This week's roundup of all the cloud news.
Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 15th October 2021
We continue to roll out new features, the latest being Projects and SSO. Now you can assign data sources to a project and assign only the users you want to access that data source to the project. This gives you greater control over who can see what diagrams when you have multiple projects or teams using Hava.
SSO is now in Beta. If you would like to use SAML or OIDC to control access to your Hava account, get in touch and we'll enable it on your account.
To stay in the loop, make sure you subscribe on the right - There's a new newsletter series starting later this year that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
Amazon EMR 6.4 release version now supports Apache Spark 3.1.2 and provides runtime improvements with Amazon EMR Runtime for Apache Spark. Amazon EMR 6.4 provides Presto runtime improvements for PrestoDB 0.254, and runtime improvements for Apache Hive 3.1.2 when you use AWS Glue Data Catalog for your metastore.
AWS customers can now use Amazon Kendra to build intelligent search applications in the AWS GovCloud (US-West) Region.
AWS RoboMaker, a service that allows customers to simulate robotics applications at cloud scale, now supports expanded configuration for any robot and simulation software. Previously Robot Operating System (ROS) and Gazebo are the only supported robot and simulation software configuration in RoboMaker. This new feature enables customers to use and configure any robot and simulation software of their choice while running simulations in RoboMaker.
Starting this week, Amazon MemoryDB for Redis is generally available in 11 additional AWS Regions: US East (Ohio), US West (N. California, Oregon), Canada (Central), Europe (London, Stockholm), and Asia Pacific (Hong Kong, Seoul, Singapore, Sydney, Tokyo).
You can now manage AWS Step Functions workflows in the AWS Batch console, where you can automate Batch jobs to help build long-running business-critical workflows that require machine learning, data analysis, or overnight batch processing.
AWS RoboMaker, a service that allows customers to simulate robotics applications at cloud scale, now supports GPU based simulation jobs for compute-intensive simulation workloads such as high fidelity simulation, vision processing, and machine learning (ML). Previously, AWS RoboMaker simulation jobs ran only on central processing unit (CPU) instances; now you can choose between a CPU based or GPU based simulation job.
This week, Amazon EC2 Auto Scaling announced the ability to describe Auto Scaling groups using tags. Tag-based filtering makes it easier for you to view and manage your Auto Scaling groups based on the tags that you are interested in. Each tag is a simple label consisting of a customer-defined key and an optional value.
Network Load Balancer (NLB) now supports version 1.3 of the Transport Layer Security (TLS) protocol, enabling you to optimize the performance of your backend application servers while helping to keep your workloads secure. TLS 1.3 on NLB works by offloading encryption and decryption of TLS traffic from your application servers to the load balancer, and provides encryption all the way to your targets. TLS 1.3 is optimized for performance and security by using one round trip (1-RTT) TLS handshakes and only supporting ciphers that provide perfect forward secrecy. As with other versions of TLS, NLB preserves the source IP of the clients to the back-end applications while terminating TLS on the load balancer.
Amazon SageMaker Data Wrangler now supports Amazon Athena Workgroups, feature correlation, and customer managed keys
Amazon SageMaker Data Wrangler reduces the time it takes to aggregate and prepare data for machine learning (ML) from weeks to minutes. With SageMaker Data Wrangler, you can simplify the process of data preparation and feature engineering, and complete each step of the data preparation workflow, including data selection, cleansing, exploration, and visualization from a single visual interface.
Amazon SageMaker Projects, the first purpose-built service that manages continuous integration and continuous delivery (CI/CD) resources for machine learning (ML) projects, now has CI/CD templates for building Docker images used in training, processing, and inference.
You can now build and run stream processing applications using Apache Flink version 1.13 in Amazon Kinesis Data Analytics. Apache Flink v1.13 provides enhancements to the Table/SQL API, improved interoperability between the Table and DataStream APIs, stateful operations using the Python Datastream API, features to analyze application performance, an exactly-once JDBC sink, and more. With this launch, you also get an Apache Kafka connector that works with AWS IAM authentication when you’re using Amazon Managed Streaming for Apache Kafka(Amazon MSK) as your application’s data source.
This week AWS are announcing the availability of a new Amazon CloudWatch dimension for metrics in the AWS Outposts namespace. CloudWatch dimensions are unique identifiers for metrics that allow customers to search and filter results.
AWS Elemental MediaTailor now supports prefetch ad requests for personalized ad insertion. Prefetching manages the request of ads in advance of ad breaks, increasing the time an ad decision server (ADS) has to respond.
Amazon VPC Flow Logs now supports Apache Parquet, Hive-compatible prefixes and Hourly partitioned files
Amazon Virtual Public Cloud (VPC) is introducing three new features to make it faster, easier and more cost efficient to store and run analytics on your Amazon VPC Flow Logs. First, VPC Flow Logs can now be delivered to Amazon S3 in the Apache Parquet file format. Second, they can be stored in S3 with Hive-compatible prefixes. And third, your VPC Flow Logs can be delivered as hourly partitioned files. All of these features are available when you choose S3 as the destination for your VPC Flow Logs.
Amazon QuickSight now supports larger SPICE datasets on the Enterprise Edition. Earlier each SPICE dataset could hold up to 250 million rows and 500GB of data. Now, all new SPICE datasets can accommodate up to 500 million rows (or 500GB) of data in the Enterprise Edition and 25 million rows (or 25GB) for Standard Edition. This raises the limit for your datasets, letting you accelerate dashboards with more data. See here for details.
Amazon CodeGuru Reviewer is a developer tool that leverages automated reasoning and machine learning to detect potential code defects that are difficult to find and offers suggestions for improvements. Today, we are building on our set of detectors for the AWS SDKs with the addition of detectors for the AWS Java SDK v2. These new detectors help to ensure customers are following the Java SDK v2’s best practices, such as using client builders over client constructors, waiters over custom polling, or auto-pagination over manual pagination. The detectors can also find bugs customers create while using the new SDK’s AWS service clients, such as identifying data loss in the Amazon Kinesis v2 client. After detecting an issue or bug, CodeGuru Reviewer provides recommendations for how the developer can remediate it.
You can now launch Apache ActiveMQ 5.16.3 brokers on Amazon MQ. This version update to ActiveMQ contains several fixes and improvements compared to the previously supported version, ActiveMQ 5.16.2.
AWS FPGA developer kit now supports Jumbo frames in virtual ethernet frameworks for Amazon EC2 F1 instances
This week AWS are announcing support for jumbo frames via the virtual ethernet framework in the AWS FPGA Developer kit. With this support, developers using Amazon EC2 F1 instances can use jumbo frames to get the maximum allowed networking bandwidth for the instance delivering up to double the networking performance.
AWS Console Mobile Application users can now use Amazon Elastic Container Service (Amazon ECS) on both the iOS and Android applications. The Console Mobile Application provides a secure and easy-to-use on-the-go solution for monitoring ECS clusters, services, configurations, tasks and container workloads. Customers can also stop ECS tasks and launch desired number of tasks for an ECS service.
AWS CloudFormation customers can now view operational data and quickly take action to resolve issues involving CloudFormation stack resources through Application Manager, a capability of AWS Systems Manager. Using this feature, customers can obtain an application view of resources provisioned via a CloudFormation stack. With the operational metrics, logs, alerts, and cost information obtained from the Application Manager Dashboard, developers can manage their stack resources efficiently throughout their lifecycle.
Cloud Development Kit for Kubernetes (CDK8s ) is now Generally Available and ready for production usage with any conformant Kubernetes cluster. To ensure continued community involvement, cdk8s is also now an official CNCF Sandbox project and has moved from the AWS Labs GitHub organization to a dedicated home on GitHub, cdk8s-team .
Automated Account Configuration helps you automate operational processes in an efficient, error-free, standardized and consistent way, to ensure that your AWS accounts are set up properly and with the necessary resources to meet your business and production needs. You can use the solutions implementation to configure and deploy the following business critical services:
AWS CDK releases v1.121.0 - v1.125.0 with features for faster development cycles using hotswap deployments and rollback control
Amazon Connect Tasks is now HIPAA (Health Insurance Portability and Accountability Act) eligible. Connect Tasks empowers contact center managers to prioritize, assign, track, and automate customer service tasks across the disparate applications used by agents. HIPAA eligibility means you can prioritize and automate tasks with Protected Health Information (PHI), and even provide agents with this information they need to resolve your customers’ inquiries or service requests. You can prioritize or automate tasks from customer relationship management (CRM) applications such as Salesforce or Zendesk, electronic health records (EHR) systems such as Epic or Cerner, or with your homegrown and business-specific applications. Amazon Connect has been HIPAA eligible since 2017.
You can now launch the T3 database instance type when using Amazon Relational Database Service (Amazon RDS) for MySQL and Amazon RDS for MariaDB in AWS GovCloud (US) Regions.
Amazon Fraud Detector is excited to announce the Transaction Fraud Insights model, a low-latency fraud detection machine learning (ML) model specifically designed to detect online card-not-present transaction fraud. Like other Amazon Fraud Detector models, Transaction Fraud Insights leverages more than 20 years of fraud detection expertise from Amazon and AWS. The new Transaction Fraud Insights model type detects up to 30% more fraudulent transactions and maintains its performance up to six times longer than Amazon Fraud Detector’s previous model type, Online Fraud Insights.
AWS announces a price reduction of up to 56% for Amazon Fraud Detector machine learning fraud predictions
We are excited to announce that we are lowering the price of Amazon Fraud Detector machine learning (ML) based fraud predictions. Fraud Detector is a fully managed service that makes it easy to identify potentially fraudulent online activities, such as the creation of fake accounts or online payment fraud. Using ML under the hood and based on over 20 years of fraud detection expertise from Amazon, Fraud Detector automatically identifies potentially fraudulent activity in milliseconds—with no ML expertise required.
Amazon WorkMail now offers an expanded capability around its Mobile Device Access Rules (MDARs). The new Mobile Device Access Override API (MDOA) allows customers to adjust existing MDARs, either manually through the CLI, or in an automated fashion when using a third-party Mobile Device Management (MDM) tool. Customers use trusted third-party MDM tools to perform security posture assessments before granting devices access to corporate resources. The new API simplifies the creation and management of exceptions to default MDARs, either because there is a need to permit an out-of-posture device to connect to WorkMail, or because a user has reported a specific device to be stolen or lost. In that case, the individual device can be blocked to reduce the risk of data leakage.
NoSQL Workbench for Amazon DynamoDB now enables you to import and automatically populate sample data to help build and visualize your data models
NoSQL Workbench for DynamoDB , a client-side tool that helps you design, visualize, and query nonrelational data models by using a point-and-click interface, now helps you import and automatically populate sample data to help build and visualize your data models. Now, you can import sample data from .csv files into new and existing data models. You also can export your query results in .csv format from the NoSQL Workbench operation builder.
AWS Instance Scheduler is a solution that helps you control your AWS resource cost by configuring start and stop schedules for their Amazon Elastic Compute Cloud (Amazon EC2 On-Demand Instances) and Amazon Relational Database Service (Amazon RDS) instances.
AWS Marketplace now supports viewing agreements and canceling and extending offers for Professional Services
AWS Marketplace sellers, including Independent Software Vendors (ISVs) and consulting partners, can now view agreements, cancel offers, and extend offer expiration dates for Professional Services from the AWS Marketplace Management Portal (AMMP). Professional Services in AWS Marketplace enables ISVs and consulting partners to create new Professional Services listings in AWS Marketplace and extend Private Offers to AWS customers.
We are excited to announce event dataset storage for Amazon Fraud Detector. The new capability enables customers to easily send and store their production fraud data directly within Amazon Fraud Detector. Customers can use their event datasets to train machine learning (ML) models with higher predictive performance since the models can apply historical context to new events by automatically calculating values such as account age and purchase frequency. Customers can also move faster by retraining models without needing to upload a new training dataset to S3, and they can close the feedback loop from offline fraud investigations by updating their fraud labels for stored events.
Google Cloud Releases and Updates
Cloud Asset Inventory
- App Engine Memcache
- App Engine Memcache
Cloud Logging now supports the asia-south2, asia-southeast2, australia-southeast2, northamerica-northeast2, and us-west4 regions. For a full list or regions, see Regionalization.
You can now assign request tags and transaction tags in your application code to easily troubleshoot query performance, transaction latency, and lock contentions by correlating introspection statistics to application code.
The PostgreSQL interface is available in Preview, making the capabilities of Spanner accessible from the PostgreSQL ecosystem. The release supports a subset of the PostgreSQL SQL dialect, including core data types, functions, and operators. Applications can connect using updated Spanner drivers for JDBC, Java, Go, and Python. Starting initially with psql, community tools can connect using PGAdapter, a sidecar proxy that implements the PostgreSQL wire protocol. Sign up for the preview today.
Cloud EKM keys can now be used to encrypt Cloud Storage data.
- Cloud EKM keys encrypt your Cloud Storage data in the same way as other customer-managed encryption keys.
Preview: Spot VMs are now available! Spot VMs are the latest version of preemptible VM instances. Use Spot VMs for fault-tolerant workloads to get a 60-91% discount over the price of standard VMs. Spot prices can change up to once a month to reflect the underlying supply and demand. Like preemptible VMs, Spot VMs are available for all machine types, regions, and zones.
Preemptible VMs continue to be supported for new and existing VMs, and preemptible VMs now use the same pricing model as Spot VMs. However, Spot VMs provide new features that are not supported for preemptible VMs. For example, preemptible VMs can only run for up to 24 hours at a time, but Spot VMs do not have a maximum runtime.
Preview: Third generation Intel Xeon Scalable Processor (Ice Lake) N2 VMs are now available in select regions and zones. These new N2 VMs are offered at the same price as existing N2 VMs on second generation Intel Xeon Scalable Processors.
The following GKE versions fix containerd issue #5438. This issue caused pod IP address leaks which exhaust the IP addresses of containerd based nodes.
- 1.19.14-gke.1500 or later
- 1.20.10-gke.1500 or later
- 1.21.4-gke.1600 or later
For more information, see the Containerd node images known issues.
With GKE version 1.19 and later, the CPU and memory usage of gke-metrics-agent have been optimized. With this change, Out Of Memory (OOM) crashes are reduced significantly.
If you are on GKE version 1.18 and earlier, you will need to upgrade your clusters to version 1.19 or later.
Security Command Center
Event Threat Detection, a built-in service of Security Command Center Premium, launched an integration with Chronicle that lets you perform advanced analysis of threat findings.
The integration lets you seamlessly send findings to Chronicle, a Google Cloud service that you can use to investigate threats and pivot through related actions and events in a unified timeline. Chronicle enriches Event Threat Detection findings, helping you identify indicators of interest and simplify investigations.
All new VMware Engine private clouds now deploy with VMware vSphere version 7.0 Update 2 and NSX-T version 3.1.2. Existing private clouds will be upgraded to vSphere version 7.0 Update 2 and NSX-T version 3.1.2 over a period of time in October 2021.
See Service announcements for more details on the contents of this upgrade.
Generally available: vSAN data encryption for data at rest now uses keys generated by Cloud Key Management Service for all new private clouds.
For details about this feature, see About vSAN encryption.
Accessing published services using a Private Service Connect endpoint is now available from on-premises hosts that are connected to a VPC network using Cloud VPN. This feature is available in Preview.
Connectivity from on-premises hosts to a Private Service Connect endpoint that is used to access published services might not establish for some existing Cloud VPN connections. As a workaround, recreate the VPN gateway and the VPN tunnels.
Microsoft Azure Releases And Updates
You can now save up to 28 percent on Azure Synapse workloads without sacrificing flexibility with Azure Synapse pre-purchase plans.
Develop integrated immersive mapping solutions for mobile applications with Azure Maps iOS SDK
Azure Machine learning, bringing AI to everyone with an end-to-end, scalable, trusted platform available in West US 3.
General availability: Azure Monitor container insights for Azure Arc enabled Kubernetes
Azure Monitor container insights for Azure Arc enabled Kubernetes is now generally available. You can now monitor all Kubernetes, AKS or non-AKS through container insights.
Azure is making it easier to observe Java Spring Boot workloads running on Azure Spring Cloud with application insights.
Azure Static Web Apps adds support for access restrictions by IP addresses and service tags
Azure Static Web Apps adds support for programmatically assigning custom user roles using Azure Functions.
AKS now supports dual stack IPv6 overlay networking
Cloud provider controller manager enables AKS releases independent of Kubernetes release cadence.
Deploy WebAssembly System Interface (WASI) workloads in Kubernetes using Krustlets
You can now take advantage of the latest features of Kubernetes 1.22 including a new PodSecurity admission feature and more.
You can now specify HTTPS proxy configuration when creating your AKS clusters and node pools.
Azure SQL—Public preview updates for October 2021
Public preview enhancements and updates released for Azure SQL Managed Instance for 2021.
Introducing a new way to manage Azure Hybrid Benefit for SQL Server centrally at an Azure subscription or account level, providing better control and optimized cost savings.
Support for Ddsv4 and Edsv4 compute tiers is now supported for Flexible Server on Azure Database for PostgreSQL, a managed service running the open-source Postgres database on Azure.
Private Link is now available in preview for Hyperscale (Citus) on Azure Database for PostgreSQL, a managed service running the open-source Postgres database on Azure.
Strengthen your business continuity and disaster recovery plan with geo backup and restore, now available on Flexible Server for Azure Database for MySQL.
New features now generally available include authenticate with Managed Identities, simplify data upload with dataset uploads, parallel run step with partitioned dataset, and create and edit environments using Environments UI.
New features now available in public preview include compute instance and cluster No Public IP, Hashicorp Tarraform configuration templates, and AutoML for images.
New zone options for additional resiliency and tolerance to infrastructure impact.
Utilize the Service Tag Discovery API to retrieve a list of Service Tags and corresponding IP ranges to easily configure on-premises firewalls and Azure resources
Translator now supports more than 100 languages and dialects to help you streamline your translation workflows.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: