Hava Blog and Latest News

In Cloud Computing This Week [Oct 7th 2022]

Written by Team Hava | October 7, 2022

This week's roundup of all the cloud news.


Here's a cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday October 7th 2022.

Well the massive news from Hava last week was very well received. You can use Hava for free for a single data source. This new tier is part of an overhaul of our pricing and plans which give much more flexibility. You can now add as many data sources as you want on a low pay per source model and you can extend the data retention of versioning.

You can find out more about the plan details and new flexible pricing here: https://www.hava.io/blog/pricing-and-plan-updates

To stay in the loop, make sure you subscribe using the box on the right of this page.

Of course we'd love to keep in touch at the usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.

AWS Updates and Releases

Source: aws.amazon.com

Amazon Pinpoint is now in the US East (Ohio) Region

In addition to US East (Ohio) Region, Amazon Pinpoint is available in US East (Virginia), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London) Regions. With Amazon Pinpoint, you can engage your customers by segmenting your audience, building personalized content, creating targeted campaigns and journeys, and gathering actionable insights using email, SMS, voice, push notification, in-app messaging, and custom channels.

Incident Manager from AWS Systems Manager now streamlines responses to Jira Service Management (JSM) Incidents

AWS Customers using Atlassian Jira Service Management (JSM), Data Center version can respond, investigate and resolve incidents affecting their AWS-hosted applications via AWS Systems Manager Incident Manager and the AWS Service Management Connector. AWS Systems Manager is the operations hub for AWS applications and resources, that helps to automate reactive processes to quickly diagnose and remediate operational issues. With the Incident Manager integration with JSM, customers can now automate their incident response plans in Incident Manager and automatically synchronize their incidents into JSM. This feature enables faster resolution of critical application availability and performance issues without disrupting existing workflows in JSM.

In addition to the Incident Manager integration, the connector also provides existing integrations with AWS Support, AWS Service Catalog, AWS Config, AWS Systems Manager OpsCenter, AWS Systems Manager Automation and AWS Security Hub which helps simplify cloud provisioning, operations and resource management as well as streamlined Service Management governance and oversight over AWS services.

It’s easy to get started. The AWS Service Management Connector for JSM is available at no charge in the Atlassian Marketplace. These new features are available in all AWS Regions where AWS Support, AWS Service Catalog, AWS Config, AWS Systems Manager and AWS Security Hub services are available.

Amazon Connect reduces telephony pricing across LATAM and Europe

Amazon Connect has reduced prices for Mexico in US East (N. Virginia) and US West (Oregon) regions by 69% for DID Inbound calls from $0.0070 to $0.0022 per minute, 61% for Toll Free Inbound calls from $0.055 to $0.021 per minute and 77% for Outbound calls from $0.033 to $0.0075 per minute.

Additionally, in Argentina Amazon Connect has reduced prices in US East (N. Virginia) and US West (Oregon) regions by 82% for DID Inbound calls from $0.0112 to $0.0020 per minute, 97% for Toll Free Inbound calls from $0.192 to $0.0054 per minute and 83% for Outbound calls from $0.1866 to $0.0320 per minute.

Finally Amazon Connect has reduced prices for Outbound calls in EU Central (Frankfurt) and EU West (London) in Italy by 51% from $0.0405 to $0.020 per minute, in Ireland by 57% from $0.0699 to $0.030 per minute, in Spain by 28% from $0.0250 to $0.0181 per minute and in United Kingdom by 30% reduction from $0.0158 to $0.0110 per minute.

The new Telephony Rates are now available as part of the standard pricing for Amazon Connect service usage for US East (N. Virginia), US West (Oregon), Europe (Frankfurt) and Europe (London). To see all AWS Regions where Amazon Connect is available, see the AWS Region table. Visit the Amazon Connect website for more information.

Amazon DevOps Guru now allows customers control over the notifications they receive

Amazon DevOps Guru now provides you controls over the SNS notifications for issues impacting your applications allowing you to limit the notifications you receive. Along with this, DevOps Guru Console will show only ‘High’ and ‘Medium’ severity issues by default. These changes allow you to focus on higher severity issues.

