This week's roundup of all the cloud news.
Here's a cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday 13th May 2022.
Lots happening in cloud computing and especially in the Hava ecosystem. This week saw the release of Kubernetes support within Hava. You can now directly connect your Kube clusters to Hava and auto generate kubernetes diagrams.
To stay in the loop, make sure you subscribe using the box on the right of this page.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
AWS Single Sign-On (AWS SSO) now supports centralized administration and API access from an AWS Organizations delegated administrator account for all member accounts in your organization. This means you can designate an account in your organization that can be used to centrally administer all member accounts. With delegated administration, you can adhere to best practices by reducing the need to use your management account.
AWS SSO is where you create, or connect, your workforce identities in AWS once and manage access centrally across your AWS organization. After enabling AWS SSO in your management account, you can designate a member account from the AWS SSO console. Administrators can sign in to the delegated member account to assign users and groups to applications and to your organization's member accounts. No additional set-up is required within the organization’s individual member accounts.
Amazon CloudWatch Synthetics now supports deletion of underlying canary resources along with the canary deletion. When you delete a canary you can choose whether to also delete related resources created by the canary, thus making canary resources management easier and efficient. Synthetics canaries that run on a defined frequency to monitor the health and performance of your endpoints and APIs creates these resources as part of canary creation step.
CloudWatch Synthetics helps you to discover issues before your customers do, by checking for page load errors, load latencies for user interfaces (UI), and broken links or UI navigation flows in your applications. With CloudWatch Synthetics, you can isolate issues and map them back to your underlying infrastructure. You can also use CloudWatch Synthetics to easily monitor internal endpoints in addition to public-facing endpoints.
AWS Lambda now supports Node.js 16 as both a managed runtime and a container base image. Developers creating serverless applications in Lambda with Node.js 16 can take advantage of new features such as support for Apple silicon for local development, the timers promises API, and enhanced performance. For more information on Lambda’s support for Node.js 16, see our blog post at Node.js 16.x runtime now available in AWS Lambda.
To deploy Lambda functions using Node.js 16, upload the code through the Lambda console and select the Node.js 16 runtime. You can also use the AWS CLI, AWS Serverless Application Model (AWS SAM) and AWS CloudFormation to deploy and manage serverless applications written in Node.js 16. Additionally, you can also use the AWS-provided Node.js 16 base image to build and deploy Node.js 16 functions using a container image. To migrate existing Lambda functions running earlier Node versions, review your code for compatibility with Node.js 16 and then update the function runtime to Node.js 16.
AWS Backup Audit Manager now allows you to audit and report on the compliance of your data protection policies for hybrid VMware workloads. With this launch, you can include the VMware Virtual Machines in AWS Backup Audit Manager’s controls to maintain the compliance status of your organizational data protection policies and to generate unified auditor-ready reports for your VMware workloads across VMware Cloud on AWS, on premises, and on AWS Outposts.
Amazon Virtual Private Cloud (Amazon VPC) Traffic Mirroring now supports sending mirrored traffic to monitoring appliances behind a Gateway Load Balancer. This feature enables Amazon VPC Traffic Mirroring customers to centralize the out-of-band monitoring and inspection of network traffic across AWS accounts and VPCs.
Amazon VPC Traffic Mirroring allows customers to replicate network traffic from an EC2 instance and forward it to security and monitoring appliances for use cases such as content inspection, threat monitoring, and troubleshooting. Until now, customers could send mirrored traffic to monitoring appliances either directly using an Elastic Network Interface or through a Network Load Balancer. With this new capability, customers can forward mirrored traffic from their subnet, VPC, or account to the Gateway Load Balancer backed monitoring appliances via Gateway Load Balancer Endpoints deployed in the subnets containing their workloads. This helps simplify the monitoring of network traffic across AWS accounts and VPCs in a highly scalable and operationally efficient manner by removing routing complexity and operational overhead.
