Here's a round up of all things GCP, Azure and AWS for the week ending Friday 12th March 2021. This week was a little less frantic, however there were plenty of announcements from all three cloud vendors that Hava currently supports.
Here at Hava we've been doing lots more cool design planning and self-hosted streamlining to make it even easier for you to host Hava internally to keep your security team super happy.
More details soon.
To stay in the loop, make sure you subscribe on the right - There's a new Newsletter series starting soon that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
Amazon Elasticsearch Service now publishes events to Amazon CloudWatch and Amazon EventBridge to provide better visibility into the service. Events to indicate the availability of a service software update for a domain, the start of an update, and the completion of an update will be included in the initial release. You will also be able to view these events under the new ‘Notifications’ view in the Amazon Elasticsearch Service console.
Amazon Redshift Data Sharing, a secure and easy way to share live data across Redshift clusters, is now generally available. Data Sharing enables instant, granular, and high-performance data access across Amazon Redshift clusters within an AWS account, without the need to copy or move data. Data Sharing provides live access to the data so that your users always see most up-to-date and consistent information as it is updated in the data warehouse. Data Sharing can be used on your Amazon Redshift RA3 clusters at no additional cost.
Amazon Redshift Cross-database queries provide ability to query across databases in a Redshift cluster. This feature is now generally available in all regions where Amazon Redshift RA3 node types are available. With Cross-database queries, you can seamlessly query data from any database in the cluster, regardless of which database you are connected to. Cross-database queries can eliminate data copies and simplify your data organization to support multiple business groups on the same cluster. Cross-database queries can be used on your RA3 clusters at no additional cost.
AWS Identity and Access Management (IAM) Access Analyzer now enables you to validate access before deploying permissions changes. IAM Access Analyzer uses comprehensive policy analysis to provide provable security and generate findings for resource access. Now with IAM Access Analyzer, you can prevent public and cross-account access before you set permissions. You can preview findings and validate that your policy changes grant only intended access to your resources. By previewing findings, you can prevent unintended access before you deploy permissions.
AWS Backup adds support for continuous backups and point-in-time recovery (PITR) of Amazon Relational Database (Amazon RDS) instances. You can now streamline your backup planning, management, and access control to Amazon RDS continuous backups in addition to the existing support of scheduled Amazon RDS snapshots.
Amazon Forecast uses machine learning (ML) to generate more accurate demand forecasts, without requiring any prior ML experience. Forecast brings the same technology used at Amazon.com to developers as a fully managed service, removing the need to manage resources or rebuild your systems.
Amazon Elastic File System (Amazon EFS) now supports single Availability Zone (AZ) storage classes (One Zone), reducing storage costs by 47% compared to Amazon EFS Standard storage classes, while maintaining the EFS capabilities that customers love. With this launch, you can achieve an effective storage price of $0.043/GB-month.[1]
When you generate data quality profiles on your datasets, DataBrew now publishes a visual dashboard on the AWS Glue DataBrew console with 40+ statistics and visualizations listed in a tabular format for easy comparison. Understanding data quality is key to the success of your analytics and machine learning projects. With this new capability in DataBrew, it’s easy to spot anomalies in data distributions, detect outliers, understand skews, and more for datasets varying from a few thousand rows to tens of millions of rows and varying file formats.
AWS Graviton2-based database instances for Amazon Relational Database Service (RDS) for PostgreSQL are now supported in: US West (N. California), Canada (Central), South America (São Paulo), and Europe (London). Graviton2 instances provide up to 35% performance improvement and up to 52% price/performance improvement over comparable current generation x86-based instances for RDS open source databases depending on database engine, version, and workload. You can launch these database instances when using Amazon RDS for PostgreSQL.
Amazon WorkSpaces is now available in the Asia Pacific (Mumbai) region, increasing the number of AWS Regions in which WorkSpaces is available to 14. This expansion into a new AWS Region allows you to provision WorkSpaces closer to your users and data, providing a more responsive experience. Additionally, you can better meet data sovereignty requirements without the cost and complexity of building on-premises Virtual Desktop Infrastructure (VDI). For companies that provide services such as customer support, development, or back office services like accounting or IT support, using Amazon WorkSpaces in Asia Pacific (Mumbai) can enable a more reliable way of giving users a persistent desktop while helping you to reduce the risk of data leakage, with the closest possible AWS Region.
AWS Security Hub has released 25 new controls for its Foundational Security Best Practice standard . These controls conduct fully automatic checks against security best practices for Amazon API Gateway (APIGateway.1), Amazon Cloudfront (CloudFront.1-4), Amazon DynamoDB (DynamoDB.1-3), Amazon Elastic Compute Cloud (EC2.9-10), Amazon Elastic File System (EFS.2), Amazon Elasticsearch Service (ES.2-3), Amazon RDS (RDS.9-10), Amazon Redshift (RedShift.1-3,6), Amazon Simple Notification System (SNS.1), AWS Elastic Load Balancing (ELB.3-6), and AWS Key Management Service (KMS.3). If you enabled the AWS Foundational Security Best Practices standard in an account and configured Security Hub to automatically enable new controls, the above new controls are enabled by default. Security Hub now supports 115 security controls to automatically check your security posture in AWS.
Today, we are announcing first-class support for Kotlin in Amplify Android. Amplify Android is part of AWS Amplify, a set of libraries, tools, and services that help frontend web and mobile developers build secure, scalable, full-stack applications. Kotlin is a popular programming language commonly used by Android developers, among others.
AWS Lambda now supports four new Trusted Advisor checks to help customers optimize the cost, security, function runtime version and fault tolerance of their Lambda functions.
Starting this week Amazon RDS for PostgreSQL supports Cross-Region Automated Backups. This feature extends the existing Amazon RDS backup functionality, giving you the ability to setup automatic replication of system snapshots and transaction logs from a primary AWS Region to a secondary AWS Region.
Cloud Build
Users can now create triggers to execute builds in response to events published to a Pub/Sub topic. For more information see, Creating Pub/Sub triggers.
Cloud Composer - n/a
Cloud Load Balancing
You can now use the gcloud compute url-maps validate command to test advanced route configurations such as routing based on headers and query parameters, HTTP to HTTPS redirects, and URL rewrites.
You can also use this command to independently run tests without saving changes to the URL map. This protects live traffic to your production services and prevents any unintended interruptions due to URL map misconfigurations.
This feature is now available in General Availability.
Cloud Run - n/a
Cloud Scheduler - n/a
Cloud Spanner - n/a
Cloud SQL for PostgreSQL - n/a
Dataproc
Dataproc 2.0 image version will become a default Dataproc image version in 1 week on March 15, 2021.
Dialogflow - n/a
Google Cloud Armor - n/a
Identity and Access Management - n/a
Pub/Sub
Pub/Sub push subscriptions can now be created with Cloud Run service endpoints protected by VPC Service Controls. This feature is available in the Preview launch stage.
Security Command Center
Security Health Analytics, a built-in service of Security Command Center, launched new detectors in general availability:
Detects resources that are not using customer-managed encryption keys (CMEK)
BUCKET_CMEK_DISABLEDDISK_CMEK_DISABLEDNODEPOOL_BOOK_CMEK_DISABLEDSQL_CMEK_DISABLEDDetects vulnerabilities in Compute Engine instances
DEFAULT_SERVICE_ACCOUNT_USEDSHIELDED_VM_DISABLEDDetects publicly accessible Cloud KMS keys
KMS_PUBLIC_KEYDetects out-of-region Compute Engine resources
ORG_POLICY_LOCATION_RESTRICTIONDetects misconfiguration of SQL instances
SQL_CROSS_DB_OWNERSHIP_CHAININGSQL_CONTAINED_DATABASE_AUTHENTICATIONSQL_CROSS_DB_OWNERSHIP_CHAININGSQL_LOCAL_INFILESQL_LOG_CHECKPOINTS_DISABLEDSQL_LOG_CONNECTIONS_DISABLEDSQL_LOG_DISCONNECTIONS_DISABLEDSQL_LOG_LOCK_WAITS_DISABLEDSQL_LOG_MIN_DURATION_STATEMENT_ENABLEDSQL_LOG_MIN_ERROR_STATEMENTSQL_LOG_TEMP_FILESFor more information on these and other Security Health Analytics detectors, see Vulnerabilities findings.
Python developers can now create serverless workflows to orchestrate complex data processing and data science workloads in Azure Functions.
Azure Functions now supports running production applications in .NET 5, the latest version of .NET.
Azure Functions support for the Node.js 14 runtime is now in general availability.
Azure HDInsight Kafka REST proxy greatly simplifies messaging architecture patterns by allowing Kafka producers and consumers to be located outside the virtual network and enables working with unsupported languages.
HDInsight is now available for Brazil South Azure customers requiring scenario-based in-country disaster recovery.
With this sprint update, Azure announced Azure DevOps REST API support for personal access tokens that's available now in private preview.
Choice matters when it comes to cloud. Routing preference enables network service tiers for internet bound traffic, letting you to optimize for performance or cost.
UPComing Training & Events:
AWS introduced four new digital training offerings that help you learn how to plan, deploy, secure, and manage cloud-based desktops and applications. The offerings are designed for desktop or virtual desktop infrastructure managers, IT administrators, and technical professionals interested in cloud-based virtualization. These free self-paced courses and curriculums include presentations, interactive e-learning modules, videos, demonstrations, and quizzes.
AWS were excited to announce a free new digital curriculum: Managing Amazon Simple Storage Service. This advanced 150-minute curriculum covers techniques to simplify the management of Amazon S3 storage. Designed for cloud architects, storage architects, developers, and operations engineers, it includes interactive lessons, video demonstrations, a self-paced lab, and quizzes. The self-paced lab costs up to 15 USD per lab (this cost is not included with free digital training on aws.training).
AWS are excited to announce the launch of their new digital course, Getting Started with DevOps on AWS, together with the optional Getting Started with DevOps on AWS self-paced lab. This course explores the basics of developing, delivering, and maintaining high-quality secure applications and services at high velocity on AWS. The course covers the philosophies, practices, and tools used to implement a DevOps environment on AWS, while the lab gives you practical experience with the technologies discussed in the course.
AWS Training and Certification were excited to announce the launch of the updated AWS Cloud Practitioner Essentials digital course on Coursera and edX. If you’re new to the cloud or in a technical or non-technical role such as finance, legal, sales, or marketing, this course provides you with an understanding of fundamental AWS Cloud concepts to help you gain the confidence to contribute to your organization’s cloud initiatives.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : Azure Events
AWS Events:
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: AWS Events
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't opened a free hava.io account to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs, you can below - if you have questions, please get in touch.
You can reach us on chat, email sales@hava.io to book a callback or demo.
Read more about Hava Azure Infrastructure Diagrams here.
Read more about Hava AWS Architecture Diagrams here.
Read more about Hava GCP Architecture Diagrams here