This week's roundup of all the cloud news.
Here's a round up of all things AWS, Azure, GCP and Hava for the week ending Friday 27th November 2020.
Did you receive an email this week about your access to our new embeddable diagram viewer. If not hop on chat and we'll add you to the feature alert list. We've also made some improvements to our Azure Diagrams.
Managed Backup Retention for AWS CloudHSM
AWS CloudHSM automatically takes a backup of your HSM cluster once a day and whenever an HSM is added to or removed from your cluster. Until today, however, customers were responsible for deleting old backups. Deleting out of date backups is important to prevent inactive users and expired login credentials from being used to access sensitive data on the HSM.
Amazon CloudWatch Application Insights adds Automatic Application Discovery
Setting up monitoring for your enterprise applications got even easier with Amazon CloudWatch Application Insights new ability to automatically detect applications and setup monitoring based on the detected applications. CloudWatch Application Insights is a capability that helps customers easily setup monitoring and enhanced observability for their enterprise applications running on AWS resources. The new feature automatically populates the applications detected into the setup process for a simple and efficient configuration of application monitoring
Announcing Modules for AWS CloudFormation
You can now define your infrastructure and applications in AWS CloudFormation with reusable building blocks called modules. A module encapsulates one or more resources and their respective configurations for reuse across your organization.
AWS Toolkit for JetBrains IDEs Announces new features for SQS and CloudWatch Logs Insights
The AWS Toolkit for JetBrains now provides convenient IDE functionality to interact with SQS queues and search through CloudWatch Logs.
Encrypt your data in AWS IoT SiteWise with your own encryption key
AWS IoT SiteWise is a managed service that makes it easy to collect, store, organize and monitor data from industrial equipment at scale to help you make better, data-driven decisions.
AWS App2Container now supports authenticated Windows applications deployment to EKS and Custom AWS Profiles
AWS App2Container (A2C) is a command-line tool for modernizing .NET and Java applications into containerized applications. A2C analyzes and builds an inventory of all applications running in virtual machines, on-premises or in the cloud. You simply select the application you want to containerize, and A2C packages the application artifact and identified dependencies into container images, configures the network ports, and generates the ECS task and Kubernetes pod definitions.
Amazon EventBridge adds Server-Side Encryption (SSE) and increases default quotas
Amazon EventBridge now provides Server-Side Encryption (SSE) using AWS Owned Keys for protection of sensitive data. SSE is enabled by default and lets you transmit sensitive data more securely with EventBridge.
Amazon Translate now adds support for sixteen more languages and variants
Amazon Translate is a fully managed neural machine translation service that delivers real-time, high-quality, and affordable language translation. Today, we are announcing that Amazon Translate now adds support to the following more languages and variants - Armenian, Catalan, Gujarati, Haitian, Icelandic, Kannada, Kazakh, Lithuanian, Malayalam, Macedonian, Maltese, Mongolian, Sinhala, Telugu, Uzbek, and Welsh.
Amazon Braket now supports manual qubit allocation
Customers can now explicitly specify which qubits are going to be used when they use Amazon Braket to run a quantum circuit on quantum computers from Rigetti. This allows researchers and advanced users to optimize their circuit design based on the latest device calibration data to get more accurate results.
Amazon Elasticsearch Service announces support for Elasticsearch version 7.9
Amazon Elasticsearch Service now supports open source Elasticsearch 7.9 and its corresponding version of Kibana. This minor release includes bug fixes and enhancements.
Amazon CloudWatch Synthetics now supports canary scripts in Python with Selenium framework
CloudWatch Synthetics now supports canary scripts in Python programming language with the Selenium open source web automation testing framework . This gives you more choice in the programming language and framework to use when creating canaries in CloudWatch Synthetics.
Amazon Elasticsearch Service revamps Kibana security user interface while integrating with other features
Amazon Elasticsearch Service has introduced several security enhancements to the fine-grained access control feature that include a revamped and improved security workflow in Kibana, and integration with Open Distro for Elasticsearch Alerting and Anomaly Detection features.
AWS Lambda now supports Advanced Vector Extensions 2 (AVX2)
Customers can now deploy compute-intensive applications such as machine learning inferencing, multimedia processing, scientific simulations, HPC, and financial modeling that leverage Advanced Vector Extensions 2 (AVX2) to meet their performance requirements on AWS Lambda.
AWS Single Sign-On enables attribute-based access control for workforce users to simplify permissions in AWS
AWS Single Sign-On (SSO) now enables you to create fine-grained permissions for your workforce in AWS using attributes, such as cost center and department, defined in your AWS SSO identity source. Your administrators can now implement attribute-based access control (ABAC) with AWS SSO to centrally manage access to your AWS accounts and simplify permissions management at scale.
AWS Glue now supports workload partitioning to further improve the reliability of Spark applications
Errors in Spark applications commonly arise from inefficient Spark scripts, distributed in-memory execution of large-scale transformations, and dataset abnormalities. AWS Glue workload partitioning is the newest offering from AWS Glue to address these issues and improve the reliability of Spark applications and consistency of run-time. Workload partitioning enables you to specify how much data to process in each job-run and, using AWS Glue job bookmarks, track how much of the data AWS Glue processed.
Amazon FSx for Lustre now enables you to grow storage on your file systems with the click of a button
Amazon FSx for Lustre, a service that provides high-performance shared storage, now enables you to increase the storage capacity of your file systems with the click of a button, providing you the flexibility to easily respond to your evolving storage needs by increasing file system size in a matter of minutes.
Amazon Elasticsearch Service adds Gantt charts for visualizing events, steps and tasks
Amazon Elasticsearch Service now supports Gantt charts, a new visualization in Kibana. Users can now embed Gantt charts into dashboards to enable visualization of events, steps and tasks as horizontal bars. The length of the bars shows the amount of time associated with an event, step or a task. Gantt charts are used to represent a series of events that contain a parent-child relationship. This can be particularly useful in trace analytics, telemetry, and monitoring use cases, in which the users need to understand the overall interaction between traces or events. Gantt charts help users manage their resources by getting an overview of the events or tasks and understanding the relationships between them.
Amazon FSx for Lustre now enables you to grow storage on your file systems with the click of a button
Amazon FSX for Lustre, a service that provides high-performance shared storage, now enables you to increase the storage capacity of your file systems with the click of a button, providing you the flexibility to easily respond to your evolving storage needs by increasing file system size in a matter of minutes.
AWS Config now supports organization-wide resource data aggregation in a delegated administrator account
AWS Config lets you assess, audit, and evaluate how your AWS resources are configured, and helps you determine your overall compliance against the configurations specified in your internal guidelines. You can use AWS Config aggregators to collect your configuration and compliance data from the below sources, and aggregate that data into a single account and AWS Region to get a centralized view of your resource inventory and compliance.
- Multiple accounts and multiple AWS Regions.
- A single account and multiple AWS Regions.
- An organization in AWS Organizations and all the accounts in the organization that have AWS Config enabled.
Amazon Elasticsearch Service announces support for Remote Reindex
Amazon Elasticsearch Service now offers support for Remote Reindex, enabling you to migrate data from a remote cluster into Amazon Elasticsearch Service. With this feature, you can simply copy data from one cluster to another, making it easier to migrate from legacy versions of Elasticsearch. Remote Reindex also supports migrating indexes from self-managed Elasticsearch onto Amazon Elasticsearch Service, providing a simple mechanism to onboard onto the service.
Amazon ECS adds support for P4d instance types
Amazon Elastic Container Service (ECS) now supports the ability to add the recently launched P4d instances on Amazon ECS clusters in all regions where P4d instances are available. P4d instances offer up to 60% lower cost to train compared to previous generation instances with 2.5X more deep learning performance using the latest NVIDIA A100 Tensor Core GPUs. These instances also offer 8 TB of local NVMe storage. P4d instances are currently available in the US East (N. Virginia) and US West (Oregon) regions.
Introducing Amazon Managed Workflows for Apache Airflow (MWAA)
Amazon Managed Workflows is a new managed orchestration service for Apache Airflow that makes it easier to set up and operate end-to-end data pipelines in the cloud at scale. Apache Airflow is an open source tool used to programmatically author, schedule, and monitor sequences of processes and tasks referred to as “workflows”.
AWS Storage Gateway achieves FedRAMP compliance
AWS Storage Gateway has achieved Federal Risk and Authorization Management Program (FedRAMP) High authorization, approved by the FedRAMP Joint Authorization Board (JAB), for the AWS GovCloud (US) Regions. FedRAMP compliance enables you to use AWS Storage Gateway to store and manage your critical workloads in the AWS GovCloud (US) Region’s authorization boundary with data up to the high impact level.
AWS Single Sign-On enables administrators to require users to set up MFA devices during sign-in
AWS Single Sign-On (SSO) administrators can now require users to self-enroll multi-factor authentication (MFA) devices during sign-in. For your users without a registered MFA device, you can require them to complete a self-guided MFA enrollment process following a successful password authentication. This allows administrators to secure their organization’s AWS environments with MFA without having to individually enroll and distribute authentication devices to users.
AWS Security Hub integrates with AWS Organizations for simplified security posture management
AWS Security Hub is now integrated with AWS Organizations to simplify security posture management across all of your existing and future AWS accounts in an organization. With this launch, new and existing Security Hub customers can delegate any account in their organization as the Security Hub administrator and centrally view security findings from up to 5,000 AWS accounts. The integration with AWS Organizations allows you to automatically enable Security Hub and its automated security checks in any existing and newly created accounts in the organization. You can also now see AWS account names alongside account IDs in the Security Hub console. Customers using Security Hub’s existing multi-account management feature can transition to this new AWS Organizations-enabled multi-account management without any disruption to existing Security Hub usage. This feature is available today in all Security Hub supported AWS regions except in the AWS China (Beijing) Region operated by Sinnet and in the AWS China (Ningxia) Region operated by NWCD.
AWS License Manager allows enforcing licensing rules with shared AMIs across multiple AWS accounts
AWS License Manager allows administrators to create customized licensing rules in license configurations to emulate the terms of their vendor agreements. Administrators can use License Manager to enforce these rules by attaching license configurations to their Amazon Machine Images (AMIs). Administrators can now attach license configurations to their AMIs to make the enforcement effective across all their AWS accounts. License Manager evaluates licensing rules at the time of instance launch from AMIs to prevent overages and notify administrators in an event of any licensing rule violation. License Manager also allows administrators to track instance launches from AMIs shared with them from other AWS accounts. Administrators thus gain control and visibility of their licenses used across all AWS accounts and reduce the risk of non-compliance, misreporting, and additional costs due to licensing overages.
AWS Systems Manager now supports Amazon Virtual Private Cloud (Amazon VPC) endpoint policies
AWS Systems Manager now supports Amazon Virtual Private Cloud (Amazon VPC) endpoint policies, which allow you to configure access to the Systems Manager API. When you create Amazon VPC endpoints for Systems Manager, you can attach AWS Identity and Access Management (IAM) resource policies that restrict user access to Systems Manager API operations, when these operations are accessed via the Amazon VPC endpoint. For example, you can limit certain users to only be able to list Systems Manager Run Command invocations but not to send any command invocations. You can also restrict specific users’ ability to start a Systems Manager Session Manager session.
Amazon EC2 Auto Scaling now supports attaching multiple network interfaces at launch
Amazon EC2 Auto Scaling now lets you attach multiple network interfaces when launching EC2 instances in an Auto Scaling group. Previously, customers had to write custom scripts and run lifecycle hooks to attach multiple network interfaces. You can now define multiple network interfaces in a launch template and your Auto Scaling group will automatically attach them to instances as they launch.
AWS Copilot CLI is now Generally Available
AWS Copilot CLI for Amazon Elastic Container Service (Amazon ECS) is now generally available with v1.0.0. The AWS Copilot CLI makes it easy to build, release, and operate production-ready containerized applications on Amazon ECS with the Fargate launch type. AWS Copilot incorporates AWS’s best practices, from infrastructure-as-code to continuous delivery, and makes them available to customers from the comfort of their terminal. With AWS Copilot, you can focus on building your applications instead of setting up infrastructure.
You now can use a SQL-compatible query language to query, insert, update, and delete table data in Amazon DynamoDB
You now can use PartiQL (a SQL-compatible query language)—in addition to already-available DynamoDB operations—to query, insert, update, and delete table data in Amazon DynamoDB. PartiQL makes it easier to interact with DynamoDB and run queries in the AWS Management Console. Because PartiQL is supported for all DynamoDB data-plane operations, it can help improve the productivity of developers by enabling them to use a familiar, structured query language to perform these operations.
You now can restore Amazon DynamoDB tables even faster when recovering from data loss or corruption
You now can restore Amazon DynamoDB tables even faster when recovering from data loss or corruption. The increased efficiency of restores and their ability to better accommodate workloads with imbalanced write patterns reduce table restore times across base tables of all sizes and data distributions. To accelerate the speed of restores for tables with secondary indexes, you can exclude some or all secondary indexes from being created with the restored tables.
Announcing Code Signing, a trust and integrity control for AWS Lambda
You can now ensure that only trusted and verified code is deployed in your AWS Lambda functions. With Code Signing for Lambda, administrators can configure Lambda functions to only accept signed code on deployment. When developers deploy signed code to such functions, Lambda checks the signatures to ensure the code is not altered or tampered. Additionally, Lambda ensures the code is signed by trusted developers before accepting the deployment.
New Releases from GCP this week
- Tuning control support in Cloud SQL for MySQL—GCP made all 80 flags that were previously in preview now generally available (GA) this week, empowering you with the controls you need to optimize your databases. See the full list of updates here.
- New in BigQuery ML—GCP announced the general availability of boosted trees using XGBoost, deep neural networks (DNNs) using TensorFlow, and model export for online prediction. Learn more about XGBoost here.
- New AI/ML in retail report—Google recently commissioned a survey of global retail executives to better understand which AI/ML use cases across the retail value chain drive the highest value and returns in retail, and what retailers need to keep in mind when going after these opportunities. Learn more about the report here.
Azure Guest health feature in Azure Monitor
It is imperative to monitor the health of your virtual machine. But how much time do you spend reviewing each metric and alert to monitor the health of a virtual machine?
We are announcing the preview of Azure Monitor for virtual machines guest health feature that monitors the health of your virtual machines and fires an alert when any parameter being monitored is outside the acceptable range. This feature provides you:
- A simple experience to monitor the overall health of your virtual machine.
- Out-of-the-box health monitors based on key VM metrics to track the health of your virtual machine.
- Out-of-the-box alerts to notify if the virtual machine is unhealthy.
Updated digital course: AWS Cloud Practitioner Essentials
AWS Training and Certification is excited to announce the launch of the updated AWS Cloud Practitioner Essentials digital course. If you’re new to the cloud—whether you’re in a technical or nontechnical role—this course will help you understand the fundamental concepts of the AWS Cloud. As a result, you can build your skills and confidence while contributing to your organization’s cloud initiatives.
New self-paced courses for security and IoT on edX and Coursera
AWS Training and Certification has launched two new self-paced digital courses, Introduction to AWS Identity and Access Management and AWS IoT: Developing and Deploying an Internet of Things, on edX and Coursera. Designed for application developers, the IoT course helps you utilize AWS IoT services to build, test, and distribute applications to simulated devices. You’ll also learn how to use analytics tools to collect, process, and analyze data from IoT devices.
New digital course: Advanced Testing Practices using AWS DevOps Tools
This new digital course, Advanced Testing Practices using AWS DevOps Tools, teaches you how to improve application reliability and security by integrating and automating testing into your AWS DevOps pipelines. This advanced course is designed for DevOps engineers and developers who have significant experience with DevOps methodology and practices.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email firstname.lastname@example.org to book a callback or demo.