This week's roundup of all the cloud news.
Quite a bit of activity from AWS this week, GCP and Azure not so much, all the details are below.
Here at Hava we released the ability to embed your diagrams anywhere you can place an iframe like an intranet or support/dev ticket. This comes in useful if you need to place diagrams into assets where the viewer doesn't have log in access to your Hava account.
You can read about the embedded viewer and see it in action here: https://www.hava.io/blog/embed-interactive-cloud-diagrams-anywhere
Here's all the latest from the big three.
Waiters now available in the AWS SDK for Java 2.x
This week AWS announced the general availability of the waiters feature in the AWS SDK for Java 2.x . The waiters feature is an abstraction that enables you to validate that AWS resources, such as DynamoDB tables or Amazon S3 buckets, are in a specified state before performing operations on those resources. When interacting with AWS APIs that are asynchronous, such as DynamoDB CreateTable, you often need to wait for that particular resource to become available in order to perform further actions on it. The waiter utility provides a simple API that polls a resource until a desired state is reached or until it is determined that the resource will never enter into the desired state.
Author AWS Systems Manager Automation runbooks using Visual Studio Code
AWS Systems Manager now enables developers to view, author, and publish Automation runbooks directly from Visual Studio Code, a free code editor built on open source. You can now use the editor to author runbooks faster and be more productive by starting with pre-built templates, auto-completing the code with snippets, and validating the runbook for syntax errors in real time. Once built, you can publish the runbooks from the editor to the cloud with a single click.
vCPU-based Spot Instance Limits are now available in Amazon EC2
In 2019 AWS launched Amazon EC2’s vCPU-based limits for On-Demand Instances to simplify the limit management experience for EC2 customers. Now, they have also made the same improvements for Amazon EC2 Spot Instances. AWS have migrated the account limit for Spot Instances from being instance based to a vCPU based limit experience. Starting this week, you will be able to manage Spot limits from the Amazon EC2 console and the Service Quotas console.
AWS CloudFormation Guard now generally available
AWS CloudFormation announced the general availability (GA) of AWS CloudFormation Guard (cfn-guard), which enhances the preview release of cfn-guard (June 2020) with new features.
Cfn-guard is an open-source command line interface (CLI) that checks CloudFormation templates for policy compliance using a simple, policy-as-code, declarative language.
This GA release enables developers to create advanced rules, including rules based on conditions, rules comparing resource properties to numbers, comments on rule sets, and more. For example, along with rules on resource properties (e.g. Encryption), developers can now create rules on resource attributes (e.g. Deletion Policy).
Amazon WorkSpaces introduces sharing images across accounts
It’s now faster and easier for you to share your Amazon WorkSpaces images across your AWS accounts. With this release, you can share your Amazon WorkSpaces image in one AWS account with another account with a few simple clicks. This helps you simplify and accelerate deployment of Amazon WorkSpaces while improving consistency, compliance, and security of your Amazon WorkSpaces.
You can easily share an image from the Images tab in the Amazon WorkSpaces console. To get started with sharing an image, first select the image that you want to share with another AWS account and then use the View details action.
AWS Marketplace launches Geo-Fencing
AWS Marketplace Independent Software Vendors are now able to create new or update existing product listings to control product availability to specific countries. Since launch in 2012, AWS Marketplace products have been available globally. Some Independent Software Vendors need to control where their software can be purchased for tax, compliance, support, or marketing purposes. With the launch of Geo-Fencing, Independent Software Vendors now have the flexibility to create and surface their product offerings in line with their business needs across geographies.
Geo-Fencing preferences apply to new customers and software purchases. Any existing customers that have subscribed to software products prior to Geo-Fencing preferences being implemented will not be impacted.
AWS Centralized WAF and VPC Security Group Management solution is GA
AWS announced the launch of the AWS Centralized WAF and VPC Security Group Management solution, a reference implementation that makes it easier to centrally configure, manage, and audit firewall rules across your accounts and applications in AWS Organizations. The solution uses AWS Firewall Manager to automatically deploy a set of Managed Rules for AWS Web Application Firewall (WAF) and audit checks for VPC security groups across all your AWS accounts from a single place. The solution also gives Shield Advanced customers the option to deploy DDoS protections across accounts.
