This week's roundup of all the cloud news.
Here's a round up of all things GCP, Azure and AWS for the week ending Friday 5th March 2021 and there were plenty of announcements from all three cloud vendors that Hava currently supports.
How is it even March already?
Here at Hava we've been doing lots of cool design planning and self-hosted streamlining to make it even easier for you to host Hava internally to keep your security team super happy.
More details soon.
To stay in the loop, make sure you subscribe on the right - There's a new Newsletter series starting soon that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
AWS Secrets Manager now provides support to replicate secrets in AWS Secrets Manager to multiple AWS Regions
AWS Secrets Manager now enables you to replicate secrets across multiple AWS Regions. You can now give your multi-Region applications access to replicated secrets in the corresponding Regions and rely on AWS Secrets Manager to keep the replicas in sync with the primary secret. In scenarios such as disaster recovery, you can read replicated secrets from your recovery Region, even if your Primary Region is unavailable. You can use this functionality through the AWS Secrets Manager console , CreateSecret and ReplicateSecretToRegions API, or via AWS CloudFormation to replicate secrets in one or more Regions.
AWS Network Firewall is now available in the US East (Ohio), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Stockholm) AWS Regions
Starting today, AWS Network Firewall is available in the US East (Ohio), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Stockholm) AWS Regions.
Amazon EC2 P4d Instances now available in the US East (Ohio) and Asia Pacific (Tokyo) regions
Amazon EC2 P4d instances which provide the highest performance for machine learning training and high performance computing in the cloud are now available in the US East (Ohio) and Asia Pacific (Tokyo) regions.
Amazon EventBridge introduces support for API Destinations
AWS Step Functions adds tooling support for YAML
AWS Step Functions now supports YAML state machine definitions within the AWS Toolkit for Visual Studio Code and in AWS CloudFormation, making it possible to define workflows in the same language as your infrastructure as code.
AWS Systems Manager OpsCenter now displays an aggregated view of all operational issues for a specified resource
Starting this week, you can view all operational issues (OpsItems) for an impacted resource in AWS Systems Manager OpsCenter. OpsCenter allows operations engineers and IT professionals to investigate, diagnose, and resolve operational issues related to AWS resources from a central place. This enables you to understand the greater context while troubleshooting an issue such as an instance failure, and helps you to resolve issues faster.
AWS Certificate Manager now provides certificate expiry monitoring through Amazon CloudWatch
AWS Certificate Manager (ACM) now publishes certificate metrics and events through Amazon CloudWatch and Amazon EventBridge . Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates are used to secure network communication and establish the identity of websites over the internet. Certificates have a defined lifetime and for continued use need to be renewed before they expire. These new metrics and events help administrators keep track of certificate expiration dates and take necessary action or configure automation to prevent certificate expiry and related outages.
Amazon VPC Flow Logs now reflects AWS Service name, Traffic Path and Flow Direction
AWS Glue DataBrew extends its datasets to support files without an explicit file extension or a header row
AWS Glue DataBrew extends its datasets to support files without an explicit file extension or a header row. Often times, extensionless files are tricky to work with and require visually exploring the data to understand it. Similarly, customers often work with files without an explicit row that defines the header in the file. In both of these cases, you can now define both these configurations when you create a dataset in DataBrew.
Announcing General Availability of Ethereum on Amazon Managed Blockchain
Amazon Web Services (AWS) announces general availability of Ethereum on Amazon Managed Blockchain. Ethereum is a popular decentralized blockchain framework that establishes a peer-to-peer network allowing participants to transact without a trusted central authority. It enables popular use cases such as decentralized finance (DeFi), a network of financial applications built on top of blockchain networks. DeFi is different from existing financial networks because it is open and programmable, operates without a central authority, and enables customers to offer new methods for payments, investing, lending and trading. As customers build these Ethereum-based applications, they find it complicated and time-consuming to operate and manage their Ethereum infrastructure. Specific concerns include data reliability due to out-of-sync nodes, data storage scaling challenges, and time-sensitive Ethereum software upgrades.
Amazon Elasticsearch Service now supports tag-based authorization for configuration APIs
Amazon Elasticsearch Service now supports tag-based authorization for easy management of access to configuration APIs that are used for operations such as creating, modifying, or updating Amazon Elasticsearch Service domains.
The AWS Lambda console now features a new navigation design
Amazon EKS now supports adding KMS envelope encryption to existing clusters to enhance security for secrets
Amazon Elastic Kubernetes Service (EKS) now allows you to implement envelope encryption of Kubernetes secrets using AWS Key Management Service (KMS) keys for existing EKS clusters. Envelope encryption adds an addition, customer-managed layer of encryption for application secrets or user data that is stored within a Kubernetes cluster. Implementing envelope encryption is considered a security best practice for applications that store sensitive data and is part of a defense in depth security strategy .
AWS CodePipeline now supports 1000 pipelines per account
Starting today, AWS CodePipeline supports 1,000 pipelines per account by default, an increase from the previous limit of 300. You can request a limit increase beyond 1,000 pipelines per Region/Account through the Support Center Console.
Amazon CloudWatch Synthetics now supports cross region bucket access and upgraded dependencies
CloudWatch Synthetics now supports storing your canary run artifacts, including log files, screenshots, and HAR files, in an Amazon Simple Storage Service (S3) bucket in another Region with a new major runtime version, syn-nodejs-puppeteer-3.0. CloudWatch Synthetics now also supports upgraded major versions of the Puppeteer, Chromium, and Node.js dependencies.
Google Cloud Releases and Updates
Support for the Airflow Role-Based Access Control (RBAC) UI is now generally available.
Cloud Run reports a new Cloud Monitoring metric: Instance count, which counts the number of container instances that exist, broken down by state (active or idle).
Cloud Run is now available in the following regions:
us-west3(Salt Lake city)
The maximum job size (payload) is now 1 MB total, including ~1KB request overhead.
Cloud Spanner now supports point-in-time recovery (PITR), which lets you recover data from a specific point in time in the past.
You can now optionally receive the mutation count for a transaction in the commit response to optimize the transactions while staying within the mutation count limit. For more information, see Retrieving commit statistics for a transaction.
Cloud SQL for PostgreSQL
PostgreSQL 13.0 is now the default version when you create a new database.
Dataproc 2.0 image version will become a default Dataproc image version in 2 weeks on March 15, 2021.
Google Cloud Armor
Google Cloud Armor Managed Protection Plus Tier is in General Availability. Managed Protection Plus Tier offers a monthly subscription that includes all of the features of Standard Tier, and bundles Google Cloud Armor WAF policy, rules, HTTP request usage, and named IP lists.
Identity and Access Management
For workload identity federation, available in beta, you can now use updated client libraries for C++, Go, Java, Node.js, and Python to automatically obtain Google credentials.
Note: This feature release is still in progress. Some regions may not yet have access.
Microsoft Azure Releases And Updates
Azure VMware Solution helps simplify migration to the cloud by running VMware environments natively on Azure. With the new simplified NSX networking experience, it is now easier for VMware administrators to execute networking operations for Azure VMware Solution from the Azure portal.
Azure offers trusted launch as a seamless way to bolster the security of Generation 2 VMs. Designed to protect against boot kits, rootkits, and kernel-level malware, trusted launch is comprised of secure boot, virtual trusted platform module (vTPM), and boot integrity monitoring
Automatic VM guest patching provides safe and automatic patching for virtual machines to simplify update management and maintain security compliance
You can now customize how Azure Purview Data Catalog assets are grouped into resource sets and are named as well
Increase the availability at scale of business-critical applications with new Azure Virtual Machine Scale Sets features. Simplify workload deployment, management, and scalability with Virtual Machine Scale Sets flexible orchestration mode, now in public preview.
Manage your data with greater ease by using Azure Purview to register multiple sources at the same time.
Improve Azure Spot Virtual Machines runtime and simulate evictions with new features in public preview
New Azure Spot Virtual Machines capabilities – ‘try & restore’ and REST APIs to simulate VM evictions - are now in public preview.
API Management’s named values can now be stored and managed in Azure Key Vault.
Perform common management operations on your Azure API Management service instances without switching away from Visual Studio Code.
Reserve compute capacity and obtain a capacity SLA for Azure virtual machine deployments with on-demand capacity reservations.
Azure Migrate assessments for Azure VMware Solution with improved node sizing logic is now generally available.
Confidential computing capability now available on AKS for your container workloads.
Build immersive mixed reality experiences with Azure Remote Rendering, now generally available. Use it to enable high fidelity 3D visualization of objects and view models with a billion or more polygons without decimation.
Reduce development costs and time using the new public preview features in Microsoft Power Fx.
Take advantage of multiple new enhancements and features that are now available in Azure VPN Gateway.
In many of today's mixed reality scenarios, there is a need to align digital content with physical objects. Azure Object Anchors, now in preview, eliminates the need for markers or manual holographic alignment within mixed reality applications.
General availability: Application insights no-code enablement on Node.js Linux App Service Environments
Azure Monitor application insights App Service integration on Node.js Linux environments provides no-code enablement of application insights via Azure portal, PowerShell, or ARM Templates.
Azure Migrate now has unified discovery and assessment for SQL Server natively within the Azure Migrate experience.
UPComing Training & Events:
Four new AWS digital training offerings for AWS End User Computing
AWS introduced four new digital training offerings that help you learn how to plan, deploy, secure, and manage cloud-based desktops and applications. The offerings are designed for desktop or virtual desktop infrastructure managers, IT administrators, and technical professionals interested in cloud-based virtualization. These free self-paced courses and curriculums include presentations, interactive e-learning modules, videos, demonstrations, and quizzes.
New digital curriculum: Managing Amazon S3
AWS were excited to announce a free new digital curriculum: Managing Amazon Simple Storage Service. This advanced 150-minute curriculum covers techniques to simplify the management of Amazon S3 storage. Designed for cloud architects, storage architects, developers, and operations engineers, it includes interactive lessons, video demonstrations, a self-paced lab, and quizzes. The self-paced lab costs up to 15 USD per lab (this cost is not included with free digital training on aws.training).
New digital class and lab on DevOps on AWS
AWS are excited to announce the launch of their new digital course, Getting Started with DevOps on AWS, together with the optional Getting Started with DevOps on AWS self-paced lab. This course explores the basics of developing, delivering, and maintaining high-quality secure applications and services at high velocity on AWS. The course covers the philosophies, practices, and tools used to implement a DevOps environment on AWS, while the lab gives you practical experience with the technologies discussed in the course.
Updated digital course on Coursera and edX - AWS Cloud Practitioner Essentials
AWS Training and Certification were excited to announce the launch of the updated AWS Cloud Practitioner Essentials digital course on Coursera and edX. If you’re new to the cloud or in a technical or non-technical role such as finance, legal, sales, or marketing, this course provides you with an understanding of fundamental AWS Cloud concepts to help you gain the confidence to contribute to your organization’s cloud initiatives.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : Azure Events
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: AWS Events
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't opened a free hava.io account to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs, you can below - if you have questions, please get in touch.
You can reach us on chat, email firstname.lastname@example.org to book a callback or demo.