Not too much to report from the Hava camp this week. The engineering team have been beavering away on the roadmap and putting the finishing touches to a few major enhancements, nothing we can talk about right now, but watch this space.
Here's all the news from AWS, Azure and GCP for the week ending October 30th 2020.
Application Load Balancer (ALB) now supports gRPC protocol. With this release, you can use ALB to route and load balance your gRPC traffic between microservices or between gRPC enabled clients and services. This will allow customers to seamlessly introduce gRPC traffic management in their architectures without changing any of the underlying infrastructure on their clients or services.
Amazon Kendra, a highly accurate intelligent search service powered by machine learning is now a U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) eligible service. Customers can now use Amazon Kendra to manage healthcare and life science workloads that contain protected health information (PHI).
AWS Server Migration Service (AWS SMS) adds support for application monitoring using Amazon CloudWatch Application Insights. With the integration of AWS SMS with Amazon CloudWatch Application Insights, you can start monitoring applications in Amazon CloudWatch as soon as the application migration is complete in AWS SMS.
AWS have recently introduced notifications regarding Site-to-Site VPN Connections. AWS will now send a notification via the Personal Health Dashboard (PHD) if your VPN is operating without the recommended dual tunnel configuration for redundancy (Single Tunnel Notification), or if your VPN has experienced a momentary loss of redundancy due to a tunnel endpoint replacement (Tunnel Replacement Notification).
Starting today, customers can use Jira Service Desk as a single place to track operational items from AWS Systems Manager OpsCenter. Jira Service Desk users can now view, investigate, and resolve operational items related to their AWS resources, while using their existing workflows in Jira. Additionally, they can use AWS Systems Manager Automation runbooks from Jira Service Desk to remediate known issues. AWS Systems Manager OpsCenter enables operators to track and resolve operational items related to AWS resources in a central place, helping reduce time to issue resolution.
Starting this week, Jira Service Desk users can view EC2 specific parameters from AWS accounts associated with version 1.7 of the AWS Service Management Connector for Jira Service Desk, simplifying the provisioning of compute resources. End users can now view parameters such as Availability Zones, Instance IDs, Key Pairs, and Security Groups directly in Jira Service Desk during provisioning, eliminating the need to find this information in other consoles or have them coded directly into CloudFormation templates.
AWS Service Catalog now provides simplified provisioning of cloud resources with a one-page launch process and a new console experience. With this new feature, end-users can more easily and quickly provision products with fewer errors.
Amazon API Gateway now supports disabling the default, auto-generated REST API endpoint. The default REST API endpoint in API Gateway looks like https://{restapi_id}.execute-api.{region}.amazonaws.com. This feature is intended for customers who use custom domain names for REST APIs and want to ensure that all traffic to their API only goes through the custom domain name and not the default endpoint. This feature was already available for HTTP APIs. Now, it is available for REST APIs too.
Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads. Amazon DocumentDB makes it easy and intuitive to store, query, and index JSON data.
Amazon Neptune now supports Apache TinkerPop 3.4.8 in the latest engine release, 1.0.4.0, improving the development experience for Gremlin users.
AWS Nitro Enclaves is a new EC2 capability that enables customers to create isolated compute environments (enclaves) to further protect and securely process highly sensitive data such as personally identifiable information (PII), healthcare, financial, and intellectual property data within their Amazon EC2 instances. Nitro Enclaves helps customers reduce the attack surface area for their most sensitive data processing applications.
ACM for Nitro Enclaves is an enclave application that allows you to use public and private SSL/TLS certificates with your web applications and servers running on Amazon EC2 instances with AWS Nitro Enclaves. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks. Nitro Enclaves is an EC2 capability that enables creation of isolated compute environments to protect and securely process highly sensitive data, such as SSL/TLS private keys.
Amazon Elasticsearch Service now natively supports using Security Assertion Markup Language (SAML) to offer single sign-on (SSO) for Kibana. SAML authentication for Kibana enables users to integrate directly with third-party identity providers (IDP) such as Okta, Ping Identity, OneLogin, Auth0, Active Directory Federation Services (ADFS) and Azure Active Directory. With this feature, your users can leverage their existing usernames and passwords to log in to Kibana, and roles from your IDP can be used for controlling privileges in Elasticsearch and Kibana, including what operations they can perform and what data they can search and visualize.
AWS Activate provides startups, including both smaller, early stage companies and more advanced digital businesses, with free tools and resources to quickly get started on AWS. Today we are excited to announce the general availability of the new AWS Activate Console. The Activate Console is full of personalized tools and resources designed to support startups through every stage of their journey, from their initial idea, to building a MVP, to securing their first customer, to scaling their business on AWS and beyond.
Amazon Elasticsearch Service now supports open source Elasticsearch 7.8 and its corresponding version of Kibana. This minor release includes bug fixes and enhancements.
Customers can now share AMIs from Image Builder pipelines with AWS accounts in multiple AWS regions, using the AWS Command Line Interface (CLI).
NoSQL Workbench support for Amazon Keyspaces (for Apache Cassandra) is now generally available. You can design and visualize Amazon Keyspaces data models more easily by using NoSQL Workbench, which has a point-and-click interface for creating nonrelational data models.
Amazon Neptune now enforces a minimum version of TLS v1.2 and Secure Sockets Layer (SSL) client connections to Neptune in all AWS Regions where Neptune is available with the latest engine release, 1.0.4.0 .
Amazon ElastiCache for Redis Global Datastore, which provides fully managed, fast, reliable and secure cross-region replication, is now available in an additional 6 regions. With expanded region support, Global Datastore is now available in Asia Pacific (Mumbai), South America (Sao Paulo), Europe (Paris), Canada Central (Montreal), and AWS GovCloud (US) Regions.
AWS Elemental MediaPackage now offers you the ability to publish both live ingress and egress logs as CloudWatch Logs. This feature allows you to easily build custom monitoring dashboards with CloudWatch Logs Insights or third-party data processing and monitoring tools. Analyzing these logs and correlating them with encoders or content distribution network (CDN) logs can help identify problems such as slow ingest uploads on the encoder side or cache hit ratio drops on the CDN side. For instructions on how to configure access logging, please refer to the documentation page and corresponding API documentation .
AWS IoT SiteWise now supports Amazon Virtual Private Cloud (VPC) endpoints via AWS PrivateLink for data plane APIs (PUT and GET APIs). You can securely send and receive data from within your VPC, without crossing the public internet and without using public IPs. You can do so by creating a VPC endpoint for the AWS IoT SiteWise service to establish a private connection between your VPC and AWS IoT SiteWise. For more information, please visit the AWS IoT SiteWise and interface VPC endpoints page in our developer guide.
Amazon Kendra is a highly accurate and easy to use intelligent search service powered by machine learning. Starting today, AWS customers can automatically index and search content that is contained in Confluence repositories using Kendra's new built-in Confluence Server connector.
AWS Systems Manager Patch Manager now includes common vulnerability identifiers (CVE ID) in the description of missing patches identified in your fleet, across multiple Linux platforms. CVE IDs help you identify security notices applicable to vulnerabilities within your fleet and recommended patches. You can use Amazon Inspector to conduct a detailed scan for CVE in your fleet.
Amazon Elastic Container Service (Amazon ECS) on AWS Fargate capacity providers is now supported in AWS CloudFormation, which makes it easier to manage and run Amazon ECS tasks across Fargate and Fargate Spot. You can now use CloudFormation to automate the management of Fargate capacity providers, associate them with ECS clusters, and specify capacity provider strategies at the cluster and service level by using a CloudFormation template.
Amazon AppFlow, a fully managed integration service that enables customers to securely transfer data between AWS services and cloud applications, now allows you to import custom dimensions and metrics from Google Analytics into Amazon S3. You can specify the custom dimensions and metrics that you want to import while mapping source fields to the destination fields during flow set up and AppFlow will transfer records, including these dimensions and metrics, during flow execution.
Amazon Redshift, a fully-managed cloud data warehouse, now supports Lambda user-defined functions (UDFs) enabling you to use an AWS Lambda function as a UDF in Amazon Redshift . This functionality enables you to write custom extensions for your SQL query to achieve tighter integration with other services or third-party products. For example, you can write Lambda UDFs to enable external tokenization of data by integrating with vendors like Protegrity , or access other services such as Amazon DynamoDB or Amazon SageMaker in your Redshift query.
AWS Shield now provides global and per-account event summaries to all AWS customers. These summaries provide you an overview of all events detected by AWS Shield, such as Distributed Denial of Service (DDoS) attacks and other volumetric anomalies, for each of your accounts and for all events detected and mitigated on AWS.
The ALB Ingress Controller is now the AWS Load Balancer Controller , and includes support for both Application Load Balancers and Network Load Balancers. The new controller enables you to simplify operations and save costs by sharing an Application Load Balancer across multiple applications in your Kubernetes cluster, as well as using a Network Load Balancer to target pods running on AWS Fargate.
Today’s announcements include new security features, white papers that explore our encryption capabilities and use-case demos to help deploy products optimally. These updates will help facilitate safer cloud journeys and give admins increased visibility and control for their organizations.
Cloud Shell provides you with command-line access to your cloud resources directly from your browser. And this week Google were excited to introduce a new version of our Cloud Shell Editor, immediately available in preview on ide.cloud.google.com and powered by the Eclipse Theia IDE platform. This new version extends Cloud Shell with an online development environment that includes:
Cloud-native development via Cloud Code plugin support
Rich language support for Go, Java, .Net, Python and NodeJS
Additional features such as integrated source control and support for multiple projects
Managing your cloud storage costs and reducing the risk of overspending is critical in today’s changing business environments. Google announce the immediate availability of two new Object Lifecycle Management (OLM) rules designed to help protect your data and lower the total cost of ownership (TCO) within Google Cloud Storage. You can now transition objects between storage classes or delete them entirely based on when versioned objects became noncurrent (out-of-date), or based on a custom time stamp you set on your objects. The end result: more fine grained controls to reduce TCO and improve storage efficiencies.
UPComing Events:
This new digital course, Advanced Testing Practices using AWS DevOps Tools, teaches you how to improve application reliability and security by integrating and automating testing into your AWS DevOps pipelines. This advanced course is designed for DevOps engineers and developers who have significant experience with DevOps methodology and practices.
Coursera is offering on month of no-cost access to 6 GCP certification courses until November 19th.
These include:
Read more : https://cloud.google.com/blog/topics/training-certifications/google-cloud-certification-training-on-coursera
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/
AWS Events:
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email sales@hava.io to book a callback or demo.