With AWS Firewall Manager, AWS customers can centrally manage firewall rules, DDoS Shield protections and VPC security groups across their AWS environment. However, many AWS customers find the process to define policies and configure managed rule sets difficult and time consuming. The AWS Centralized WAF and VPC Security Group Management solution simplifies this process by deploying a set of AWS managed firewall rules and security group audit checks on behalf of customers.
Managed firewall rules provide AWS customers a set of pre-configured rules to protect web applications running on AWS CloudFront, AWS Application Load Balancers, or Amazon API Gateway. Security group audit checks continuously monitor and detect overly permissive security group rules to protect your VPC resources and improve your firewall posture. The solution also automates the AWS Firewall Manager onboarding process for AWS Organizations and AWS Config, making it faster and easier for customers to begin using these services.
Amazon Timestream is now generally available
Amazon Timestream is a new time series database for IoT, edge, and operational applications that can scale to process trillions of time series events per day up to 1,000 times faster than relational databases, and at as low as 1/10th the cost.
Amazon Timestream saves AWS customers effort and expense by keeping recent data in memory and moving historical data to a cost-optimized storage tier based upon user-defined policies. Its purpose-built query processing engine gives customers the ability to access and combine recent and historical data transparently across tiers with a single query, without needing to specify explicitly in the query whether the data resides in the in-memory or cost-optimized tier.
AWS CodePipeline now supports GitHub Enterprise Server
You can now use your GitHub Enterprise Server source repository to build, test, and deploy code changes using AWS CodePipeline.
AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This launch extends AWS CodePipeline’s existing source control provider support, including AWS CodeCommit, Bitbucket Cloud, GitHub.com, and Amazon S3.
Amazon Corretto 15 now generally available
Amazon's no-cost, multi-platform, production ready distribution of OpenJDK Amazon Coretto is now generally available. This version supports the latest Java feature release JDK15 and is available for Linux, Windows and macOS
Google launches Logs Explorer
This week GCP announced a new default logging experience: Logs Explorer. Previously known as Logs Viewer Preview, Logs Explorer provides new tools for you to better understand and analyze your logs during the troubleshooting process. They’re not getting rid of the classic Logs Viewer though—you can now access it as Legacy Viewer, and it will remain available as GCP add new features to Logs Explorer.
In addition to a new name, Logs Explorer includes new features designed to reduce the time you spend analyzing logs as you troubleshoot code, and to improve visibility into your Google Cloud environment.
10 New GCP security and management controls
This week GCP released 10 new security and management controls which included
- Cloud identity groups API
- Group membership automation
- Groups in GCP console
- Indirect membership visibility and hierarchy APIs
Google Cloud logs explorer launches recent queries
As you analyze your GCP logs for application performance, infrastructure errors, system events, and more, sometimes you may need to look back to logs you were previously analyzing to help correlate events and identify the root cause of a problem. To help, GCP are excited to introduce Google Cloud Logging recent queries, to make it easy to track and run your past searches as you deep dive on your log data.
With recent queries, now Cloud Logging automatically can give you the history of log searches you’ve run over the last 30 days. No more copying and pasting old queries from that doc/text file just to remember the exact syntax you previously used. With recent queries, all you need to do is open the “Recent” tab in the logs explorer to view your query history.
UPComing Events:
Google Cloud Virtual Events
To support the unique needs of GCP customers in Europe, Middle East, and Africa, on 29 September GCP are kicking off a brand-new Next OnAir event exclusively for EMEA.
Google Cloud Next OnAir EMEA offers a full roster of curated content, including more than 30 new sessions specially tailored to the region. Join Google experts and local customers to learn how organizations are already transforming in the cloud, and connect and collaborate with industry experts to solve your toughest challenges.
Each week Google will be highlighting a different focus:
-
6 Oct: Productivity and collaboration—Discover solutions designed for humans that are changing how teams work.
-
13 Oct: Infrastructure and security—Explore discussions on workload migration, management, and modernisation, and learn how to protect your business from online threats.
-
20 Oct: Data analytics, data management, databases, and Cloud AI—Learn about how to migrate and do more with your data on a serverless, fully-managed platform and with artificial intelligence.
-
27 Oct: Application modernization and business application platform—Explore how to develop and modernise applications with open source and other software, and how APIs give you better visibility and control.
Register today, for free, on the Next OnAir EMEA website. You’ll get full access to all 30+ sessions being presented throughout the five-week event alongside the more than 250 sessions created for the global Google Cloud Next ’20: OnAir program.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/
AWS Events:
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email sales@hava.io to book a callback or demo.