In Cloud Computing This Week [Nov 27th 2020]

AWS CloudHSM automatically takes a backup of your HSM cluster once a day and whenever an HSM is added to or removed from your cluster. Until today, however, customers were responsible for deleting old backups. Deleting out of date backups is important to prevent inactive users and expired login credentials from being used to access sensitive data on the HSM.  

Setting up monitoring for your enterprise applications got even easier with Amazon CloudWatch Application Insights new ability to automatically detect applications and setup monitoring based on the detected applications. CloudWatch Application Insights is a capability that helps customers easily setup monitoring and enhanced observability for their enterprise applications running on AWS resources. The new feature automatically populates the applications detected into the setup process for a simple and efficient configuration of application monitoring 

You can now define your infrastructure and applications in AWS CloudFormation with reusable building blocks called modules. A module encapsulates one or more resources and their respective configurations for reuse across your organization.  

The AWS Toolkit for JetBrains  now provides convenient IDE functionality to interact with SQS queues and search through CloudWatch Logs.  

AWS IoT SiteWise is a managed service that makes it easy to collect, store, organize and monitor data from industrial equipment at scale to help you make better, data-driven decisions.  

AWS App2Container (A2C) is a command-line tool for modernizing .NET and Java applications into containerized applications. A2C analyzes and builds an inventory of all applications running in virtual machines, on-premises or in the cloud. You simply select the application you want to containerize, and A2C packages the application artifact and identified dependencies into container images, configures the network ports, and generates the ECS task and Kubernetes pod definitions. 

Amazon EventBridge now provides Server-Side Encryption (SSE) using AWS Owned Keys for protection of sensitive data. SSE is enabled by default and lets you transmit sensitive data more securely with EventBridge.

Amazon Translate is a fully managed neural machine translation service that delivers real-time, high-quality, and affordable language translation. Today, we are announcing that Amazon Translate now adds support to the following more languages and variants - Armenian, Catalan, Gujarati, Haitian, Icelandic, Kannada, Kazakh, Lithuanian, Malayalam, Macedonian, Maltese, Mongolian, Sinhala, Telugu, Uzbek, and Welsh. 

Customers can now explicitly specify which qubits are going to be used when they use Amazon Braket to run a quantum circuit on quantum computers from Rigetti. This allows researchers and advanced users to optimize their circuit design based on the latest device calibration data to get more accurate results.

Amazon Elasticsearch Service now supports open source Elasticsearch 7.9 and its corresponding version of Kibana. This minor release includes bug fixes and enhancements. 

CloudWatch Synthetics now supports canary scripts in Python programming language with the Selenium open source web automation testing framework . This gives you more choice in the programming language and framework to use when creating canaries in CloudWatch Synthetics.  

Amazon Elasticsearch Service has introduced several security enhancements to the fine-grained access control feature that include a revamped and improved security workflow in Kibana, and integration with Open Distro for Elasticsearch Alerting and Anomaly Detection features. 

Customers can now deploy compute-intensive applications such as machine learning inferencing, multimedia processing, scientific simulations, HPC, and financial modeling that leverage Advanced Vector Extensions 2 (AVX2) to meet their performance requirements on AWS Lambda.

AWS Single Sign-On (SSO) now enables you to create fine-grained permissions for your workforce in AWS using attributes, such as cost center and department, defined in your AWS SSO identity source. Your administrators can now implement attribute-based access control (ABAC)  with AWS SSO to centrally manage access to your AWS accounts and simplify permissions management at scale.

Errors in Spark applications commonly arise from inefficient Spark scripts, distributed in-memory execution of large-scale transformations, and dataset abnormalities. AWS Glue workload partitioning is the newest offering from AWS Glue to address these issues and improve the reliability of Spark applications and consistency of run-time. Workload partitioning enables you to specify how much data to process in each job-run and, using AWS Glue job bookmarks, track how much of the data AWS Glue processed.

Amazon FSx for Lustre, a service that provides high-performance shared storage, now enables you to increase the storage capacity of your file systems with the click of a button, providing you the flexibility to easily respond to your evolving storage needs by increasing file system size in a matter of minutes. 

Amazon Elasticsearch Service now supports Gantt charts, a new visualization in Kibana. Users can now embed Gantt charts into dashboards to enable visualization of events, steps and tasks as horizontal bars. The length of the bars shows the amount of time associated with an event, step or a task. Gantt charts are used to represent a series of events that contain a parent-child relationship. This can be particularly useful in trace analytics, telemetry, and monitoring use cases, in which the users need to understand the overall interaction between traces or events. Gantt charts help users manage their resources by getting an overview of the events or tasks and understanding the relationships between them. 

Amazon FSX for Lustre, a service that provides high-performance shared storage, now enables you to increase the storage capacity of your file systems with the click of a button, providing you the flexibility to easily respond to your evolving storage needs by increasing file system size in a matter of minutes. 

AWS Config lets you assess, audit, and evaluate how your AWS resources are configured, and helps you determine your overall compliance against the configurations specified in your internal guidelines. You can use AWS Config aggregators  to collect your configuration and compliance data from the below sources, and aggregate that data into a single account and AWS Region to get a centralized view of your resource inventory and compliance.

1. Multiple accounts and multiple AWS Regions.
2. A single account and multiple AWS Regions.
3. An organization in AWS Organizations and all the accounts in the organization that have AWS Config enabled.

Amazon Elasticsearch Service now offers support for Remote Reindex, enabling you to migrate data from a remote cluster into Amazon Elasticsearch Service. With this feature, you can simply copy data from one cluster to another, making it easier to migrate from legacy versions of Elasticsearch. Remote Reindex also supports migrating indexes from self-managed Elasticsearch onto Amazon Elasticsearch Service, providing a simple mechanism to onboard onto the service.

Amazon Elastic Container Service (ECS) now supports the ability to add the recently launched P4d instances on Amazon ECS clusters in all regions where P4d instances are available. P4d instances offer up to 60% lower cost to train compared to previous generation instances with 2.5X more deep learning performance using the latest NVIDIA A100 Tensor Core GPUs. These instances also offer 8 TB of local NVMe storage. P4d instances are currently available in the US East (N. Virginia) and US West (Oregon) regions. 

Amazon Managed Workflows is a new managed orchestration service for Apache Airflow that makes it easier to set up and operate end-to-end data pipelines in the cloud at scale. Apache Airflow is an open source tool used to programmatically author, schedule, and monitor sequences of processes and tasks referred to as “workflows”.

AWS Storage Gateway has achieved Federal Risk and Authorization Management Program (FedRAMP) High authorization, approved by the FedRAMP Joint Authorization Board (JAB), for the AWS GovCloud (US) Regions. FedRAMP compliance enables you to use AWS Storage Gateway to store and manage your critical workloads in the AWS GovCloud (US) Region’s authorization boundary with data up to the high impact level.

AWS Single Sign-On (SSO) administrators can now require users to self-enroll multi-factor authentication (MFA) devices during sign-in. For your users without a registered MFA device, you can require them to complete a self-guided MFA enrollment process following a successful password authentication. This allows administrators to secure their organization’s AWS environments with MFA without having to individually enroll and distribute authentication devices to users.

AWS Security Hub is now integrated with AWS Organizations to simplify security posture management across all of your existing and future AWS accounts in an organization. With this launch, new and existing Security Hub customers can delegate any account in their organization as the Security Hub administrator and centrally view security findings from up to 5,000 AWS accounts. The integration with AWS Organizations allows you to automatically enable Security Hub and its automated security checks in any existing and newly created accounts in the organization. You can also now see AWS account names alongside account IDs in the Security Hub console. Customers using Security Hub’s existing multi-account management feature can transition to this new AWS Organizations-enabled multi-account management without any disruption to existing Security Hub usage. This feature is available today in all Security Hub supported AWS regions except in the AWS China (Beijing) Region operated by Sinnet and in the AWS China (Ningxia) Region operated by NWCD. 

AWS License Manager allows administrators to create customized licensing rules in license configurations to emulate the terms of their vendor agreements. Administrators can use License Manager to enforce these rules by attaching license configurations to their Amazon Machine Images (AMIs). Administrators can now attach license configurations to their AMIs to make the enforcement effective across all their AWS accounts. License Manager evaluates licensing rules at the time of instance launch from AMIs to prevent overages and notify administrators in an event of any licensing rule violation. License Manager also allows administrators to track instance launches from AMIs shared with them from other AWS accounts. Administrators thus gain control and visibility of their licenses used across all AWS accounts and reduce the risk of non-compliance, misreporting, and additional costs due to licensing overages. 

AWS Systems Manager now supports Amazon Virtual Private Cloud (Amazon VPC) endpoint policies, which allow you to configure access to the Systems Manager API. When you create Amazon VPC endpoints for Systems Manager, you can attach AWS Identity and Access Management (IAM) resource policies that restrict user access to Systems Manager API operations, when these operations are accessed via the Amazon VPC endpoint. For example, you can limit certain users to only be able to list Systems Manager Run Command invocations but not to send any command invocations. You can also restrict specific users’ ability to start a Systems Manager Session Manager session.

Amazon EC2 Auto Scaling now lets you attach multiple network interfaces when launching EC2 instances in an Auto Scaling group. Previously, customers had to write custom scripts and run lifecycle hooks to attach multiple network interfaces. You can now define multiple network interfaces in a launch template and your Auto Scaling group will automatically attach them to instances as they launch. 

AWS Copilot CLI for Amazon Elastic Container Service (Amazon ECS) is now generally available with v1.0.0. The AWS Copilot CLI makes it easy to build, release, and operate production-ready containerized applications on Amazon ECS with the Fargate launch type. AWS Copilot incorporates AWS’s best practices, from infrastructure-as-code to continuous delivery, and makes them available to customers from the comfort of their terminal. With AWS Copilot, you can focus on building your applications instead of setting up infrastructure.

You now can use PartiQL (a SQL-compatible query language)—in addition to already-available DynamoDB operations—to query, insert, update, and delete table data in Amazon DynamoDB. PartiQL makes it easier to interact with DynamoDB and run queries in the AWS Management Console. Because PartiQL is supported for all DynamoDB data-plane operations, it can help improve the productivity of developers by enabling them to use a familiar, structured query language to perform these operations. 

You now can restore Amazon DynamoDB tables even faster when recovering from data loss or corruption. The increased efficiency of restores and their ability to better accommodate workloads with imbalanced write patterns reduce table restore times across base tables of all sizes and data distributions. To accelerate the speed of restores for tables with secondary indexes, you can exclude some or all secondary indexes from being created with the restored tables. 

You can now ensure that only trusted and verified code is deployed in your AWS Lambda functions. With Code Signing for Lambda, administrators can configure Lambda functions to only accept signed code on deployment. When developers deploy signed code to such functions, Lambda checks the signatures to ensure the code is not altered or tampered. Additionally, Lambda ensures the code is signed by trusted developers before accepting the deployment.

New Releases from GCP this week

UPComing Events: