16 min read

In Cloud Computing This Week [Oct 30th 2020]

October 30, 2020

This week's roundup of all the cloud news.

 

Cloud_Visualization

Not too much to report from the Hava camp this week. The engineering team have been beavering away on the roadmap and putting the finishing touches to a few major enhancements, nothing we can talk about right now, but watch this space.

Here's all the news from AWS, Azure and GCP for the week ending October 30th 2020.

 

Application Load Balancers enables gRPC workloads with end to end HTTP/2 support

Application Load Balancer (ALB) now supports gRPC protocol. With this release, you can use ALB to route and load balance your gRPC traffic between microservices or between gRPC enabled clients and services. This will allow customers to seamlessly introduce gRPC traffic management in their architectures without changing any of the underlying infrastructure on their clients or services.


Amazon Kendra achieves HIPAA eligibility

Amazon Kendra, a highly accurate intelligent search service powered by machine learning is now a U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) eligible service. Customers can now use Amazon Kendra to manage healthcare and life science workloads that contain protected health information (PHI).


AWS Server Migration Service now adds support for application monitoring using Amazon CloudWatch Application Insights

AWS Server Migration Service (AWS SMS) adds support for application monitoring using Amazon CloudWatch Application Insights. With the integration of AWS SMS with Amazon CloudWatch Application Insights, you can start monitoring applications in Amazon CloudWatch as soon as the application migration is complete in AWS SMS.  

 

AWS Site-to-Site VPN now supports health notifications

AWS have recently introduced notifications regarding Site-to-Site VPN Connections. AWS will now send a notification via the Personal Health Dashboard (PHD) if your VPN is operating without the recommended dual tunnel configuration for redundancy (Single Tunnel Notification), or if your VPN has experienced a momentary loss of redundancy due to a tunnel endpoint replacement (Tunnel Replacement Notification).  


Customers can now use Jira Service Desk to track operational items related to AWS resources

Starting today, customers can use Jira Service Desk as a single place to track operational items from AWS Systems Manager OpsCenter. Jira Service Desk users can now view, investigate, and resolve operational items related to their AWS resources, while using their existing workflows in Jira. Additionally, they can use AWS Systems Manager Automation runbooks from Jira Service Desk to remediate known issues. AWS Systems Manager OpsCenter enables operators to track and resolve operational items related to AWS resources in a central place, helping reduce time to issue resolution. 


Simplify provisioning of compute resources with version 1.7 of the AWS Service Management Connector for Jira Service Desk

Starting this week, Jira Service Desk users can view EC2 specific parameters from AWS accounts associated with version 1.7 of the AWS Service Management Connector for Jira Service Desk, simplifying the provisioning of compute resources. End users can now view parameters such as Availability Zones, Instance IDs, Key Pairs, and Security Groups directly in Jira Service Desk during provisioning, eliminating the need to find this information in other consoles or have them coded directly into CloudFormation templates.  


AWS Service Catalog now provides One-Page Provisioning with a new console experience

AWS Service Catalog now provides simplified provisioning of cloud resources with a one-page launch process and a new console experience. With this new feature, end-users can more easily and quickly provision products with fewer errors.


Amazon API Gateway now supports disabling the default REST API endpoint

Amazon API Gateway now supports disabling the default, auto-generated REST API endpoint. The default REST API endpoint in API Gateway looks like https://{restapi_id}.execute-api.{region}.amazonaws.com. This feature is intended for customers who use custom domain names for REST APIs and want to ensure that all traffic to their API only goes through the custom domain name and not the default endpoint. This feature was already available for HTTP APIs. Now, it is available for REST APIs too. 


Amazon DocumentDB (with MongoDB compatibility) adds support for increased change stream retention and ability to watch change stream events on a database or the entire cluster

 

Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads. Amazon DocumentDB makes it easy and intuitive to store, query, and index JSON data.  


Amazon Neptune now supports Apache TinkerPop 3.4.8 in the latest engine release

Amazon Neptune now supports Apache TinkerPop 3.4.8 in the latest engine release, 1.0.4.0,  improving the development experience for Gremlin users.


Announcing General Availability of AWS Nitro Enclaves

AWS Nitro Enclaves is a new EC2 capability that enables customers to create isolated compute environments (enclaves) to further protect and securely process highly sensitive data such as personally identifiable information (PII), healthcare, financial, and intellectual property data within their Amazon EC2 instances. Nitro Enclaves helps customers reduce the attack surface area for their most sensitive data processing applications.


Announcing SSL/TLS certificates for Amazon EC2 instances with AWS Certificate Manager (ACM) for Nitro Enclaves

ACM for Nitro Enclaves is an enclave application  that allows you to use public and private SSL/TLS certificates with your web applications and servers running on Amazon EC2 instances with AWS Nitro Enclaves. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks. Nitro Enclaves is an EC2 capability that enables creation of isolated compute environments to protect and securely process highly sensitive data, such as SSL/TLS private keys.


Amazon Elasticsearch Service adds native SAML Authentication for Kibana

Amazon Elasticsearch Service now natively supports using Security Assertion Markup Language (SAML) to offer single sign-on (SSO) for Kibana. SAML authentication for Kibana enables users to integrate directly with third-party identity providers (IDP) such as Okta, Ping Identity, OneLogin, Auth0, Active Directory Federation Services (ADFS) and Azure Active Directory. With this feature, your users can leverage their existing usernames and passwords to log in to Kibana, and roles from your IDP can be used for controlling privileges in Elasticsearch and Kibana, including what operations they can perform and what data they can search and visualize.  


Introducing the AWS Activate Console - helping startups accelerate their growth and development

AWS Activate provides startups, including both smaller, early stage companies and more advanced digital businesses, with free tools and resources to quickly get started on AWS. Today we are excited to announce the general availability of the new AWS Activate Console. The Activate Console is full of personalized tools and resources designed to support startups through every stage of their journey, from their initial idea, to building a MVP, to securing their first customer, to scaling their business on AWS and beyond.


Amazon Elasticsearch Service announces support for Elasticsearch version 7.8

Amazon Elasticsearch Service now supports open source Elasticsearch 7.8 and its corresponding version of Kibana. This minor release includes bug fixes and enhancements. 


EC2 Image Builder now supports AMI distribution across AWS accounts

Customers can now share AMIs from Image Builder pipelines with AWS accounts in multiple AWS regions, using the AWS Command Line Interface (CLI).


Now generally available – design and visualize Amazon Keyspaces data models more easily by using NoSQL Workbench

NoSQL Workbench  support for Amazon Keyspaces (for Apache Cassandra) is now generally available. You can design and visualize Amazon Keyspaces data models more easily by using NoSQL Workbench, which has a point-and-click interface for creating nonrelational data models. 


New Amazon Neptune engine release now enforces a minimum version of TLS 1.2 and SSL client connections

Amazon Neptune now enforces a minimum version of TLS v1.2 and Secure Sockets Layer (SSL) client connections to Neptune in all AWS Regions where Neptune is available with the latest engine release, 1.0.4.0 .

 

Amazon ElastiCache for Redis Global Datastore now available in 6 additional regions

Amazon ElastiCache for Redis Global Datastore, which provides fully managed, fast, reliable and secure cross-region replication, is now available in an additional 6 regions. With expanded region support, Global Datastore is now available in Asia Pacific (Mumbai), South America (Sao Paulo), Europe (Paris), Canada Central (Montreal), and AWS GovCloud (US) Regions.  


AWS Elemental MediaPackage expands Monitoring and Deployment Automation capabilities

AWS Elemental MediaPackage now offers you the ability to publish both live ingress and egress logs as CloudWatch Logs. This feature allows you to easily build custom monitoring dashboards with CloudWatch Logs Insights  or third-party data processing and monitoring tools. Analyzing these logs and correlating them with encoders or content distribution network (CDN) logs can help identify problems such as slow ingest uploads on the encoder side or cache hit ratio drops on the CDN side. For instructions on how to configure access logging, please refer to the documentation page  and corresponding API documentation .


AWS IoT SiteWise launches support for VPC private links

AWS IoT SiteWise now supports Amazon Virtual Private Cloud (VPC) endpoints via AWS PrivateLink for data plane APIs (PUT and GET APIs). You can securely send and receive data from within your VPC, without crossing the public internet and without using public IPs. You can do so by creating a VPC endpoint for the AWS IoT SiteWise service to establish a private connection between your VPC and AWS IoT SiteWise. For more information, please visit the AWS IoT SiteWise and interface VPC endpoints  page in our developer guide.


Amazon Kendra adds Confluence Server connector

Amazon Kendra is a highly accurate and easy to use intelligent search service powered by machine learning. Starting today, AWS customers can automatically index and search content that is contained in Confluence repositories using Kendra's new built-in Confluence Server connector.

 

Now use AWS Systems Manager to view vulnerability identifiers for missing patches on your Linux instances

AWS Systems Manager Patch Manager now includes common vulnerability identifiers (CVE ID) in the description of missing patches identified in your fleet, across multiple Linux platforms. CVE IDs help you identify security notices applicable to vulnerabilities within your fleet and recommended patches. You can use Amazon Inspector to conduct a detailed scan for CVE in your fleet.


AWS Fargate Spot for Amazon ECS is now supported in AWS CloudFormation

Amazon Elastic Container Service (Amazon ECS) on AWS Fargate capacity providers  is now supported in AWS CloudFormation, which makes it easier to manage and run Amazon ECS tasks across Fargate and Fargate Spot. You can now use CloudFormation to automate the management of Fargate capacity providers, associate them with ECS clusters, and specify capacity provider strategies at the cluster and service level by using a CloudFormation template. 


Amazon AppFlow supports importing custom dimensions and metrics from Google Analytics to Amazon S3

Amazon AppFlow, a fully managed integration service that enables customers to securely transfer data between AWS services and cloud applications, now allows you to import custom dimensions and metrics from Google Analytics into Amazon S3. You can specify the custom dimensions and metrics that you want to import while mapping source fields to the destination fields during flow set up and AppFlow will transfer records, including these dimensions and metrics, during flow execution.


Amazon Redshift announces support for Lambda UDFs and enables tokenization

Amazon Redshift, a fully-managed cloud data warehouse, now supports Lambda user-defined functions (UDFs) enabling you to use an AWS Lambda function as a UDF in Amazon Redshift . This functionality enables you to write custom extensions for your SQL query to achieve tighter integration with other services or third-party products. For example, you can write Lambda UDFs to enable external tokenization of data by integrating with vendors like Protegrity , or access other services such as Amazon DynamoDB or Amazon SageMaker in your Redshift query.


AWS Shield now provides global and per-account event summaries to all AWS customers

AWS Shield now provides global and per-account event summaries to all AWS customers. These summaries provide you an overview of all events detected by AWS Shield, such as Distributed Denial of Service (DDoS) attacks and other volumetric anomalies, for each of your accounts and for all events detected and mitigated on AWS. 

 

Introducing the AWS Load Balancer Controller

The ALB Ingress Controller is now the AWS Load Balancer Controller , and includes support for both Application Load Balancers and Network Load Balancers. The new controller enables you to simplify operations and save costs by sharing an Application Load Balancer across multiple applications in your Kubernetes cluster, as well as using a Network Load Balancer to target pods running on AWS Fargate.

 

New Google Cloud security announcements

Today’s announcements include new security features, white papers that explore our encryption capabilities and use-case demos to help deploy products optimally. These updates will help facilitate safer cloud journeys and give admins increased visibility and control for their organizations.

 

New Google Cloud shell editor

Cloud Shell provides you with command-line access to your cloud resources directly from your browser. And this week Google were excited to introduce a new version of our Cloud Shell Editor, immediately available in preview on ide.cloud.google.com and powered by the Eclipse Theia IDE platform. This new version extends Cloud Shell with an online development environment that includes:

  • Cloud-native development via Cloud Code plugin support

  • Rich language support for Go, Java, .Net, Python and NodeJS 

  • Additional features such as integrated source control and support for multiple projects

 

New Google Cloud storage gets new OLM controls

Managing your cloud storage costs and reducing the risk of overspending is critical in today’s changing business environments. Google announce the immediate availability of two new Object Lifecycle Management (OLM) rules designed to help protect your data and lower the total cost of ownership (TCO) within Google Cloud Storage. You can now transition objects between storage classes or delete them entirely based on when versioned objects became noncurrent (out-of-date), or based on a custom time stamp you set on your objects. The end result: more fine grained controls to reduce TCO and improve storage efficiencies. 

 
 

UPComing Events:  Getting_Started_aws_logo Getting_Started_Azure_LogoGetting_Started_gcp_logo

 

New digital course: Advanced Testing Practices using AWS DevOps Tools

This new digital course, Advanced Testing Practices using AWS DevOps Tools, teaches you how to improve application reliability and security by integrating and automating testing into your AWS DevOps pipelines. This advanced course is designed for DevOps engineers and developers who have significant experience with DevOps methodology and practices.

 

Coursera is offering on month of no-cost access to 6 GCP certification courses until November 19th.

These include:

  • Google Cloud Networking Professional Certificate
  • Google Cloud Security Professional Certificate
  • Google Cloud SRE and DevOps Engineer
  • GCP Associate Cloud Engineer
  • GCP Cloud Architect
  • GCP Professional Data Engineer

Read more : https://cloud.google.com/blog/topics/training-certifications/google-cloud-certification-training-on-coursera

Azure Virtual Events

Microsoft have a full schedule of Virtual Events

A  full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/

AWS Events:

AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/


Thanks for reading again this week, we hope you found something useful. 

hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.

If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs - please get in touch. 

You can reach us on chat, email sales@hava.io to book a callback or demo.

 

Try Hava For Free Today!

 

 

Topics: aws azure gcp news
Team Hava

Written by Team Hava

Featured