51 min read

In Cloud Computing This Week [May 19th 2023]

May 19, 2023

 

 

Cloud_News_Roundup

Hello,

Here's the weekly cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday May19th 2023.

4 Weeks ago we released Architectural Monitoring Alerts.  We're pleased to announce it is now GA. This new capability brings a whole new level to Hava, giving you the ability to see the changes in your cloud environments directly on diff diagrams delivered directly into your inbox.

You can add your security team into the loop so they get to see ALL the changes no matter which team or client is making changes.

All the lastest Hava news can be found on our Linkedin Newsletter.

Subscribe On Linkedin

Of course we'd love to keep in touch at the other usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.


Getting_Started_aws_logo

AWS Updates and Releases

Source: aws.amazon.com

AWS IoT SiteWise formula builder improvements

AWS IoT SiteWise, a service that makes it easy to collect, store, organize, and monitor data from industrial equipment, is announcing user experience improvements of the formula builder in the AWS Console, making it easier for customers to create and manage their metrics and transforms.

New usability updates include copy-paste support from other apps, longer formula length limit (more than 200 characters), and an improved editor with auto-suggestions for variables and functions.

Amazon Athena now supports IPv6 endpoints for inbound connections

Amazon Athena has expanded its support for inbound connections via Internet Protocol Version 6 (IPv6) endpoints to include AWS PrivateLink. Starting today, you can now connect to Athena securely and privately using PrivateLink from your Amazon Virtual Private Cloud (VPC), in addition to the public IPv6 endpoints that were previously available.

The rapid growth of the Internet is exhausting the availability of Internet Protocol version 4 (IPv4) addresses. IPv6 increases the number of available addresses by several times, and customers no longer have to manage overlapping address spaces in their VPCs. With this release, you can now combine the benefits of IPv6 addressing, such as a larger address space, with the security and performance advantages of PrivateLink.

Announcing the general availability of EC2 G5 instances in Los Angeles Local Zones

Starting this week, the Amazon Elastic Compute Cloud (Amazon EC2) G5 instances powered by NVIDIA A10G Tensor Core GPUs are now generally available in the Local Zones location in Los Angeles. G5 instances can be used for a wide range of graphics intensive and machine learning use cases. These instances are designed for graphics-intensive applications, machine learning inference, and deliver higher performance for training simple to moderately complex machine learning models when compared to Amazon EC2 G4dn instances.

G5 instances feature up to 8 NVIDIA A10G Tensor Core GPUs and 2nd generation AMD EPYC processors. They also support up to 192 vCPUs, up to 100 Gbps of network bandwidth, and up to 7.6 TB of local NVMe SSD storage. With access to NVIDIA’s Tesla drivers for compute workloads, GRID drivers to provision RTX Virtual Workstations, and Gaming drivers at no additional cost, customers can easily optimize the G5 instances for their workloads.

Los Angeles Local Zones customers can now use Amazon EC2 G5 instances for graphics-intensive applications such as running virtual workstations, video rendering, and cloud gaming to produce high fidelity graphics in real time. Machine learning customers can use the G5 instances for high performance and cost-efficient training and inference for natural language processing, computer vision, and recommender engine use cases. Customers can purchase G5 instances as On-Demand Instances, or as part of Savings Plans.

Amazon Kendra releases Alfresco Enterprise Connector

Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. Starting today, AWS customers can use the Amazon Kendra Alfresco Enterprise Connector to index and search documents from their Alfresco Enterprise repository.

Critical information can be scattered across multiple data sources in an enterprise, including messaging platforms like Alfresco. Amazon Kendra customers can now use the Kendra Alfresco Enterprise Connector to index documents and search for information across this content using Kendra Intelligent Search.

This connector supports repository based crawling using sites or aspects based crawling options. This connector also now provides OAuth 2.0 authentication support.

Amazon Kendra releases Alfresco PaaS Connector

Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. Starting today, AWS customers can use the Amazon Kendra Alfresco PaaS Connector to index and search documents from their Alfresco PaaS repository.

Critical information can be scattered across multiple data sources in an enterprise, including messaging platforms like Alfresco. Amazon Kendra customers can now use the Kendra Alfresco PaaS Connector to index documents and search for information across this content using Kendra Intelligent Search. This connector supports repository based crawling using sites or aspects based crawling options.

The Amazon Kendra Alfresco PaaS connector is available in all AWS regions where Amazon Kendra is available. 

Amazon MQ is now available in four new regions

Amazon MQ is now available in Europe (Spain), Europe (Zurich), Asia Pacific (Hyderabad) and Asia Pacific (Melbourne). With this launch, Amazon MQ is now available in a total of 31 regions.

Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easier to set up and operate message brokers on AWS. Amazon MQ reduces your your operational responsibilities by managing the provisioning, setup, and maintenance of message brokers for you. Because Amazon MQ connects to your current applications with industry-standard APIs and protocols, you can more easily migrate to AWS without having to rewrite code.

The new Amazon EMR Console is now available in AWS GovCloud (US) Regions

AWS are excited to announce that the newly re-designed Amazon EMR console is now available in AWS GovCloud (US-East, US-West) Regions. Amazon EMR is the cloud big data solution for petabyte-scale data processing, interactive analytics, and machine learning using open-source frameworks such as Apache Spark, Apache Hive, and Presto. The re-designed console introduces a new simplified experience to launch and manage EMR on EC2 clusters, EMR on EKS, and EMR Studio.

With this launch, the new EMR console is now available in a total of 29 AWS Regions. To get started, visit the EMR console and Opt-in to the new console.

AWS DataSync can now copy data to and from Amazon S3 compatible storage on Snow

AWS DataSync announced support for moving data to and from Amazon S3 compatible storage on AWS Snowball Edge Compute Optimized devices. Amazon S3 compatible storage delivers secure object storage with high resiliency, increased scale, and an expanded S3 API feature set to rugged, mobile edge, and disconnected environments.

Customers storing data and running applications on AWS Snowball Edge Compute Optimized devices can now use AWS DataSync to more quickly and easily move data between their Amazon S3 compatible storage and AWS Storage services in-region, enabling them to make a second copy of their data in AWS, archive cold data, or move data to and from AWS for ongoing data workflows.

AWS DataSync is an online data movement and discovery service that automates and accelerates transferring data between AWS Storage services, on-premises storage, edge locations, or other clouds. To use AWS DataSync with Amazon S3 compatible storage on Snow, customers start by deploying a DataSync agent in their on-premises hypervisor environment and then creating an object storage location resource to connect to their storage.

Customers can use DataSync to copy data between their Amazon S3 compatible storage and Amazon S3, Amazon Elastic File System (EFS), or Amazon FSx file systems.

Amazon EC2 C6in instances are now available in 20 AWS regions

Starting this week, Amazon Elastic Compute Cloud(Amazon EC2) C6in instances are available in Europe (Frankfurt, London, Milan, Zurich). These instances are powered by 3rd Generation Intel Xeon Scalable processors with all-core turbo frequency of up to 3.5 GHz, and are the first x86-based Amazon EC2 instances to offer up to 200 Gbps network bandwidth.

C6in instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances for better overall performance and security. You can take advantage of the higher network bandwidth to scale the performance of applications, such as network virtual appliances (firewalls, virtual routers, load balancers), Telco 5G User Plane Function (UPF), data analytics, high performance computing (HPC), and CPU based AI/ML workloads.

C6in instances are available in 10 different sizes with up to 128 vCPUs, including bare metal size. They also deliver up to 80 Gbps of Amazon Elastic Block Store (Amazon EBS) bandwidth and up to 350K input/output operations per second (IOPS), the highest Amazon EBS performance across EC2 instances. C6in instances offer Elastic Fabric Adapter (EFA) networking support on 32xlarge and metal sizes.

C6in instances are also available in these AWS Regions: US East (Ohio, N. Virginia), US West (Oregon), Europe (Ireland, Stockholm), Asia Pacific (Singapore, Tokyo, Jakarta, Mumbai, Sydney), Middle East (Bahrain), Africa (Cape Town), South America (São Paulo), Canada (Central), and AWS GovCloud (US-West, US-East) Regions. To learn more, see the Amazon EC2 C6in instances. To get started, see the AWS Management Console, AWS Command Line Interface (AWS CLI), and AWS SDKs.

Amazon Detective now supports investigations for additional AWS services

Amazon Detective now helps provide root cause analysis for security findings from eight additional services integrated with AWS Security Hub. With this expanded capability, you can use Detective to conduct more comprehensive investigations, helping you identify resources, patterns, and the scope of potential security issues.

Security Hub simplifies security management by centralizing security findings from your AWS accounts and services. When you enable Security Hub, integrated services like AWS IAM Access Analyzer, Amazon GuardDuty, and others automatically send findings to Security Hub.

Starting this week you can enable AWS Security Findings as a new data source in Detective, and Detective will automatically ingest findings sent to Security Hub to build a behavior graph to help you conduct more effective investigations. The list of new data sources include findings from AWS Config, AWS Firewall Manager, AWS Health, AWS IAM Access Analyzer, Amazon Inspector, AWS IoT Device Defender, Amazon Maci, and AWS Systems Manager Patch Manager.

The first 30 days of enabling AWS Security Findings as a data source are available at no additional charge for existing Detective accounts. For new accounts, AWS Security Findings as a data source is automatically enabled and part of the 30-day free trial. You can see the estimated cost during your trial in the Detective Management Console.

Support for AWS Security Findings is available today for all Detective customers and in all AWS Regions where Detective is available, including the AWS GovCloud (US) Regions.

AWS User Notifications is now generally available for AWS Data Exchange

AWS are announcing the availability of AWS User Notifications for AWS Data Exchange. This feature allows data subscribers to configure human-readable notifications for AWS Data Exchange events, such as when a provider publishes a new revision to a data set or when a provider adds a data set to a product. Previously, data subscribers could configure similar notifications by using AWS Data Exchange events sent via Amazon EventBridge and integrating with services such as Amazon Simple Notification Service.

AWS User Notifications sends a notification when an event matches the values that are specified in a rule created by the subscriber. Data subscribers can receive notifications on multiple delivery channels, such as Email, Console Notifications Center, chat (powered by AWS Chatbot), or push notifications to the AWS Console Mobile App. Subscribers can also set up aggregation to reduce the number of notifications generated for specific events. 

AWS Global Accelerator extends TCP termination to IPv6 traffic

AWS Global Accelerator now supports TCP termination at the edge for IPv6 traffic, in addition to IPv4 traffic. TCP termination automatically improves performance for workloads such as API operations, file uploads, and HTTP workloads. Starting today, customers who use dual-stack accelerators can get the benefits of TCP termination at the edge for both IPv4 traffic and IPv6 traffic. 

With TCP termination at the edge, Global Accelerator reduces initial setup time by establishing a TCP connection between a client on the internet and the Global Accelerator edge location closest to the client. Almost concurrently, a second TCP connection is established between that edge location and the application endpoint in the AWS Region.

With this process, the client gets a faster response from the Global Accelerator edge location, and the connection from the edge location to the application endpoint in the Region is optimized to run over the AWS global network. Until now, customers using dual-stack accelerators could only get the benefits of this feature for their IPv4 traffic. With this release, dual-stack accelerator customers get the additional throughput improvements for IPv6 traffic, as well as IPv4 traffic. This new feature incorporates the TCP optimizations that have been covered in this blog.

Amazon Neptune announces AWS CloudFormation support for Neptune Serverless

You can now use AWS CloudFormation templates to create and manage Amazon Neptune Serverless clusters in all AWS Regions where Neptune Serverless is supported. You can also use CloudFormation templates to perform in-place engine version upgrades for your Neptune clusters.

Amazon Neptune is a fast, reliable, and fully managed graph database as a service that makes it easier to build and run applications that work with highly connected datasets. Amazon Neptune Serverless allows you to run and instantly scale graph workloads, without the need to manage and optimize capacity.

Neptune Serverless automatically determines and provisions the compute and memory resources to run the graph database, and scales capacity based on the workload’s changing requirements to maintain consistent performance. Neptune Serverless reduces costs by up to 90% compared with provisioning for peak capacity. With Neptune Serverless, you only pay for the database capacity you consume, making it cost effective for unpredictable workloads with long off-peak times and sudden bursts of activity.

Amazon RDS for Oracle now supports April 2023 Release Update for 19c

Amazon Relational Database Service (Amazon RDS) for Oracle now supports the April 2023 Release Update (RU) for Oracle Database 19c.

To learn more about Oracle RUs supported on Amazon RDS for each engine version, see the Amazon RDS for Oracle Release notes. If the auto minor version upgrade (AmVU) option is enabled, the DB instance is upgraded to the latest quarterly RU six to eight weeks after it is made available by Amazon RDS for Oracle in your AWS region. These upgrades will happen during the maintenance window. To learn more, see the Amazon RDS maintenance window documentation.

Amazon VPC IP Address Manager is now available in Middle East (UAE) Region

Amazon VPC IP Address Manager (IPAM) makes it easier for you to plan, track, and monitor IP addresses for your AWS workloads. Amazon VPC IPAM is now available in Middle East (UAE) Region.

Amazon VPC IPAM allows you to easily organize your IP addresses based on your routing and security needs and set simple business rules to govern IP address assignments. Using IPAM, you can automate IP address assignment to VPCs, eliminating the need to use spreadsheet-based or homegrown IP address planning applications, which can be hard to maintain and time-consuming.

Amazon VPC IPAM automatically tracks critical IP address information, eliminating the need to manually track or do bookkeeping for IP addresses. IPAM retains your IP address monitoring data (up to a maximum of three years), which you can use to do retrospective analysis and audits for your network security and routing policies.

Amazon Rekognition launches eye gaze direction detection in Face APIs

This week, AWS announced the general availability of eye gaze direction detection in Rekognition’s Face APIs to support accessibility and safety, validate photos, and help identify where users focus on the screen. The new EyeDirection attribute in Amazon Rekognition DetectFaces and IndexFaces APIs predicts a person’s eye gaze direction yaw (rotation on vertical axis) and pitch (rotation on horizontal axis) angles for each face detected in an image.

Using eye gaze direction, customers can improve their applications’ usability by understanding if users focus on desired sections of the application user interface. They can also improve their applications’ accessibility for users with physical mobility limitations through eye gaze enabled navigation.

Customers in automotive and fleet management can improve driver safety by detecting if drivers are looking away from the road. Advertising customers can analyze ad creatives to identify the optimal presentation of a model’s eye gaze in highly effective ads. Further, companies and government entities can validate the quality and compliance of their users or employees profile photos.

The EyeDirection attribute predicts a value between -180 to 180 degree for the yaw and pitch angles along with a confidence score between 0 and 100. EyeDirection returns a high confidence score when eye gaze direction can be confidently predicted (i.e. a person’s eye is clearly visible), and a low score when eye gaze direction cannot be confidently predicted (i.e. a person’s eye is closed or not visible).

Amazon CloudFront now supports stale-while-revalidate and stale-if-error cache control directives

Amazon CloudFront announces support for stale-while-revalidate and stale-if-error cache control directives, which can improve performance and availability. The stale-while-revalidate directive instructs CloudFront to immediately deliver stale responses to users while it revalidates caches in the background. The stale-if-error directive defines how long CloudFront should reuse stale responses if there’s an error, which provides a better user experience.

With stale-while-revalidate, CloudFront can deliver faster responses from its 480+ edge locations and maximize cache hit ratios for better performance after cache expiration. With the stale-while-revalidate directive, your users no longer need to wait for responses from origins, because stale content is rapidly served from caches. stale-while-revalidate is ideal for content that refreshes frequently or unpredictably, or where content requires significant time to regenerate, and where having the latest version of the content is not essential. The stale-if-error directive enhances the user experience and improves availability by serving stale content when origins return an error. 

Support for these directives is now available in all CloudFront edge locations, at no additional cost. You define the directives from your origin server, and CloudFront honors the behaviors based on your directives.

AWS Device Farm announces VPC integration for Private Devices

AWS Device Farm is an application testing service that provides web and mobile developers with desktop browsers and real mobile devices so that they can improve the quality of their apps. With today’s launch, we are adding support for VPC connectivity to Private Devices, providing a simple way to connect with endpoints that are accessible only from within a private VPC. The feature supports multiple traffic types, including TCP, UDP, Websockets, and streaming protocols. This new configuration is now available via the AWS API or Console.

AWS Systems Manager Distributor now supports the CrowdStrike Falcon Sensor agent

Distributor, a capability of AWS Systems Manager that allows you to install and update software on your instances with version control, now allows you to install the CrowdStrike Falcon Sensor agent directly from Distributor without having to create or maintain any software packages. You can easily deploy the CrowdStrike Falcon Sensor agent across your fleet of AWS Systems Manager managed instances by navigating to the “Third Party” tab in the Distributor console, and selecting to “Install one time” or “Install on a schedule”. 

With this launch, the CrowdStrike Falcon Sensor agent is now available by default along with other AWS and third-party agents. You can use Distributor to easily and securely install or update any of the default available agents on your instances or you can create your own software packages to distribute.

This feature is available in all AWS Commercial Regions, except for Asia Pacific (Melbourne), Asia Pacific (Osaka), Asia Pacific (Tokyo), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Europe (Spain), Europe (Zurich), and Middle East (UAE). You can use Distributor to distribute the CrowdStrike Falcon Sensor agent at no additional cost, along with all AWS and third-party owned agents. See the AWS Systems Manager pricing page for more details. 

AWS Cost Categories now supports “Usage Type” dimension

AWS Cost Categories has added a new dimension “Usage Type” to its rules. You can now use seven types of dimensions: “Linked Account”, “Charge Type”, “Service”, "Usage Type", “Cost Allocation Tags”, “Region”, and other “Cost Category” while creating cost categories rules.

AWS Cost Categories is a feature within the AWS Cost Management product suite that enables you to group cost and usage information into meaningful categories based on your needs. You can create custom categories and map your cost and usage information into these categories based on the rules defined by you using various dimensions such as account, tag, service, charge type, and even other cost categories.

Once cost categories are set up and enabled, you will be able to view and manage your AWS cost and usage information by these categories in AWS cost management services, e.g. controlling the spend limit for a specific cost category using AWS Budget, understanding the ownership of your spend at the Cost Categories level in AWS Cost Explorer and AWS Cost and Usage Report (CUR).

Cost categories can be applied to your AWS cost and usage at the beginning of the month or retroactively for up to 12 months. Adding a new dimension (‘Usage Type’) to the existing list increases the flexibility for customers in creating cost categorization rules.

Amazon Omics adds integration with Amazon EventBridge

This week, Amazon Omics announced integration with Amazon EventBridge. This integration means customers can now use Amazon Omics published events as part of their event-driven architecture. Amazon EventBridge is a serverless event bus that makes it easy to connect and route events between AWS services, third-party applications, and customers in their own applications.

Within Omics, customers can now receive state changes for asynchronous tasks, such as workflow run and task changes and progress of importing data into sequence and variant stores.

Amazon Omics is a fully managed service that helps healthcare and life science organizations build at-scale to store, query, and analyze genomic, transcriptomic, and other omics data. By removing the undifferentiated heavy lifting, customers can generate deeper insights from omics data to improve health and advance scientific discoveries.

AWS Systems Manager Patch Manager now supports Alma Linux

Patch Manager, a capability of AWS Systems Manager, now supports patch deployments for instances running Alma Linux versions 8.3-8.7, 9.0-9.1. Patch Manager enables you to automatically patch nodes with both security related and other types of updates across your infrastructure.

Patch Manager supports a variety of common operating systems, including Windows Server, Amazon Linux, and Red Hat Enterprise Linux (RHEL). For a full list of supported operating systems, see the Patch Manager prerequisites user guide page.

AWS WAF enhances rate-based rules to support request headers and composite keys

AWS WAF now supports additional request parameters for rate-based rules, including cookies and other HTTP headers. Additionally, you can now create composite keys based on up to 5 request parameters, providing more granular options for managing and securing web application traffic. With these capabilities, customers can better identify and block malicious traffic patterns while minimizing the impact on legitimate users. 

AWS Customers could already use WAF rate-based rules to automatically block requests from IP addresses that make large numbers of requests within a short period of time until the rate of requests falls below a customer-defined threshold. As attackers have become more sophisticated, they are increasingly using techniques that bypass IP-based rate limiting defenses, such as using multiple IP addresses or distributing attacks across a large number of devices.

Now, WAF customers can aggregate requests by combining IP addresses with other request parameters (“keys”). Supported keys include cookies and other request headers, query strings or query arguments, cookies, label namespaces, and HTTP methods. By combining multiple request parameters into a single composite key, customers can detect and mitigate potential threats with higher accuracy. Customers can further refine rate-based rules by using WAF match conditions, allowing customers to limit the scope of inspection to specific URLs of their website or to traffic coming from specific referrers.

There is no additional cost for using this feature, however standard AWS WAF charges still apply. For more information about pricing, visit the AWS WAF Pricing page. This feature is available in all AWS regions except the AWS GovCloud (US), Zurich (Europe), Spain (Europe), Hyderabad (Asia Pacific), and Melbourne (Australia) Regions. Support for these regions is expected later. To learn more, see the AWS WAF developer guide. For more information about the service, visit the AWS WAF page.

Amazon Kendra releases Gmail Connector to enable messaging search

Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. AWS customers can now use the Amazon Kendra Gmail Connector to index and search messages from Gmail.

Critical information can be scattered across multiple data sources in an enterprise, including messaging platforms like Gmail. Amazon Kendra customers can now use the Kendra Gmail Connector to index messages and search for information across this content using Kendra Intelligent Search.

The Amazon Kendra Gmail connector is available in all AWS regions where Amazon Kendra is available. 

Amazon RDS now supports M6i and R6i database instances in 16 new regions

Amazon Relational Database Service (RDS) now supports M6i and R6i in US East (N. Virginia, Ohio), US West (Oregon, N. California), Europe (Ireland, London, Paris, Stockholm, Milan, Frankfurt), Asia Pacific (Mumbai, Seoul, Hong Kong, Singapore, Tokyo, Sydney), Canada (Central), South America (São Paulo), Africa (Cape Town), and Middle East (Bahrain).

M6i and R6i instances are powered by 3rd generation Intel Xeon Scalable processors, providing up to 16% better price/performance than equivalent M5 and R5 instances and 27% better price/performance than equivalent M4 and R4 instances. M6i instances provide a new instance size of 32xlarge with 128 vCPUs and 512 GiB of memory, 33% more memory than the largest M5 instances.

Similarly, for workloads that benefit from more memory, you can use R6i.32xlarge that has 128 vCPUs and 1024 GiB of memory, 33% more memory than the largest R5 instances. These instances give you up to 50 Gbps of networking speed and 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS), twice that of M5 and R5 instances.

M6i and R6i instances are available on Amazon RDS for PostgreSQL version 15.2 and higher, 14.3 and higher, 13.7 and higher, 12.11 and higher, and 11.16 and higher. M6i and R6i instances are available on Amazon RDS for MySQL version 8.0.28 and higher, and Amazon RDS for MariaDB version 10.6.8 and higher, 10.5.16 and higher, and 10.4.25 and higher.

AWS Elemental MediaTailor now supports query parameter pass through

With AWS Elemental MediaTailor you can now initialize playback sessions with query parameter metadata that will be written into the personalized manifests as query parameters for subsequent manifest requests.

This new feature allows you to pass key information at session initialization that the player will continue to send for every manifest request in the form of URI query parameters. This functionality lets you use MediaTailor in more advanced CDN workflows that include dynamic origin routing and to pass token key value pairs that are evaluated by the CDN for every manifest request. 

Amazon Kendra releases Adobe Experience Manager On-Premise Connector

Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. Starting today, AWS customers can use the Amazon Kendra Adobe Experience Manager On-Premise Connector to index and search documents from Adobe Experience Manager.

Critical information can be scattered across multiple data sources in an enterprise, including messaging platforms like Adobe Experience Manager. Amazon Kendra customers can now use the Kendra Adobe Experience Manager On-Premise Connector to index Assets, Pages, Page Components and Content Fragments from their Adobe Experience Manager On-Premise repository and search for information across this content using Kendra Intelligent Search.

Amazon Braket supports new trapped-ion quantum computer named Aria from IonQ

Amazon Braket, the quantum computing service from AWS, adds support for Aria, IonQ’s largest and highest fidelity publicly available device to date. With Aria, customers can also experiment with IonQ’s built-in error mitigation techniques for the first time, a key tool to get the most out of today’s noisy quantum hardware.

Furthermore, customers can now choose between two trapped-ion devices, including the current IonQ Harmony device, allowing them to compare and contrast quantum hardware characteristics by only changing a few lines of code. Finally, the availability of each IonQ device is now expanded to 15 hours per day on weekdays.

With this launch, customers can use the familiar Braket SDK and APIs to access the latest 25-qubit device from IonQ, including full support for recent features such as verbatim compilation and native gates. Additionally, customers can use Aria to experiment with error mitigation, which aims to reduce systematic errors in noisy quantum systems by splitting a circuit into an ensemble, and post-processing the outputs. On Aria, customers can now develop quantum algorithms with and without error mitigation, exploring the effects of this technology on result quality. 

The IonQ Aria device is available starting today in the US East (N. Virginia) Region. Researchers at accredited institutions can apply for credits to support experiments on Braket through the AWS Cloud Credits for Research program. 

Amazon Kendra releases Adobe Experience Manager Cloud Connector

Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. Starting today, AWS customers can use the Amazon Kendra Adobe Experience Manager Cloud Connector to index and search documents from Adobe Experience Manager.

Critical information can be scattered across multiple data sources in an enterprise, including messaging platforms like Adobe Experience Manager Cloud repository. Amazon Kendra customers can now use the Kendra Adobe Experience Manager Cloud Connector to index Assets, Pages, Page Components and Content Fragments from their Adobe Experience Manager Cloud repository and search for information across this content using Kendra Intelligent Search.  

The Amazon Kendra Adobe Experience Manager Cloud connector is available in all AWS regions where Amazon Kendra is available. 

AWS Config advanced queries support 62 new resource types

AWS Config supports 62 new resource types in advanced queries. The advanced queries feature provides a single query endpoint and a powerful query language to get current resource state metadata without performing service-specific describe API calls. You can use configuration aggregators to run the same queries from a central account across multiple accounts and AWS Regions.

With this launch, customers can now use AWS Config advanced queries to query the current configuration state of AWS resources based on configuration properties for a single account and AWS Region or across multiple accounts and AWS Regions for the following newly supported resource types:

AWS::AutoScaling::WarmPool
AWS::Budgets::BudgetsAction
AWS::CodeDeploy::Application
AWS::CodeDeploy::DeploymentConfig
AWS::CodeDeploy::DeploymentGroup
AWS::CodeGuruReviewer::RepositoryAssociation
AWS::Connect::PhoneNumber
AWS::CustomerProfiles::Domain
AWS::DeviceFarm::TestGridProject
AWS::DMS::Certificate
AWS::DMS::EventSubscription
AWS::DMS::ReplicationInstance
AWS::DMS::ReplicationSubnetGroup
AWS::DMS::ReplicationTask
AWS::EC2::DHCPOptions
AWS::EC2::IPAM
AWS::EC2::TrafficMirrorFilter
AWS::EC2::TrafficMirrorSession
AWS::EC2::TrafficMirrorTarget
AWS::EKS::Addon
AWS::EKS::IdentityProviderConfig
AWS::Events::Connection
AWS::Events::Rule
AWS::EventSchemas::Schema
AWS::Glue::MLTransform
AWS::ImageBuilder::ContainerRecipe
AWS::ImageBuilder::DistributionConfiguration
AWS::ImageBuilder::InfrastructureConfiguration
AWS::IoT::AccountAuditConfiguration
AWS::IoT::CustomMetric
AWS::IoT::Policy
AWS::IoT::ScheduledAudit
AWS::IoTTwinMaker::Scene
AWS::IoTTwinMaker::Workspace
AWS::IVS::Channel
AWS::IVS::PlaybackKeyPair
AWS::IVS::RecordingConfiguration
AWS::Kinesis::Stream
AWS::Kinesis::StreamConsumer
AWS::KinesisVideo::SignalingChannel
AWS::Lex::Bot
AWS::Lex::BotAlias
AWS::LookoutVision::Project
AWS::MSK::Cluster
AWS::NetworkManager::TransitGatewayRegistration
AWS::Pinpoint::ApplicationSettings
AWS::Pinpoint::Segment
AWS::RoboMaker::RobotApplication
AWS::RoboMaker::RobotApplicationVersion
AWS::RoboMaker::SimulationApplication
AWS::Route53RecoveryControl::Cluster
AWS::Route53RecoveryControl::ControlPanel
AWS::Route53RecoveryControl::RoutingControl
AWS::Route53RecoveryControl::SafetyRule
AWS::Route53RecoveryReadiness::ResourceSet
AWS::S3::MultiRegionAccessPoint
AWS::SES::ConfigurationSet
AWS::SES::ContactList
AWS::SES::ReceiptFilter
AWS::SES::ReceiptRuleSet
AWS::SES::Template
AWS::AppStream::DirectoryConfig

 

AWS Config support for these new resource types in advanced queries is available to AWS Config customers in all supported Regions where the underlying resource type is available.

Amazon QuickSight launches Common Sub-expression Elimination for SPICE performance optimization

Amazon QuickSight is excited to announce the launch of Common Sub-expression Elimination (CSE) - a performance optimization initiative for better query generation for SPICE datasets. The CSE improves QuickSight user experience through pushing down repeated use of complex expressions into intermediate tables hence simplify complex queries, such as for totals/subtotals, top bottom filter, conditional formatting, and “others” bucket for charts, etc.

Through the CSE query optimization, customers would observe faster loading dashboards, especially for complex dashboards and time-consuming interactions. Currently, the CSE is released with SPICE datasets only. There is no customer configuration needed, the backend change will seamlessly apply to the QuickSight usage.

The new SPICE CSE optimization is now available in Amazon QuickSight Standard and Enterprise Editions in all QuickSight regions - US East (N. Virginia and Ohio), US West (Oregon), Canada, Sao Paulo, Europe (Frankfurt, Ireland and London), Asia Pacific (Mumbai, Seoul, Singapore, Sydney and Tokyo), and the AWS GovCloud (US-West) Region. Customers don’t need to make any change from their side, the change will seamlessly apply to all QuickSight users.

Amazon Omics adds pre-built bioinformatic workflows with predictable pricing

This week, Amazon Omics announces the availability of Ready2Run workflows, a set of pre-built workflows from third-party software companies and open-source pipelines. With just a few clicks or a single API call, customers can run pre-built pipelines to perform primary analysis such as converting base calls to FASTQ files, secondary analysis such as gene expression or variant calling, and tertiary analysis such as protein structure prediction.

Ready2Run workflows are priced-per-run to give customers predictable pricing. We are launching with 35 Ready2Run workflows, which are a combination of workflows built by Element Biosciences, NVIDIA, and Sentieon Inc, as well as popular open-source pipelines developed by the life sciences community.

Amazon Omics is a fully managed service that helps healthcare and life science organizations build at-scale to store, query, and analyze genomic, transcriptomic, and other omics data. By removing the undifferentiated heavy lifting, customers can generate deeper insights from omics data to improve health and advance scientific discoveries.

Ready2Run workflows are available in all AWS Regions where Amazon Omics is generally available: US East (N. Virginia), US West (Oregon), Europe (Frankfurt, Ireland, London), and Asia Pacific (Singapore).

Amazon Omics now supports direct upload to Omics storage and automatic variant data parsing

This week, Amazon Omics announces a new capability for direct data ingestion to Omics storage. Omics storage enables customers to store FASTQ, BAM, and CRAM files at a cost-effective price at scale. Previously, Omics had an asynchronous batch upload process for bulk loading of sequence readsets. This new capability adds a simple synchronous upload capability.

The multi-part direct upload APIs will now allow customers to upload their data directly to the sequence stor­­e. This functionality allows customers to integrate existing processing pipelines and/or sequencers to directly write their outputs to a sequence store. Additionally, the transfer manager utility has been updated so that customers can directly upload large files with a single python command.

Amazon Omics is a fully managed service that helps healthcare and life science organizations and their software partners store, query, and analyze genomic, transcriptomic, and other omics data and then generate insights from that data to improve health and advance scientific discoveries.

AWS Clean Rooms is now Health Insurance Portability and Accountability Act (HIPAA) eligible

AWS Clean Rooms is now a Health Insurance Portability and Accountability Act of 1996 (HIPAA) eligible service, enabling covered entities and their business associates to use AWS Clean Rooms to process, maintain, and store protected health information. If you have an executed Business Associate Addendum (BAA) with AWS, you can now use AWS Clean Rooms for workloads that are subject to HIPAA compliance.

AWS Clean Rooms helps companies and their partners more easily and securely analyze and collaborate on their collective datasets—without sharing or copying one another’s underlying data. Companies can deploy their own clean rooms without having to build, manage, or maintain their own solutions and without moving data outside of their AWS environment.

With HIPAA eligibility, healthcare and life sciences companies can create an AWS Clean Rooms collaboration in minutes with their partners, and analyze their collective data for use cases such as improving patient care journeys, analyzing proprietary scientific data, improving clinical registry and trials, and accelerating research and development.

AWS Systems Manager Patch Manager now supports Ubuntu 22.04

Patch Manager, a capability of AWS Systems Manager, now supports patch deployments for instances running Ubuntu 22.04. Patch Manager enables you to automatically patch nodes with both security related and other types of updates across your infrastructure.

Patch Manager supports a variety of common operating systems, including Windows Server, Amazon Linux, and Red Hat Enterprise Linux (RHEL). For a full list of supported operating systems, see the Patch Manager prerequisites user guide page.

Amazon Timestream now supports unloading data to Amazon S3

Amazon Timestream now enables you to export your query results to Amazon S3 in a cost-effective and secure manner using the new UNLOAD statement.

Using the UNLOAD statement, you can now export query results to a selected S3 bucket in either the Apache Parquet or Comma Separated Values (CSV) format, which provides flexibility to store, combine, and analyze your time series data using other services.

The UNLOAD statement allows you to export the data in a compressed manner and also partition the data based on selected attributes, which reduces the storage space required and processing time for downstream services accessing the data. In addition, you can encrypt your exported data using Amazon S3 managed keys (SSE-S3) or AWS Key Management Service (AWS KMS) managed keys (SSE-KMS), preventing unauthorized access. 

You can now export gigabytes of data in a single query request in the supported formats, which enables you to more easily build data lakes and combine with non-time series data to derive complex business insights. You can execute an UNLOAD statement using the Timestream console, API, or CLI and the functionality is available in all AWS Regions where Timestream is available, listed here.

Amazon Omics announces support for Graphical Processing Units for workflows

This week, Amazon Omics announces support for NVIDIA T4 and a10 graphical processing units (GPUs) for Omics workflows. Omics private workflows allows customers to bring their own workflow scripts and specify the compute resources that they need for each task in their workflow. Customers can now enable NVIDIA T4 and a10g GPUs for use in Omics private workflows to support accelerated and AI-based genomics analysis with NVIDIA Parabricks and open-source protein folding pipelines.

Amazon Omics is a fully managed service that helps healthcare and life science organizations build at-scale to store, query, and analyze genomic, transcriptomic, and other omics data. By removing the undifferentiated heavy lifting, customers can generate deeper insights from omics data to improve health and advance scientific discoveries.

Advanced sampling now available in AWS Distro for OpenTelemetry

This week, AWS are announcing the general availability of the tail sampling processor and the group-by-trace processor in the AWS Distro for OpenTelemetry (ADOT) collector. ADOT is a secure, production-ready, AWS supported distribution of the OpenTelemetry project. With this release, customers can use the ADOT collector for advanced distributed trace sampling use cases. 

Customers can now apply tail sampling for traces with the ADOT collector. Sampling of traces allows customers to control the volume of traces ingest in service such as AWS X-Ray and can help reduce costs. Tail sampling enables customers to make the sampling decision when all of the trace’s spans are completed.

Due to this, customers can define sampling policies such as “ingest 100% of all error cases and 5% of all success cases”. With tail sampling, customers can achieve better collector load characteristics, induce lower compute resource usage, and reduce the costs of storing traces in a distributed tracing backend such as AWS X-Ray or Amazon OpenSearch.

Amazon Textract updates its Queries feature within Analyze Document API

Amazon Textract is a machine learning service that automatically extracts text, handwriting, and data from any document or image. We regularly improve the underlying machine learning models based on customer feedback to deliver better accuracy and latency. Today, we are pleased to announce quality enhancements to our Queries feature available via the AnalyzeDocument API. 

Queries allows customers to specify and extract information from documents in question-answer pairs. The latest Queries update improves data extraction accuracy across 14 new documents types such as certificates of insurance, coverage declarations, renters policy documents, payoff statements, and utility bills.

Customers across industries like insurance, mortgage and real estate utilize these documents in their business processes and will automatically see the benefits of this update when they use Textract’s Queries extraction feature. We have also delivered enhancements to the underlying machine learning models resulting in reduced latency when calling AnalyzeDocument API with Queries feature enabled.

 


 

Getting_Started_gcp_logo
Google Cloud Releases and Updates
Source: cloud.google.com

 

AlloyDB for PostgreSQL 

The AlloyDB FORCE_APPLY update policy is available in Preview. Use this policy to modify database flags and apply updates faster (within 1-2 minutes) to an instance.

Anthos clusters on AWS / Azure / VMware

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-005 security bulletin.

App Engine standard environment PHP

The PHP 8.2 runtime for App Engine standard environment is now generally available.

Batch

Preview: Integrate a job into a workflow using the Batch API connector for Workflows.

BigQuery

You can now sort your query results by using the sort menu next to a column name. This feature is in preview.

 

The VPC Service Controls perimeter that protects the BigQuery API now also protects the BigQuery Reservation API. Customers who have already configured VPC Service Controls for the BigQuery API or the BigQuery Reservation API should update their configurations to reflect this change. For more information, see BigQuery Reservation API.

Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

  • BigqueryMigration
    • bigquerymigration.googleapis.com/MigrationWorkflow

The following resource types are now publicly available through the Export APIs (ExportAssetsListAssets, and BatchGetAssetsHistory) and Feed API.

Cloud Functions

Cloud Functions has added support for a new runtime, PHP 8.2, at the General Availability release level. PHP 8.2 adds significant new functionality over PHP 8.1 and uses Ubuntu 22.04 for its base O/S image.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Logging

You can now customize the time range of your queries in the Log Analytics page by using the time-range selector. There are several time range options, such as preset times, custom start and end times, and relative time ranges. For more information, see Filter by time.

Cloud Monitoring

Cloud Monitoring now provides GA support to prevent alerting policies from sending notifications and creating incidents during specific time periods. For general information, see Snooze notifications and alerts. For information about how to create, view, and modify a snooze, see Create and manage snoozes.

The new interface for creating charts with Metrics Explorer is GA. For more information, see Create charts with Metrics Explorer.

Cloud SQL for SQL Server

You can now use the point-in-time-recovery (PITR) feature and read replicas on the same primary instance. For more information, see Point-in-time Recovery.

Cloud Trace

Version 2.31.0 of the Ops Agent introduces preview support for an OpenTelemetry Protocol (OTLP) receiver. You can use this receiver to collect custom traces and metrics from applications written by using OpenTelemetry SDKs. For more information, see Collect OTLP traces.

Compute Engine

The image import tool now supports importing Rocky Linux 9 images to Google Cloud.

Generally available: The local SSD quota per machine family (LOCAL_SSD_TOTAL_GB_PER_VM_FAMILY) is generally available. Use the quota metric compute.googleapis.com/local_ssd_total_storage_per_vm_family instead of compute.googleapis.com/local_ssd_total_storage to view the quota usage and limits for local SSD in your project. For more information, see Migrate local SSD quota to local SSD quota per machine family.

GKE

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. GKE Standard clusters are affected. For more information, see the GCP-2023-005 security bulletin

Kubernetes 1.27 is now available in the Rapid channel. For more information about the content of Kubernetes 1.27, read the Kubernetes 1.27 Release Notes

Google Cloud Deploy

Security insights for container images are now available on the release details page.

Google Cloud VMware Engine

VMware Aria Operations for Logs is now certified for Google Cloud VMware Engine. You can use VMware Aria Operations for Logs to collect and manage logs from VMware Engine and on-prem environments into a centralized solution.

VMware Aria Operations for Logs with VMware Engine enables more operational visibility and intelligent analytics for both troubleshooting and auditing purposes, making it easier for you to manage and operate your VMware Engine environment. See the VMware blog announcement for more information.

Network Intelligence Center

Network Analyzer is now integrated with the Transparency and Control Center. Google Cloud users can now use this feature to opt out of analysis. For more information, see Opting out of data processing.

Pub/Sub 

BigQuery subscriptions now support the NUMERIC and BIGNUMERIC data types. For more information, see Schema compatibility.

Security Command Center 

With project-level activations of the Security Command Center Premium tier, you can now enable certain Premium-tier threat and vulnerability findings that require organization-level access by activating the Standard tier at the organization level in addition to your project-level activation. These finding categories were previously unsupported with project-level activations.

For more information, see Premium tier feature support with project-level activations.

The pricing for project-level activations of Security Command Center has been reduced by lowering the Security Command Center rate for the usage of the following Google Cloud services:

  • Compute Engine
  • GKE-Autopilot
  • App Engine
  • Cloud SQL

For more information, see Pricing for project-level activations.

Vertex AI 

Vertex Prediction

You can now co-host models on the same VM from the Google Cloud Console. Previously, this capability was available only from the REST API. For more information, see Share resources across deployments.

Vertex AI custom training now supports deep integration with Vertex AI Experiments. You can submit training jobs with autologging enabled to automatically log parameters and model performance metrics. For more information, see Run training job with experiment tracking

The scheduler API for Vertex AI Pipelines is now available in Preview. You can schedule recurring pipeline runs in Vertex AI by specifying a frequency, start time (optional), and end time (optional). For more information, see Schedule a pipeline run with scheduler API.

VPC

Private Service Connect service connectivity automation is available in Preview. Service connectivity automation lets service producers automate deployment and service connectivity to eligible managed services on behalf of consumers.

Global access for Private Service Connect endpoints for published services is available in General Availability. When global access is configured, clients in any region can send traffic to Private Service Connect endpoints.

 

Workflows

Support for a Batch API connector is available in Preview.

 


Getting_Started_Azure_Logo
Microsoft Azure Releases And Updates
Source: azure.microsoft.com

 

Public Preview: Azure NetApp Files Standard Network Features - Edit Volumes

Azure NetApp Files now supports ability to edit existing ANF volumes and upgrading Basic network features to Standard network features.

Public preview: Rolling Upgrades with MaxSurge for Virtual Machine Scale Sets

Rolling Upgrades with MaxSurge provides you a new way of upgrading VM instances in a Virtual Machine Scale Set to the latest scale set model.

Generally available: Azure Site Recovery update rollup 67 - May 2023

This article describes the improvements for the latest version of Azure Site Recovery components. 

General availability: Azure Data Explorer adds new geospatial capabilities

Azure Data Explorer now supports geospatial analysis with three new functions: geo_point_buffer, geo_line_buffer, and geo_polygon_buffer. These functions let you create polygonal buffers around points, lines, or polygons.

General Availability: Routing Intent and Virtual WAN Integrated Firewall NVAs

Routing intent supports inter-region/inter-hub traffic inspection and branch-to-branch traffic inspection for Azure Virtual WAN.

Azure Backup Reports now includes support for more workloads

Azure Backup Reports now includes support for more workloads: Azure Database for PostgreSQL Servers, Azure Blobs and Azure Disks.

Public preview: Optimize your workloads for reliability using new workbook template in Azure Advisor

Evaluate the reliability posture of your workloads, assess risks and plan improvements using the new Reliability workbook template which is now available in Azure Advisor.

General availability: Seamlessly upgrade your Application Gateway V2 WAF configuration to a policy

Azure’s regional Web Application Firewall (WAF) on Application Gateway now supports a fully automated experience when upgrading your WAF from configuration to policy.

App Service now supports Custom Error pages in public preview

 

App Service supports custom error pages in public preview

Transition to Azure AD to query data from Azure Monitor application insights by 31 March 2026

TARGET RETIREMENT DATE: MARCH 31, 2026

API keys for querying data from Azure Monitor application insights will be retired on 31 March 2026

Switch to Azure AD authentication for application insights by 30 September 2025

TARGET RETIREMENT DATE: SEPTEMBER 30, 2025

API keys used to stream live metrics telemetry into application insights will be retired on 30 September 2025.

Microsoft Azure Payment HSM Service now supports two host IP network interfaces

Azure Payment HSM Service now supports two host IP network interfaces

Public preview: Azure Container Storage

Azure Container Storage is a new Azure service built natively for containers that enables customers to create and manage volumes for running production scale stateful container applications.

General Availability : Azure Monitor for SAP solutions

This is a GA launch announcement blog for Azure Monitor for SAP solutions.

Private preview: Azure Backup support for confidential VMs using Customer Managed Keys

Azure Backup support for confidential VMs using Customer Managed Keys

Generally available: Policy analytics for Azure Firewall

Policy analytics for Azure Firewall, now in general availability, provides enhanced visibility into traffic flowing through Azure Firewall, enabling the optimization of your firewall configuration without impacting your application performance.

General Availability: Azure Center for SAP solutions

TARGET AVAILABILITY: Q2 2023

Azure Center for SAP solutions brings together an integrated set of capabilities for deploying and managing SAP landscapes by making Azure SAP aware. You can take advantage of the management capabilities for both new and your existing Azure-based SAP systems.

 

  

All_Hava_Diagrams

Have you tried Hava automated diagrams for AWS, Azure, GCP and Kubernetes.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.

Not knowing exactly what is in your cloud accounts, or those of your client's can be a worry. What exactly is running in there and what is it costing? What obsolete resources are you still being charged for? What legacy dev/test environments can be switched off? What open ports are inviting in hackers? You can answer all these questions with Hava.
 
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure, GCP accounts or stand alone K8s clusters. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
 
Check out the 14 day free trial here (No credit card required and includes a forever free tier):


Learn More!

 

Topics: aws azure gcp news
Team Hava

Written by Team Hava

The Hava content team

Featured