This week's roundup of notable cloud news.
Hello Cloud Land, we've read all the cloud computing news again this week, so you don't have to.
Once again, there's a little bit of everything going on this week. Amazon's new CodeArtifact repo looks interesting. The theme of the week seems to be a toss up between security or authenticity.
Enjoy.
AWS CodeArtifact Launched 
Generally available this week, AWS CodeArtifact is a fully managed artifact repository service for developers and organizations to help securely store and share the software packages used in their development, build, and deployment processes.
CodeArtifact can be used with popular build tools and package managers such as Maven and Gradle (for Java), npm and yarn (for Javascript), and pip and twine (for Python), with more to come. As new packages are ingested, or published to your repositories, CodeArtifact automatically scales, and as a fully managed service, CodeArtifact requires no infrastructure installation or maintenance on your part.
Additionally, CodeArtifact is a polyglot artifact repository, meaning it can store artifact packages of any supported type. For example, a single CodeArtifact repository could be configured to store packages from Maven, npm and Python repositories side by side in one location.
https://aws.amazon.com/blogs/aws/software-package-management-with-aws-codeartifact
Amazon EC2 C5a Instances powered by 2nd Gen AMD EPYC Processors
This week AWS announced the general availability of compute-optimized C5a instances featuring 2nd Gen AMD EPYC™ processors, running at frequencies up to 3.3 GHz.
C5a instances are variants of Amazon EC2’s compute-optimized (C5) instance family and provide high performance processing at 10% lower cost over comparable instances. C5a instances are ideal for a broad set of compute-intensive workloads including batch processing, distributed analytics, data transformations, log analysis, and web applications.
You can launch C5a instances today in eight sizes in the US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), Europe (Frankfurt), Asia Pacific (Sydney), and Asia Pacific (Singapore) Regions in On-Demand, Spot, and Reserved Instance or as part of a Savings Plan.
Here are the specs:
| Instance Name | vCPUs | RAM | EBS-Optimized Bandwidth | Network Bandwidth |
| c5a.large |
2 | 4 GiB | Up to 3.170 Gbps | Up to 10 Gbps |
| c5a.xlarge |
4 | 8 GiB | Up to 3.170 Gbps | Up to 10 Gbps |
| c5a.2xlarge |
8 | 16 GiB | Up to 3.170 Gbps | Up to 10 Gbps |
| c5a.4xlarge |
16 | 32 GiB | Up to 3.170 Gbps | Up to 10 Gbps |
| c5a.8xlarge |
32 | 64 GiB | 3.170 Gbps | 10 Gbps |
| c5a.12xlarge |
48 | 96 GiB | 4.750 Gbps | 12 Gbps |
| c5a.16xlarge |
64 | 128 GiB | 6.3 Gbps | 20 Gbps |
| c5a.24xlarge |
96 | 192 GiB | 9.5 Gbps | 20 Gbps |
AWS Service Validation checklists for APN Consulting Partners
To receive the AWS Service Delivery designation, organizations must undergo rigorous technical validation. They are also assessed on the security, performance, and reliability of their Amazon Web Services (AWS) solutions.
As a result of passing such a high technical bar, AWS Service Delivery Partners receive a variety of program benefits. This includes access to funding and discounts, invitations to AWS service-specific roadmaps and feature releases before general availability, AWS marketing support, and priority consideration to publish technical content through AWS forums. Program benefits are in addition to APN tier benefits.
To help APN Consulting Partners better understand this process and validation requirements, AWS are releasing new versions of the AWS Service Delivery Validation Checklists (VCL).
Tighten S3 permissions for your IAM users and roles using access history of S3 actions
This week, AWS announced that they now include action-level last accessed information for Amazon Simple Storage Service (Amazon S3). This means you can tighten permissions to only the specific S3 actions that your application requires. The action-level last accessed information is available for S3 management actions. As you try it out, let us know how you’re using action-level information and what additional information would be valuable as we consider supporting more services.
Table-level access controls in GCP Big Query
GCP announced a key capability to help organizations govern their data in Google Cloud. The new BigQuery table-level access controls (table ACLs) are an important step that enables you to control your data and share it at an even finer granularity. Table ACLs also bring closer compatibility with other data warehouse systems where the base security primitives include tables—allowing migration of security policies more easily.
Table ACLs are built on top of Cloud Identity and Access Management (Cloud IAM), Google Cloud’s enterprise-grade access control platform that integrates across GCP cloud products. BigQuery already lets organizations provide controls over access to data sets, projects, and folders. With BigQuery table-level ACLs, you can use these same controls at the table scope, satisfying the principle of “least privilege.” This capability, combined with BigQuery column-level security, is key in helping organizations effectively govern data in Google Cloud and maintain regulatory compliance, such as GDPR, CCPA, etc.
GCP Compliance Resource Center updated
Building and maintaining a compliance program can be complex and challenging. It requires implementing policies, operational and physical security controls, and various reporting mechanisms. GCP customers have to manage a wide variety of regulatory and industry-specific compliance requirements, and Google Cloud is committed to being a partner in your compliance journey.
To help you manage your compliance initiatives, this week, Google announced an updated Compliance Resource Center. It provides on-demand access to helpful resources to support your compliance efforts, verify technical compliance and control requirements, and help you understand region- and industry-specific regulations.
Azure introduce live video analytics from Azure Media Services 
Azure Media Services is pleased to announce the preview of a new platform capability called Live Video Analytics, or in short, LVA. LVA provides a platform for you to build hybrid applications with video analytics capabilities. The platform offers the capability of capturing, recording, and analyzing live video and publishing the results (which could be video and/or video analytics) to Azure Services in the cloud and/or the edge.
With this announcement, the LVA platform is now available as an Azure IoT Edge module via the Azure Marketplace. The module, referred to as, “Live Video Analytics on IoT Edge” is built to run on a Linux x86-64 edge device in your business location. This enables you to build IoT solutions with video analytics capabilities, without worrying about the complexity of designing, building, and operating a live video pipeline.
LVA is designed to be a “pluggable” platform, so you can integrate video analysis modules, whether they are custom edge modules built by you with open source machine learning models, custom models trained with your own data (using Azure Machine Learning or other equivalent services) or Microsoft Cognitive Services containers. You can combine LVA functionality with other Azure edge modules such as Stream Analytics on IoT Edge to analyze video analytics in real-time to drive business actions (e.g. generate an alert when a certain type of object is detected with a probability above a threshold).
https://azure.microsoft.com/en-us/blog/introducing-live-video-analytics-on-iot-edge-now-in-preview/
General Availability of Azure Files on-prem AD DS authentication
Microsoft announced the general availability of Azure Files support for authentication with on-premises Active Directory Domain Services (AD DS).
Since preview in February 2020, Azure report they've received great feedback and growing interest from customers, especially because of increased work from home scenarios. With file shares migrated to the cloud, maintaining access using Active Directory credentials greatly simplifies the IT management experience and provide better mobility for remote work.
Most importantly, you do not need to reconfigure your clients. As long as your on-premises servers or user laptops are domain-joined to AD DS, you can sync Active Directory to Azure AD, enable AD DS authentication on the storage account, and mount the file share directly. It makes the migration from on-premises to cloud extremely simple as the existing Windows ACLs can be seamlessly carried over to Azure Files and continue to be enforced for authorization.
Along with private endpoint support of Azure Files, you can access data in Azure Files just like you would in an on-premises file server within the secure network boundary.
New features and insights in Azure Monitor
Customers need full stack observability for their apps and infrastructure across Azure and hybrid environments to ensure their workloads are always up and running, for which they rely on Azure Monitor. Over the past few months, Microsoft have released many new capabilities targeting to improve native integration with Azure, enable easier onboarding at scale, support enterprise security and compliance needs, provide rich full stack distributed tracing, and much more. The newest enhancements from Azure Monitor announced at Microsoft Build, including:
- Preview of Azure Monitor Application Insights logs being available directly on Log Analytics Workspaces.
- General availability of Azure Monitor for Storage and Azure Cosmos DB, with previews for Key Vault and Azure Cache for Redis.
- Data Encryption at Rest with Customer Managed Keys (CMK) in Azure Key Vault, providing complete control over log data access with key revocation. Available only when using dedicated clusters with capacity reservation of more than 1TB/day.
- Out-of-the-box support for Distributed Tracing in Java Azure Functions, providing richer data pertaining to requests, dependencies, logs, and metrics.
- Application Insights Codeless Attach for Node.JS Apps on Azure App Services (Linux) with automatic dependency collection.
- Notifications with enhanced visibility on all Azure resource changes across subscriptions with application change analysis.
https://azure.microsoft.com/en-us/blog/new-features-and-insights-in-azure-monitor/
Amazon & Microsoft push into Cybersecurity as Cloud Computing grows
Amazon.com (AMZN) and Microsoft (MSFT) are poised to grab market share in the growing field of cybersecurity as companies move more business workloads to their cloud computing services.
But the two tech powerhouses are going about it in different ways. Microsoft has been more aggressive in making acquisitions to become a bigger player in cybersecurity. Amazon's priority, meanwhile, is speeding up adoption of cloud computing, even if it means cooperating with industry incumbents.
Upcoming Events:
AWS Summit Online - Europe, UK, Middle East & Africa
Join the AWS Summit Online on June 17 and deepen your cloud knowledge with this free, virtual event.
Hear from your local AWS country leaders about the latest trends, customers and partners in your market, followed by the opening keynote with Werner Vogels, CTO, Amazon.com. After the keynote, dive deep in 55 breakout sessions across 11 tracks, including getting started, building advanced architectures, app development, DevOps and more. Tune in live to network with fellow technologists, have your questions answered in real-time by AWS Experts and claim your certificate of attendance. All sessions will be available in English with subtitles in French, Italian, German and Spanish.
So, whether you are just getting started on the cloud or are an advanced user, come and learn something new at the AWS Summit Online.
When: June 17 Online Starts 09:00 (UTC+1)
https://aws.amazon.com/events/summits/online/emea/
Virtual Masterclass: Cloud Practitioner Bootcamp with AWS
This introductory-level course is intended for APN Partners who seek an overall understanding of the AWS Cloud. It provides a detailed overview of cloud concepts, AWS services, security, architecture, pricing, and support.
Delivered through an interactive online format, at the end of the course there will be an online assessment which will provide a certification upon successful completion.
Ran by AWS and Ingram Micro expert trainers, this course will teach you how to succeed both technically and commercially.
The tailored training will teach you how to:
- Define the AWS Cloud
- Describe the key services on the AWS platform using common use cases
- Describe basic AWS Cloud architectural principles
- Describe the AWS Shared Responsibility Model with reference to basic security and compliance
- Define pricing models
- Identify sources of documentation, including where to go for further information, how to describe the AWS Cloud value proposition, and the different ways to define characteristics of deployment/operation in the AWS Cloud
Course Outline
This course covers the following concepts:
Module 1: AWS Cloud Concepts
Module 2: AWS Core Services
Module 3: AWS Security
Module 4: AWS Architecting
Module 5: AWS Pricing and Support
Please note you will be required to follow the registration link in the confirmation email to secure your place.
If you need a fix of AWS goodness, there is an extensive program of online tech talks scheduled:
Join AWS for live, online presentations led by AWS solutions architects and engineers. AWS Online Tech Talks cover a range of topics and expertise levels, and feature technical deep dives, demonstrations, customer examples, and live Q&A with AWS experts.
Note – All sessions are free and in Pacific Time. Can’t join them live? Access webinar recordings and slides on the On-Demand Portal
Microsoft also has a full training and events calendar underway :
Source : https://azure.microsoft.com/en-us/community/events/
Some are going ahead, but we'd suggest contacting the organisers before putting any concrete plans in place.
Thanks for reading, we hope you found something useful. Talking of useful:
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what our cloud architecture diagram tool can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email sales@hava.io or book a callback or demo below.
