This week's roundup of all the cloud news.
Here's a cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday 20th May 2022.
Lots happening in cloud computing and especially in the Hava ecosystem. This week saw the release of GKE auto imports. When GKE workloads are detected a new auto generated GKE diagram is produced.
To stay in the loop, make sure you subscribe using the box on the right of this page.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
The Amazon Chime SDK lets developers add intelligent real-time audio, video, and screen share to their web applications. The Amazon Chime SDK client libraries for iOS and Android now include video background replacement and blur, which developers can use to reduce visual distractions and help increase visual privacy for mobile users.
Video is processed locally on each user’s device before it is shared into the meeting. The background can either be replaced with an image, or obscured with an adjustable strength blur effect. Users can preview and adjust how their video background is processed prior to joining a session, and at any time during a session.
Incident Manager, a capability of AWS Systems Manager, announced expanded support for runbook automation to speed up incident diagnosis and resolution. AWS Systems Manager is the operations hub for your AWS applications and resources, helping you automate reactive processes to quickly diagnose and remediate operational issues. Customers can now build incident runbooks that automatically run remediation actions on the involved resources, such as turning on auto-scaling on a DynamoDB table that is approaching capacity before engaging the on-call engineer. Customers can also invoke additional runbooks directly from the Incident Manager console to help resolve the incident faster.
When an incident is started, Incident Manager can now populate runbook parameter values, such as the incident ID or AWS resources specified in CloudWatch alarms and EventBridge events. This enables customers to automate additional diagnosis or mitigation actions from their AWS Systems Manager Automation documents. The Incident Manager console tracks runbook progress and additional runbook executions to help organize your response.
Starting this week, when you create a new predictive scaling policy, Amazon EC2 Auto Scaling goes back 14 days to generate capacity forecasts for the past dates, enabling you to see how predictive scaling would have scaled your Auto Scaling group. This allows you to quickly decide if the predictive scaling policy is accurate for your applications by comparing the demand and capacity forecasts against the actuals immediately after you create a predictive scaling policy. Previously, you would have had to wait at least a few days after creating the policy to build up sufficient forecast history for the same comparison to determine the forecast accuracy.
Amazon EC2 Auto Scaling is a service that helps you meet application demand by automatically adding or removing EC2 instances to an Auto Scaling group according to the conditions you define. In addition to offering dynamic scaling policies that react to demand changes, Auto Scaling offers you predictive scaling policies that can proactively change the size of your Auto Scaling group in advance of predictable demand spikes. This helps you maintain high application availability and responsiveness without the need to overprovision, resulting in lower EC2 costs.
Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. Amazon customers can now use The Amazon Kendra Jira Cloud connector to index documents from Atlassian Jira.
Critical information can be scattered across multiple data sources in an enterprise. Organizations use agile project management platforms such as Atlassian Jira to enable teams to collaborate to plan, track, and ship deliverables. Amazon customers can now use the Amazon Kendra Jira Cloud connector to index issues, comments, and attachments in your Jira projects, and search this content using Amazon Kendra intelligent search. With this, organizations can now provide relevant search results to users seeking answers to their questions, or looking for issues that solve a certain customer issue.
Amazon MQ now provides support for RabbitMQ version 3.8.30, which includes several fixes to the previously supported version, RabbitMQ 3.8.27. Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easier to set up and operate message brokers on AWS. You can reduce your operational burden by using Amazon MQ to manage the provisioning, setup, and maintenance of message brokers. Amazon MQ connects to your current applications with industry-standard APIs and protocols to help you easily migrate to AWS without having to rewrite code.
If you are running RabbitMQ 3.8.27 or earlier, AWS encourage you to upgrade to RabbitMQ 3.8.30 or RabbitMQ 3.9.16. This can be accomplished with just a few clicks in the AWS Management Console. If your broker has automatic minor version upgrade enabled, AWS will automatically upgrade the broker to version 3.8.30 during a future maintenance window. To learn more about upgrading, please see - Managing Amazon MQ for RabbitMQ engine versions in the Amazon MQ Developer Guide.
Amazon MQ now provides support for RabbitMQ version 3.9.16, which includes several fixes to the previously supported version, RabbitMQ 3.9.13.
Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easier to set up and operate message brokers on AWS. You can reduce your operational burden by using Amazon MQ to manage the provisioning, setup, and maintenance of message brokers. Amazon MQ connects to your current applications with industry-standard APIs and protocols to help you easily migrate to AWS without having to rewrite code.
AWS Glue Visual Job APIs are now generally available, allowing AWS customers to programmatically create, read, update, and delete AWS Glue studio visual jobs. AWS Glue Studio provides an intuitive visual interface for users to author data integration jobs. Customers want to programmatically create visual jobs in AWS Glue Studio so that they could migrate from other ETL tools and copy jobs to other environments.
With the new API, customers can use the GetJob and CreateJob actions to copy AWS Glue Studio between accounts while retaining the job’s visual representation. Visual Job APIs also help customers create accelerators to migrate from other ETL tools to AWS Glue without manually re-coding jobs.
Amazon Connect now allows you to use Amazon Connect Customer Profiles in Asia Pacific (Seoul) AWS region. When a customer contacts your customer service department, you can now provide your agents and interactive voice response (IVR) solutions with up to date information about the customer, enabling faster and more personalized customer service. Customer Profiles brings together customer information (e.g, address, purchase history, contact history) from multiple applications such as Salesforce, Amazon S3, and ServiceNow into a unified customer profile.
AWS App Mesh now supports IPv6 allowing customers to support workloads running in IPv6 networks and to invoke App Mesh APIs over IPv6. This helps customers to meet IPv6 compliance requirements, and removes the need for expensive networking equipment to handle address translation between IPv4 and IPv6. AWS App Mesh is a service mesh that provides application-level networking to make it easier for your services to communicate with each other across multiple types of compute infrastructure. AWS App Mesh standardizes how your services communicate, giving you end-to-end visibility and options to tune for high-availability of your applications.
With this new capability, you can configure your mesh to support workloads in IPv6 networks and use AWS App Mesh’s new dual-stack endpoints which support both IPv4 and IPv6. The new dual stack endpoints in AWS App Mesh have the format appmesh.region.api.aws. For example, the dual-stack endpoint in US East (N. Virginia) is appmesh.us-east-1.api.aws. When you make a request to a dual-stack App Mesh endpoint, the endpoint resolves to an IPv6 or an IPv4 address, depending on the protocol used by your network and client.
Developers can now use the AWS Encryption SDK for .NET to help protect their data. This open-source release makes it easier for developers to encrypt and decrypt their data when building applications using the .NET developer platform.
AWS Resilience Hub now supports Amazon Elastic Container Service (Amazon ECS), Amazon Route 53, AWS Elastic Disaster Recovery, AWS Backup, and the ability to use Terraform as a source to upload applications. With this expansion of supported resources, you can use Resilience Hub to prepare and protect even more of your applications from disruptions.
Alongside the newly supported services, we have updated how your application’s resilience score is calculated. The new resilience score reflects a combination of operational recommendations and policy compliance. This gives you a more inclusive indicator of your application’s readiness for different disruption scenarios.
In addition, Resilience Hub now runs daily assessments on new applications automatically. You can manually activate this feature on existing applications and deactivate this feature at any time.
Resilience Hub provides you with a single place to define, validate, and track the resilience of your applications so that you can avoid unnecessary downtime caused by software, infrastructure, or operational disruptions. Resilience refers to the ability of your applications to maintain availability and recover from disruptions within a specified target measured in terms of recovery time objective (RTO) and recovery point objective (RPO). With Resilience Hub, you can identify and resolve issues before they occur in production.
Amazon QuickSight now supports 1-click public embedding, a feature that allows you to embed your dashboards into public applications, wikis, and portals without any coding or development. Once enabled, anyone on the internet can start accessing these embedded dashboards with to up-to-date information instantly, without server deployments or infrastructure licensing needed! 1-click public embedding helps you empower your end users with access to insights in minutes.
AWS Backup now allows you to protect your Amazon FSx for NetApp ONTAP file systems, helping you meet your centralized data protection and regulatory compliance needs. Amazon FSx for NetApp ONTAP is a fully managed AWS service that allows you to run NetApp ONTAP file systems in the AWS Cloud. You can now use AWS Backup’s policy-based capabilities to centrally protect Amazon FSx for NetApp ONTAP along with other AWS services for storage, database, and compute that AWS Backup supports. You can protect your Amazon FSx for NetApp ONTAP file systems with immutable backups, and generate auditor-ready reports to prove compliance of your data protection policies.
AWS Backup now allows you to protect your Amazon FSx for OpenZFS file systems, helping you meet your centralized data protection and regulatory compliance needs. Using AWS Backup’s seamless integration with AWS Organizations, you can centrally create and manage immutable backups of Amazon FSx for OpenZFS file systems across all your accounts, protect your data from inadvertent or malicious actions, and restore the data with a few simple clicks. Additionally, you can generate unified auditor-ready reports to demonstrate compliance status of your organizational data protection policies.
Amazon FSx for OpenZFS is a fully managed file storage service that makes it easy to move data residing in on-premises ZFS or other Linux-based file servers to AWS without changing your application code or how you manage data. AWS Backup is a policy-based service that provides you a fully managed experience to centralize and automate data protection of your application data spanning across AWS services for compute, database, and storage, which now includes Amazon FSx for OpenZFS.
Amazon Redshift ML enables you to create, train, and deploy machine learning (ML) models using familiar SQL commands. With Amazon Redshift ML, you can leverage Amazon SageMaker, a fully managed machine learning service, without moving your data or learning new skills. Amazon Redshift now supports Amazon SageMaker Linear Learner algorithm for creating models with Amazon Redshift ML.
You can use linear learner algorithms for supervised training for either linear or logistic regression problems for use cases such as predicting sales of a product, determining marketing effectiveness, or to predict customer’s willingness to purchase a product or service. You can specify model_type as LINEAR_LEARNER with CREATE MODEL command to create a ML model with Linear Learner.
Amazon EC2 Auto Scaling now supports Predictive Scaling in the AWS GovCloud (US-West) Region. Predictive scaling can proactively scale out your Auto Scaling group to be ready for upcoming demand. This allows you to avoid the need to over-provision capacity, resulting in lower EC2 cost, while ensuring your application’s responsiveness. (Previously, Predictive Scaling was only available via AWS Auto Scaling Plans and only in public regions.) Support in the AWS GovCloud (US-West) Region allows U.S. government agencies and contractors to run sensitive workloads by addressing their specific regulatory and compliance requirements.
Amazon CloudWatch is introducing enhancements to the console experience, which improve dashboard data visualizations and console navigation. The enhancements include new dashboard widgets as well as more options to access frequently used dashboards, log groups and alarms.
At launch, customers can use three new or improved widgets to get an enhanced view of their system health. The gauge widget lets you visualize a number, such as memory utilization, in the context of minimum and maximum values. This allows you to easily see how close you are to a pre-determined threshold and proactively address any resulting issue, such as increasing memory capacity when you are close to a threshold representing capacity limits. We have also added a sparkline feature to the number widget, which helps you see the trend line of a number, so you can see how the latest value performs relative to recent history. And finally, with the new mini-map feature of the line widget, you can now zoom in within a line graph without losing the overall time range. This enables you to more easily navigate between different spikes and troughs without having to zoom out first.
Amazon Redshift has launched support for Snapshot Isolation for concurrent transactions. Amazon Redshift prevents dirty reads, non-repeatable reads, and phantom reads according to the SQL standards. The two options that Amazon Redshift offers to serialize transactions are SERIALIZABLE and SNAPSHOT ISOLATION. The SERIALIZABLE option will implement strict serializability, where a transaction could fail if the result could not be mapped to a serial order of the concurrently running transactions. The SNAPSHOT ISOLATION option will allow higher concurrency, where concurrent modifications to different rows in the same table would complete successfully. Under both options, transactions will continue to operate on the latest committed version, or a snapshot, of the database.
Amazon Neptune is now in scope for FedRAMP High in the AWS GovCloud (US-West) and AWS GovCloud (US-East) Regions, and FedRAMP Moderate in the US East (Ohio), US East (N. Virginia), US West (N. California), and US West (Oregon) Regions. You can now use Amazon Neptune to build applications for workloads that require FedRAMP High or Moderate authorization. This also accredits Amazon Neptune as a Department of Defense Cloud Computing Security Requirements Guide Impact Level 2 (DoD SRG IL-2) service in these regions.
AWS Glue can now connect to Apache Kafka using additional client authentication mechanisms. AWS Glue now supports SASL (Simple Authentication and Security Layer) using either SCRAM (Salted Challenge Response Authentication Mechanism) or GSSAPI (Kerberos).
AWS Glue supports data streams including Amazon Kinesis and Apache Kafka, applies complex transformations in-flight and loads it into a target data store for Analytics and Machine Learning. With this feature, you can now stream data from Apache Kafka producers that use SASL (SCRAM and GSSAPI) for client authentication. You can choose from these client authentication mechanisms when creating a Kafka connection in AWS Glue Studio or in AWS Console.
This week, AWS were pleased to announce the general availability of AWS support for Kubeflow v1.4. Kubeflow on AWS streamlines data science tasks and helps build highly reliable, secure, portable, and scalable ML systems with reduced operational overheads through integrations with AWS managed services. You can use this Kubeflow distribution to build ML systems on top of Amazon Elastic Kubernetes Service (Amazon EKS) to build, train, tune, and deploy ML models for a wide variety of use cases, including computer vision, natural language processing, speech translation, and financial modeling.
This week, AWS announced new functionality in AWS Control Tower that provides you the flexibility to use your existing security and logging accounts, or to have AWS Control Tower create new accounts on your behalf when setting up Control Tower or extending Control Tower governance to your existing AWS environment. The Security account is used as a restricted account that’s designed to give your security and compliance teams read and write access to all accounts in your landing zone. The Logging account works as a repository, storing logs of API activities and resource configurations from all accounts in your landing zone.
The use of your existing security and logging accounts makes it easier to extend Control Tower governance into your existing AWS Organizations, or to move to AWS Control Tower from an alternate landing zone. The option for you to use existing accounts is displayed during the initial landing zone setup. It includes checks during the setup process to ensure successful deployment. AWS Control Tower implements the necessary roles and controls on your existing accounts. It does not remove or merge any existing resources or data that is in these accounts.
Starting this week, Amazon EC2 I4i metal instances are available in Amazon Web Services (AWS) Regions - US East (Ohio and N. Virginia), US West (Oregon) and Europe (Ireland). Designed for storage I/O intensive workloads, I4i instances are powered by 3rd generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz, offer up to 30% better compute price performance over I3 instances, and always-on memory encryption using Intel Total Memory Encryption (TME). I4i metal instances deliver the highest local storage performance within Amazon EC2 and are designed for databases such as MySQL, Oracle DB, and Microsoft SQL Server, and NoSQL databases such as MongoDB, Couchbase, Aerospike, and Redis where low latency local NVMe storage is needed in order to meet application service level agreements (SLAs).
Google Cloud Releases and Updates
Anthos Config Management
Fixed metrics to use correct reconciler Pod name for multiple RootSync and RepoSync objects. The metrics are documented at Config Sync metrics
Anthos Clusters on VMware
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.
App Engine Flexible Environment for .Net / Go / Java / Node.js / PHP / Python / Ruby
Updated versions of ODBC and JDBC drivers for BigQuery are now available that include enhancements.
Cloud Asset Inventory
The following resource types are now publicly available through the Export APIs (
BatchGetAssetsHistory), the Feed API, and the Search APIs (
- Cloud Firestore
The following resource types are now publicly available through the Export APIs (
BatchGetAssetsHistory), the Feed API, and the Search APIs (
- Cloud KMS
Users can view build logs directly in GitHub or GitHub Enterprise without logging into Cloud Build. For more information, see Building repositories from GitHub and Building repositories from GitHub Enterprise. This feature is generally available.
The pricing for Google Cloud Managed Service for Prometheus has been reduced by 25-50%, depending on volume and usage. Existing pricing tiers have been reduced by 25%, and a new high-volume tier has been added at 50% of the current cost. For pricing details, see Cloud Monitoring pricing summary, and for a set of examples, see Pricing examples based on samples ingested.
You can now tag services using Resource Manager tags for fine-grained access control.
N2D VMs are now available in Paris, France
See VM instance pricing for details.
SecretManagerSecret (Issue #655).
Added support for
Fixed the reference configs for
spec.subsetting field to
spec.secondaryIpRange field to
RedisInstance from immutable to optional.
Deep Learning Containers
- TensorFlow Enterprise 2.9 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.
- Starting with PyTorch 1.11, PyTorch environments now support XLA by default.
- TensorFlow Enterprise patch releases: 2.6.4 and 2.8.1.
- Deep Learning Containers are now available on Artifact Registry.
Eventarc is now available in the following regions:
Version 1.21.11-gke.900 is now the default version in the Stable channel.
Google Cloud Armor
Google Cloud Deploy
Security Command Center
Updates were made to the applications that let you send Security Command Center data to to the following SIEM and SOAR platforms:
- Cortex XSOAR—see Sending Security Command Center data to Cortex XSOAR.
- Elastic Stack—see Sending Security Command Center data to Elastic Stack and Sending Security Command Center data to Elastic Stack using Docker.
- IBM QRadar—see Sending Security Command Center data to IBM QRadar.
TensorFlow Enterprise 2.9 is now available. Note that this TensorFlow Enterprise version does not include Long Term Version Support.
TensorFlow Enterprise 2.6 has been updated to 2.6.4.
TensorFlow Enterprise 2.8 has been updated to 2.8.1.
Traffic Director for GKE now supports using the Kubernetes Gateway APIs to create a service mesh.
Traffic Director control plane logging and monitoring now supports request count by zone, in addition to DS API Connected Streams and request count.
VPC Service Controls
General availability for the following integration:
Microsoft Azure Releases And Updates
Configure backup of your trusted launch Azure Virtual Machines through enhanced policy
The new dashboard catalog feature in Azure IoT Central allows for easier search, management, and navigation of dashboards.
You can now disable and enable any of the AKS supported CSI drivers using this API.
You can now have AKS take care of creating the Private Link Service association to the Kubernetes service identified by the frontend IP configuration of an internal Azure Load Balancer.
You can now store secrets in BYOK encrypted etcd using Key Management System (KMS).
You can now use a managed service mesh for Arc-enabled Kubernetes clusters.
You can now package and distribute management operations and functionalities that require host access while retaining versioning and deployment methods provided by containers.
Industrial IoT starts with Azure IoT Central. Now you can leverage the expertise of Industrial IoT Connectivity Partners who are ready to connect your industrial assets in hours instead of weeks – no matter if it’s modern or legacy equipment.
Stream Analytics now supports authenticating to Azure Cosmos DB and Azure Service Bus using Managed Identities.
Seamlessly perform conditional forwarding from on-prem to Azure Private DNS Zones and from Azure Virtual Networks to any target DNS server.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here: