This week's roundup of all the cloud news.
Here's a round up of all things GCP, Azure and AWS for the week ending Friday 19th March 2021. This week was a little less frantic, however there were plenty of announcements from all three cloud vendors that Hava currently supports.
Here at Hava we've been doing lots more cool design planning and self-hosted streamlining to make it even easier for you to host Hava internally to keep your security team super happy.
More details soon.
To stay in the loop, make sure you subscribe on the right - There's a new Newsletter series starting soon that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
Amazon RDS for MySQL now supports rollback protection for database major version upgrades
Amazon Relational Database Service (Amazon RDS) for MySQL now offers rollback protection for major version upgrades.
Amazon QLDB Increases Verification APIs Throughput by an Order of Magnitude
Amazon Quantum Ledger Database (Amazon QLDB) launches increased performance and latency reduction for control plane verification APIs. With this improvement, QLDB customers will experience an average latency reduction of up to 70% and the ability to scale at least 10 times from the current call volumes in many scenarios.
Amazon EC2 Auto Scaling Instance Refresh now supports phased deployments
The Amazon EC2 Auto Scaling Instance Refresh feature enables customers to update the EC2 instances in their Auto Scaling groups on a rolling basis. Now, Instance Refresh gives customers more control over the update process by letting them configure Instance Refresh checkpoints to phase their deployments. An Instance Refresh checkpoint specifies what percent of the Auto Scaling group’s instances should be replaced and how long to wait before continuing with the rolling update. This gives AWS customers time to perform any necessary validation or testing steps at various checkpoints.
S3 Object Lambda allows you to add your own code to S3 GET requests to modify and process data as it is returned to an application
With S3 Object Lambda you can add your own code to S3 GET requests to modify and process data as it is returned to an application. For the first time, you can use custom code to modify the data returned by standard S3 GET requests to filter rows, dynamically resize images, redact confidential data, and much more.
AWS Launch Wizard now supports ‘No Rollback on Failure’
Starting this week, AWS Launch Wizard deployments support the ‘No Rollback on Failure’ feature for all Launch Wizard applications. Now, when a Launch Wizard deployment fails, resources that were created as part of the deployment will not be immediately deleted/rolled back.
New AWS SSO gallery app simplifies Azure AD set-up with AWS
The new AWS Single Sign-On (SSO) app, found in the Azure Active Directory app gallery, makes it easier to use your Azure AD identities for sign-in across multiple AWS accounts and AWS SSO integrated applications. Customers who want a centralized way to manage Azure AD users and groups across AWS can use the app to connect Azure AD to AWS SSO once. Customers can then manage permissions to AWS centrally in AWS SSO, and enable users to sign in using Azure AD to access assigned AWS accounts and applications, such as Amazon SageMaker Studio Notebooks.
AWS announces Developer Preview release of opinionated deployment tool for .NET CLI
AWS introduces the Developer Preview of its opinionated deployment tool for .NET cloud-native applications. Using this tool, developers can now deploy their .NET applications in just a few easy steps from the .NET CLI.
IAM Access Analyzer now supports over 100 policy checks with actionable recommendations to help you author secure and functional policies
AWS Identity and Access Management (IAM) Access Analyzer makes it easier to implement least privilege permissions by analyzing resource policies to provide provable security and help you identify unintended public or cross-account access. A recent update allows you to validate public and cross-account access before deploying permissions changes. Now, we are extending policy validation in IAM Access Analyzer by adding over 100 policy checks with actionable recommendations. These checks use static analysis to help you proactively validate your permission policies during policy authoring to set secure and functional permissions. The checks include functional validation like developers might expect from a linter, and go beyond that to evaluate best practices in granting access. These checks analyze your policy and report security warnings, errors, general warnings, and suggestions based on their impact. They provide actionable recommendations that guide you to set secure and functional permissions. For example, IAM Access Analyzer reports a security warning when your policy grants access to pass any role to any service, which is overly permissive. The security warning includes a recommendation that you scope down the permissions to pass specific role(s) instead.
Amazon RDS Proxy now supports database connectivity from multiple Amazon VPCs
Amazon RDS Proxy now lets you create additional endpoints each with their own VPC settings, enabling access to your Aurora or RDS databases from applications in a different VPC.
Amazon RDS Proxy adds read-only endpoints for Amazon Aurora Replicas
Amazon RDS Proxy now lets you create an additional read-only endpoint to connect your application to Amazon Aurora Replicas. In some cases, RDS Proxy helps improve application scalability, resiliency, and security. These benefits can extend to your Aurora Replicas when connected through the RDS Proxy.
AWS IoT SiteWise Monitor adds support for accessing Monitor portals using AWS Identity and Access Management (IAM) users and roles
AWS IoT SiteWise is a managed service that makes it easy to collect, store, organize and monitor data from industrial equipment at scale to help you make better, data-driven decisions.
Announcing support for multiple containers on Amazon SageMaker Inference endpoints, leading to cost savings of up to 80%
Amazon SageMaker now supports deploying multiple containers on real-time endpoints for low latency inferences and invoking them independently for each request. This new capability enables you to run up to five different machine learning (ML) models and frameworks on a single endpoint and save up to 80% in costs. This option is ideal when you have multiple ML models with similar resource needs and when individual models don't have sufficient traffic to utilize the full capacity of the endpoint instances. For example, if you have a set of ML models that are invoked infrequently or at different times, or if you have dev/test endpoints.
Announcing the General Availability of Amazon Corretto 16
Amazon Corretto 16 is now generally available. This version supports the latest Java feature release JDK 16 and is available on Linux, Windows, and macOS. You can download Corretto 16 from the AWS GitHub Releases .
Announcing new Amazon EC2 X2gd instances powered by AWS Graviton2 processors
Amazon S3 Glacier announces a 40% price reduction for PUT and Lifecycle requests
Amazon S3 is reducing the cost to move data to Amazon S3 Glacier by lowering PUT and Lifecycle request charges by 40% for all AWS Regions. You can use the S3 PUT API to directly store compliance and backup data in S3 Glacier that does not require immediate access. You can also use S3 Lifecycle policies to move data from S3 Standard, S3 Standard-Infrequent Access, or S3 One Zone-Infrequent Access to S3 Glacier to save on storage costs when data becomes rarely accessed.
AWS Cost Anomaly Detection now supports AWS CloudFormation
AWS Cost Anomaly Detection now supports provisioning cost monitors and alert subscriptions via AWS CloudFormation templates . You can now set up Cost Anomaly Detection via JSON or YAML commands, enabling quick, consistent, and scalable configurations across AWS accounts.
Bundle Management APIs now generally available for Amazon WorkSpaces
Amazon WorkSpaces bundle management APIs are now available for customers to perform WorkSpaces bundle operations via command-line interface (CLI). The new set of APIs supports creation, deletion, and image association operations for WorkSpaces bundles. These APIs are intended for use by WorkSpaces administrators who want to automate WorkSpaces management workflows.
AWS Config Adds 3 New Config Rules for Amazon Secrets Manager
AWS Config now supports three new AWS Config managed rules to help you verify that your secrets in AWS Secrets Manager are configured in accordance with your organization’s security and compliance requirements. AWS Config records and evaluates configurations of your AWS resources. AWS Config managed rules are predefined rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. AWS Secrets Manager helps easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle.
Amazon ECS now allows you to execute commands in a container running on Amazon EC2 or AWS Fargate
Amazon Elastic Container Service (Amazon ECS) introduces Amazon ECS Exec - a simple, secure, and auditable way for customers to execute commands in a container running on Amazon Elastic Compute Cloud (Amazon EC2) instances or AWS Fargate. ECS Exec gives you interactive shell or single command access to a running container making it easier to debug issues, diagnose errors, collect one-off dumps and statistics, and interact with processes in the container.
Google Cloud Releases and Updates
Cloud Interconnect support for GRE traffic is available in Preview.
Cloud Load Balancing
Suggested queries is now generally available (GA)
Shared VPC on Cloud Runis now at general availability (GA).
The Cloud Console query page has been updated with a revamped query editor, which now offers improved autocomplete, prevalidation of your query, formatting options, and the ability to run a selection from your query. This update also includes a new query plan visualizer. For a tour of these features and to learn more, see Tuning a query using the query plan visualizer.
Cloud SQL for PostgreSQL
Preview: You can now configure N2 and C2 VMs with up to 100 Gbps of network bandwidth.
This feature is ideal for network-intensive, distributed workloads such as high-performance computing (HPC), machine learning (ML), and deep learning (DL).
M2 machine types are now available in the following regions and zones:
- Sydney —
- London —
Montréal — northamerica-northeast1-b,c
- Sydney —
Generally Available: NVIDIA® A100 GPUs are now available in the following three regions:
- Iowa, North America:
- Netherlands, Europe:
- Iowa, North America:
Google Cloud Armor
Identity and Access Management
The Organization Policy Service v2 API has launched into general availability.
- You can now apply conditions for the enforcement of organization policies. For more information, see Setting an organization policy with tags.
- For more details about the new version of the API, see the v2 tabs on the Using constraints page.
Tags have been launched into general availability
Microsoft Azure Releases And Updates
Directory scoped shared access signatures (SAS) generally available
Directory scoped SAS allows more granular access assignment for ADLS Gen2.
AZURE DATA EXPLORER PERFORMANCE UPDATE (ENGINEV3) IS NOW GENERALLY AVAILABLE
Azure Data Explorer (Kusto) is announcing the general availability of it's performance update (EngineV3) which provides unprecedented performance in Big Data Logs and telemetry scenarios.
Public preview: App Service Managed Certificates now supports apex domains
Create apex domains on your Linux and Windows web app at no additional cost.
Service Broker message exchange for Azure SQL Managed Instance in public preview
Service Broker message exchange between Azure SQL Managed Instances (public preview) allows you to build reliable distributed applications with asynchronous message processing functionality by leveraging SQL Server engine’s native support for messaging/queuing.
General availability: Azure Data Explorer (ADX) Performance Updates
The next version of Azure Data Explorer (ADX) with performance updates is now available.
MACHINE LEARNING SERVICES ON AZURE SQL MANAGED INSTANCE NOW GENERALLY AVAILABLE
Use machine learning capabilities on a Managed Instance of Azure SQL Database for ease of moving your data, packages, and models to a cloud ready environment fully configured for machine learning.
General availability: Dynamic data masking granular permissions for Azure SQL and Azure Synapse Analytics
Control who can access your SQL data by using dynamic data masking granular permission on your Azure SQL Database, Azure Synapse Analytics, and Azure SQL Managed Instance.
AZURE MONITOR SQL INSIGHTS FOR AZURE SQL IN PUBLIC PREVIEW
Get a single monitoring experience for all your cloud-based SQL deployments with Azure Monitor SQL insights
Long-term backup retention (LTR) for Azure SQL Managed Instance in public preview
Configure long-term backup retention for SQL Managed Instance databases and retain database backups beyond the 35 days provided by Azure SQL Managed Instance automated backups, for up to 10 years.
Generally available: Monitor your spending through forecasted cost alerts with Azure Cost Management and Billing
Prevent cost overruns with Azure budget alerts on forecasted costs
Azure API Management support for request and response validation policies has reached general availability.
Protect your APIs from several OWASP API Security Top 10 vulnerabilities without requiring an add-on solution.
Limited preview: Make workloads on AMD-backed virtual machines confidential without recompiling code
Azure and AMD announce landmark in confidential computing evolution -- it is now even easier to extend your protection of data at rest and data in transit to protect data in use.
Azure Storage Explorer v1.18.0 is now generally available
New release of Azure Storage Explorer (v1.18.0) will decrease time to load, connect, and transfer data to Azure Storage.
Azure IoT Central new and updated features—February 2021
February updates include device model, API, dashboard, and documentation improvements.
Brazil South Availability Zones now generally available
Azure Availability Zones are now generally available in the Brazil South region. These three new zones provide customers with options for additional resiliency and tolerance to infrastructure impact.
AZURE EXPANDS PCI DSS CERTIFICATION
You can now leverage Azure’s Payment Card Industry Data Security Standard (PCI DSS) certification across all live Azure regions.
UPComing Training & Events:
New digital course: AWS Cloud Technical Essentials
AWS Training and Certification launched a new course entitled AWS Cloud Technical Essentials. Available for free on Coursera and edX, this course uses video lectures and demonstrations to teach the technical fundamentals of AWS. Upon course completion, learners will be able to make an informed decision about when and how to apply core AWS services for compute, storage, and database to different use cases.
New digital course: Amazon S3 Cost Optimization
AWS are excited to announce a free digital course: Amazon Simple Storage Service Cost Optimization. This advanced 60-minute course explores techniques and tools you can use to optimize your Amazon S3 costs. Designed for cloud architects, storage architects, developers, and operations engineers, it includes interactive lessons and video demonstrations.
Four new AWS digital training offerings for AWS End User Computing
AWS introduced four new digital training offerings that help you learn how to plan, deploy, secure, and manage cloud-based desktops and applications. The offerings are designed for desktop or virtual desktop infrastructure managers, IT administrators, and technical professionals interested in cloud-based virtualization. These free self-paced courses and curriculums include presentations, interactive e-learning modules, videos, demonstrations, and quizzes.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : Azure Events
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: AWS Events
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't opened a free hava.io account to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs, you can below - if you have questions, please get in touch.
You can reach us on chat, email firstname.lastname@example.org to book a callback or demo.
Read more about Hava Azure Infrastructure Diagrams here.
Read more about Hava AWS Architecture Diagrams here.
Read more about Hava GCP Architecture Diagrams here