In Cloud Computing This Week [July 22nd 2022]

AWS Transfer Family customers can now use ED25519 and ECDSA keys to authenticate users connecting to an AWS Transfer Family server. Previously, Transfer Family only supported RSA keys for user authentication.

ED25519 and ECDSA are both elliptic-curve based public-key systems commonly used for SSH authentication. They offer improved security and performance over the traditional RSA key type. You can now add any combination of ED25519, ECDSA, and RSA keys – up to 10 per user.

AWS Transfer Family supports ED22519 and ECDSA keys in all AWS Regions where it is available. You can configure a user's SSH public keys using the AWS Transfer Family API, AWS Management Console, AWS Command Line Interface (CLI), or AWS CloudFormation. 

AWS Network Firewall now supports Amazon Virtual Private Cloud (VPC) prefix lists to simplify management of your firewall rules and policies across your VPCs. Prefix lists enable you to group one or more CIDR blocks into a single object. You can group IP addresses that you frequently use in a prefix list, and reference this list in AWS Network Firewall rule groups. Previously you needed to update individual firewall rules when scaling your network to add new IP addresses, which can be time-consuming and error-prone. Now you can update the relevant prefix list and all AWS Network Firewall rule groups that reference the prefix list are automatically updated. As you scale your network, you can use prefix lists to simplify management of your firewall rule groups and policies across multiple VPCs and accounts in the same AWS Region. You can use AWS-managed prefix lists or you can create and manage your own prefix lists.

AWS Network Firewall is a managed firewall service that makes it easy to deploy essential network protections for all your Amazon VPCs. This feature is available via the Amazon VPC Console or the Network Firewall API in all commercial AWS Regions where AWS Network Firewall is available. There is no additional charge for using prefix lists with AWS Network Firewall.

Amazon Athena users can now analyze and tune their queries using interactive, visual tools. Optimizing queries and debugging failures are challenging tasks that often require knowledge of query behavior and a careful approach to tuning query logic. With today’s launch, you can now use the Athena console to analyze your queries with tools that make it simpler to debug errors and improve performance.

To help you understand how a query will execute before it’s run, you can now access an interactive visualization of the query plan. With a single click, you can generate the query plan and use it to inspect the operators, joins, and data processed at each step in your query. After your query executes, new query-level metrics show the time spent in queuing, planning, and execution stages as well as the rows and size of data processed and output by your query. Metrics are displayed as an embedded console visualization but can also be accessed through a new query statistics API.

For queries that warrant deeper analysis, you can now examine granular execution details presented as an interactive graph that allows you to trace the flow of data through your query. Use the execution details to identify bottlenecks in complex queries, inspect operators and detailed performance statistics at each stage, validate the impact of query predicates, and more.

This week, AWS are excited to announce that Amazon Fraud Detector (AFD) now supports Account Takeover Insights (ATI) model, a low-latency fraud detection machine learning (ML) model specifically designed to detect accounts that have been compromised through stolen credentials, phishing, social engineering, or other forms of account takeover. The ATI model is designed to detect up to 4 times more ATI fraud than traditional rules-based account takeover solutions while minimizing the level of friction for legitimate users.

Each year, billions of accounts are compromised by bad actors. Many companies, even those with sophisticated fraud teams, lack any protections or use rules-based solutions to detect compromised accounts since they are simple to create and easy to scale.

The ATI model makes it easy for AWS customers to improve account takeover detection by incorporating ML models without needing to collect fraud labels or perform advanced data engineering. To get started, you can simply upload or stream raw unlabeled data from online logins. Behind the scenes, the ATI pipeline handles all of the necessary steps for validating and transforming data, building a model, and deploying it to production; the model is designed to learn from the behavioral patterns of the users and thereby distinguish familiar logins from the anomalous ones. Amazon Fraud Detector is designed to automatically scale to handle up to 200 fraud predictions per second (or more upon request) and can return fraud evaluations with minimal latency, helping you evaluate all of the production traffic synchronously and with less friction for your users.

The AWS IoT Device Client is a free, open-source, and modular device-side reference implementation written in C++ that you can compile and install on IoT devices. It allows device developers to access AWS IoT Core, AWS IoT Device Management, and AWS IoT Device Defender features with minimal device side code. The Device Client works on devices with common microprocessors (x86_64 and ARM architectures), and common Embedded Linux software environments (e.g. Debian, Ubuntu, and RHEL).

