Hava Blog and Latest News

In Cloud Computing This Week [Mar 26th 2021]

Written by Team Hava | March 26, 2021

This week's roundup of all the cloud news.



Here's a round up of all things GCP, Azure and AWS for the week ending Friday 26th March 2021. 

Here at Hava we've been doing even more cool website and platform design planning and you should start seeing the benefits soon.

To stay in the loop, make sure you subscribe on the right - There's a new Newsletter series starting soon that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of. 

Of course we'd love to keep in touch at the usual places. Come and say hello on:




AWS Updates and Releases


Amazon ElastiCache for Redis now supports highly available clusters on AWS Local Zones

Amazon ElastiCache for Redis now supports running clusters with high availability across multiple AWS Local Zones. AWS Local Zones are an extension of an AWS Region where you can run your latency-sensitive applications using AWS services in geographic proximity to end-users. Previously, Amazon ElastiCache for Redis only supported launching a cluster in a single AWS Local Zone.

AWS Security Hub integrates with Amazon Macie to automatically ingest sensitive data findings for improved centralized security posture management

AWS Security Hub is now integrated with Amazon Macie to automatically ingest sensitive data findings from Macie. Security Hub previously ingested policy findings from Macie, and this integration adds sensitive data findings. All of Security Hub’s findings are automatically normalized using the AWS Security Finding Format (ASFF), enabling you to more easily search, correlate, and operationalize them. To get started, visit the Settings page in the Macie console  and select Security Hub as a publish destination for sensitive data findings. 

AWS Backup is now available in the AWS Asia Pacific (Osaka) Region

AWS Backup, a cost-effective, fully managed, policy-based service that further simplifies data protection at scale, is now available in the AWS Asia Pacific (Osaka) Region. With AWS Backup, you can centralize and automate data protection across AWS services and accounts, to support your regulatory compliance obligations and meet your business continuity goals.


Today Amazon Lookout for Metrics is generally available to all AWS customers. Lookout for Metrics is a machine learning (ML) service that detects anomalies or unexpected changes in your metrics, helping you proactively monitor the health of your business, diagnose issues and find opportunities quickly – with no ML experience required.


AWS License Manager automated discovery now allows customers to exclude instances that do not need license payment per a customer’s licensing agreements. AWS License Manager automatically tracks instances across AWS and on-premises environments based on customer defined rules. While configuring automated discovery, administrators can now define exclusion rules using custom defined tags or AWS Account IDs to identify instances that should not count towards license usage. It helps automated discovery exclude instances that matches these rules and thus further simplifies the management of software licenses.


Amazon Elastic File System (Amazon EFS) One Zone is now available in the Asia (Osaka) Region, reducing storage costs by 47% compared to Amazon EFS Standard storage classes, while maintaining the Amazon EFS capabilities that customers love

Amazon Kinesis Data Analytics now supports Python with Apache Flink v1.11

Amazon Kinesis Data Analytics for Apache Flink now supports streaming applications built using Python version 3.7. This enables you to write streaming applications in the Python language and run them using Apache Flink v1.11 on Amazon Kinesis Data Analytics. Apache Flink v1.11 offers support for Python through the Table API, which is a unified, relational API for data processing


AWS IoT Core now enables customers to customize the behavior of their data endpoints, making it simpler to onboard IoT applications with existing devices in the field. Customers can now configure their data endpoints with custom domain names and associated server certificates stored in AWS Certificate Manager. They can also attach custom authorizers , and create multiple data endpoints for their accoun

AWS Snowcone is now available in the AWS Asia Pacific (Sydney) Region in Australia

The AWS Snowcone service is now available for order for customers in the AWS Asia Pacific (Sydney) Region. With this launch, Snowcone is now available for order in Asia Pacific (Sydney), EU (Frankfurt), EU (Ireland), US East (N. Virginia), and US West (Oregon) Regions. AWS Snowcone is the smallest member of the AWS Snow Family of edge computing, edge storage, and data transfer devices. Snowcone is portable, rugged, and secure – small and light enough to fit in a backpack, and able to withstand harsh environments. Customers use Snowcone to deploy applications at the edge, and to collect data, process it locally, and move it to AWS either offline (by shipping the device to AWS) or online (by using AWS DataSync on Snowcone to send the data to AWS over the network).

Amazon and Red Hat announce the General Availability of Red Hat OpenShift Service on AWS (ROSA)

Containers have proven popular with AWS and Red Hat customers because they increase developer velocity, improve application portability, and enable faster application development. Currently, AWS offers a broad range of containers technology in the cloud, including Amazon Elastic Containers Service (ECS), Amazon Elastic Kubernetes Service (EKS), Amazon ECS and Amazon EKS with AWS Fargate. Now customers have an additional option with the launch of Red Hat OpenShift Service on AWS (ROSA), which provides a new managed service that makes it easier for Red Hat OpenShift customers to build, scale, and manage containerized applications on AWS.

Amazon AppFlow now supports Zendesk as a destination

Amazon AppFlow, a fully managed integration service that helps customers to securely transfer data between AWS services and software-as-a-service (SaaS) applications in just a few clicks, now supports Zendesk  as a destination.

Now available AWS SSO credential profile support in the AWS Toolkit for VS Code

With this new release of the AWS Toolkit for VS Code, customers can use federated credentials, MFA and AWS Single Sign-On (AWS SSO) to connect Visual Studio Code to AWS. Using AWS SSO,  users can sign in to their organization’s Active Directory, a built-in AWS SSO directory, or another external identity provider (IdP) connected to AWS SSO. 


You can now access Amazon Timestream APIs from your Amazon Virtual Private Cloud (Amazon VPC) using VPC endpoints. Amazon VPC endpoints are easy to configure and provide reliable connectivity to Amazon Timestream APIs  without requiring an internet gateway or a Network Address Translation (NAT) instance.

AWS CloudTrail Adds Logging of Data Events for Amazon DynamoDB

AWS CloudTrail now supports logging of data events for Amazon DynamoDB. With this new feature, you can now use CloudTrail to log item-level DynamoDB activity from all your DynamoDB tables or specific tables with read-only and write-only filters. You can also use CloudTrail advanced event selectors for more granular control of which data events you want to log from DynamoDB. All DynamoDB data events are delivered to an Amazon S3 bucket and Amazon CloudWatch Events, which creates an audit log of data access and allows you to respond to events recorded by CloudTrail. Details on when and who made DynamoDB API calls enhances data visibility for security and operations engineering teams. For example, you can quickly determine which DynamoDB items were created, read, updated or deleted and identify the source of the API calls. If you detect unauthorized DynamoDB activity, you can also take immediate action to restrict access.

AWS Cloud Map now supports API-only services in namespaces configured with DNS resolution

You can now manage non-IP based cloud resources in AWS Cloud Map’s public and private DNS namespaces. AWS Cloud Map is a cloud resource discovery service. Using AWS Cloud Map, you can define custom names for your application resources, such as Amazon ECS tasks, Amazon EC2 instances, Amazon S3 buckets, Amazon DynamoDB tables, or any other cloud resource. Your application can then discover the location and metadata of cloud resources associated with these custom names via AWS SDK or by making authenticated API calls.

Create forecasting systems faster with automated workflows and notifications in Amazon Forecast

We are excited to announce that you can now enable notifications for workflow status changes while using Amazon Forecast, allowing you to work seamlessly without the disruption of having to check if a particular workflow has completed. Additionally, you can now automate workflows through the notifications to increase work efficiency. Amazon Forecast uses machine learning (ML) to generate more accurate demand forecasts, without requiring any prior ML experience. Amazon Forecast brings the same technology used at Amazon.com to developers as a fully managed service, removing the need to manage resources or rebuild your systems.

Announcing General Availability of AWS IoT Device Defender ML Detect

This week, AWS announced the general availability of ML Detect, a new feature of AWS IoT Device Defender that automatically detects device-level operational and security anomalies across your IoT fleet by learning from your past data. Now, in addition to being able to manually set static alarms with AWS IoT Device Defender Rules Detect, you can use machine learning to automatically learn your fleet's expected behaviors so that you don’t need an in-depth understanding of how your devices act across a range of metrics to get started.  


AWS Backup adds support for bulk deletion of recovery points from backup vaults in the AWS Backup console. You can now select multiple recovery points for deletion at one time.  

Amazon Elasticsearch Service announces Auto-Tune feature for improved performance and application availability

Amazon Elasticsearch Service now supports automated memory management of Elasticsearch clusters with the new Auto-Tune feature. Auto-Tune is an adaptive resource management system that automatically adjusts Elasticsearch internal settings to handle dynamic workloads, optimizing cluster resources to improve efficiency and performance. With Auto-Tune, you can achieve performance boost in ingestion throughput for log analytics workloads, and reduced tail latencies for search queries.  


Now you can use AWS CloudTrail to log data-plane API activity to monitor, alarm, and archive item-level activity in your Amazon DynamoDB tables. You can use this information about item-level activity as part of an audit, to help address compliance requirements, and monitor which AWS Identity and Access Management (IAM) users, roles, and permissions are being used to access your table data.


The Amazon Elastic File System (EFS) Container Storage Interface (CSI) driver now supports dynamic provisioning of Kubernetes persistent volumes. Kubernetes applications requiring access to a shared file system on AWS can now have storage provisioned on demand, eliminating the need for cluster administrators to pre-provision volumes.

Amazon Redshift Spectrum launches in four additional AWS Regions

Amazon Redshift Spectrum is now available in four additional AWS Regions: Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan), and AWS GovCloud (US-East)


Today we are announcing new Hugging Face integrations with Amazon SageMaker to help data scientists develop, train, and tune state-of-the-art natural language (NLP) models more quickly and easily.

AWS Glue Studio now supports transforms defined in SQL

AWS Glue Studio now provides the option to define transforms using SQL queries, allowing you to perform aggregations, easily apply filter logic to your data, add calculated fields, and more. This feature makes it easy to seamlessly mix SQL queries with AWS Glue Studio’s visual transforms while authoring ETL jobs.

AWS Cost Categories now supports inherited and default values

Starting today, you can use inherited and default values with AWS Cost Categories. AWS Cost Categories enables you to define rules to categorize your costs using dimensions such as accounts, tags, services, charge types, and even other Cost Categories. With the new features, you can achieve more efficient and holistic categorization of your cost and usage information.

Amazon QuickSight launches Custom Tooltips, Updates to Anomaly Detection, and More

Amazon QuickSight launches customized tooltips, which enable dashboard readers to get additional insights from visuals. Custom tooltips provide additional context to any visuals with more dimensions and metrics added beyond those already available on the visual. Dashboard authors can configure these tooltips, sort the display order, and customize field names within the tooltip. To learn more about tooltips, see here .

Amazon EC2 Inf1 instances based on AWS Inferentia now available in 4 additional regions

AWS has expanded the availability of Amazon EC2 Inf1 instances to Europe (Milan), Europe (Stockholm), and AWS GovCloud (US) Regions. Inf1 instances are powered by AWS Inferentia chips, which AWS custom-designed to provide high performance and lowest cost machine learning inference in the cloud.  

AWS IoT Core’s Apache Kafka action now supports username and password authentication for Amazon Managed Streaming for Apache Kafka (Amazon MSK)

Customers using the AWS IoT Core Apache Kafka action to connect their IoT applications to Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters can now use usernames and passwords to authenticate their rules. The Apache Kafka action for AWS IoT Core evaluates inbound messages and delivers them to your Amazon MSK or self managed Apache Kafka cluster.

AWS Client VPN announces expanded presence inside six AWS Regions

AWS Client VPN has expanded the number of Availability Zones supported inside the US East (Northern Virginia), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), and Canada (Central) regions. This expansion gives you more zones to choose from and additional flexibility when associating subnets. This change also increases the number of concurrent connections you can make per endpoint in these Regions.


Amazon EC2 now supports Unified Extensible Firmware Interface (UEFI) boot when migrating virtual machines from on-premise to EC2 without having to convert them to Legacy BIOS. UEFI is a modern firmware that initializes your operating system.


Google Cloud Releases and Updates


Access Approvel

Access Transparency logs contain a new field called accessApprovals. This field lists the approvals that granted access to a resource that is enrolled in Access Approval. Access Transparency logs published before March 24, 2021 will not have this field populated. This feature is subject to Access Approval exclusions and only available for the services supported by Access Approval.

Anthos clusters on VMware

Anthos clusters on VMware 1.7.0-gke.16 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.7.0-gke.16 runs on Kubernetes 1.19.7-gke.2400.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting GKE On-Prem are 1.6, 1.5, and 1.4.

Cluster lifecycle improvements

    • The cluster upgrade process has changed. Instead of upgrading the admin cluster first, you can upgrade user clusters to the newer version without upgrading the admin cluster. The new flow, which requires upgrading gkeadm, allows you to preview new features before performing a full upgrade with the admin cluster. In addition, the 1.7.0 version of gkectl can perform operations on both 1.6.X and 1.7.0 clusters.

    • Starting with version 1.7.0, you can deploy Anthos clusters on vSphere 7.0 environments in addition to vSphere 6.5 and 6.7. Note that Anthos clusters on VMware will phase out vSphere 6.5 support following VMware end of general support timelines.

      Platform enhancements

      • GA: Node auto repair is now generally available and enabled by default for newly created clusters. When the feature is enabled, cluster-health-controller performs periodic health checks, surfaces problems as events on cluster objects, and automatically repairs unhealthy nodes.

      • GA: vSphere resource metrics is now generally available and enabled by default for newly created clusters. When the feature is enabled, VM level resource contention metrics are collected and displayed in the VM health dashboards automatically created through out-of-the-box monitoring. You can use these dashboards to track VM resource contention issues.

      • GA: Dataplane V2 is now generally available and can be enabled in newly created clusters.

      • GA: Network Policy Logging is now generally available. Network policy logging is available only for clusters running Dataplane V2.

      • You can attach vSphere tags to user cluster node pools during cluster creation and update. You can use tags to organize and select VMs in vCenter.


Big Query

BigQuery, BI Engine, Big Query Data Transfer and ML are now available in the Warsaw (europe-central2) region.

Cloud Build

Cloud Composer

Cloud DNS

The API for updating ResourceRecordSets in Cloud DNS is now available in GA.

Cloud Interconnect

Cloud Load Balancing

Subsetting for internal TCP/UDP load balancers lets you scale your internal TCP/UDP load balancer to support a larger number of backend VM instances per internal backend service.

This feature is in Preview.

Cloud Logging

Cloud Run

Cloud Scheduler

Cloud Spanner

Cloud Spanner regional instances can now be created in Warsaw (europe-central2).

Cloud SQL for PostgreSQL

Support available in europe-central2 (Warsaw)

Compute Engine

Generally available: Start and stop virtual machine (VM) instances automatically using instance schedules. By automating the deployment of your VMs, instance schedules can help you optimize costs and manage VMs more efficiently.

General-purpose E2 and N1 machines are available in Warsaw, Poland europe-central2 in all three zones. See VM instance pricing for details.

Disks, snapshots, and images are available in Warsaw, Poland europe-central2 in all three zones. See Disks and image pricing for details.

Support for OS Login in VPC Service Controls is now Generally Available.

Config Connector

Config Connector version 1.44.0 is now available.

Added support for the ContainerAnalysisNote resource (no config-connector CLI support)

Added mtu field to ComputeInterconnectAttachment.

Added nodeConfig.ephemeralStorageConfig field to ContainerCluster and ContainerNodePool.

Added settings.backupConfiguration.backupRetentionSettings and settings.backupConfiguration.transactionLogRetentionDays fields to SQLInstance.

Made materializedView.query field in BigQueryTable immutable.

Deprecated nicType field in ComputeInstanceTemplate.

Added support for acquisitions of Folder using displayName and folderRef/organizationRef.

Fixed incorrect file extension for Terraform files output by the config-connector CLI.

config-connector CLI now supports a flag to filter out deleted IAM members

Added support for IAPBrand (no config-connector CLI support)

Added support for IAPIdentityAwareProxyClient (no config-connector CLI support)

Conflict Prevention is now turned off by default. The current implementation results in the Ready condition destabilizing despite the resource reflecting user-desired state.

Work is enqueued to improve this behavior, but the functionality is turned off for new resources in the interim.

Webhook certificates that do not contain a SAN are now re-created on upgrade of the Config Connector operator.

Added support for folderRef and organizationRef in Project and Folder.


Dataflow SQL now supports user-defined functions (UDFs) written using SQL. For more information, see Dataflow SQL user-defined functions. This feature is in Preview.


The default Dataproc image is now image version 2.0.

Announcing the General Availability (GA) release of Dataproc cluster Stop/Start.

New sub-minor versions of Dataproc images: 1.3.88-debian10, 1.3.88-ubuntu18, 1.4.59-debian10, 1.4.59-ubuntu18, 1.5.34-centos8, 1.5.34-debian10, 1.5.34-ubuntu18, 2.0.7-centos8, 2.0.7-debian10, and 2.0.7-ubuntu18.

Image 2.0:

    • Updated Iceberg to version 0.11.0.
    • Updated Flink to version 1.12.2.

Google Cloud Armor
Google Kubernetes Engine
Starting this week, the mechanism Google use to create GKE release notes will change. Although this change does not affect the content of the notes, it does affect the presentation and underlying syntax. If you subscribe to the XML feed for this page, entries for March 24 and earlier will be updated as a result of changes to formatting and syntax; the content itself did not change.

The feed URL will also change from https://cloud.google.com/feeds/kubernetes-engine-release-notes.xml to https://cloud.google.com/feeds/gke-main-release-notes.xml. Google will automatically redirect from the old URL to the new one.

Workload Identity for Windows Server nodes is now available in GKE versions 1.18.16-gke.1200, 1.19.8-gke.1300, 1.20.4-gke.1500, and later.

Windows Server, version 1909 is reaching end of support on May 11, 2021. Newer Windows Server image versions are available in GKE versions 1.19.8-gke.1600+ and 1.20.4-gke.500+.
Identity and Access Management
Resource Manager

The Resource Manager v3 API has been released into public preview. For more information, see the API reference documentation

Virtual Private Cloud

For auto mode VPC networks, added a new subnet for the Warsaw europe-central2 region. For more information, see Auto mode IP ranges.

The ability to connect VM interfaces other than nic0 to a Shared VPC is now available in General Availability for instance templates and managed instance groups. This feature is available in the gcloud command-line tool and the API.



Microsoft Azure Releases And Updates



General availability: New VM series supported by Azure Batch


Take advantage of new VM sizes that are now available when creating your Batch pools, including the latest HPC and GPU sizes.

General availability: IoT Hub Azure portal extension update


If you're using IP filter, add your computer's IP address to the allow list to keep using IoT Hub in Azure portal.

Public preview: Announcing the new Power BI embedded analytics playground

Check out the new Power BI embedded analytics playground (public preview). You can find in the new playground experiences for developer and non-developers to get first-hand experience of Power BI embedded analytics.

AzCopy v10.9.0 now in public preview: import from GCP to Azure Block Blobs

AzCopy v10.9.0 now in preview supports Google Cloud Platform (GCP) to Microsoft Azure Storage Block Blob imports. This version also includes scanning logs which can help in debugging. 


Public preview: IPv6 Support for ExpressRoute Private Peering

This support will unlock hybrid connectivity for you as you expand into new, IPv6-dependent markets or transition to IPv6 in your own networks.


Automate tasks across Azure & Non-Azure environment using PowerShell and Python based scripts.

Azure Container Registry now available in Norway East region

Azure Container Registry is now generally available in Norway East region. Azure Container Registry handles private Docker container images as well as related content formats, such as Helm charts, OCI artifacts, and images built to the OCI image format specification.

General availability: Publishing VM Images from Shared Image Gallery to Azure Marketplace

ISVs can capture their images directly into Shared Image Gallery and select those images for publishing with an inline experience in Partner Center in just two steps.


Log Analytics enhances pinned parts Azure Dashboards experience.


UPComing Training & Events: 



Updated classroom course: Advanced Architecting on AWS

AWS announced the launch of the updated Advanced Architecting on AWS course this week. This instructor-led training course is designed for cloud architects who want to extend their baseline knowledge of AWS services. An expert AWS instructor will help you learn advanced architecting topics such as hybrid connectivity and hybrid AWS devices, networking with a focus on AWS Transit Gateway connectivity, AWS Container services, automation tools for CI/CD, security options, and much more.

New digital course: AWS Cloud Technical Essentials


AWS Training and Certification launched a new course entitled AWS Cloud Technical Essentials. Available for free on Coursera and edX, this course uses video lectures and demonstrations to teach the technical fundamentals of AWS. Upon course completion, learners will be able to make an informed decision about when and how to apply core AWS services for compute, storage, and database to different use cases.

New digital course: Amazon S3 Cost Optimization

AWS are excited to announce a free digital course: Amazon Simple Storage Service Cost Optimization. This advanced 60-minute course explores techniques and tools you can use to optimize your Amazon S3 costs. Designed for cloud architects, storage architects, developers, and operations engineers, it includes interactive lessons and video demonstrations. 

Four new AWS digital training offerings for AWS End User Computing


AWS introduced four new digital training offerings that help you learn how to plan, deploy, secure, and manage cloud-based desktops and applications. The offerings are designed for desktop or virtual desktop infrastructure managers, IT administrators, and technical professionals interested in cloud-based virtualization. These free self-paced courses and curriculums include presentations, interactive e-learning modules, videos, demonstrations, and quizzes.


Azure Virtual Events

Microsoft have a full schedule of Virtual Events

A  full list including session times and details are here : Azure Events

AWS Events:

AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: AWS Events

Thanks for reading again this week, we hope you found something useful. 

hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.

If you haven't opened a free hava.io account to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs, you can below - if you have questions, please get in touch. 


You can reach us on chat, email sales@hava.io to book a callback or demo.




Read more about Hava Azure Infrastructure Diagrams here.

Read more about Hava AWS Architecture Diagrams here.

Read more about Hava GCP Architecture Diagrams here