You can now connect over IPv6 to your services hosted in AWS using AWS PrivateLink. AWS PrivateLink is a highly available, scalable technology that enables you to privately connect your VPC to supported AWS services, services hosted by other AWS accounts (VPC Endpoint Services), third-party SaaS services and supported AWS Marketplace partner services.
With this launch, you can now easily enable IPv6 access to your existing IPv4-based or IPv6-based services via AWS PrivateLink by updating flags in your VPC Endpoint Service and Network Load Balancer (NLB) configurations. If you are a PrivateLink Endpoint owner, you can now access IPv6-enabled PrivateLink services by upgrading your existing IPv4-based endpoints to dual-stack or creating new PrivateLink endpoints in IPv6-only subnets.
This week, Amazon Web Services announced the general availability of two new security and compatibility features, NitroTPM, a Trusted Platform Module (TPM) 2.0 and Unified Extensible Firmware Interface (UEFI) Secure Boot in Amazon EC2. These features make it possible for customers to use TPM-dependent applications in their EC2 instances.
NitroTPM conforms to the TPM 2.0 specification, making it easier to migrate existing on-premises workloads that use TPM functionalities to EC2. A TPM is a security device that allows you to gather and attest system state, store and generate cryptographic data, and prove platform identity. Using the AWS Nitro System, the NitroTPM allows EC2 instances to generate, store, and use keys without having access to them. NitroTPM can also attest to the integrity of customers' instances by providing cryptographic proof via attestation mechanisms.
UEFI Secure Boot builds on EC2's existing secure boot process and provides additional defense-in-depth that helps customers secure software from threats that persist across reboots. It helps ensure that your EC2 instances run authentic software by verifying the digital signature of all boot components, and halts the boot process if signature verification fails.
Amazon FSx for NetApp ONTAP is now SAP-certified for workloads including S/4HANA, Business Suite on HANA, BW/4HANA, Business Warehouse on HANA, and Data Mart Solutions on HANA.
Amazon FSx for NetApp ONTAP is a fully managed shared storage service built on NetApp’s popular ONTAP file system. Customers commonly use ONTAP as a storage solution for SAP HANA because of its data management features, such as snapshots, clones, and SnapMirror replication. Starting today, you can use Amazon FSx for NetApp ONTAP to simplify and accelerate your SAP HANA deployments in AWS. For example, with Amazon FSx for NetApp ONTAP, you can easily create application-consistent snapshots and space-efficient clones of your databases in seconds, allowing you to create savepoints during an SAP HANA system upgrade or rollback, or refresh your development and test systems, without needing to manually copy your data. With Amazon FSx for NetApp ONTAP’s support for SnapMirror replication, you can also quickly and easily migrate your SAP HANA workloads from on premises to AWS, and you can configure automatic replication of your database across AWS Regions for additional data resiliency.
Amazon EC2 R5b instances are now available in AWS South America (Sao Paulo), Canada (Central), and Asia Pacific (Sydney) regions. R5b instances are powered by the AWS Nitro System and offer up to 60 Gbps of EBS bandwidth and 260,000 I/O operations per second (IOPS), enabling customers to lift and shift memory intensive applications to AWS. R5b instances provide 3x higher EBS-Optimized performance compared to R5 instances and 2x higher EBS-Optimized performance compared to R6i instances.
This week, AWS announced the Developer Preview of the Amplify Android library that has been rewritten for Kotlin. This initial release enables Android developers to add cloud-based app features, including Auth, Storage, DataStore, and APIs for their Kotlin-based Android projects. Developers will benefit from Kotlin-based language features like coroutines.
This release also includes re-architected Auth (sign-up/sign-in), now completely written in Kotlin, which provides better debuggabilty and visibility into underlying state management. Finally, we have layered the new library on the new AWS SDK for Kotlin that was released as Developer Preview last year. This allows developers to use Amplify’s use case-centric APIs—like Auth and DataStore—and access the AWS SDK for Kotlin for a breadth of AWS service APIs.
AWS introduced an updated and more flexible AWS Device Qualification Program (DQP) for FreeRTOS that aligns with the modular structure of the latest FreeRTOS and Long Term Support (LTS) library releases. The AWS DQP for FreeRTOS allows microcontroller (MCU) vendors to verify their integration of FreeRTOS AWS IoT libraries running on a specific MCU-based development board against AWS's published best practices for AWS IoT Core connectivity, and against tests specified by the qualification program. Previously, to qualify their development boards, MCU vendors had to structure their projects around a fixed directory structure and repository.
Now, MCU vendors have the flexibility to include only the FreeRTOS libraries directly relevant to their application, choose the project structure and repository that best use their toolchains, and run tests relevant to their board features. By using AWS IoT Device Tester for FreeRTOS, MCU vendors can run the mandatory tests specified by AWS DQP and validate their FreeRTOS ports. With this program, developers can more confidently enable connectivity for their designs knowing that the FreeRTOS ports have been validated for AWS IoT connectivity, interoperability, updateability, and improved security.
AWS Secrets Manager now publishes a metric to Amazon CloudWatch for the number of secrets in your account. With this feature, you can easily review how many secrets you are using in Secrets Manager. You can also set alarms for an unexpected increase or decrease in number of secrets.
Amazon Elastic File System (Amazon EFS) has increased the maximum number of file locks per NFS mount, enabling customers to use the service for a broader set of workloads that leverage high volumes of simultaneous locks, including message brokers and distributed analytics applications.
Amazon EFS is a serverless, fully elastic file system that makes it easy to set up, scale, and cost-optimize file storage in the AWS Cloud. It can be accessed from any AWS compute service (including Amazon EC2, Amazon EKS, Amazon ECS, and AWS Lambda), and it supports access from up to tens of thousands of compute instances, containers, and function invocations at the same time. Applications spanning multiple compute resources commonly use NFS file locks to manage concurrent updates to individual files. This Amazon EFS update increases the number of simultaneous file locks an NFS mount can acquire to 65,536 (from 8,192 previously), enabling Amazon EFS to be used for a broader set of applications that heavily leverage file locking (including message broker and distributed analytics applications).
You can now use Amazon Athena to query views stored in your self-managed Apache Hive metastores. Hive views are defined using the Hive Query Language (HiveQL) which is not fully compatible with Athena's standard SQL. With this new capability, Athena automatically handles HiveQL syntax differences so you can query Hive views without changing your view definitions or maintaining a complex translation layer.
A view is a logical table created using the results of a query that executes against a physical table each time the view is referenced. Views are commonly used to focus, simplify, and optimize access to underlying data. They can provide users with an isolated subset of curated data, combine disparate tables with optimized JOIN operations, or hide the complexities of data partitioning. With Athena’s new Hive views support, you can bring these same benefits and use cases that you’ve developed for your Hadoop users directly to your Athena users. Views can be listed and examined from the Athena console to provide your analysts with a more complete picture of your Hive metastore. Views can be queried using the Athena drivers, API, or console and are available in all supported regions.
AWS are excited to announce three featured FreeRTOS AWS Reference Integrations. FreeRTOS AWS Reference Integrations are pre-integrated FreeRTOS projects ported to partner-provided microcontroller-based evaluation boards that demonstrate secure end-to-end connectivity to AWS IoT Core. The three featured FreeRTOS Reference Integrations projects are developed in collaboration with our partners Espressif, NXP and STMicroelectronics. Each project uses the latest FreeRTOS and AWS Embedded C SDK Long Term Support (LTS) libraries, and the latest microcontroller architecture capabilities. Developers can customize these three projects into a complete, production-ready, IoT product.
AWS GameKit is now extended to support Android, iOS, and macOS games developed with Unreal Engine. AWS GameKit, launched on March 23, 2022, gives game developers a powerful tool set to quickly and easily build AWS powered game features directly from the Unreal Editor. With today's update, the AWS GameKit plugin for Unreal Engine now supports developers who are building games for Win 64, Android, iOS, and macOS.
Game developers can use the AWS GameKit plugin for Unreal Engine to integrate the following cloud-based game features: Identity and Authentication, Achievements, Game State Cloud Saving, and User Gameplay Data. AWS GameKit includes complete solution for each game feature and an architecture design based on the AWS Well-Architected Framework. Each feature comes with an AWS CloudFormation template for the backend architecture, plugin controls to manage the backend from the Unreal Editor, and sample C++ code and Blueprint assets to help you integrate the feature into your game. AWS CloudFormation templates provision all of the AWS resources needed to power each game feature and can be set up with just a few clicks and no prior experience with AWS tools and services. After the game backend is configured, simply add cloud-based feature functionality to the game client by calling the AWS GameKit API.
New upgrades are now available for AWS customers using Amazon SageMaker Notebook Instances, including the availability of the ml.g5 GPU instance family, and Python 3.8 support.
Amazon SageMaker customers can now select ml.g5 instances powered by NVIDIA A10G Tensor Core GPUs, when creating an Amazon SageMaker Notebook Instance using the Amazon Linux 2 (AL2) operating system. ml.g5 instances feature up to 8 NVIDIA A10G Tensor Core GPUs and 2nd generation AMD EPYC processors. They also support up to 192 vCPUs, up to 100 Gbps of network bandwidth, and up to 7.6 TB of local NVMe SSD storage. Customers can choose the most appropriate instance size from eight options, offering between one and eight GPUs. To read more about ml.g5 instances, visit the AWS news blog or visit the G5 instance page to learn more.
This week, AWS announced the availability of AWS X-Ray in the AWS Asia Pacific (Jakarta) Region. X-Ray helps developers analyze and debug distributed production applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.
You can start collecting traces from your applications in a few steps using the AWS X-Ray console, from the AWS CLI or SDK.
AWS IoT SiteWise now supports batch data retrieval from multiple asset properties with the launch of three new APIs that allow you to retrieve current values (BatchGetAssetPropertyValue), historical values (BatchGetAssetPropertyValueHistory), and aggregated values (BatchGetAssetPropertyAggregates) from AWS IoT SiteWise in a single API request.
The new APIs will help developers when creating industrial applications that need to retrieve data from multiple sensors. To use the new BatchGet APIs, you will need to include in your API request a list of asset property entries with parameters of the data to be retrieved, such as assetID, propertyID, time range, and aggregate type. The APIs will then return data points from all the asset properties that meet your specified API parameters.
Customers can use the BatchGet APIs for a number of use cases including retrieving property data for hundreds of asset in order to create dashboards showing historical trends from multiple machines in a single screen, exporting data from multiple sensors to be used in analytics applications, or retrieving the latest values from all sensors of the same machine in a single API request.
Amazon Managed Service for Prometheus usage metrics are now available in Amazon CloudWatch at no additional charge. Amazon Managed Service for Prometheus is a fully managed Prometheus-compatible monitoring service that makes it easy to monitor and alarm on operational metrics at scale. Prometheus is a popular Cloud Native Computing Foundation open-source project for monitoring and alerting that is optimized for container environments. With Amazon CloudWatch usage metrics, you can check your Amazon Managed Service for Prometheus workspace usage, and can start to proactively manage your quotas.
This feature delivers a near real-time stream of AMI system events and enables push notifications. Customers can use CloudWatch Events to initiate actions for intended next steps after AMI actions, such as updating their AMI inventory, sharing the AMI, making copies or launching instances using the AMI. Using rules, these events can be routed to various targets including AWS Lambda functions, Amazon SNS topics, Amazon SQS queues, Amazon Kinesis streams, and other built-in targets.
AWS Step Functions now provides a new console experience for viewing and debugging your workflow executions that makes it easier to search, filter, and root cause issues in your executions.
AWS Step Functions is a low-code, visual workflow service that can be used to connect over 220 AWS services and 10,000 API actions to build applications using workflows. AWS Step Functions stores a detailed history for every execution so that you can view the path of execution, audit each transaction, and debug failures.
Now, Step Functions makes it easier to navigate through the details of your workflow executions in the AWS Console to identify issues, dive deeper into the context of a failure, and visually present information in a way that makes sense for you. You can select from three different views for your workflow execution including a navigable workflow graph, a state transition table, and a revamped events table. You can search and filter based on unique attributes such as state name and error type. Errors are now easier to root cause as the experience highlights the reason for failure in a workflow execution and you can reverse sort the execution history to see the events that led to a failure. Customers use map state to optimize the performance and efficiency of their workflows as a set of steps are run for each element of an input array. Now, you can easily navigate through each map iteration to identify its status and any errors.
Google Cloud Releases and Updates
Anthos Clusters on Azure
You can now launch clusters with Kubernetes versions 1.21.11-gke.1100 and 1.22.8-gke.1300
In 1.22.8-gke.1300, fixed an issue where logging agent could fill up attached disk space.
In 1.22.8-gke.1300, fixed an issue where add ons cannot be applied when Windows node pools are enabled.
Anthos Clusters on AWS
You can now launch clusters with Kubernetes versions 1.21.11-gke.1100 and 1.22.8-gke.1300
In 1.22.8-gke.1300, fixed an issue where add ons cannot be applied when Windows node pools are enabled.
In 1.22.8-gke.1300, fixed an issue where logging agent could fill up attached disk space.
Anthos Service Mesh
Preview release of new Connectors for Apigee
On May 12, 2022, GCP released the preview version of new Connectors for Apigee.
Apigee Integrated Portal
On May 11, 2022 GCP released an updated version of the Apigee Integrated Portal
On May 9, 2022 GCP released an updated version of the Apigee X software (1-8-0-apigee-5).
GoogleIDToken.Audience tag now includes the
useTargetUrl attribute to simplify audience configuration of Google ID tokens for Apigee policies.
Artifact Registry is now available in the
europe-southwest1 region (Madrid, Spain).
The following supported default parsers have changed (listed by product name and ingestion label):
- ExtraHop RevealX (EXTRAHOP)
- Imperva (IMPERVA_WAF)
- Windows Event (WINEVTLOG)
- Azure AD Organizational Context (AZURE_AD_CONTEXT)
- Citrix Netscaler (CITRIX_NETSCALER)
- Elastic Packet Beats (ELASTIC_PACKETBEATS)
- Elastic Audit Beats (ELASTIC_AUDITBEAT)
- Sendmail (SENDMAIL)
- VMware vCenter (VMWARE_VCENTER)
- AWS VPC Flow (AWS_VPC_FLOW)
- Bluecat DDI (BLUECAT_DDI)
- Cisco ACS (CISCO_ACS)
- Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
- Forcepoint Proxy (FORCEPOINT_WEBPROXY)
- McAfee ePolicy Orchestrator (MCAFEE_EPO)
- Office 365 (OFFICE_365)
- Apple MacOS (MACOS)
- Archer Integrated Risk Management (ARCHER_IRM)
- Cisco Meraki (CISCO_MERAKI)
- Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
- IBM DB2 (DB2_DB)
- Cisco ISE (CISCO_ISE)
- F5 BIGIP LTM (F5_BIGIP_LTM)
- Juniper Junos (JUNIPER_JUNOS)
- Microsoft Exchange (EXCHANGE_MAIL)
- VMware ESXi (VMWARE_ESX)
- Digital Shadows SearchLight (DIGITAL_SHADOWS_SEARCHLIGHT)
- Azure Firewall (AZURE_FIREWALL)
- ForgeRock OpenAM (OPENAM)
- FortiGate (FORTINET_FIREWALL)
- ZScaler NGFW (ZSCALER_FIREWALL)
- OpenVPN (OPEN_VPN)
For details about the changes in each parser, see Supported default parsers.
The following new fields are available in the Unified Data Model:
For a list of fields in the Unified Data Model, and descriptions, see the Unified Data Model field list.
Google Cloud Deploy now lets you change the timeout for Cloud Build operations, from the default setting of 1 hour.
You can now use Cloud Build attestors to secure your image deployments. To learn how to set up gated deployments, see Securing image deployments to Cloud Run and Google Kubernetes Engine. To learn how to view build integrity records, see Viewing build provenance. This feature is generally available.
Cloud Key Management Service
Cloud KMS is available in the following region:
Cloud Load Balancing
Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).
For details, see:
- Serverless NEG concepts
- Setting up a regional external HTTP(S) load balancer with a Cloud Run backend
- Setting up an internal HTTP(S) load balancer with a Cloud Run backend
This feature is available in Preview.
Private uptime checks are now generally available. Private uptime checks enable HTTP requests into a customer Virtual Private Cloud (VPC) network while enforcing Identity and Access Management (IAM) restrictions and VPC Service Controls perimeters. Private uptime checks can send requests over the private network to resources like a virtual machine (VM) or an L4 internal load balancer (ILB).
For more information, see Create private uptime checks.
Cloud Run jobs are now available in Preview.
The following new region is now available:
Generally available: Madrid, Spain
europe-southwest1-a,b,c has launched with E2 and N2 VMs available in all three zones.
Generally available: Insights for idle VM and machine size recommendations help you assess the utilization of your Compute Engine resources. Insights are automatically generated based on system metrics or metrics gathered by the Cloud Monitoring service.
Config Connector version 1.84.0 is now available.
IAMPolicyMember support for
spec.approvalConfig field to
spec.rule.redirectOptions field to
spec.addonsConfig.gkeBackupAgentConfig field to
cnrm.cloud.google.com/skip-wait-on-job-termination directive to
spec.rrdatasRefs field to
spec.rowLayout.rows.widgets.logsPanel fields to
spec.enableExactlyOnceDelivery field to
Reduced reconciliation frequency of
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
The following versions are now available in the Stable channel:
Version 1.19.16-gke.9400 is no longer available in the Stable channel.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.18 to 1.19.16-gke.9900 with this release.
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to 1.19.16-gke.9900 with this release.
europe-southwest1 region in Madrid is now available.
Network Intelligence Center
Network Analyzer is now available in Preview.
Pub/Sub is now available in
europe-southwest1 (Madrid) .
Vertex AI Workbench
The M91 release of Vertex AI Workbench managed notebooks includes the following:
- Log streaming to the consumer project via Logs Viewer is now supported
- Added the
- Regular package refreshments and bug fixes
For auto mode VPC networks, added a new subnet
10.204.0.0/20 for the Madrid
europe-southwest1 region. For more information, see Auto mode IP ranges.
VPC Service Controls
General availability for the following integration:
The following functions have been added:
Microsoft Azure Releases And Updates
Migrate your data from Azure Data Lake Storage Gen1 to Gen2 to speed up your time to insights
Computer Vision Read API for Optical Character Recognition (OCR) announced the general availability of the new model with support for 164 languages. It’s also available as a Docker container.
General availability enhancements and updates released for Azure SQL.
Run the most stable, compliant, and secure MySQL community versions 8.0.28 and 5.7.37 on Azure Database for MySQL – Flexible Server.
IT Service Management is now integrated with secure webhook, an updated version that allows you to create work items in an ITSM tool when Azure Monitor sends alerts.
You can now connect to a container console and use live log streaming for testing and diagnosis.
You can now skip the default API build via Azure pipelines.
You no longer have to go through a series of manual steps to configure your DevOps CI/CD pipeline for your Static Web Apps project.
Azure Compute Gallery now allows you to create and share custom images for Trusted launch virtual machines
Debian is included in the Tier 1 OS support list for ARM32v7 devices. Official packages for Bullseye on ARM32v7 are now available on packages.microsoft.com.
TARGET AVAILABILITY: Q2 2022
Enhance your security posture by leveraging Azure private endpoints to connect your on-premises servers to Azure Arc privately.
Confidential computing DCsv3 and DCdsv3-series virtual machines (VMs) are in public preview in Australia East, Japan East, South Central US, and Southeast Asia.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here: