All the news from AWS, Azure and GCP for the week ending October 23rd 2020.
The ALB Ingress Controller is now the AWS Load Balancer Controller , and includes support for both Application Load Balancers and Network Load Balancers. The new controller enables you to simplify operations and save costs by sharing an Application Load Balancer across multiple applications in your Kubernetes cluster, as well as using a Network Load Balancer to target pods running on AWS Fargate.
Amazon Elastic Container Service for Kubernetes (EKS) clusters running in standard AWS regions are now compliant with the Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline.
This week, the AWS Copilot CLI for Amazon Elastic Container Service (Amazon ECS) launched version 0.5.0. Starting with this release, you can deploy applications or jobs that need to run only on a particular schedule. AWS Copilot has built in timeouts and retries to provide more flexibility for how your scheduled jobs run. AWS Copilot will also deploy all the required infrastructure and settings, while you just provide the application and the schedule to be run. This allows you to focus on development instead of manually setting up rules and infrastructure to ensure your scheduled jobs run when needed.
In August 2020, Amazon Certificate Manager (ACM) launched a feature to share Certificate Authorities (CA) between AWS accounts using AWS Resource Access Manager (RAM). With this week’s launch, AWS App Mesh customers will be able to use a certificate authority shared with their AWS account while configuring TLS between services in their mesh.
AWS App Mesh is a service mesh that provides application-level networking to standardize how your services communicate, giving you end-to-end visibility and enables options to tune for high-availability of your applications. App Mesh has now increased the default limits for a set of resources - virtual nodes, and virtual gateways. These limit increases make it easier for you to manage larger applications with App Mesh.
Amazon Redshift now allows you to schedule your SQL queries for executions in recurring schedules and enables you to build event-driven applications by integrating with Amazon EventBridge. You can now schedule time sensitive or long running queries, loading or unloading your data, or refreshing your materialized views on a regular schedule.
You can now export Amazon Relational Database Service (Amazon RDS) or Amazon Aurora snapshots to Amazon S3 as Apache Parquet format in additional regions. Parquet is an efficient open columnar storage format for analytics and is up to 2x faster to export and consumes up to 6x less storage in Amazon S3, compared to other text formats. You can analyze the exported data with other AWS services such as Amazon Athena, Amazon EMR, and Amazon SageMaker.
This week, Amazon AppStream 2.0 adds a new instance size to the General Purpose instance family. This new instance size, stream.standard.small, offers 1 vCPU and 2 GiB of memory. It is ideally suited for streaming lightweight, non-graphics applications such as browsers for secure web browsing and bastion host administration tools, and applications that are not resource intensive. To use the new instance size, create a new AppStream 2.0 fleet or modify your existing fleet by using the AppStream 2.0 console, AWS SDK, or AWS CLI.
You can now launch Apache ActiveMQ 5.15.13 brokers on Amazon MQ. This patch update to ActiveMQ contains several fixes and new features compared to the previously supported version, ActiveMQ 5.15.12.
AWS CloudFormation now supports increased limits on five service quotas - template size, resources, parameters, mappings, and outputs. The maximum size of a template that can be passed in an S3 Object is now 1MB (previously 450KB). The new per template limits for the maximum number of resources is 500 (previously 200), parameters is 200 (previously 60), mappings is 200 (previously 100), and outputs is 200 (previously 60).
AWS Step Functions is now integrated with Amazon Athena, an interactive query service, allowing you to build workflows that queries data on your S3 data lake. AWS Step Functions support built-in error handling, parameter passing, recommended security settings , and state management, reducing the amount of code you have to write and maintain.
Amazon SageMaker is now available in the Africa (Cape Town) and Europe (Milan) AWS regions. Amazon SageMaker is a fully managed service that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. SageMaker removes the heavy lifting from each step of the machine learning process to make it easier to develop high quality models.
Amazon Kendra is a highly accurate and easy to use intelligent search service powered by machine learning. Starting today, AWS customers can leverage Kendra’s intelligent search capabilities across a broader range of content repositories by using Kendra’s custom data source feature.
Amazon CloudFront announces that you can now manage public keys used for signed URLs and signed cookies through Amazon Identity and Access Management (IAM) based user permission, without requiring the AWS root account. With the IAM user permissions based public key management, you get more flexibility and API access to manage your public keys.
Amazon CloudWatch Application Insights, adds additional storage volume metrics to provide further insights to your storage performance and health along with the new ability to monitor your API Gateway functions. CloudWatch Application Insights is a capability that helps enterprise customers easily setup application monitoring and enhanced observability for AWS resources. The new Elastic Block Store (EBS) metrics provide further details on storage volumes. The integration with the API Gateway service provides insights to the various API commands run through the gateway.
Amazon QLDB Go Driver is now generally available, providing Go developers a simply way to access QLDB. The Go Driver offers an abstraction layer on top of the AWS SDK to handle QLDB sessions, streamline PartiQL statements, and handle ION data.
Session Manager, a capability of AWS Systems Manager, now enables you to customize the shell environment by specifying the commands to run at the start of a session. Using this feature, you can tailor the shell experience to the needs of your users or your organization, by adding customizations such as changing the default shell interpreter, displaying the hostname, or configuring command shortcuts.
With this week’s Amplify CLI release, you gain the ability to import existing Amazon Cognito resources into your Amplify project. Just run the “amplify import auth” command and Amplify CLI will automatically configure all your Amplify-provisioned resources (GraphQL APIs, S3 buckets and more) to be authenticated with your designated existing Cognito User Pool or Identity Pool.
Amazon Managed Streaming for Apache Kafka (Amazon MSK) now supports Apache Kafka version 2.6.0 for new and existing clusters. Apache Kafka 2.6.0 includes several bug fixes and new features that improve performance. Some key features include native APIs to manage client quotas (KIP-546 ) and explicit rebalance triggering to enable advanced consumer usecases (KIP-568 ). For a complete list of improvements and bug fixes, see the Apache Kafka release notes for 2.6.0 .
AWS App Mesh is a service mesh that provides application-level networking to make it easy for your services to communicate with each other across multiple types of compute infrastructure. AWS App Mesh standardizes how your services communicate, giving you end-to-end visibility and ensuring high-availability for your applications.
AWS Global Accelerator announces the ability to override the destination ports used to route traffic to an application endpoint. This allows you to map a list of external destination ports — that your users send traffic to — to a list of internal destination ports that you want an application endpoint to receive traffic on. By default, an accelerator routes user traffic to endpoints in AWS Regions using the protocol and port ranges that you specify when you create a listener. For example, if you define a listener that accepts TCP traffic on ports 80 and 443, the accelerator routes traffic to those ports on an endpoint.
You can now hibernate newly-launched EBS-backed Amazon EC2 I3, M5ad, and R5ad instances. Hibernation provides you with the convenience of pausing your workloads and resuming them later from the saved state. Hibernation is just like closing and opening your laptop lid — your application will start right from where it left off. By using hibernation, you can maintain a fleet of pre-warmed instances that can get to a productive state faster without modifying your existing applications.
AWS Backup is now available in 2 additional Regions: Cape Town (CPT) and Milan (MXP).
Amazon Kinesis Data Analytics is now available in the US West (California) AWS region.
You can now add connection time metrics to your reporting in Amazon Connect. This enables you to understand the time from when Connect sends a contact to an agent to when they accept and are connected to the phone call or chat.
You can now filter automation executions by resource groups in Systems Manager Automation. This allows you to group and view the automation executions specific to your applications or environments.
Amazon Redshift now allows users to modify the compression encoding of existing columns with a single statement. This new capability makes it easier to maintain the optimal compression encodings in Amazon Redshift to achieve high performance and reduce the storage utilization.
AWS Batch now allows users to configure retry strategies based on defined exit codes. Customers can now determine whether their AWS Batch jobs retry based on specified events such as infrastructure failure or application failure. This allows customers to tightly control the actions taken on job failure - resulting in lower costs and faster throughput by retrying only when necessary.
AWS Lambda now supports AWS PrivateLink. With this feature you can manage and invoke Lambda functions from your Virtual Private Cloud (VPC) without exposing your traffic to the public internet. PrivateLink provides private connectivity between your VPCs and AWS services, like Lambda, on the private AWS network.
Port forwarding sessions created using Session Manager, a capability of AWS Systems Manager, now support multiple simultaneous connections over the session. This improvement reduces the rendering latency and improves load times for applications that load data using multiple concurrent connections, when delivering such applications over a port forwarding session.
You can now process multiple Amazon Kinesis data streams with a single Kinesis Client Library (KCL) based consumer application. Previously, each KCL based application processes a single Kinesis data stream. With this new capability, you can update the list of streams at runtime for multi-stream processing in a scalable KCL application without redeploying the application. This reduces operational overhead of maintaining multiple KCL applications.
AWS DataSync now offers a simplified agent setup using the agent’s local console. This enables you to set up your agent faster, and test network connectivity between your on-premises storage and AWS within minutes.
You now can manage access to Amazon Keyspaces (for Apache Cassandra), a scalable, highly available, and fully managed Cassandra-compatible database service, by using temporary security credentials for the Python, Go, and Node.js Cassandra drivers.
Porting Assistant for .NET is now open source. Users can now extend the data set with new recommendations for assessment and use the extended data set to scan their project for incompatibilities. Users can also review and offer suggestions on exiting data sets. Users can actively participate in the development process and bring their experience and expert knowledge to the tool. They can review open issues in GitHub, comment on any of the issues that they are familiar with, make suggestions, ask questions, or open new issues if they like to start a new conversation. Source code for compatibility analysis component, assessment APIs and the data set used for the assessment are released under Apache 2.0 license
Amazon QuickSight now supports filter controls that you can place beside visuals on dashboards, allowing readers to quickly slice and dice data in the context of its visual representation. You can create these filter controls from existing or new filters with a single click, and configure them to support different operations, such as filtering specific dates, relative dates, or date ranges, setting upper and lower thresholds for numeric values, adding drop-downs with single-select or multi-select options, and more. On-sheet filter controls can be used in dashboards within Amazon QuickSight, or in dashboards embedded within apps.
Amazon EMR now supports Amazon EC2 M6g instances to deliver the best price performance for cloud workloads. Amazon EC2 M6g instances are powered by AWS Graviton2 processors that are custom designed by AWS utilizing 64-bit Arm Neoverse cores. Amazon EMR provides up to 35% lower cost and up to 15% improved performance for Spark workloads on Graviton2-based instances versus previous generation instances. In addition, the combination of EMR runtime for Apache Spark and EC2 M6g instances offer up to 76% lower total cost and 3.6 times improved performance compared to running open source Apache Spark on previous generation instances.
AWS Systems Manager Patch Manager now makes it easier for you to create patch compliance reports by providing a catalog of all patches released for Amazon Linux and Amazon Linux 2. You can now view a list of all released patches for Amazon Linux and Amazon Linux 2 even if those patches are not applicable to your fleet based on your patch rules. Further, you can view additional details such as severity, release date, and vulnerability identifier (CVE-ID) for patches in the catalog.
The Microsoft Azure Modular Datacenter (MDC) is designed to support datacenter scale scenarios for humanitarian aid, disaster response, and other needs for high-intensity, secure cloud computing in challenging environments.
Read More »Between waves of pandemics, hurricanes, and wildfires, you don’t need cloud infrastructure adding to your list of worries this year. Fortunately, there has never been a better time to ensure your Azure deployments stay resilient. Availability Zones in particular are one of the best ways to mitigate risks from outages and disasters.
Read More »Ensuring databases are securely managed is a crucial part of every organization’s critical operations. When those organizations rely on a managed service like Cloud SQL, a key benefit is consistency of management, including security policies that extend beyond a single service. Cloud SQL has continued to enhance its security capabilities. Google have introduced VPC Service Controls so you can securely connect to your database instance, and have added Customer Managed Encryption Keys as an option for meeting regulatory compliance. Now, Google are proud to announce Cloud Identity and Access Management (Cloud IAM) integration and the enablement of PostgreSQL Audit Extension (pgAudit), both available in preview for Cloud SQL for PostgreSQL.
New scale-in controls in Compute Engine let you limit the VM deletion rate by preventing the autoscaler from reducing a MIG's size by more VM instances than your workload can tolerate to lose.
When you configure autoscaler scale-in controls, you control the speed at which you scale in. The autoscaler never scales in faster than your configured rate
UPComing Events:
Coursera is offering on month of no-cost access to 6 GCP certification courses until November 19th.
These include:
Read more : https://cloud.google.com/blog/topics/training-certifications/google-cloud-certification-training-on-coursera
Google Cloud Virtual Events
To support the unique needs of GCP customers in Europe, Middle East, and Africa, on 29 September GCP are kicking off a brand-new Next OnAir event exclusively for EMEA.
Google Cloud Next OnAir EMEA offers a full roster of curated content, including more than 30 new sessions specially tailored to the region. Join Google experts and local customers to learn how organizations are already transforming in the cloud, and connect and collaborate with industry experts to solve your toughest challenges.
Each week Google will be highlighting a different focus:
27 Oct: Application modernization and business application platform—Explore how to develop and modernise applications with open source and other software, and how APIs give you better visibility and control.
Register today, for free, on the Next OnAir EMEA website. You’ll get full access to all 30+ sessions being presented throughout the five-week event alongside the more than 250 sessions created for the global Google Cloud Next ’20: OnAir program.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/
AWS Events:
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email sales@hava.io to book a callback or demo.