In Cloud Computing This Week [Nov 5th 2021]

AWS Lambda now allows you to create or update your functions with container images stored in an Amazon ECR repository  in a different AWS account than that of your AWS Lambda function. Previously, you could only access container images stored in an Amazon ECR repository in the same AWS account as your AWS Lambda functions. If you used a centralized account for your Amazon ECR repositories, you needed to copy your container images into an Amazon ECR repository in the same account as your Lambda function. You can now simplify this workflow by accessing the container image stored in an Amazon ECR repository in a different account. 

You can now create secure continuous integration and deployment (CI/CD) pipelines that follow your organization’s best practices with a new pipeline configuration capability for serverless applications. AWS Serverless Application Model Pipelines (AWS SAM Pipelines) is a new feature of AWS SAM CLI that gives you access to benefits of CI/CD in minutes, such as accelerating deployment frequency, shortening lead time for changes, and reducing deployment errors. AWS SAM Pipelines comes with a set of default pipeline templates for popular CI/CD systems such as CloudBees CI/Jenkins, GitLab CI/CD, GitHub Actions, Bitbucket Pipelines, and AWS CodeBuild/CodePipeline that follow AWS’ deployment best practices. The AWS SAM CLI is a developer tool that makes it easier to build, locally test, package, and deploy serverless applications.

AWS DataSync now supports transferring data between Hadoop Distributed File Systems (HDFS) and Amazon S3, Amazon Elastic File System (EFS), or Amazon FSx for Windows File Server. Using DataSync, you can quickly, easily, and securely migrate files and folders from HDFS on your Hadoop cluster to AWS Storage. You can also use DataSync to replicate data on your Hadoop cluster to AWS for business continuity, copy data to AWS to populate your data lakes, or transfer data between your cluster and AWS for analysis and processing.

AWS Amplify Admin UI now allows generating seed data with Faker , and downloading data to a CSV file. This simplifies creating and managing your data in Amplify, and allows for more realistic demo data that is quickly shareable. 

The AWS Snowcone solid state drive (SSD) is now available in the US East (Ohio), US West (San Francisco), Asia Pacific (Singapore), Asia Pacific (Sydney) and AWS Asia Pacific (Tokyo) regions adding to our growing list of regions already offering Snowcone SSD including, EU (Frankfurt), EU (Ireland), US East (N. Virginia), and US West (Oregon). AWS Snowcone is the smallest member of the AWS Snow Family of edge computing, edge storage, and data transfer devices. Snowcone is available in both hard disk drive (HDD) and solid state drive (SSD). Both device models are portable, rugged, and secure – small and light enough to fit in a backpack, and are able to withstand harsh environments. Customers use Snowcones to deploy applications at the edge, and to collect data, process it locally, and move it to AWS either offline by shipping the device to AWS, or online by using AWS DataSync on Snowcone to send the data to AWS over the network.

Amazon SageMaker Studio now enables customers to make test inference requests to endpoints with a custom URL and endpoints that require specific headers. Amazon SageMaker helps data scientists and developers to prepare, build, train, and deploy high-quality machine learning (ML) models quickly by bringing together a broad set of capabilities purpose-built for ML. Amazon SageMaker Studio provides a single, web-based visual interface where you can perform all ML development steps.

AWS Backup Vault Lock is now available in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD. AWS Backup enables customers to centralize and automate data protection across AWS services through a fully managed and cost-effective solution.

Amazon Aurora Global Database is a feature of Amazon Aurora. It is designed for applications with a global footprint. It allows a single Aurora database to span multiple AWS Regions, with fast replication to enable low-latency global reads and disaster recovery from Region-wide outages. With today’s launch, Amazon Aurora Global Database is available in the AWS GovCloud (US-East and US-West) Regions. Amazon Aurora Global Database customers will now be able to replicate across AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions.

AWS Lake Formation now support managed VPC endpoints (powered by AWS PrivateLink) to access a data lake in a Virtual Private Cloud (VPC).  With AWS Lake Formation-managed endpoints, you can now authorize access to the data lake for client applications and services inside of your VPC and on-premises using private IP connectivity. You can also configure VPC endpoint policies  to have finer grained control over how services access AWS Lake Formation.

AWS Security Hub now supports Amazon Virtual Private Cloud (VPC) endpoints via AWS PrivateLink so that you can securely initiate API calls to Security Hub from within your VPC without requiring those calls to traverse across the Internet. AWS PrivateLink support for Security Hub is now available in all AWS Regions where Security Hub is available. To try the new feature, you can go to the VPC console, API, or SDK to create a VPC endpoint for Security Hub in your VPC. This creates an elastic network interface in your specified subnets. The interface has a private IP address that serves as an entry point for traffic that is destined for Security Hub. You can read more about Security Hub’s integration with PrivateLink here .

Amazon Relational Database Service (Amazon RDS) now offers the ability to specify an AWS Key Management Service (KMS) customer master key (CMK) from a different account when exporting an Amazon RDS Snapshot to Amazon S3. This option helps customers organize and consolidate their KMS keys by eliminating the need to create keys in each account that has snapshots.

Amazon EMR Studio is an integrated development environment (IDE) that makes it easy for data scientists and data engineers to develop, visualize, and debug  big data and analytics applications written in R, Python, Scala, and PySpark. Today, we are excited to announce that EMR Studio Workspaces now support connecting to EMR clusters in different subnets that are associated with EMR Studio.

Database Activity Streams now supports Graviton2-based instances for Amazon Aurora PostgreSQL-Compatible Edition and Amazon Aurora MySQL-Compatible Edition. Database Activity Streams  for Amazon Aurora provides a near real-time stream of database activities in your relational database for auditing and compliance purposes. When integrated with third party database activity monitoring tools, Database Activity Streams can monitor and audit database activity to provide safeguards for your database and help you meet compliance and regulatory requirements.

Starting this week, AWS customers running subscription included Red Hat Enterprise Linux on Amazon EC2 can seamlessly access Red Hat Knowledgebase at no additional cost. The Knowledgebase is a library of articles, frequently asked questions (FAQs), and best-practice guides to help customers solve technical issues.

This week, Amazon CloudFront is launching support for response headers policies. You can now add cross-origin resource sharing (CORS), security, and custom headers to HTTP responses returned by your CloudFront distributions. You no longer need to configure your origins or use custom Lambda@Edge or CloudFront functions to insert these headers. 

In-app messaging enables customers to display targeted messages in mobile or web applications, and provide a personalized user experience. When an end user is engaged with a mobile or web application, customers can use in-app messaging to show relevant content to drive high-value user actions such as: repeat purchases, key content promotion, and user onboarding. After initial implementation these messages can be created and launched through the Pinpoint console, without the need to make code changes. 

Native support for open source SQLAlchemy  (sqlalchemy-redshift) and Apache Airflow  frameworks are now available for Amazon Redshift. The updated Amazon Redshift dialect for SQLAlchemy supports the Amazon Redshift open source Python driver . With this release you can use single sign-on with your Identity Provider (IdP) to connect to Redshift clusters and avoid credential management pains. You can also use new Amazon Redshift features such as using TIMESTAMPTZ and TIMETZ datatypes when you migrate to the latest Redshift dialect for SQL Alchemy and Apache Airflow. These features are available in sqlalchemy-redshift version 0.8.6 and later.

On September 16th AWS announced GA of Corretto 17. This week, they are pleased to announce that AWS will be providing Long-Term Support (LTS) for Corretto 17 until September 2028. AWS will also be moving to a new 2-year cadence for Corretto LTS releases, along with the rest of the OpenJDK community, as of this release. Please read the Corretto 17 Announcement post on the AWS Open Source blog for more details. Corretto 17 is available from the downloads page .

Amazon DevOps Guru now supports additional metrics at the node and pod-level for clusters managed by Amazon Elastic Kubernetes Service (EKS).

Amazon Time Sync Service now allows you to easily generate and compare timestamps from Amazon EC2 instances with ClockBound, an open source daemon and library. This information is valuable to determine order and consistency for events and transactions across EC2 instances, independent from the instances’ respective geographic locations. ClockBound calculates your Amazon EC2 instance’s clock error bound to measure its clock accuracy and allows you to check if a given timestamp is in the past or future with respect to your instance’s current clock. On every call, ClockBound simultaneously returns two pieces of information: the current time and the associated absolute error range. This means that the actual time of a ClockBound timestamp is within a set range.

AWS Secrets Manager now supports a limit of up to 500,000 secrets per account per region, up from 40,000 secrets in the past. This simplifies secrets management for software as a service (SaaS) or platform as a service (PaaS) applications that rely on unique secrets for large numbers of end customers.

Starting this week, Amazon EC2 T4g instances are available in the AWS GovCloud (US-West) Region. T4g instances are powered by Arm-based AWS Graviton2 processors and deliver up to 40% better price performance over T3 instances. These instances provide a baseline level of CPU performance with the ability to burst CPU usage at  any time for as long as required. They offer a balance of compute, memory, and network resources for a broad spectrum of general purpose workloads, including large scale micro-services, caching servers, search engine indexing, e-commerce platforms, small and medium databases, virtual desktops, and business-critical  applications.

Amazon Relational Database Service (Amazon RDS) on AWS Outposts can now export database logs to Amazon CloudWatch. You can now monitor all of your Amazon RDS on AWS Outposts database instances from the same single pane of glass as your Amazon RDS database instances in our AWS Regions.

Amazon MemoryDB for Redis now supports AWS CloudFormation, enabling you to manage MemoryDB resources using CloudFormation templates. Amazon MemoryDB for Redis is a Redis-compatible, durable, in-memory database service that delivers ultra-fast performance. AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code. CloudFormation makes it easier for you to create and manage MemoryDB resources without having to configure MemoryDB separately through the console. For example, you can create MemoryDB clusters, subnet groups, parameter groups, and users using CloudFormation templates. 

This week, AWS Transit Gateway Network Manager launched new APIs that enable you to perform automated analysis of your global network and allow you to build your own topological views for visualization purposes. You can get an aggregated view of your global network resources, analyze routes, and retrieve telemetry data across AWS regions using the following APIs:

• Describe the network resources for the global network (GetNetworkResources )
• Get the network health information of the global network (GetNetworkTelemetry )
• Get the network routes of a specific route table (GetNetworkRoutes )
• Get the network resource relationships of a specific resource (GetNetworkResourceRelationships )
• Get the count of network resources for the global network (GetNetworkResourceCounts )

Amazon Simple Email Service (Amazon SES) is pleased to announce the launch of the newly redesigned service console. With its streamlined look and feel, the new console makes it even easier for customers to leverage the speed, reliability, and flexibility that Amazon SES has to offer.

You can now collect Cassandra metrics from the Ops Agent, starting with version 2.6.0. For more information, see Monitoring third-party applications: Cassandra.

Config Connector 1.65.0 is now available.

Added support for the ComputeServiceAttachment resource.

config-connector command cli print-resources now includes a column listing whether it supports of related IAM resources.

All config-connector containers now emit logging to stdout rather than stderr.

config-connector command cli now correctly labels supported bulk-export resources.