In Cloud Computing This Week [May 27th 2022]

Amazon Lightsail now supports creating deployments for Lightsail container services using the container images on Amazon ECR private repositories. This launch will enable you to run containers with the simplified experience of Lightsail while utilizing the images you may already have in your private ECR repositories, thus enabling greater portability.

With just a few clicks, you will be able to create a trust relationship between your Lightsail container service and an Amazon ECR private repository in your AWS account, pick the container images and deploy them on your Lightsail container service, all without leaving the Lightsail console. There is no additional cost for using this feature on Lightsail. The usual cost for storing and using your images in Amazon ECR will apply. Lightsail already supports utilizing public images from sources like ECR public and DockerHub without having to link your private repositories and also the ability to upload container images directly to a container service at no extra cost.

AWS are excited to announce preview of Amazon EC2 P4de instances, these latest GPU-based instances provide the highest performance for machine learning (ML) training and High-Performance Computing (HPC) applications such as object detection, semantic segmentation, natural language processing, recommender systems, seismic analysis, and computational fluid dynamics.

P4de instances are powered by 8 NVIDIA A100 GPUs with 80GB high-performance HBM2e GPU memory, 2X higher than the GPUs in our current P4d instances. The new P4de instances provide a total of 640GB of GPU memory, which provide up to 60% better ML training performance along with 20% lower cost to train when compared to P4d instances. The improved performance will allow customers to reduce model training times and accelerate time to market. Increased GPU memory on P4de will also benefit workloads that need to train on large datasets of high-resolution data.

Amazon ElastiCache for Memcached has added support for Memcached version 1.6.12. This version is a cumulative update and contains all changes and improvements between version 1.6.6 to 1.6.12.

For the full list of improvements and bug fixes in Amazon ElastiCache for Memcached 1.6.12, see the release notes. You can create an Amazon ElastiCache cluster with Memcached 1.6.12 using the AWS Management Console, AWS CLI or the AWS SDK.

Memcached version 1.6.12 is now available in all AWS public and AWS GovCloud (US) Regions.

AWS Launch Wizard announces support for SQL Server Always On Failover Cluster Instances (FCI) with Amazon FSx for NetApp ONTAP. Now you can use a simple console wizard to deploy SQL Server FCI on Amazon EC2 with FSx for NetApp ONTAP as the shared storage. This feature will save you time and effort replacing a complex manual deployment process with a simple to use, guided wizard that accelerates the migration of your on-premises SQL Server workloads that rely on shared storage.

AWS Launch Wizard enables you to easily size, configure, and deploy SQL Server workloads on EC2. Customers choose SQL Server FCI for high availability because of its license-cost efficiency and simplified administration. FSx for NetApp ONTAP provides fully managed shared storage with the popular data access and management capabilities of ONTAP. You can now choose FSx for NetApp ONTAS as the FCI shared storage option in the Launch Wizard console. In addition, you can enable one-click monitoring of SQL Server with CloudWatch Application Insights to simplify post-deployment configuration. You can also choose to save the CloudFormation templates and associated configuration scripts to your Amazon S3 bucket for repeated deployments.

Amazon Web Services (AWS) announced the general availability of new general purpose Amazon Elastic Compute Cloud (Amazon EC2) M6id instances. M6id instances are powered by third generation Intel Xeon Scalable processors (code name Ice Lake) with an all-core turbo frequency of 3.5 GHz, equipped with up to 7.6 TB of local NVMe-based solid state disk (SSD) block-level storage, and deliver up to 15% better price performance compared to M5d instances.

Compared to previous generation instances, M6id instances offer up to 58% higher TB storage per vCPU and 34% lower cost per TB. M6id instances also come with always-on memory encryption by using Intel Total Memory Encryption (TME). Like all modern EC2 instances, M6id instances are built on AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers most of the compute and memory resources of the host hardware to your instances. M6id instances are ideal for workloads that require a balance of compute and memory resources along with high-speed, low-latency local block storage, including data logging and media processing. M6id instances will also benefit applications that need temporary storage of data, such as batch and log processing, and applications that need caches and scratch files.

To meet AWS customer demands for increased scalability, M6id instances provide a new instance size (32xlarge), with 128 vCPUs and 512 GiB of memory (both 33% more than the largest previous generation instances), and up to 20% higher-memory bandwidth per vCPU compared to previous generation instances. M6id instances also provide customers up to 50 Gbps of networking speed and 40 Gbps of bandwidth to Amazon Elastic Block Store, twice that of comparable previous generation instances. 

Amazon ElastiCache for Memcached now supports encryption of data in transit using Transport Layer Security (TLS) version 1.2. When using encryption in transit, all network traffic between your clients and Memcached cluster are encrypted.

You can easily set up in-transit encryption by enabling it when creating your Memcached cluster via the AWS Management Console, AWS CLI, or the AWS SDK. ElastiCache automatically manages the issuance, renewal, and expiration of your TLS certificates. TLS support was also added for Memcached PHP and Java clients, both available for download from the AWS Management Console for ElastiCache.

AWS Backup Audit Manager now allows you to audit and report on the compliance of your data protection policies for Amazon S3 and AWS Storage Gateway. Using AWS Backup Audit Manager, you can now continuously evaluate the backup activity of your Amazon S3 and AWS Storage Gateway resources and generate audit reports that can help you demonstrate compliance with organizational best practices or regulatory standards.

AWS Backup Audit Manager provides automated alerting that you can now use to identify your Amazon S3 and AWS Storage Gateway resources that are not attached to a backup plan, audit whether your backups are immutable using AWS Backup Vault Lock’s WORM (write-once, read-many) capabilities, and track whether your AWS Storage Gateway backups are protected by storing separable copies across AWS Regions and AWS accounts. You can use AWS Backup Audit Manager’s automated alerting to detect violations of your organizational data protection policies and take corrective actions to meet your business continuity and compliance needs.

This week, AWS are announcing the availability of Amazon CloudWatch metrics for usage monitoring on AWS Config. AWS Config tracks changes made to supported resources and records them as configuration items (CIs), which are then delivered to an Amazon Simple Storage Service (Amazon S3) bucket. Amazon CloudWatch metrics is a monitoring service which provides data about the usage of your systems, including the ability to search, graph, and build alarms on metrics about AWS resources. With this release, you can now use Amazon CloudWatch metrics to verify your setup and understand your usage of AWS Config.

To help you gain insight into your cloud environment, AWS Config now captures several usage metrics relating to your resources, such as the number of CIs recorded by resource type, the number of failed configuration history exports to your Amazon S3 buckets, and the number of times AWS Config recording received permissions errors from AWS Identity Access and Management (IAM). With these metrics, you can identify which resource types generated the most changes in your account and verify that your configuration recording is set up correctly. To visualize these metrics, Amazon CloudWatch dashboards are now available by default in the AWS Config console. They are also viewable in the Amazon CloudWatch metrics console, where you can set up Amazon CloudWatch alarms.

This week, AWS are announcing the general availability of two additional storage locations for AWS DataSync, an online data movement service that makes it easy to sync your data both into and out of the AWS Cloud. This release expands the number of supported storage locations from 10 to 12, spanning on-premises, edge, and other cloud storage services. With DataSync, you can quickly and securely access your data across various storage locations and move it to AWS to support your workflows, processing, and data retention needs, as well as share and exchange data across more locations.

With this release, DataSync now supports Google Cloud Storage and Azure Files storage locations in addition to Network File System (NFS) shares, Server Message Block (SMB) shares, Hadoop Distributed File Systems (HDFS), self-managed object storage, AWS Snowcone, Amazon Simple Storage Service (Amazon S3), Amazon Elastic File System (Amazon EFS), Amazon FSx for Windows File Server, Amazon FSx for Lustre, and Amazon FSx for OpenZFS.

AWS Single Sign-On (SSO) is now available in the AWS Asia Pacific (Osaka) region. For a full list of the regions where AWS SSO is available, see the AWS Regional Services List.

AWS Single Sign-On (AWS SSO) is where you create, or connect, your workforce identities in AWS once and manage access centrally across your AWS organization. You can choose to manage access just to your AWS accounts or cloud applications. You can create user identities directly in AWS SSO, or you can bring them from your Microsoft Active Directory or a standards-based identity provider, such as Okta Universal Directory or Azure AD. With AWS SSO, you get a unified administration experience to define, customize, and assign fine-grained access. Your workforce users get a user portal to access all of their assigned AWS accounts or cloud applications. AWS SSO can be flexibly configured to run alongside or replace AWS account access management via AWS IAM.

AWS AppSync is a fully managed service that enables developers to build digital experiences based on real-time data. With AppSync, you can easily configure data sources to push and publish real-time data updates to subscribed clients. AppSync handles connection management, scalability, fan-out and broadcasting, allowing you to focus on your application business needs instead of managing complex infrastructure.

AWS AppSync introduces a new simplified “Getting Started” experience in the console that allows customers to easily deploy a generic Pub/Sub API with a click of a button. Now, developers can start leveraging AppSync’s subscriptions with no or very little knowledge of GraphQL to deploy APIs for users to publish data and subscribe to receiving data in real-time. The new experience allows developers to download an auto-generated configuration and code that they can quickly integrate in their existing code base. The resulting generic pub/sub API can be added to an existing app to enable real-time updates, without changing how the app interacts with existing APIs or data sources. For developers just getting started, the experience also provides a code snippet that shows how to leverage the auto-generate code.

AWS Transit Gateway Network Manager now supports centralized management and monitoring of global networks across multiple AWS accounts within an organization, created using AWS Organizations. With this feature, Network Manager reduces the operational complexity of managing a large global network across AWS accounts over a single unified operational dashboard.

Until now, AWS customers could use Network Manager to monitor and visualize their global network for a single AWS account. With the launch of multi-account support, Network Manager extends its management capabilities to work across multiple accounts. By registering AWS Transit Gateways from different accounts within an AWS Organization and defining on-premises resources, customers can visualize their global private network in a topology diagram and in a geographic map. Customers can also monitor their network using CloudWatch metrics and events for network topology changes, routing updates, and connection status updates. This reduces the overall operational burden for customers when managing a large network that is dispersed across accounts, providing them a comprehensive view of their entire global network over a centralized operational dashboard.

This week, AWS Marketplace announced general availability of Offer Acceptance Email Notifications which will notify users by email when a customer completes an offer subscription. With this launch, customers can now have real-time visibility into Offer Acceptance and Subscription by buyers, allowing them to track the overall progress of an AWS Marketplace transaction. Buyers, ISVs and Channel Partners can now receive relevant details like Agreement ID, Offer ID, and Customer details at the time of subscription, to initiate procurement workflows, internal order creation, revenue recognition and software provisioning/deployment. This feature is available for all AWS Marketplace product types.

Previously, Amazon Comprehend supported 22 PII entities across multiple categories, including Financial (e.g., credit card number, bank account number), Personal (e.g., name, email, age), Technical Security (e.g., username, password), and National (e.g., social security number, passport number). Starting today, Amazon Comprehend PII will support 14 new entity types, with localized support for entities within the United States, Canada, United Kingdom, and India. Customers can now detect and redact 36 entities to protect sensitive data. Specifically, the new entities are:

• United States (US Individual Tax Identification Number)
• United Kingdom (National Insurance Number, UK Unique Taxpayer Reference Number, National Health Service Number)
• Canada (Social Insurance Number, Canada Health Number)
• India (Aadhaar Card, Permanent Account Number, NREGA, Voter Number)
• Others (Vehicle Identification Number, SWIFT code, License Plate, International Bank Account Number)

Amazon Kinesis Data Analytics is now authorized as FedRAMP Moderate in US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon) and as FedRAMP High in AWS GovCloud (US-West) and AWS GovCloud (US-East).

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP uses the National Institute of Standards and Technology (NIST) Special Publication 800 series and requires cloud service providers to receive an independent security assessment conducted by a third-party assessment organization (3PAO), to ensure that authorizations are compliant with the Federal Information Security Management Act (FISMA). US Federal agencies and commercial customers working with the US Federal government can now utilize Amazon Kinesis Data Analytics to process streaming data in real time.