This week's roundup of all the cloud news.
Here's a round up of all things GCP, Azure and AWS for the week ending Friday 23rd July 2021.
To stay in the loop, make sure you subscribe on the right - There's a new newsletter series starting later this year that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
Following the announcement of updates to the PostgreSQL database by the open source community, AWS have updated Amazon Aurora PostgreSQL-Compatible Edition to support PostgreSQL 12.6, 11.11, 10.16, and 9.6.21 in AWS GovCloud (US) regions. These releases contain bug fixes and improvements by the PostgreSQL community. As a reminder, Amazon Aurora PostgreSQL 9.6 will reach end of life on January 31, 2022.
Amazon Aurora PostgreSQL supports pg_cron extension for scheduling database jobs in AWS GovCloud (US) Regions
Amazon Aurora PostgreSQL-Compatible Edition adds support for the pg_cron extension in AWS GovCloud (US) regions. pg_cron allows you to use cron syntax to schedule PostgreSQL commands directly within your database. You can use pg_cron to schedule tasks such as periodically rolling up data for analytic reports, refreshing materialized views, and scheduling vacuum jobs to reclaim storage. pg_cron includes an AWS open source contribution that adds an audit table so that you can query the outcome of each scheduled job.
Simplify CI/CD configuration for serverless applications and your favorite CI/CD system — Public Preview
You can now create secure continuous integration and deployment (CI/CD) pipelines that follow your organization’s best practices with a new pipeline configuration capability for serverless applications. AWS Serverless Application Model Pipelines (AWS SAM Pipelines) is a new feature of AWS SAM CLI that gives you access to benefits of CI/CD in minutes, such as accelerating deployment frequency, shortening lead time for changes, and reducing deployment errors. AWS SAM Pipelines comes with a set of default pipeline templates for popular CI/CD systems such as CloudBees CI/Jenkins, GitLab CI/CD, GitHubActions, and AWS CodeBuild/CodePipeline that follow AWS’ deployment best practices. The AWS SAM CLI is a developer tool that makes it easier to build, locally test, package, and deploy serverless applications.
Amazon Virtual Private Cloud (VPC) now allows you to assign IPv4 and IPv6 prefixes to your EC2 instances, enabling you to scale and simplify the management of your container and networking applications that require multiple IP addresses on an instance.
Providers using AWS Data Exchange can now publish new revisions to their data products more easily. Before this launch, providers were required to take both finalization and publishing steps to add new revisions to products. Additionally, if a revision was included in multiple products, providers had to take other publishing actions for each individual product they wanted to update.
Easily enable AWS Config recording and deploy Conformance Packs across your organization using Quick Setup
This week, AWS Systems Manager Quick Setup announced support for AWS Config, allowing you to enable AWS Config recording and deploy conformance packs across all the accounts and Regions in your organization – with a few clicks. Quick Setup also lets you customize the types of resources to record and conformance packs to deploy for different groups of organizational units (OUs).
With the July release of Microsoft Power BI Desktop , you can now create reports and dashboards using a built in, Microsoft-certified connector for Amazon Athena. This release makes it possible for AWS customers using Power BI for business intelligence to leverage their Amazon S3 data lake and federated data sources to analyze, visualize, and share insights with Power BI.
The new AWS Training Partner (ATP) program enables AWS customers to work with a single, trusted Partner who can offer, deliver, and/or resell official AWS-authored training. All AWS Training Partners are selected based on their quality and expertise in providing training. They must continually meet or exceed rigorous criteria to maintain their status in the program.
Amazon Relational Database Service (Amazon RDS) Cross-Region Automated Backups feature is now available in the AWS Regions: US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Osaka), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central), EU (Frankfurt), EU (Stockholm), EU (Ireland), EU (London), EU (Paris), South America (Sao Paulo), AWS GovCloud (US-West) and AWS GovCloud (US-East).
Amazon Redshift Data Sharing, a secure and easy way to share live data across Redshift clusters, is now available in AWS GovCloud(US) regions. Ability to share data across Redshift clusters in the same AWS account is generally available and sharing across Redshift clusters that are in separate AWS accounts in the same region is available as preview. Data Sharing enables instant, granular, and high-performance data access across Amazon Redshift clusters without the need to copy or move data. Data Sharing provides live access to the data so that your users always see most up-to-date and consistent information as it is updated in the data warehouse. Data Sharing can be used on your Amazon Redshift RA3 clusters at no additional cost.
AWS RoboMaker WorldForge, a capability that makes it faster, simpler, and less expensive to create a multitude of virtual 3D worlds, now supports adding doors to indoor residential simulation worlds. With this new feature , robotics developers can add doors to connect rooms on the same floor of their indoor residential simulation world to test robot behaviors like navigating through doors and avoiding closed doors. Robotics developers can specify the initial angle doors are open in order to test their robot behaviors in a variety of simulated scenarios.
You can now use Amazon EKS and Amazon EKS Distro to run Kubernetes v1.21 , which is currently the latest available stable version of upstream Kubernetes. Highlights of the Kubernetes version 1.21 release include Cronjobs and Immutable Secrets and ConfigMaps reaching stable status, and Graceful Node Shutdown graduating to beta. You can find more details about Kubernetes 1.21 release in EKS blog post and in Kubernetes project release notes .
AWS CodeBuild is now available in the AWS Asia Pacific (Osaka) Region. AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers. CodeBuild scales continuously and processes multiple builds concurrently, so your builds are not left waiting in a queue. You can get started quickly by using prepackaged build environments, or you can create custom build environments that use your own build tools. Using CodeBuild, you are charged by the minute for the compute resources you use.
AWS Edit in the Cloud is an AWS Solutions Implementation that helps the content creator to build a virtual editing environment on AWS. This allows your editors and creative professionals to work from anywhere in the world using only a laptop with a high-speed connection. Leveraging the AWS Cloud for editorial and content delivery, this solution brings collaborators together to publish content to your preferred platform using high-speed internet.
This week AWS announced the availability of AWS provided License included Red Hat Enterprise Linux (RHEL) with Microsoft SQL Server Amazon Machine Images (AMI). Customers can now combine the scale, performance, and elasticity of Amazon EC2 with consistency, reliability, and high performance of Microsoft SQL Server on RHEL to deploy mission critical transactional systems and data warehouses.
You can now respond to AWS IQ messages from experts and buyers directly from your email, without logging into AWS IQ. If you are offline and receive responses from buyers or experts, you will receive unread responses via email. Reply to the email or log in to AWS IQ to continue the conversation. All responses will appear as chat messages in the AWS IQ application.
This week AWS announced general availability of io2 Block Express volumes that deliver up to 4x higher throughput, IOPS, and capacity than io2 volumes, and are designed to deliver sub-millisecond latency and 99.999% durability. io2 Block Express refers to io2 volumes running on the EBS Block Express architecture, and supports standard io2 features such as Multi-Attach and Elastic Volumes. io2 Block Express volumes are available first with Amazon EC2 R5b instances, which delivers the highest EBS-optimized performance, with support for other instances coming soon. Using R5b instances customers can now provision a single io2 volume with up to 256,000 IOPS, 4000 MB/s of throughput, and storage capacity of 64 TiB. This makes io2 Block Express and R5b instance combination ideal for your largest, most I/O intensive, and mission critical deployments of Oracle, SAP HANA, Microsoft SQL Server, and SAS Analytics.
Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for you to add speech-to-text capabilities to your applications. We are excited to announce streaming transcription support in the Amazon Web Services China (Beijing) Region, Operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, Operated by NWCD.
Google Cloud Releases and Updates
AI Platform Training
You can now use an interactive shell to inspect your training container while it runs. The interactive shell can be helpful for monitoring and debugging training jobs.
This feature is available in preview.
App Engine Flexible Environment (Go / Java / Node.js / PHP/ Python / Ruby / Custom)
Specifying a user-managed service account for each App Engine version during deployment is now available in preview. This feature lets you grant different privileges to each version, based on the specific tasks it performs, and avoid granting more privileges than necessary.
App Engine Standard Environment (Go / Java / Node.js / Python / Ruby )
Egress settings are now available for Serverless VPC Access. Egress settings allow you to specify whether or not to send traffic with external destinations through your Serverless VPC Access connector, which is necessary if you want to set up a static outbound IP address for your App Engine service.
BigQuery now supports workload management data control language (DCL) statements:
This feature is generally available GA.
BigQuery now supports the following SQL query operators:
This feature is generally available (GA).
Cloud CDN now treats HTTP responses with a max-age or s-maxage directive as cacheable, even if those responses do not have a Cache-Control: public directive.
This allows Cloud CDN to cache additional responses and better align with HTTP standards.
For details, see the caching documentation.
Cloud Run is now covered by FedRAMP Moderate
Granular instance sizing is now available in public preview. Historically, the most granular unit for provisioning compute capacity on Spanner has been the node. To provide more granular control, we are introducing Processing Units (PUs); one Spanner node is equal to 1,000 PUs. You can now provision in batches of 100 PUs, and get a proportionate amount of compute and storage resources. Learn more.
Key Visualizer for Cloud Spanner is now available. Key Visualizer is an interactive monitoring tool to analyze usage patterns in Spanner databases. It reveals trends and outliers in important performance and resource metrics.
gcloud alpha storage commands are now available.
- These commands provide faster uploading and downloading performance over the gsutil command line tool.
New sub-minor versions of Dataproc images: 1.3.93-debian10, 1.3.93-ubuntu18, 1.4.64-debian10, 1.4.64-ubuntu18, 1.5.39-centos8, 1.5.39-debian10, 1.5.39-ubuntu18, 2.0.13-centos8, 2.0.13-debian10, and 2.0.13-ubuntu18.
Google Groups for RBAC is now generally available.
Legacy Logging and Monitoring was deprecated December 12, 2019 and was decommissioned March 31, 2021. As described in the guide for Migrating to Cloud Operations for GKE all clusters still using Legacy Logging and Monitoring are being automatically and gradually migrated to Cloud Operations for GKE during the coming weeks.
You can now set limits on the Cloud Storage roles that a member can grant and revoke. This is possible because Cloud Storage now recognizes the
modifiedGrantsByRole API attribute in conditions.
Memorystore for Redis
Added support for Maintenance Windows for Memorystore for Redis.
Network Connectivity Center
Network Connectivity Center now supports VPC Service Controls. For details, see Protecting resources with VPC Service Controls.
Secret Manager now supports using a filter to customize the output of
ListSecretVersions. For more information, see Filtering.
Security Command Center
Security Health Analytics, a built-in service of Security Command Center, has launched a new detector,
DATASET_CMEK_DISABLED, in general availability. The detector, available to Security Command Center Premium customers, detects BigQuery datasets that are not encrypted using customer-managed encryption keys (CMEK). For more information, see the
DATASET_SCANNER table in Vulnerabilities findings.
Event Threat Detection, a built-in service of Security Command Center Premium, has launched a public preview of new detectors to protect your Google Workspace domains. The detectors identify suspicious activities in member accounts and your Admin Console, including leaked passwords, attempted account breaches, settings changes, and possible government-backed attacks. For more information, see Event Threat Detection overview.
Private endpoints for online prediction are now available in preview. After you set up VPC Network Peering with Vertex AI, you can create private endpoints for low-latency online prediction within your private network.
Additionally, the documentation for VPC Network Peering with custom training has moved. The general instructions for setting up VPC Network Peering with Vertex AI are available at the original link, https://cloud.google.com/vertex-ai/docs/general/vpc-peering. The documentation for custom training is now available here: Using private IP with custom training.
You can now use an interactive shell to inspect your custom training container while it runs. The interactive shell can be helpful for monitoring and debugging training.
This feature is available in preview.
Microsoft Azure Releases And Updates
The 21.07 update includes heap memory allocation tracking, time sync changes, and support for service principles.
HDInsight is now generally available for West US 3 customers.
General availability: Azure Monitor Agent and Data Collection Rules now support direct proxies and Log Analytics gateway
If you use a proxy server or Log Analytics gateway to communicate to Azure Monitor, you can now start using the new Azure Monitor Agent (AMA) and Data Collection Rules (DCR) in these network configurations.
Customers using Grafana for visualizing Azure Monitor metrics can now enable additional data sources and have easier authentication using managed identity.
General availability: Public IP information and inter-zone traffic among many new insights in Traffic Analytics
Azure Network Watcher Traffic Analytics solutions is used to monitor network traffic. It now provides WHOIS and Geographic data for all Public IPs interacting with your deployments and further adds DNS domain, threat type & threat description for Malicious IPs. Now, it also supports inter-zone traffic and VMSS level traffic insights.
Azure Monitor is releasing a new PyPI package that expands distributed tracing support in Application Insights for Python Functions.
Traffic Analytics can now be enabled using Built-in Azure Policy, thus improving your deployment experience. Now organizations can enforce org wide standards and manage traffic monitoring at scale using these policies.
With auto-grow storage enabled, your storage automatically grows when storage consumed on the Flexible Server is nearing its provisioned limit.
The PowerShell-based experience for the Azure App Service Migration Assistant is now in public preview.
Provision new Flexible Server deployments in new regions for Azure Database for PostgreSQL, a managed service running the open source Postgres database on Azure.
Azure VMware Solution has expanded availability to Canada East. With this release Canada East is now the second region within the Canadian sovereign area to become available (joining Canada Central).
This update provides security and reliability improvements, and support for government and regional clouds.
Utilize next-generation firewall capabilities in Azure Firewall Premium
Public preview: Scan and view lineage of data stored in Erwin Mart, Google BigQuery and Looker using Azure Purview
Azure Purview now supports automated scanning from Erwin, BigQuery and Looker soureces to extract schema and lineage between data.
Shared disks on Azure Disk Storage are now generally available on all Premium SSD and Standard SSD sizes
Shared disks can now be leveraged on smaller Premium SSDs from 4GiB to 128 GiB and all Standard SSDs from 4 GiB to 32 TiB. This expands shared disk support to Ultra Disk, Premium SSD, and Standard SSD enabling you to optimize for different price and performance options based on your workload needs.
SAP on Azure customers can now set threshold-based alerts on SAP application, databases and clusters though Azur portal with few clicks.
SAP on Azure customers can now view SAP Application telemetry like short dumps, SDF/SMON and STO3 in Azure portal.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and possibly your sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free. When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: