Hava Blog and Latest News

In Cloud Computing This Week [Mar 12th 2021]

Written by Team Hava | March 12, 2021

This week's roundup of all the cloud news.

 

Here's a round up of all things GCP, Azure and AWS for the week ending Friday 12th March 2021. This week was a little less frantic, however there were plenty of announcements from all three cloud vendors that Hava currently supports.

Here at Hava we've been doing lots more cool design planning and self-hosted streamlining to make it even easier for you to host Hava internally to keep your security team super happy.

More details soon.

To stay in the loop, make sure you subscribe on the right - There's a new Newsletter series starting soon that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of. 

Of course we'd love to keep in touch at the usual places. Come and say hello on:

Facebook

Linkedin

Twitter

AWS Updates and Releases

 

Amazon Elasticsearch Service now publishes events to Amazon CloudWatch and Amazon EventBridge for service software updates

Amazon Elasticsearch Service now publishes events to Amazon CloudWatch and Amazon EventBridge to provide better visibility into the service. Events to indicate the availability of a service software update for a domain, the start of an update, and the completion of an update will be included in the initial release. You will also be able to view these events under the new ‘Notifications’ view in the Amazon Elasticsearch Service console.

 

Announcing General Availability of Amazon Redshift Data Sharing

Amazon Redshift Data Sharing, a secure and easy way to share live data across Redshift clusters, is now generally available. Data Sharing enables instant, granular, and high-performance data access across Amazon Redshift clusters within an AWS account, without the need to copy or move data. Data Sharing provides live access to the data so that your users always see most up-to-date and consistent information as it is updated in the data warehouse. Data Sharing can be used on your Amazon Redshift RA3 clusters at no additional cost.


Announcing General Availability of Amazon Redshift Cross-database queries

Amazon Redshift Cross-database queries provide ability to query across databases in a Redshift cluster. This feature is now generally available in all regions where Amazon Redshift RA3 node types are available. With Cross-database queries, you can seamlessly query data from any database in the cluster, regardless of which database you are connected to. Cross-database queries can eliminate data copies and simplify your data organization to support multiple business groups on the same cluster. Cross-database queries can be used on your RA3 clusters at no additional cost.


IAM Access Analyzer now enables you to validate public and cross-account access before deploying permissions changes

AWS Identity and Access Management (IAM) Access Analyzer now enables you to validate access before deploying permissions changes. IAM Access Analyzer uses comprehensive policy analysis to provide provable security and generate findings for resource access. Now with IAM Access Analyzer, you can prevent public and cross-account access before you set permissions. You can preview findings and validate that your policy changes grant only intended access to your resources. By previewing findings, you can prevent unintended access before you deploy permissions.

 

AWS Backup adds support for continuous backup and point-in-time recovery of Amazon RDS instances

AWS Backup adds support for continuous backups and point-in-time recovery (PITR) of Amazon Relational Database (Amazon RDS) instances. You can now streamline your backup planning, management, and access control to Amazon RDS continuous backups in addition to the existing support of scheduled Amazon RDS snapshots.


Introducing a new API allowing you to stop in-progress workflows in Amazon Forecast

Amazon Forecast uses machine learning (ML) to generate more accurate demand forecasts, without requiring any prior ML experience. Forecast brings the same technology used at Amazon.com to developers as a fully managed service, removing the need to manage resources or rebuild your systems.

 

Introducing Lower Cost Storage Classes for Amazon Elastic File System

Amazon Elastic File System (Amazon EFS) now supports single Availability Zone (AZ) storage classes (One Zone), reducing storage costs by 47% compared to Amazon EFS Standard storage classes, while maintaining the EFS capabilities that customers love. With this launch, you can achieve an effective storage price of $0.043/GB-month.[1]

 

AWS Glue DataBrew enhances its data quality dashboard with a visual comparison matrix

When you generate data quality profiles on your datasets, DataBrew now publishes a visual dashboard on the AWS Glue DataBrew console with 40+ statistics and visualizations listed in a tabular format for easy comparison. Understanding data quality is key to the success of your analytics and machine learning projects. With this new capability in DataBrew, it’s easy to spot anomalies in data distributions, detect outliers, understand skews, and more for datasets varying from a few thousand rows to tens of millions of rows and varying file formats.  

 

Amazon RDS for PostgreSQL M6g and R6g instances now available in N. California, Canada, São Paulo, and London regions

AWS Graviton2-based database instances for Amazon Relational Database Service (RDS) for PostgreSQL are now supported in: US West (N. California), Canada (Central), South America (São Paulo), and Europe (London). Graviton2 instances provide up to 35% performance improvement and up to 52% price/performance improvement over comparable current generation x86-based instances for RDS open source databases depending on database engine, version, and workload. You can launch these database instances when using Amazon RDS for PostgreSQL.


Amazon WorkSpaces is available in the Asia Pacific (Mumbai) Region

Amazon WorkSpaces is now available in the Asia Pacific (Mumbai) region, increasing the number of AWS Regions in which WorkSpaces is available to 14. This expansion into a new AWS Region allows you to provision WorkSpaces closer to your users and data, providing a more responsive experience. Additionally, you can better meet data sovereignty requirements without the cost and complexity of building on-premises Virtual Desktop Infrastructure (VDI). For companies that provide services such as customer support, development, or back office services like accounting or IT support, using Amazon WorkSpaces in Asia Pacific (Mumbai) can enable a more reliable way of giving users a persistent desktop while helping you to reduce the risk of data leakage, with the closest possible AWS Region.


AWS Security Hub adds 25 new controls to its Foundational Security Best Practices standard

AWS Security Hub has released 25 new controls for its Foundational Security Best Practice standard . These controls conduct fully automatic checks against security best practices for Amazon API Gateway (APIGateway.1), Amazon Cloudfront (CloudFront.1-4), Amazon DynamoDB (DynamoDB.1-3), Amazon Elastic Compute Cloud (EC2.9-10), Amazon Elastic File System (EFS.2), Amazon Elasticsearch Service (ES.2-3), Amazon RDS (RDS.9-10), Amazon Redshift (RedShift.1-3,6), Amazon Simple Notification System (SNS.1), AWS Elastic Load Balancing (ELB.3-6), and AWS Key Management Service (KMS.3). If you enabled the AWS Foundational Security Best Practices standard in an account and configured Security Hub to automatically enable new controls, the above new controls are enabled by default. Security Hub now supports 115 security controls to automatically check your security posture in AWS.


Announcing Kotlin-centric developer experience in Amplify Android

Today, we are announcing first-class support for Kotlin in Amplify Android. Amplify Android is part of AWS Amplify, a set of libraries, tools, and services that help frontend web and mobile developers build secure, scalable, full-stack applications. Kotlin is a popular programming language commonly used by Android developers, among others.


AWS Lambda adds four Trusted Advisor checks

AWS Lambda now supports four new Trusted Advisor checks to help customers optimize the cost, security, function runtime version and fault tolerance of their Lambda functions.  


Amazon RDS for PostgreSQL supports managed disaster recovery (DR) with Cross-Region Automated Backups

Starting this week Amazon RDS for PostgreSQL supports Cross-Region Automated Backups. This feature extends the existing Amazon RDS backup functionality, giving you the ability to setup automatic replication of system snapshots and transaction logs from a primary AWS Region to a secondary AWS Region.  


 
 
 

Google Cloud Releases and Updates

Cloud Build

Users can now create triggers to execute builds in response to events published to a Pub/Sub topic. For more information see, Creating Pub/Sub triggers.

Cloud Composer - n/a

Cloud Load Balancing

You can now use the gcloud compute url-maps validate command to test advanced route configurations such as routing based on headers and query parameters, HTTP to HTTPS redirects, and URL rewrites.

You can also use this command to independently run tests without saving changes to the URL map. This protects live traffic to your production services and prevents any unintended interruptions due to URL map misconfigurations.

This feature is now available in General Availability.

Cloud Run - n/a

Cloud Scheduler - n/a

Cloud Spanner - n/a

Cloud SQL for PostgreSQL - n/a

Dataproc

Dataproc 2.0 image version will become a default Dataproc image version in 1 week on March 15, 2021.

Dialogflow - n/a

Google Cloud Armor - n/a

Identity and Access Management - n/a

Pub/Sub

Pub/Sub push subscriptions can now be created with Cloud Run service endpoints protected by VPC Service Controls. This feature is available in the Preview launch stage.

Security Command Center

Security Health Analytics, a built-in service of Security Command Center, launched new detectors in general availability:

Detects resources that are not using customer-managed encryption keys (CMEK)

    • BUCKET_CMEK_DISABLED
    • DISK_CMEK_DISABLED
    • NODEPOOL_BOOK_CMEK_DISABLED
    • SQL_CMEK_DISABLED

Detects vulnerabilities in Compute Engine instances

    • DEFAULT_SERVICE_ACCOUNT_USED
    • SHIELDED_VM_DISABLED

Detects publicly accessible Cloud KMS keys

    • KMS_PUBLIC_KEY

Detects out-of-region Compute Engine resources

    • ORG_POLICY_LOCATION_RESTRICTION

Detects misconfiguration of SQL instances

    • SQL_CROSS_DB_OWNERSHIP_CHAINING
    • SQL_CONTAINED_DATABASE_AUTHENTICATION
    • SQL_CROSS_DB_OWNERSHIP_CHAINING
    • SQL_LOCAL_INFILE
    • SQL_LOG_CHECKPOINTS_DISABLED
    • SQL_LOG_CONNECTIONS_DISABLED
    • SQL_LOG_DISCONNECTIONS_DISABLED
    • SQL_LOG_LOCK_WAITS_DISABLED
    • SQL_LOG_MIN_DURATION_STATEMENT_ENABLED
    • SQL_LOG_MIN_ERROR_STATEMENT
    • SQL_LOG_TEMP_FILES

For more information on these and other Security Health Analytics detectors, see Vulnerabilities findings.

 

Microsoft Azure Releases And Updates

 

New Norway East region added to Azure HDInsight

HDInsight is now generally available for Norway East customers.
 

Azure Storage — Routing Preferences now generally available

Routing Preference for Azure Storage provide the flexibility to optimize traffic between clients external to Azure and your storage account for premium network reliability and performance over the Microsoft global network or for cost efficiency using the transit ISP network. You can now also publish route-specific endpoints for your storage account.
 

Python Durable Functions support in Azure Functions is now generally available

Python developers can now create serverless workflows to orchestrate complex data processing and data science workloads in Azure Functions.

 

General availability: Azure Functions supports .NET 5 in production

Azure Functions now supports running production applications in .NET 5, the latest version of .NET.

Node.js 14 in Azure Functions is now generally available

Azure Functions support for the Node.js 14 runtime is now in general availability.

HDInsight Apache Kafka REST Proxy is now generally available

Azure HDInsight Kafka REST proxy greatly simplifies messaging architecture patterns by allowing Kafka producers and consumers to be located outside the virtual network and enables working with unsupported languages.

New Brazil Southeast region added to Azure HDInsight

HDInsight is now available for Brazil South Azure customers requiring scenario-based in-country disaster recovery.

Token lifecycle management is now in private preview

With this sprint update, Azure announced Azure DevOps REST API support for personal access tokens that's available now in private preview.

 

Azure Routing Preference is now generally available

Choice matters when it comes to cloud. Routing preference enables network service tiers for internet bound traffic, letting you to optimize for performance or cost.

UPComing Training & Events: 

         

 

Four new AWS digital training offerings for AWS End User Computing

 

AWS introduced four new digital training offerings that help you learn how to plan, deploy, secure, and manage cloud-based desktops and applications. The offerings are designed for desktop or virtual desktop infrastructure managers, IT administrators, and technical professionals interested in cloud-based virtualization. These free self-paced courses and curriculums include presentations, interactive e-learning modules, videos, demonstrations, and quizzes.

 

New digital curriculum: Managing Amazon S3

AWS were excited to announce a free new digital curriculum: Managing Amazon Simple Storage Service. This advanced 150-minute curriculum covers techniques to simplify the management of Amazon S3 storage. Designed for cloud architects, storage architects, developers, and operations engineers, it includes interactive lessons, video demonstrations, a self-paced lab, and quizzes. The self-paced lab costs up to 15 USD per lab (this cost is not included with free digital training on aws.training).

 

New digital class and lab on DevOps on AWS

AWS are excited to announce the launch of their new digital course, Getting Started with DevOps on AWS, together with the optional Getting Started with DevOps on AWS self-paced lab. This course explores the basics of developing, delivering, and maintaining high-quality secure applications and services at high velocity on AWS. The course covers the philosophies, practices, and tools used to implement a DevOps environment on AWS, while the lab gives you practical experience with the technologies discussed in the course.

 

Updated digital course on Coursera and edX - AWS Cloud Practitioner Essentials

AWS Training and Certification were excited to announce the launch of the updated AWS Cloud Practitioner Essentials digital course on Coursera and edX. If you’re new to the cloud or in a technical or non-technical role such as finance, legal, sales, or marketing, this course provides you with an understanding of fundamental AWS Cloud concepts to help you gain the confidence to contribute to your organization’s cloud initiatives.

 

Azure Virtual Events

Microsoft have a full schedule of Virtual Events

A  full list including session times and details are here : Azure Events

AWS Events:

AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: AWS Events

Thanks for reading again this week, we hope you found something useful. 

hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.

If you haven't opened a free hava.io account to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs, you can below - if you have questions, please get in touch. 

 

You can reach us on chat, email sales@hava.io to book a callback or demo.

 

 

 

Read more about Hava Azure Infrastructure Diagrams here.

Read more about Hava AWS Architecture Diagrams here.

Read more about Hava GCP Architecture Diagrams here