The latest version of the AWS IoT Device Client (v1.7) is now available for download. This new version makes four new capabilities available to you by default: provisioning with Secure Elements, connecting to AWS IoT from behind an HTTP Proxy, publishing sensor data over MQTT, and compatibility with IoT Core Named Shadows.

• First, the AWS IoT Device Client now provides support for cryptographic hardware with the PKCS#11 interface. You can use it to provision IoT devices that come with inbuilt Secure Elements (SEs) like Hardware Security Modules (HSMs) or Trusted Platform Modules (TPMs). The client currently offers a reference integration with SoftHSM which can be replaced with any compatible PKCS#11 library at runtime.

• Second, the device client now provides an optional configuration where you can specify your HTTP proxy server details and authentication credentials. This enables your IoT device to connect to AWS IoT from within your secure network through an HTTP Proxy.

• Third, with the Device Client’s new Sensor Publish feature, you can now connect a sensor to your IoT device, define a configuration (e.g. a sampling frequency, a source UNIX domain socket, and a destination MQTT topic), and stream that sensor’s data directly to AWS IoT Core on an MQTT topic of your choice.

• Lastly, you can now also use the Device Client’s Named Shadows feature to report and remotely manage your device properties, configuration or state from the cloud. The reference implementations provided with the Device Client are pre-built to work with AWS IoT Core Named Shadows on the cloud.

To get started on your device, download the AWS IoT Device Client source code from GitHub. Take advantage of the guided workshop to create a quick Proof-of-Concept and explore select AWS IoT features with the AWS IoT Device Client. To connect, manage, or secure your IoT devices on AWS, log in to the AWS IoT Management Console or use CLI.

AWS IoT Device Management Fleet Indexing now provides integration with two additional data sources, AWS IoT Core named shadows and AWS IoT Device Defender detect violations. Customers can now select specific named shadows to index only the data that is required for search queries. Also, detected violations can be indexed to target devices for troubleshooting or monitor the fleet-level anomalies trends with Fleet Metrics. These two additional data sources will help IoT customers who store IoT fleet data across different services and systems and regularly access the data for fleet monitoring, health checks, over-the-air (OTA) updates, and troubleshooting. With this release, supported data sources for Fleet Indexing increased to 5 from 3 (AWS IoT Core registry, shadows, and connectivity lifecycle events).

Now, AWS customers have more data source flexibility when monitoring and managing their devices from Fleet Indexing or from AWS IoT Device Management Fleet Hub. Customers can now set fleet metric alarms, perform queries, or target devices in their fleet with additional device state and behavior anomaly data. Moreover, the additional data sources for Fleet Indexing can help customers to focus their time and resources on high-value fleet monitoring analysis and troubleshooting and less time on building and maintaining DIY fleet management solutions.

Changes to AWS CloudFormation-based stacks and resources are now available as event notifications in Amazon EventBridge. Customers can use these event notifications to build and scale loosely-coupled event-driven applications. With this feature, customers can trigger actions in real-time after they create, update, or delete either their CloudFormation stacks or resources in their CloudFormation stacks without having to write single-use custom code or develop new software.

Over one million customers use AWS CloudFormation every week to model, provision, and manage their cloud applications and infrastructure in a safe, predictable, and repeatable way. Customers use EventBridge to create scalable event-driven applications by routing events between their applications, third-party SaaS applications, and other AWS services. Now, customers do not need to periodically poll for changes to their CloudFormation stacks to create event-driven applications. Customers can avoid writing custom code for polling and save compute cost for cases when polling returns empty results. CloudFormation provides three event notification types in EventBridge, including CloudFormation Resource status change, CloudFormation Stack status change, and CloudFormation Drift Detection status change. Customers can create rules in EventBridge for these event notifications that will immediately trigger more than 20 targets, including AWS Lambda, Amazon Kinesis, and AWS Step Functions. This feature helps customers solve for multiple use cases. For example, customers can create an application that automatically remediates drift to CloudFormation stacks or create alerting applications that send notifications when developers make unintended changes to CloudFormation stacks. 

AWS Backup now allows you to protect your Amazon Relational Database Service (Amazon RDS) Multi-AZ clusters with two readable standbys. Amazon RDS Multi-AZ clusters with one primary and two readable standby database (DB) instances across three Availability Zones (AZs) is designed to provide you up to 2x faster transaction commit latency, automated failovers, and readable standby instances. Now, all of the data protection capabilities in AWS Backup including automated lifecycle management, separate backup access policies, immutable backups with AWS Backup Vault Lock, and compliance monitoring with AWS Backup Audit Manager are available for Amazon RDS Multi-AZ clusters.

AWS Backup is a policy-based service that provides you a fully managed experience to centralize and automate data protection of your application data spanning across AWS services for compute, database, and storage. To start protecting your RDS Multi-AZ clusters with AWS Backup, add your RDS Multi-AZ clusters to your existing backup plans or create a new backup plan specifying backup frequency, lifecycle settings, and tagging preferences and attach your RDS clusters to the newly created backup plan.

Auto Scaling in AWS Glue Streaming ETL is now generally available. AWS Glue Streaming ETL jobs can now dynamically scale resources up and down based on the input stream. Auto Scaling helps customers reduce the cost and manual effort required to optimize resources by allocating the right resources necessary for Streaming ETL jobs.

AWS Glue Streaming ETL jobs continuously consume data from streaming sources, clean and transform the data in-flight, and make it available for analysis in seconds. AWS Glue Auto Scaling monitors each stage of the job run and turns workers off when they are idle or adds workers if additional parallel processing is possible. This helps AWS customers reduce cost for their streaming jobs and the manual effort required for optimizing resources

The AI Use Case Explorer is a business outcome centric web search tool that enables users to easily find the right artificial intelligence (AI) use cases, discover relevant customer success stories, and mobilize their teams towards AI deployments. The user friendly tool takes business problem descriptions as inputs and provides relevant, practical use cases and success stories as outputs.

With over 100 use cases and sub use cases, and 400 customer success stories, the tool will help every business overcome one of the main AI adoption barriers, identifying the right use case to get started. Once the use cases is identified, customers (or users) can read about success stories from around the world and kickstart deployment, from proof-of-concept to full production, by following an expert-curated action plan.

AWS CodeBuild’s support for Arm using Graviton2 is now available in: South America (São Paulo) and Europe (Stockholm).

In February 2021, CodeBuild launched an update for native Arm builds to use the second generation of AWS Graviton processors. Support for Graviton2 allows customers to build and test on Arm without the need to emulate or cross-compile. The upgrade delivered a major leap in performance and capabilities over first-generation AWS Graviton processors. They deliver 7x more performance, 4x more compute cores, 5x faster memory, and 2x larger caches.

Now, with two additional Standard Regions, more CodeBuild customers targeting Arm benefit from the capabilities of AWS Graviton2 processors.

AWS Lambda announces support for attribute-based access control (ABAC) for API actions that use Lambda function as the required resource. ABAC is an authorization strategy that defines access permissions based on tags which can be attached to IAM resources, such as IAM users and roles, and to AWS resources, like Lambda functions, to simplify permission management.

ABAC support for Lambda functions allows you to scale your permissions as your organization innovates and give granular access to developers without requiring a policy update when a user or project is added, removed or updated. With ABAC support for AWS Lambda, IAM policies can be used to allow or deny specific Lambda API actions when the IAM principal's tags match the tags on a Lambda function.

With this launch, AWS Lambda supports ABAC only for Lambda APIs that use function, function version and function alias as the main resource type. Please review the full list of Lambda API actions and resource types here. AWS Lambda supports ABAC in all public AWS Regions except for the AWS Govcloud (US) Regions and Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD.

Amazon Braket, the quantum computing service from AWS, makes it easier for customers to conduct scientific research and software development with quantum computers. This week, AWS are excited to announce the launch of a new cost tracking function in the Braket SDK, providing customers the ability to monitor their quantum computing costs more easily and quickly. Rather than waiting for an AWS bill, by adding only a few lines of code, estimated costs are now available immediately after each quantum task is processed, either on a quantum processing unit (QPU) or on-demand simulator.

Prior to this launch, customers had to derive quantum execution time and pricing information from different sources to track costs themselves, wait until the next billing cycle, or use cost optimization and budgeting tools such as the AWS Cost Management suite. Now, customers can use the tracker to get near real time cost estimates for specific quantum operations along with other information, such as execution duration. By incorporating the tracker in their code, customers can build out custom logic to implement spending limits to help manage budgets and avoid unexpected charges.

On July 19th, 2022 Amazon announced quarterly security and critical updates for Amazon Corretto Long-Term Supported (LTS) versions of OpenJDK. Corretto 18.0.2, 17.0.4, 11.0.16, 8u342 are now available for download. Amazon Corretto is a no-cost, multi-platform, production-ready distribution of OpenJDK.

Click Corretto 8, Corretto 11, Corretto 17, or Corretto 18 to download Corretto. You can also get the updates on your Linux system by configuring a Corretto Apt or Yum repo.

AWS Snowball Edge (SBE) Storage Optimized devices now support high performance Network File System (NFS) data-transfer operations in the AWS GovCloud (US) Regions. With this launch, AWS GovCloud (US) customers can now transfer up to 80-TBs of data onto Snowball Edge Storage Optimized devices through file or object interfaces. The file interface exposes a Network File System (NFS) mount point for each Amazon S3 bucket on your AWS Snowball Edge Storage Optimized device. After mounting the file share, you can drag and drop files from your computer into S3 buckets on the Snowball Edge device.

Prior to this launch, file interface data transfer speeds were typically between 25 MB/s and 40 MB/s. For faster data transfer or large data sets, customers had to use an S3 adapter on Snow for transferring the data, which delivered data transfer rates between 250 MB/s and 400 MB/s. With the high performing NFS data-transfer capability, you can get similar data transfer speeds as the S3 adapter with the file interface on SBE devices. However, actual performance may vary based on multiple factors such as network speed, file size, data source performance, and tooling used.

To use this feature, place an order for a data import job and select a Snowball Edge Storage Optimized device in the AWS Snow Family management console. Next, select NFS in the data transfer mechanism option, and then select the appropriate S3 buckets for data transfer using NFS. Finally, select an S3 bucket that you can use in the field to load Amazon Machine Images (AMIs) to the SBE device.

This week, AWS Marketplace announced that Independent Software Vendors (ISVs) can now add a reseller contract and leverage standard Reseller Contract for AWS Marketplace (RCMP) template when authorizing channel partners to resell ISV products to AWS Marketplace buyers. This launch will help reduce redundancy in legal contract reviews when the two parties (ISVs and channel partners/consulting partners) onboard with each other. ISVs and channel partners can now further optimize their resell operations with this self-service feature of reseller contracts that defines a Consulting Partner Private Offer (CPPO) transaction.

At launch, ISVs can optionally attach an RCMP or their own customized contract when creating a reseller opportunity. Channel partners can then view and accept ISV's reseller contract when accepting a reseller opportunity to create a CPPO. Reseller Contracts for AWS Marketplace are strictly between channel partners and ISVs and will not be visible to the final buyer of a CPPO. 

re:Post now expands the capability for experts community members to share technical guidance and knowledge beyond answering questions through the Articles feature. Using this feature, community members can share best practices, troubleshooting processes, and address customer needs around AWS technology in greater depth. The Articles feature is unlocked for community members who have achieved Rising Star status on re:Post or subject matter experts who built their reputation in the community based on their contributions and certifications. Every article published on re:Post contributes to the growth of AWS public knowledge, improving self-service guidance for all customers and helps accelerate their cloud journey.

The Articles feature allows customers to find technical guidance through longer-form community-generated content including supporting diagrams, How-To’s, and best practices to design, develop, and optimize AWS applications. Articles also give experts a place to document and address customer needs complementary to Q&As. re:Post customers can feel confident in the content provided in re:Post Articles because subject matter experts and authors are asked to review articles every six months to ensure freshness and accuracy. Customers are encouraged to provide feedback if they believe the article needs review. In addition, experts can document their knowledge and can point customers to best practices shared elsewhere on re:Post. Authors get reputation points for publishing articles and when they receive up-votes from community members. Authors can organize their articles within re:Post by tagging them to improve the ease of access. If you have a Rising Star status on re:Post, start writing articles now! All other members can unlock Rising Star status through community contributions or simply browse available articles today on re:Post.

This week, AWS were excited to announce Cloudscape Design System, an open source solution for building intuitive, engaging, and inclusive user experiences at scale. Cloudscape consists of an extensive set of guidelines to create web applications, along with the design resources and front-end components to streamline implementation.

Cloudscape was built for and is used by AWS products and services. AWS created it in 2016 to improve the user experience across AWS web applications, and also to help teams implement those applications faster. Since then, AWS have continued enhancing the system based on customer feedback and research. If you’ve ever used the AWS Management Console, you’ve seen Cloudscape in action.

AWS are releasing Cloudscape as open source so that anyone building cloud products can benefit from the design system, and also join a community of designers and developers who continually improve it. Whether you’re building a product that extends the AWS Management Console, designing a user interface for a hybrid cloud management system, or setting up an on-premises solution that uses AWS, Cloudscape offers a solid base of 60+ components, 30+ pattern guidelines, and 20+ demos to make your work easier. To customize your user experience, Cloudscape offers theming, dark mode, and content density modes.

AWS Single Sign-On (AWS SSO) now supports AWS Identity and Access Management (IAM) customer managed policies (CMPs) and permission boundary policies within AWS SSO permission sets. The new capability helps AWS SSO customers to improve their security posture by creating larger and finer-grained policies for least privilege access and by tailoring policies to reference the resources of the account to which they are applied. Using CMPs, AWS SSO customers can maintain the consistency of policies, as CMP changes apply automatically to all permission sets and roles that use the CMP. This enables customers to govern their CMPs and permissions boundaries centrally, and allows auditors to find, monitor, and review them. Customers, who have existing CMPs for roles they manage in AWS IAM, can reuse their CMPs without the need to create, review, and approve new in-line policies for permission sets.

AWS SSO permission sets are role definitions that manage access to multiple AWS accounts. Until now, to define the level of access in a permission set, administrators had to specify in-line policies which were limited to 10,240 characters. With this release, they can specify in the permission set the names of up to 10 CMPs and one permission boundary policy, each up to 6,144 characters long.

You can now use AWS PrivateLink to privately access the AWS Migration Hub Refactor Spaces APIs from your virtual private cloud (Amazon VPC). AWS PrivateLink provides private connectivity between VPCs, AWS services, and your on-premises networks. Starting this week, you can manage your Refactor Spaces resources using AWS PrivateLink and meet your organization’s security and compliance requirements. To use AWS PrivateLink, create an interface VPC endpoint for Refactor Spaces in your VPC using the Amazon VPC console, SDK, or CLI. You can also access the VPC endpoint from on-premises environments or from other VPCs using AWS VPN, AWS Direct Connect, or VPC Peering.

AWS Migration Hub Refactor Spaces is the starting point for incremental application refactoring to microservices in AWS. Refactor Spaces automates the creation of application refactor environments including all of the infrastructure, multi-account networking, and routing to incrementally modernize. Use Refactor Spaces to help reduce risk when evolving applications into microservices or extending existing applications with new features written in microservices.

AWS announces the general availability of Amazon EC2 R6a instances. Designed for memory-intensive workloads, R6a instances are built on the AWS Nitro System, which delivers almost all the compute and memory resources of the host hardware to your instances. R6a instances are powered by third-generation AMD EPYC processors with an all-core turbo frequency of up to 3.6 GHz. These memory-optimized instances, which are SAP certified, deliver up to 35% better compute price performance compared to R5a instances for a wide variety of workloads and offer 10% lower cost than comparable x86-based EC2 instances.

To meet customer demands for increased scalability, R6a instances provide two new sizes, the largest with 192 vCPUs and 1,536 GiB of memory, which is twice the size of the largest R5a instances. Each instance vCPU has 20% higher memory bandwidth compared to R5 instances. R6a instances also provide up to 50 Gbps of networking speed and 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS). You can use the Elastic Fabric Adapter (EFA) on the 48xlarge and bare metal sizes, which enables low latency and highly scalable internode communication.

The Amazon Redshift ODBC driver is now open source and available for the user community under the Apache-2.0 license. With this release, customers will gain enhanced visibility to the driver implementation and can contribute to its development. Users can browse the code for the ODBC driver on the relevant AWS GitHub repository, submit driver functionality enhancements through Github pull requests, and report issues for review.

AWS are also introducing a binary protocol support for Amazon Redshift. With binary protocol enabled, data from the Amazon Redshift cluster is sent to the ODBC driver without being converted to textual format, and is kept in binary format. The binary format provides an average of 30% decrease in data sent over the wire resulting in faster end-to-end query performance for queries returning large result-sets. For example, internal tests have shown end-to-end query times for queries returning over 100 columns and over one million rows have had a 43% speed-up. Binary protocol is enabled by default for all users using the latest ODBC driver, as well as the latest JDBC & Python drivers.

The Amazon Redshift ODBC driver Github repository is located here. The driver currently supports Windows and Linux operating system. Mac OS support will be added in upcoming releases. Please note that the open source Amazon Redshift ODBC driver version has been updated to 2.x going forward, while the previous closed-source version (the 1.x version branch) will only be updated with critical security updates. 

As your application needs change, Amazon EBS Elastic Volumes allows you to easily increase capacity, tune performance, and change the type of Amazon EBS volumes. Customers are using EBS Elastic Volumes to migrate to gp3 volumes and save up to 20% per GB compared to gp2 volumes.

Now, when AWS customers use Elastic Volumes to change volume type from gp2 to gp3, Amazon EBS will automatically provision the target gp3 volume with IOPS and throughput equivalent to the original gp2 volume. This new feature removes all guesswork out of provisioning gp3 performance for your applications, making it even easier to migrate to gp3 volumes and save costs. This feature is available today via the AWS Console, AWS CLI, or the SDKs. To learn more, visit AWS EBS General Purpose Volumes.

Amazon WorkSpaces Web is now generally available in AWS Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Tokyo) Regions. Creating a WorkSpaces Web portal in a local region provides a more responsive experience for users when streaming web content. It also enables customers to meet local data residency obligations. WorkSpaces Web is now available in a total of 7 regions.

WorkSpaces Web is a low-cost, fully managed workspace built specifically to facilitate secure access to internal websites and software-as-a-service (SaaS) applications from existing web browsers, without the administrative burden of appliances or specialized client software. With WorkSpaces Web, you can provide users with access to web-based productivity tools from any browser while protecting internal content with enterprise controls.

AWS Glue launches G.025X, a new quarter DPU worker type for streaming extract, transform, and load (ETL) jobs. This smaller worker type is suitable to process low volume and sporadic data streams.

AWS Glue streaming ETL jobs continuously consume data from streaming sources, clean and transform the data in-flight, and make it available for analysis in seconds. Sometimes, these streams have sporadic and low data volumes. Existing worker types may be excessive to process these data streams. With this new worker type, customers can process low data volume streams at one-fourth of the cost. Refer to the documentation for more details.

Generally available: Live resize for Premium SSD and Standard SSD Disk Storage

Dynamically increase your disk storage capacity without any application downtime with the Azure Disk Storage live resize feature.

Generally available: Azure Functions support for PowerShell 7.2

Azure Functions support for PowerShell 7.2 is now generally available.

Generally available: Bring your own Container Network Interface plugin

Use third-party open source or commercial Container Network Interface (CNI) plugins with AKS.

Public preview: Microsoft Azure Web PubSub Premium Tier

Microsoft Azure Web PubSub Premium Tier now supports enterprise capabilities such as Availability Zones and Autoscaling.

General availability: Azure Confidential Ledger

Azure Confidential Ledger provides a managed and decentralized ledger for data entries; built on an open source blockchain-based framework and confidential computing infrastructure, confidential ledger is now generally available.

Generally available: Azure SignalR Service Premium Tier

Azure SignalR Service Premium Tier now supports enterprise capabilities such as Availability Zones and Autoscaling.

Generally available: Premium-series hardware for Azure SQL Managed Instance

Leverage new Azure SQL Managed Instance premium-series hardware based on the latest Intel CPUs that offers significantly improved performance and scalability.

General availability: Citus 11 support for Azure Database for PostgreSQL - Hyperscale (Citus)

Support of Citus 11 is now included in Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the distributed open source PostgreSQL database on Azure.

General Availability: Azure Database for MySQL - Flexible Server - On demand backups

Initiate on demand backups of your production workloads and store them based on your server’s backup retention policy.

Generally available: Basic tier updates for Azure Database for PostgreSQL – Hyperscale (Citus)

Hyperscale (Citus) Basic tier now supports 16, 32, and 64 vCores and 1 TiB and 2 TiB storage.

Generally available: vCore compute options for Azure Database for PostgreSQL – Hyperscale (Citus)

Run memory-intensive enterprise applications with higher concurrency and no throttling on the new 96 and 104 vCore compute options

Generally available: New extensions for Azure Database for PostgreSQL – Flexible Server

Install the new extensions and use this functionality for development with Javascript and geographic routing logic with Azure Database for PostgreSQL – Flexible Server.

Generally available: Same-zone high availability for Azure Database for PostgreSQL – Flexible Server

Deploy high availability within the same zone for Azure Database for PostgreSQL – Flexible Server.

Generally available: Virtual machine restore points

For customers and Azure partners who are looking to build business continuity and disaster recovery solutions, VM restore points provide a feature rich building blocks available natively on Azure platform.

Public preview: Premium SSD v2 Disk Storage

Premium SSD v2 is the next generation Azure Premium SSD Disk Storage. Provision the IOPS and throughput you need without necessarily purchasing additional storage capacity.

Public preview: OVN-Kubernetes network provider for Azure Red Hat OpenShift

OVN-Kubernetes Container Network Interface (CNI) for Azure Red Hat OpenShift cluster is now in public preview.