Here's a round up of all things AWS, Azure, GCP and Hava for the week ending Friday 20th November 2020.
This week our AWS compliance reporting went fully GA for all Business and Pro plan subscribers. The reporting module auto generates reports based on AWS's Well-Architected methodology and reports adverse findings.
The ability to embed cloud diagrams via iFrame was also made generally available to all hava.io subscribers via the new embeddable interactive diagram viewer.
In other news,
AWS Glue Schema Registry , a serverless feature of AWS Glue, enables you to validate and control the evolution of streaming data using registered Apache Avro schemas, at no additional charge. Through Apache-licensed serializers and deserializers, the Schema Registry integrates with Java applications developed for Apache Kafka/Amazon Managed Streaming for Apache Kafka (MSK), Amazon Kinesis Data Streams, Apache Flink/Amazon Kinesis Data Analytics for Apache Flink, and AWS Lambda.
Starting this week, Amazon EC2 M6g, C6g, and R6g instances are available in Europe (London) and Canada (Central) regions. Amazon EC2 M6g, C6g, and R6g instances deliver up to 40% better price/performance over comparable x86-based instances for a broad spectrum of workloads, including application servers, micro-services, high-performance computing, CPU-based machine learning inference, electronic design automation, gaming, open-source databases, and in-memory caches.
AWS Network Firewall is a new AWS-managed service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (VPCs). The service can be set up with just a few clicks and scales automatically with your network traffic, so you don't have to worry about deploying and managing any infrastructure. AWS Network Firewall is for customers who want to inspect and filter traffic to, from, or between their Amazon VPCs.
Amazon QuickSight launched enhancements to dashboard filtering experience. When readers slice and dice dashboards with filters, QuickSight will now persist filter selection until they return to the dashboard. Readers can pick up where they left off and do not have to re-select filters. Dashboard persistence is applicable to both QuickSight Web and the Mobile app. Persistence is an optional setting on embedded dashboards where QuickSight admins can choose to make dashboards persist using the getDashboardEmbedURL API. Persistence on web and mobile dashboards is available by default.
AWS Backup now supports cross-account backup, enabling AWS customers to securely copy backups across accounts within their AWS Organizations.
The Amazon Chime SDK now supports noise suppression, 48kHz audio, and client-side video inspection and manipulation.
AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, now supports automated, multi-region replication of your directory. Now you can deploy and use a single AWS Managed Microsoft AD (Enterprise Edition) directory across multiple AWS Regions. This makes it easier and more cost-effective for you to deploy and manage your Microsoft Windows and Linux workloads globally. With the automated multi-region replication capability you get higher resiliency, while your applications use a local directory for optimal performance.
Amazon Honeycode now supports single sign-on with identity providers such as Microsoft Active Directory, Azure AD, Okta, OneLogin, PingFederate, or any SAML-based identity provider, including Google Workspace. Honeycode customers or the IT administrators of organizations using Honeycode can set up single sign-on so that Honeycode users can log in using their corporate credentials instead of Honeycode-specific credentials.
AWS has expanded the availability of Amazon EC2 Inf1 instances to US West (N. California), Canada (Central), Europe (London), Asia Pacific (Hong Kong, Seoul), and Middle East (Bahrain). Inf1 instances are powered by AWS Inferentia chips, which AWS custom-designed to provide high performance and lowest cost machine learning inference in the cloud.
Amazon Textract is a machine learning service that makes it easy to extract printed text, handwriting, and data from virtually any document. Today, we are pleased to announce that Amazon Textract supports encryption of its asynchronous API output stored in your Amazon S3 buckets using your own AWS Key Management Service (KMS) Customer Master Keys (CMKs). With this feature, you have the flexibility to manage which encryption keys are used to protect your data and text extracted by Amazon Textract.
AWS Identity and Access Management (IAM) now introduces new policy defaults for passwords of IAM users. This policy improves the default security for all AWS customers by ensuring customers set stronger passwords for IAM users in their AWS accounts.
Amazon EC2 Auto Scaling now lets you configure your Auto Scaling group with multiple launch templates when you use a MixedInstancesPolicy and specify multiple instance types. After EC2 Auto Scaling released support for multiple instance types within a single Auto Scaling group, customers have been looking for ways to launch different instance types using different Amazon Machine Images (AMIs) so that instances with incompatible CPU architectures can exist in the same Auto Scaling group. With this enhancement you can now specify a launch template alongside the instance type in the overrides of your MixedInstancesPolicy, and that launch template will be used whenever launching instances of its corresponding instance type.
You now have an option to delete an instant type EC2 Fleet. All running instances associated with it will be terminated and the fleet will be deleted.
AWS ParallelCluster is a fully supported and maintained open source cluster management tool that makes it easy for scientists, researchers, and IT administrators to deploy and manage High Performance Computing (HPC) clusters in the AWS cloud. HPC clusters are collections of tightly coupled compute, storage, and networking resources that enable customers to run large scale scientific and engineering workloads.
Amazon Connect now provides an API to programmatically create and manage user hierarchies. User hierarchies are a way for you to organize users into groups such as what location they work in or which department they are a part of. With this launch, you can now programmatically mirror your organization's hierarchy in Amazon Connect as changes are made in your internal systems of record, such as HR systems. Additionally, you can extract all hierarchy and agent data as a point-in-time snapshot and copy it into a different instance.
Amazon RDS Performance Insights supports SQL-level metrics on Amazon RDS for PostgreSQL so you can identify high-frequency, long-running, and stuck SQL queries in seconds.
CloudWatch Synthetics now supports customizing the default launch settings on the Chrome browser with a new minor runtime version, syn-nodejs-2.1. This allows for more flexibility in the canary launched browser settings such as viewport, setting chromium flags, and handling errors. With syn-nodejs-2.1, you can also configure canary scripts to not take screenshots on a canary step, thereby reducing costs, and avoiding screenshots for sensitive data.
AWS CloudFormation is extending change sets to support applications modeled with nested stacks, enhancing the predictability of update operations. With this launch, you can now preview the changes to your application and infrastructure resources across the entire nested stack hierarchy and proceed with the update only when you confirm that all the changes are as intended.
AWS Firewall Manager now supports AWS Network Firewall, making it easy for security administrators to centrally configure and deploy Network Firewall rules across their organization. AWS recently launched AWS Network Firewall, a highly available, managed firewall service that gives customers enhanced control and visibility of all traffic leaving and entering their network. With Firewall Manager support, customers can centrally manage the deployment of Network Firewall rules across accounts, organizational units (OUs), and Amazon virtual private clouds (VPCs) in their organization.
Amazon S3 Storage Lens delivers organization-wide visibility into your object storage usage and activity trends, and makes actionable recommendations to improve cost-efficiency and apply data protection best practices. S3 Storage Lens is the first cloud storage analytics solution to provide a single view of object storage usage and activity across tens to hundreds of accounts in an AWS organization, with drill-downs to generate insights at the account, bucket, or even prefix level. Drawing from more than 14 years of experience helping customers optimize storage, S3 Storage Lens analyzes organization-wide metrics to deliver contextual recommendations to find ways to reduce your storage costs and apply best practices on data protection.
Amazon Elasticsearch Service now supports the ability to reload dictionary files without reindexing your data. Elasticsearch uses analyzers to convert string data into terms or tokens that power its search capabilities. These analyzers can do things like remove white space and stop words, perform stemming, handle compound words, and add synonyms. Previously, on Amazon Elasticsearch Service these analyzers could only process data as it was indexed. If you wanted to add some additional synonyms at a later time, you had to reindex your data with the new dictionary file.
You can now hibernate newly-launched EBS-backed Amazon EC2 T3 and T3a instances. Hibernation provides you with the convenience of pausing your workloads and resuming them later from the saved state. Hibernation is just like closing and opening your laptop lid — your application will start right from where it left off.
AWS Step Functions is now integrated with Amazon API Gateway REST and HTTP APIs, making it faster and easier to build application workflows including microservices created by API Gateway. You can use the API Gateway integration to create a workflow that orchestrates HTTP and REST APIs acting as the ‘front door’ for business logic running on AWS Lambda, a serverless compute service or Amazon Elastic Container Service, fully managed container orchestration service.
Starting today, you can easily move your database migration tasks from one replication instance to another. To move, select the migration task and provide the target replication instance details. You can access this feature using AWS DMS Console, AWS CLI, or AWS SDK. Once the migration task is moved to the target replication instance, you can resume your migration from where you left off.
Starting this week, you can use the console to aggregate AWS Trusted Advisor recommendations across all accounts in your organization with AWS Organizations. The new Organizational View feature in Trusted Advisor allows you to generate reports with detailed check results across multiple accounts in your AWS organization. In addition, you can view a high level summary of check status within the console.
The Amazon Elastic Container Service (Amazon ECS) extensions module that extends the service construct in AWS Cloud Development Kit (AWS CDK), is now generally available. The new Amazon ECS service construct for AWS CDK supports extensions that automatically add additional capabilities such as AWS App Mesh or FireLens to your containerized services using familiar programming languages.
Patches 1.7.6 / 2.5.6 / 3.2.6 are now available for customers using Amazon Aurora PostgreSQL. For detailed release notes visit our version documentation . You can apply the new patch version in the AWS Management Console, via the AWS CLI, or via the RDS API. For detailed instructions, please see our technical documentation .
AWS Shield Advanced now allows you to bundle resources into protection groups, giving you a self-service way to customize the scope of detection and mitigation for your application by treating multiple resources as a single unit. Resource grouping improves the accuracy of detection, reduces false positives, eases automatic protection of newly created resources, and accelerates the time to mitigate attacks against multiple resources. For example, if an application consists of four CloudFront distributions, you can add them to one protection group to receive detection and protection for the collection of resources as a whole. Reporting can be consumed at the protection group level, in addition to the resource level, giving a more holistic view of overall application health.
Amazon Kendra is a highly accurate and easy to use intelligent search service powered by machine learning. Starting today, AWS customers using Amazon Kendra can easily validate the identity of individual users, as well as user groups who perform searches with the addition of secure search tokens.
AWS Step Functions is now integrated with Amazon EKS, making it easier to build resilient applications that orchestrate jobs running on Kubernetes with AWS services such as AWS Lambda, Amazon SNS, and Amazon SQS with minimal code. You can now build workflows including steps that launch tasks in Amazon EKS and wait for its completion without writing code to manage the state of the Kubernetes job.
Microsoft announced the general availability of Azure Hybrid Benefit functionality for Linux customers, allowing you to bring both your on-premises Windows Server and SQL Server licenses, as well as Red Hat Enterprise Linux (RHEL) or SUSE Linux Enterprise Server (SLES) subscriptions to Azure.
You can now enable disaster recovery for Azure VMs with data disks up to 32 TB in size. This applies to Azure VMs with managed disks that replicate to a secondary Azure region using Site Recovery. The feature is deployed in Azure public and government clouds.
Azure Functions has added preview support for running JavaScript and TypeScript functions on Node.js 14. Customers can develop Node.14 function apps locally and deploy them to all Azure Functions plans.
.NET 5.0 was released just a few days ago with many new features, improvements, C# 9 support, F# 5 support, and more. .NET 5.0 is the first release of the unified .NET vision that was announced last year. Going forward, there will be just one .NET targeting Windows, Linux, macOS, and more.
Google Cloud already has support for different versions of .NET. You can run traditional Windows based .NET apps on Windows Servers in Compute Engine or on Windows Containers in Google Kubernetes Engine (GKE). For modern Linux based containerized .NET apps, there’s more choice with App Engine (Flex), GKE and my favorite Cloud Run. Not to mention, the .NET Core 3.1 support in Cloud Functions is currently in preview for serverless .NET functions.
As enterprises modernize their applications with improved software delivery processes, they face increasing challenges in managing their dependencies—the artifacts that make up their applications, deployed in accordance with security and compliance best practices. This week, Google were excited to announce that Artifact Registry is generally available. With support for container images, Maven, npm packages, and additional formats coming soon, Artifact Registry helps your organization benefit from scale, security, and standardization across your software supply chain.
This week Google were excited to launch the Anthos Developer Sandbox, giving you an easy way to learn how to develop on Anthos. With only a few minutes of your time you can get a developer-focused overview of Anthos. Better yet, the Anthos Developer Sandbox is available at no cost, to anyone with a Google account! You don’t need to be a Google Cloud customer, you don’t need to have billing enabled, and you don’t need the help of your IT department to experience Anthos first hand— get started with the guided flow and then use the Sandbox to create and iterate on your own applications.
UPComing Events:
AWS Training and Certification is excited to announce the launch of the updated AWS Cloud Practitioner Essentials digital course. If you’re new to the cloud—whether you’re in a technical or nontechnical role—this course will help you understand the fundamental concepts of the AWS Cloud. As a result, you can build your skills and confidence while contributing to your organization’s cloud initiatives.
AWS Training and Certification has launched two new self-paced digital courses, Introduction to AWS Identity and Access Management and AWS IoT: Developing and Deploying an Internet of Things, on edX and Coursera. Designed for application developers, the IoT course helps you utilize AWS IoT services to build, test, and distribute applications to simulated devices. You’ll also learn how to use analytics tools to collect, process, and analyze data from IoT devices.
This new digital course, Advanced Testing Practices using AWS DevOps Tools, teaches you how to improve application reliability and security by integrating and automating testing into your AWS DevOps pipelines. This advanced course is designed for DevOps engineers and developers who have significant experience with DevOps methodology and practices.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/
AWS Events:
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email sales@hava.io to book a callback or demo.