This week's roundup of all the cloud news.
Here's a round up of all things AWS, Azure, GCP and Hava for the week ending Friday 20th November 2020.
This week our AWS compliance reporting went fully GA for all Business and Pro plan subscribers. The reporting module auto generates reports based on AWS's Well-Architected methodology and reports adverse findings.
The ability to embed cloud diagrams via iFrame was also made generally available to all hava.io subscribers via the new embeddable interactive diagram viewer.
In other news,
Control the evolution of data streams using the AWS Glue Schema Registry
AWS Glue Schema Registry , a serverless feature of AWS Glue, enables you to validate and control the evolution of streaming data using registered Apache Avro schemas, at no additional charge. Through Apache-licensed serializers and deserializers, the Schema Registry integrates with Java applications developed for Apache Kafka/Amazon Managed Streaming for Apache Kafka (MSK), Amazon Kinesis Data Streams, Apache Flink/Amazon Kinesis Data Analytics for Apache Flink, and AWS Lambda.
Amazon EC2 M6g, C6g and R6g instances powered by AWS Graviton2 processors are now available in Europe(London) and Canada(Central) regions
Starting this week, Amazon EC2 M6g, C6g, and R6g instances are available in Europe (London) and Canada (Central) regions. Amazon EC2 M6g, C6g, and R6g instances deliver up to 40% better price/performance over comparable x86-based instances for a broad spectrum of workloads, including application servers, micro-services, high-performance computing, CPU-based machine learning inference, electronic design automation, gaming, open-source databases, and in-memory caches.
Introducing the AWS Network Firewall - a new managed service to deploy network security across your Amazon VPCs with just a few clicks
AWS Network Firewall is a new AWS-managed service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (VPCs). The service can be set up with just a few clicks and scales automatically with your network traffic, so you don't have to worry about deploying and managing any infrastructure. AWS Network Firewall is for customers who want to inspect and filter traffic to, from, or between their Amazon VPCs.
Amazon QuickSight launches persistence and cross dataset filters
Amazon QuickSight launched enhancements to dashboard filtering experience. When readers slice and dice dashboards with filters, QuickSight will now persist filter selection until they return to the dashboard. Readers can pick up where they left off and do not have to re-select filters. Dashboard persistence is applicable to both QuickSight Web and the Mobile app. Persistence is an optional setting on embedded dashboards where QuickSight admins can choose to make dashboards persist using the getDashboardEmbedURL API. Persistence on web and mobile dashboards is available by default.
AWS Backup and AWS Organizations bring cross-account backup feature
AWS Backup now supports cross-account backup, enabling AWS customers to securely copy backups across accounts within their AWS Organizations.
Amazon Chime SDK now supports enhanced audio and video features including Amazon Voice Focus
The Amazon Chime SDK now supports noise suppression, 48kHz audio, and client-side video inspection and manipulation.
AWS Managed Microsoft AD adds automated multi-region replication
AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, now supports automated, multi-region replication of your directory. Now you can deploy and use a single AWS Managed Microsoft AD (Enterprise Edition) directory across multiple AWS Regions. This makes it easier and more cost-effective for you to deploy and manage your Microsoft Windows and Linux workloads globally. With the automated multi-region replication capability you get higher resiliency, while your applications use a local directory for optimal performance.
Amazon Honeycode supports single sign-on with popular identity providers
Amazon Honeycode now supports single sign-on with identity providers such as Microsoft Active Directory, Azure AD, Okta, OneLogin, PingFederate, or any SAML-based identity provider, including Google Workspace. Honeycode customers or the IT administrators of organizations using Honeycode can set up single sign-on so that Honeycode users can log in using their corporate credentials instead of Honeycode-specific credentials.
Amazon EC2 Inf1 instances based on AWS Inferentia now available in 6 additional regions
AWS has expanded the availability of Amazon EC2 Inf1 instances to US West (N. California), Canada (Central), Europe (London), Asia Pacific (Hong Kong, Seoul), and Middle East (Bahrain). Inf1 instances are powered by AWS Inferentia chips, which AWS custom-designed to provide high performance and lowest cost machine learning inference in the cloud.
Amazon Textract now supports AWS Key Management Service
Amazon Textract is a machine learning service that makes it easy to extract printed text, handwriting, and data from virtually any document. Today, we are pleased to announce that Amazon Textract supports encryption of its asynchronous API output stored in your Amazon S3 buckets using your own AWS Key Management Service (KMS) Customer Master Keys (CMKs). With this feature, you have the flexibility to manage which encryption keys are used to protect your data and text extracted by Amazon Textract.
AWS Identity and Access Management introduces new policy defaults for IAM user passwords
AWS Identity and Access Management (IAM) now introduces new policy defaults for passwords of IAM users. This policy improves the default security for all AWS customers by ensuring customers set stronger passwords for IAM users in their AWS accounts.
Amazon EC2 Auto Scaling announces support for multiple launch templates for Auto Scaling groups
Amazon EC2 Auto Scaling now lets you configure your Auto Scaling group with multiple launch templates when you use a MixedInstancesPolicy and specify multiple instance types. After EC2 Auto Scaling released support for multiple instance types within a single Auto Scaling group, customers have been looking for ways to launch different instance types using different Amazon Machine Images (AMIs) so that instances with incompatible CPU architectures can exist in the same Auto Scaling group. With this enhancement you can now specify a launch template alongside the instance type in the overrides of your MixedInstancesPolicy, and that launch template will be used whenever launching instances of its corresponding instance type.
Amazon EC2 Fleet now supports deleting instant type fleets
You now have an option to delete an instant type EC2 Fleet. All running instances associated with it will be terminated and the fleet will be deleted.
AWS ParallelCluster 2.10
AWS ParallelCluster is a fully supported and maintained open source cluster management tool that makes it easy for scientists, researchers, and IT administrators to deploy and manage High Performance Computing (HPC) clusters in the AWS cloud. HPC clusters are collections of tightly coupled compute, storage, and networking resources that enable customers to run large scale scientific and engineering workloads.
Amazon Connect launches API to configure user hierarchies programmatically
Amazon Connect now provides an API to programmatically create and manage user hierarchies. User hierarchies are a way for you to organize users into groups such as what location they work in or which department they are a part of. With this launch, you can now programmatically mirror your organization's hierarchy in Amazon Connect as changes are made in your internal systems of record, such as HR systems. Additionally, you can extract all hierarchy and agent data as a point-in-time snapshot and copy it into a different instance.
Amazon RDS Performance Insights Supports SQL-level Metrics on Amazon RDS for PostgreSQL
Amazon RDS Performance Insights supports SQL-level metrics on Amazon RDS for PostgreSQL so you can identify high-frequency, long-running, and stuck SQL queries in seconds.
Amazon CloudWatch Synthetics now supports custom browser launch settings
CloudWatch Synthetics now supports customizing the default launch settings on the Chrome browser with a new minor runtime version, syn-nodejs-2.1. This allows for more flexibility in the canary launched browser settings such as viewport, setting chromium flags, and handling errors. With syn-nodejs-2.1, you can also configure canary scripts to not take screenshots on a canary step, thereby reducing costs, and avoiding screenshots for sensitive data.
AWS CloudFormation change sets now support nested stacks
AWS CloudFormation is extending change sets to support applications modeled with nested stacks, enhancing the predictability of update operations. With this launch, you can now preview the changes to your application and infrastructure resources across the entire nested stack hierarchy and proceed with the update only when you confirm that all the changes are as intended.
AWS Firewall Manager now supports centralized management of AWS Network Firewall
AWS Firewall Manager now supports AWS Network Firewall, making it easy for security administrators to centrally configure and deploy Network Firewall rules across their organization. AWS recently launched AWS Network Firewall, a highly available, managed firewall service that gives customers enhanced control and visibility of all traffic leaving and entering their network. With Firewall Manager support, customers can centrally manage the deployment of Network Firewall rules across accounts, organizational units (OUs), and Amazon virtual private clouds (VPCs) in their organization.
