azure Backup with just a few clicks.
Generally available: Live resize for Premium SSD and Standard SSD Disk Storage
Dynamically increase your disk storage capacity without any application downtime with the Azure Disk Storage live resize feature.
General availability of Azure confidential Virtual Machines.
Azure Monitor for SAP solutions allows you to collect and visualize end-to-end SAP telemetry in the Azure portal.
CI/CD Guidance and sample code now available for Azure IoT Central deployment pipelines.
Get popular VM images directly from Microsoft and third-party publishers via the Azure Marketplace.
Get remote access to your cluster for support and maintenance purposes.
Simplify management and configuration of your guest virtual machine.
Evaluate the latest Azure Stack HCI version 22H2 in the preview channel.
Tag filtering is now available in Azure Advisor
New Azure Spring Apps updates and features for basic/standard and enterprise tiers are in preview.
Azure Load Testing now supports additional client metrics (in addition to response time and error percentage) and aggregate functions on client metrics to define pass/fail criteria for a test.
You can view engine health metrics to understand the performance of the test engine during the run, enabling confidence in the test results and better test configuration.
Azure Kubernetes Service (AKS) support for Calico on Windows Server is now generally available.
You can now create an AKS private cluster without private link/tunnel.
Azure Functions support for PowerShell 7.2 is now generally available.
Use third-party open source or commercial Container Network Interface (CNI) plugins with AKS.
Azure functions now support .NET 7 in an isolated process model to build serverless applications with Azure Functions v4.
Partner events, now generally available on Azure Event Grid, adds several additional features to enhance security.
Microsoft Azure Web PubSub Premium Tier now supports enterprise capabilities such as Availability Zones and Autoscaling.
Azure Confidential Ledger provides a managed and decentralized ledger for data entries; built on an open source blockchain-based framework and confidential computing infrastructure, confidential ledger is now generally available.
Azure SignalR Service Premium Tier now supports enterprise capabilities such as Availability Zones and Autoscaling.
Leverage new Azure SQL Managed Instance premium-series hardware based on the latest Intel CPUs that offers significantly improved performance and scalability.
Support of Citus 11 is now included in Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the distributed open source PostgreSQL database on Azure.
Initiate on demand backups of your production workloads and store them based on your server’s backup retention policy.
Create read replicas of your Hyperscale (Citus) server group in different regions.
Hyperscale (Citus) Basic tier now supports 16, 32, and 64 vCores and 1 TiB and 2 TiB storage.
Run memory-intensive enterprise applications with higher concurrency and no throttling on the new 96 and 104 vCore compute options
Azure Database for PostgreSQL - Flexible Server now supports the latest Postgres version 14.
Deploy high availability within the same zone for Azure Database for PostgreSQL – Flexible Server.
For customers and Azure partners who are looking to build business continuity and disaster recovery solutions, VM restore points provide a feature rich building blocks available natively on Azure platform.
Use TLS 1.3 in Azure Application Gateway to improve security and performance.
Premium SSD v2 is the next generation Azure Premium SSD Disk Storage. Provision the IOPS and throughput you need without necessarily purchasing additional storage capacity.
OVN-Kubernetes Container Network Interface (CNI) for Azure Red Hat OpenShift cluster is now in public preview.
Have you tried Hava automated diagrams for AWS, Azure, GCP and Kubernetes. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure, GCP accounts or stand alone K8s clusters. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here: