In Cloud Computing This Week [Jul 2nd 2021]

AWS Updates and Releases

Amplify CLI now supports storing environment variables and secrets to be used in AWS Lambda functions to help separate environment-specific configurations from business logic. The AWS Amplify CLI is a command line toolchain that helps frontend developers create app backends in the cloud that often include business logic powered by AWS Lambda functions. Customers use environment variables to store environment-specific values, such as API endpoints, and secrets to securely store sensitive information, such as API keys.

AWS ParallelCluster is a fully supported and maintained open source cluster management tool that makes it easy for scientists, researchers, and IT administrators to deploy and manage High Performance Computing (HPC) clusters in the AWS cloud. HPC clusters are collections of tightly coupled compute, storage, and networking resources that enable customers to run large scale scientific and engineering workloads.

AWS are excited to announce that Kendra Enterprise Edition is now offered in smaller more granular units to enable smaller workloads. The base Kendra Enterprise Edition (KEE) now starts at $1.40/h ($1,008/mo), offering the same functionality and availability at a smaller scale and cost. The base KEE now supports up to 100,000 documents and 8,000 searches per day, with adaptive bursting capability to better handle unpredictable query spikes. Similarly, the Virtual Storage Capacity units now offer scaling in increments of 100,000 documents (up to 30GB) per unit at $0.7/h. Our Virtual Query Units offer scaling increments of 8,000 queries per day at $0.7/h.

With this launch, AWS Amplify now supports conditional backend builds, automatic build-time aws-exports.js generation, and a simpler console workflow to re-use backends across multiple frontend branches. AWS Amplify’s continuous deployment service offers frontend developers the fastest way to build and deploy full-stack apps (both the frontend and backend) on every code commit.

You can now deploy Amazon AppStream 2.0 in the AWS Europe (London) Region. Deploying AppStream 2.0 in your local region provides users with a more responsive experience and helps support your local data residency obligations. With this launch, you can deploy General Purpose, Compute Optimized, Memory Optimized, Graphics Design, Graphics Pro and Graphics G4 instances to meet the needs of your users.

You can now share files directly with specific experts in AWS IQ chat interface. Experts can also share files in the chat, attach files to a proposal, or to a payment request after completing work.

We are delighted to announce the addition of Tag Tamer to the AWS Solutions Implementations portfolio. AWS Solutions Implementations help you solve common problems and build faster using the AWS platform.

AWS now supports three additional Amazon Elastic Block Store (Amazon EBS) volume types in the Los Angeles AWS Local Zones: General Purpose SSD (gp3), Throughput Optimized HDD (st1), and Cold HDD (sc1) volumes. With this expansion, you can now use gp3, st1, and sc1 volume types in addition to your existing gp2 and io1 volumes in the Los Angeles AWS Local Zones.

AWS Storage Gateway is now available in the AWS Asia Pacific (Osaka) Region

When using AWS DataSync to copy data between Amazon FSx for Windows File Server file systems and Server Message Block (SMB) shares, you can now copy object metadata describing NTFS system access control lists typically used by administrators to define the operations on files and folders that generate audit logs. With this launch, DataSync can now copy all access control entries (ACEs) for files and folders between your SMB shares and FSx for Windows File Server file systems as well as between FSx for Windows File Server file systems.

AWS Glue DataBrew now supports the ability to write datasets created from jobs that run your data preparation recipes directly to the AWS Glue Data Catalog. You can choose to store datasets in Amazon S3, Amazon Redshift, and Amazon RDS (Aurora, Oracle, SQL Server, MySQL, and PostgreSQL) tables in the Data Catalog.

AWS Glue DataBrew adds support for creating datasets with .csv files that have the backslash or escape (\) delimiter. The full list of supported delimiters for .csv files can be found here .

We are excited to announce an update to Amazon GameLift, an AWS managed service. Trusted by game companies from all over the world like Wargaming, Metalhead Software, and Illfonic, GameLift FlexMatch launched in 2017 as a feature that uses a powerful matchmaking algorithm and flexible developer-defined rules to create high-quality matches at AWS scale. 

Self-service features and trusted device support are now available on the WorkSpaces Android Client app on Google Play that runs on Android and Android-compatible Chrome OS devices . The new features are intended for customers who use Android or Android-compatible Chrome OS devices as primary WorkSpaces client endpoint devices.

AWS Glue Schema Registry  now supports defining schemas in JSON Schema format in addition to Apache Avro, allowing customers who choose JSON Schema as the format for their streaming data to centrally control the evolution of data streams and avoid having to manage their own registries. Through Apache-licensed serializers and deserializers, Glue Schema Registry integrates with Java applications developed for Apache Kafka/Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Kinesis Data Streams, Apache Flink/Amazon Kinesis Data Analytics for Apache Flink, and AWS Lambda.

This week, AWS announced the General Availability of the Amazon ECS-optimized Bottlerocket Amazon Machine Image (AMI). Bottlerocket is an open source Linux-based Operating System (OS) that is purpose-built to run containers. Bottlerocket includes only the software needed to run containers and comes with a single step update mechanism. This enables you to improve security posture and reduce maintenance overhead for your Amazon ECS clusters. With this release, Amazon ECS also helps you automate OS updates for Bottlerocket, helping you improve application availability and reduce disruption during updates.

AWS are excited to announce that they now offer a new framework-specific Deep Learning AMI (DLAMI). Today we launched framework-specific DLAMIs for PyTorch 1.9.0 and TensorFlow 2.5.0, with support for Amazon Linux 2, Ubuntu 18.04, and Ubuntu 20.04. The AWS DLAMIs provide machine learning practitioners and researchers with the infrastructure and tools to accelerate deep learning in the cloud, at any scale. These optimized new images are up to 60% smaller in size, accelerating the time for machine learning practitioners to launch DLAMIs on AWS. We will continue to release and support DLAMI in the previous format that includes multiple frameworks and operating systems within a single AMI.

As you prepare your data, AWS Glue DataBrew adds support to automatically identify and mark advanced data types for columns, making it easy to normalize columns containing data of types: Social Security Number (SSN), Email Address, Phone Number, Gender, Credit Card, URL, IP Address, Date and Time, Currency, Zip Code, Country, Region, State, and City. Additionally, DataBrew visually marks columns containing Personally Identifiable Information (PII), allowing you to easily scan for all PII columns in your dataset and apply transformations. Learn more about all supported advanced datatypes .

Amazon Relational Database Service (Amazon RDS) for MariaDB now supports MariaDB minor versions 10.2.37 , 10.3.28 , 10.4.18 , and 10.5.9 . We recommend that customers upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of MariaDB, and to benefit from the numerous bug fixes, performance improvements, and new functionality added by the MariaDB community. Amazon RDS customers can leverage automatic minor version upgrades to automatically upgrade their databases to the latest minor version during scheduled maintenance windows. Learn more about upgrading your database instances, including automatic minor version upgrades, in the Amazon RDS User Guide .

AWS Lambda functions that are triggered from self-managed Apache Kafka topics can now access usernames and passwords secured by AWS Secrets Manager using SASL/PLAIN, a simple username/password authentication mechanism that is typically used with TLS for encryption to implement secure authentication. This is in addition to SASL/SCRAM, which is already supported on Lambda. To get started, customers who select Apache Kafka as the event source for their Lambda function can choose SASL/PLAIN as their authentication mechanism, and select their credentials from Secrets Manager on the AWS Management Console, AWS CLI or AWS SDK for Lambda. This feature requires no additional charge to use, and is available in all AWS Regions where self-managed Apache Kafka is supported as an event source for AWS Lambda. To learn more about using SASL/PLAIN authentication for your Lambda functions triggered from Amazon MSK topics, read the Lambda Developer Guide .

AWS Elemental MediaConvert now supports creating AVC-Intra, VC3, and XAVC mezzanine formats carried in the MXF container. Often referred to as “intermediate” or “editing” file formats, these lightly compressed video codecs balance quality and performance by providing visually lossless compression, lightweight decoding requirements, and native editing and playback support in non-linear editing tools.

Starting this week, AWS Firewall Manager is available in Asia Pacific (Osaka).

AWS Identity and Access Management (IAM) Access Analyzer makes it easier for customers to author secure and functional permissions by providing over 100 policy checks with actionable recommendations during policy authoring. Now, IAM Access Analyzer extended policy validation by adding new policy checks that validate conditions included in IAM policies. These checks analyze the condition block in your policy statement and report security warnings, errors, and suggestions along with actionable recommendations. These checks help you set fine-grained permissions by guiding you to apply conditions in a secure and functional way. For example, IAM Access Analyzer validates that policies that specify tagging conditions include the required tag information in the condition. 

AWS Elemental MediaConvert has added support for HDR10+ metadata analysis and insertion. HDR10+ is a technology that further enhances HDR video with dynamic color metadata for viewing devices to adjust automatically on a scene-by-scene basis. Using MediaConvert you now have the option to perform a HDR10+ analysis on your HDR10 content and then to insert the resulting metadata into the encoded outputs for consumption on HDR10+ enabled devices. This metadata is treated like an enhancement layer to the base HDR10 metadata and allows for backwards compatibility with HDR10 compliant devices.

AWS CloudFormation Modules are now available in AWS GovCloud (US). A Module encapsulates one or more AWS or Non-AWS resources and their configurations for reuse across your organization.

Session Manager, a capability of AWS Systems Manager, now supports free text search for nodes in the search bar of the Session Manager console. Customers can easily locate the node to connect to without knowing the exact value of a property such as Name or Instance ID. The free text search is supported for multiple properties of a managed node, including Instance ID, Name, Agent Version, Platform, Status, and many more.

With the Apple Business Chat integration in Amazon Connect, your customers can interact with you using the Apple Messages application on their iPhone, iPad, or Mac. Your customers can now have an experience that is as familiar and convenient as chatting with a friend, while using rich customer service features like interactive messages to do things like schedule appointments. Apple Business Chat makes it easy for your customers to chat with you anytime they click on your registered phone number on an Apple device. The Apple Business Chat integration allows you to use the same configuration, analytics, routing, and agent UI that you're already using for Amazon Connect Voice and Chat.

AWS WAF now supports 15 additional text transformations, allowing you to reformat web requests to remove any unusual formatting, or sanitize input before rule evaluation. It can be used to identify threats that may be obscured by attackers in an effort to bypass detection. You can use these new text transformations with WAF rule statements, such as SQLi detection, string match, and regex pattern set. You can chain up to 10 text transformations together in a single rule statement. Once configured, AWS WAF will apply the transformations first before evaluating the rule statement.

The Machine types documentation has been renamed to Machine families. The URL remains the same.

New pages have been added to reflect the expansion of our machine fleet.

• • General-purpose family
  • Compute-optimized family
  • Memory-optimized family
  • Accelerator-optimized family

You can learn about Virtio memory balloon devices at the Dynamic resource management page.

Preview: You can now autoscale both regional and zonal managed instance groups based on a Cloud Monitoring metric that provides an aggregated value for the group. You can also apply filters to group metrics to further scope the scaling signal. For more information, see Scaling based on Cloud Monitoring metrics.

Delhi, India asia-south2-a,b,c region has launched with E2, N2, N1, and C2 virtual machine (VM) instances in all three zones. See VM instance pricing for details.

Generally available: Compute Engine's VM instance details page has a new Observability tab, which replaces the Monitoring tab. The enhanced Observability tab provides access to logs and greater visibility into CPU, disk, and network metrics.

General-purpose N2D VMs are now available in us-west4-b Las Vegas, NV. See VM instance pricing for details.

Update PowerShell versions 7.0 and 7.1 to protect against a vulnerability

If you manage your Azure resources from PowerShell, update versions 7.0 and 7.1 of PowerShell as soon as possible.

General availability: Azure Security Center updates for June 2021

New enhancements and updates released in Azure Security Center in June 2021.

Soft delete for blobs capability for Azure Data Lake Storage is now in limited public preview

If you have processes or tools to detect accidental deletion of files and directories for your Azure Data Lake Storage accounts, you can now also restore the deleted objects using soft delete for blobs capability. During the retention period that you specify, you can now restore a soft-deleted object to its state at the time it was deleted.

AZURE MAPS ANDROID SDK IS NOW GENERALLY AVAILABLE

Get started with Android map control using vector map libraries, now generally available with Azure Maps Android SDK.

Azure Image Builder Service now generally available

Use Azure Image Builder to streamline your image building pipeline and integrate your DevOps application life-cycle with the cloud native tools.

VPN NAT now in public preview

Azure VPN Gateway NAT (Network Address Translation) can be used to connect on-premises networks or branch offices to an Azure virtual network with overlapping IP addresses.

Limited Preview: New Azure VMs for confidential workloads

New DCsv3 and DCdsv3-series Azure Virtual Machines transform the state-of-the-art for confidential workloads

Public preview: Azure Automanage now supports Arc enabled servers

Now you can automatically onboard your Arc enabled servers to best practice Azure management services using Azure Automanage, saving time and manual management effort.

Expansion of the public preview of on-demand disk bursting for Premium SSD to more regions

The preview of on-demand disk bursting for Premium SSDs P30 and greater (lager than 512 GiB) is now expanded to all production regions.

Introducing the Ingestion Client for Azure Speech

Ingestion Client in conjunction with Azure Speech allows customers to transcribe audio files without any development effort. Whether you have few or millions of file Azure will transcribe those securely and quickly.