Amazon S3 Storage Lens delivers organization-wide visibility into object storage usage and activity trends
Amazon S3 Storage Lens delivers organization-wide visibility into your object storage usage and activity trends, and makes actionable recommendations to improve cost-efficiency and apply data protection best practices. S3 Storage Lens is the first cloud storage analytics solution to provide a single view of object storage usage and activity across tens to hundreds of accounts in an AWS organization, with drill-downs to generate insights at the account, bucket, or even prefix level. Drawing from more than 14 years of experience helping customers optimize storage, S3 Storage Lens analyzes organization-wide metrics to deliver contextual recommendations to find ways to reduce your storage costs and apply best practices on data protection.
Amazon Elasticsearch Service adds support for hot reload of dictionary files
Amazon Elasticsearch Service now supports the ability to reload dictionary files without reindexing your data. Elasticsearch uses analyzers to convert string data into terms or tokens that power its search capabilities. These analyzers can do things like remove white space and stop words, perform stemming, handle compound words, and add synonyms. Previously, on Amazon Elasticsearch Service these analyzers could only process data as it was indexed. If you wanted to add some additional synonyms at a later time, you had to reindex your data with the new dictionary file.
Pause and Resume Workloads on T3 and T3a Instances with Amazon EC2 Hibernation
You can now hibernate newly-launched EBS-backed Amazon EC2 T3 and T3a instances. Hibernation provides you with the convenience of pausing your workloads and resuming them later from the saved state. Hibernation is just like closing and opening your laptop lid — your application will start right from where it left off.
AWS Step Functions now supports Amazon API Gateway service integration
AWS Step Functions is now integrated with Amazon API Gateway REST and HTTP APIs, making it faster and easier to build application workflows including microservices created by API Gateway. You can use the API Gateway integration to create a workflow that orchestrates HTTP and REST APIs acting as the ‘front door’ for business logic running on AWS Lambda, a serverless compute service or Amazon Elastic Container Service, fully managed container orchestration service.
Move database migration tasks from one replication instance to another
Starting today, you can easily move your database migration tasks from one replication instance to another. To move, select the migration task and provide the target replication instance details. You can access this feature using AWS DMS Console, AWS CLI, or AWS SDK. Once the migration task is moved to the target replication instance, you can resume your migration from where you left off.
AWS Trusted Advisor enables multi-account reporting of best practice recommendations with AWS Organizations
Starting this week, you can use the console to aggregate AWS Trusted Advisor recommendations across all accounts in your organization with AWS Organizations. The new Organizational View feature in Trusted Advisor allows you to generate reports with detailed check results across multiple accounts in your AWS organization. In addition, you can view a high level summary of check status within the console.
Amazon ECS extensions for AWS CDK is now generally available
The Amazon Elastic Container Service (Amazon ECS) extensions module that extends the service construct in AWS Cloud Development Kit (AWS CDK), is now generally available. The new Amazon ECS service construct for AWS CDK supports extensions that automatically add additional capabilities such as AWS App Mesh or FireLens to your containerized services using familiar programming languages.
Amazon Aurora PostgreSQL Patches 1.7.6 / 2.5.6 / 3.2.6 now available
Patches 1.7.6 / 2.5.6 / 3.2.6 are now available for customers using Amazon Aurora PostgreSQL. For detailed release notes visit our version documentation . You can apply the new patch version in the AWS Management Console, via the AWS CLI, or via the RDS API. For detailed instructions, please see our technical documentation .
Announcing protection groups for AWS Shield Advanced
AWS Shield Advanced now allows you to bundle resources into protection groups, giving you a self-service way to customize the scope of detection and mitigation for your application by treating multiple resources as a single unit. Resource grouping improves the accuracy of detection, reduces false positives, eases automatic protection of newly created resources, and accelerates the time to mitigate attacks against multiple resources. For example, if an application consists of four CloudFront distributions, you can add them to one protection group to receive detection and protection for the collection of resources as a whole. Reporting can be consumed at the protection group level, in addition to the resource level, giving a more holistic view of overall application health.
Amazon Kendra adds user tokens for secure search
Amazon Kendra is a highly accurate and easy to use intelligent search service powered by machine learning. Starting today, AWS customers using Amazon Kendra can easily validate the identity of individual users, as well as user groups who perform searches with the addition of secure search tokens.
AWS Step Functions now supports Amazon EKS service integration
AWS Step Functions is now integrated with Amazon EKS, making it easier to build resilient applications that orchestrate jobs running on Kubernetes with AWS services such as AWS Lambda, Amazon SNS, and Amazon SQS with minimal code. You can now build workflows including steps that launch tasks in Amazon EKS and wait for its completion without writing code to manage the state of the Kubernetes job.
Azure Hybrid Benefit now GA for Linux
Microsoft announced the general availability of Azure Hybrid Benefit functionality for Linux customers, allowing you to bring both your on-premises Windows Server and SQL Server licenses, as well as Red Hat Enterprise Linux (RHEL) or SUSE Linux Enterprise Server (SLES) subscriptions to Azure.
Azure site recovery increased disk size
You can now enable disaster recovery for Azure VMs with data disks up to 32 TB in size. This applies to Azure VMs with managed disks that replicate to a secondary Azure region using Site Recovery. The feature is deployed in Azure public and government clouds.
Azure performance tiers for premium ssd
Node.js 14 for azure functions
.NET 5.0 on Google Cloud
.NET 5.0 was released just a few days ago with many new features, improvements, C# 9 support, F# 5 support, and more. .NET 5.0 is the first release of the unified .NET vision that was announced last year. Going forward, there will be just one .NET targeting Windows, Linux, macOS, and more.
Google Cloud already has support for different versions of .NET. You can run traditional Windows based .NET apps on Windows Servers in Compute Engine or on Windows Containers in Google Kubernetes Engine (GKE). For modern Linux based containerized .NET apps, there’s more choice with App Engine (Flex), GKE and my favorite Cloud Run. Not to mention, the .NET Core 3.1 support in Cloud Functions is currently in preview for serverless .NET functions.
Google Cloud Artifact Registry now GA
As enterprises modernize their applications with improved software delivery processes, they face increasing challenges in managing their dependencies—the artifacts that make up their applications, deployed in accordance with security and compliance best practices. This week, Google were excited to announce that Artifact Registry is generally available. With support for container images, Maven, npm packages, and additional formats coming soon, Artifact Registry helps your organization benefit from scale, security, and standardization across your software supply chain.
Anthos Developer Sandbox free with google a/c
This week Google were excited to launch the Anthos Developer Sandbox, giving you an easy way to learn how to develop on Anthos. With only a few minutes of your time you can get a developer-focused overview of Anthos. Better yet, the Anthos Developer Sandbox is available at no cost, to anyone with a Google account! You don’t need to be a Google Cloud customer, you don’t need to have billing enabled, and you don’t need the help of your IT department to experience Anthos first hand— get started with the guided flow and then use the Sandbox to create and iterate on your own applications.
Updated digital course: AWS Cloud Practitioner Essentials
AWS Training and Certification is excited to announce the launch of the updated AWS Cloud Practitioner Essentials digital course. If you’re new to the cloud—whether you’re in a technical or nontechnical role—this course will help you understand the fundamental concepts of the AWS Cloud. As a result, you can build your skills and confidence while contributing to your organization’s cloud initiatives.
New self-paced courses for security and IoT on edX and Coursera
AWS Training and Certification has launched two new self-paced digital courses, Introduction to AWS Identity and Access Management and AWS IoT: Developing and Deploying an Internet of Things, on edX and Coursera. Designed for application developers, the IoT course helps you utilize AWS IoT services to build, test, and distribute applications to simulated devices. You’ll also learn how to use analytics tools to collect, process, and analyze data from IoT devices.
New digital course: Advanced Testing Practices using AWS DevOps Tools
This new digital course, Advanced Testing Practices using AWS DevOps Tools, teaches you how to improve application reliability and security by integrating and automating testing into your AWS DevOps pipelines. This advanced course is designed for DevOps engineers and developers who have significant experience with DevOps methodology and practices.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email email@example.com to book a callback or demo.