You can choose to receive notifications for issues of High and Medium severity only OR issues with any severity - High, Medium or Low. By default, customers will receive notifications for High and Medium severity issues only. You can also control the types of updates you receive for these issues. You can receive SNS Notifications for all updates to the issue OR only when the issue is Opened, Closed or has a change in Severity from Low or Medium to High. By default, you will receive notifications for all updates.

If you have setup DevOps Guru SNS notifications, you are currently receiving notifications for all updates for issues for all severities - High, Medium or Low. You will need to adjust your DevOps Guru SNS notification settings by October 14, 2022 to continue to receive all these notifications. If you do not adjust your settings, you will only receive Medium and High Severity notifications going forward.

In addition, DevOps Guru Console will show only ‘High’ and ‘Medium’ severity issues by default. You will be able to adjust the Console filter settings to view issues at all severity levels.

Amazon DevOps Guru is a ML-powered service that gives you a simpler way to measure and improve an application’s operational performance and availability and reduce expensive downtime. By analyzing application metrics, logs, events, and traces, DevOps Guru identifies behaviors that deviate from normal operating patterns and creates an insight that alerts developers with issue details and remedial steps via Amazon Simple Notification Service (SNS), and EventBridge. Amazon DevOps Guru for RDS is designed to empower you to quickly detect, diagnose, and remediate a wide variety of database-related issues in Amazon RDS and Amazon DevOps Guru for Serverless helps you to quickly resolve issues impacting your serverless applications.

AWS Storage Gateway increases cloud upload and download performance by up to 2x for Tape Gateway

AWS Storage Gateway increases Tape Gateway throughput performance by up to 2x for backing up data to and restoring data from the cloud, helping you to meet application backup and recovery times of your business. With this launch, your on-premises Tape Gateway can backup data to the cloud up to 2x faster than before, up to 5.2 Gbps, and read data from the cloud up to 2x faster than before, up to 8 Gbps. This enhancement enables you to upload more data per gateway to the cloud in your backup window, accelerate restore times of your data stored in the cloud, and optimize on-premises storage used by the gateway.

Tape Gateway supports all leading backup applications and enables you to replace physical tapes on premises with virtual tapes in AWS without changing existing workflows. Tape Gateway caches data on premises for low-latency access, compresses and encrypts data in transit to AWS, and transitions virtual tapes from Amazon S3 Standard to Amazon S3 Glacier Flexible Retrieval or Amazon S3 Glacier Deep Archive to help you minimize storage costs. AWS Snowball with Tape Gateway supports offline migration of data stored on physical tapes to AWS.

This performance enhancement is available on new gateways starting today and will be made available on existing gateways through a software update starting October 13, 2022. This new performance enhancement is available at no additional cost. For best practices on achieving higher throughput performance, visit the AWS Storage Gateway User Guide. To get started, visit the AWS Storage Gateway console.

AWS Config now supports 15 new resource types

AWS Config now supports 15 more resource types including AWS DataSync, Amazon GuardDuty, Amazon Simple Email Service (Amazon SES), AWS AppSync, AWS Cloud Map, Amazon EC2, and AWS AppConfig. For the full list of newly supported resource types see below.

With this launch, you can now use AWS Config to monitor configuration data for the newly supported resource types in your AWS account. AWS Config provides a detailed view of the configuration of AWS resources in your AWS account, including how resources were configured and how the configuration changes over time.

Get started by enabling AWS Config in your account using the AWS Config console or the AWS Command Line Interface (AWS CLI). Select the newly supported resource types for which you want to track configuration changes. If you previously configured AWS Config to record all resource types, then the new resources will be automatically recorded in your account. AWS Config support for the new resources is available to AWS Config customers in all regions where the underlying resource type is available. To view a complete list of all supported types, see supported resource types page.

Newly supported resource types:

1. AWS::DataSync::LocationSMB
2. AWS::DataSync::LocationFSxLustre
3. AWS::DataSync::LocationS3
4. AWS::DataSync::LocationEFS
5. AWS::DataSync::Task
6. AWS::DataSync::LocationNFS
7. AWS::GuardDuty::ThreatIntelSet
8. AWS::GuardDuty::IPSet
9. AWS::SageMaker::Workteam
10. AWS::SES::ContactList
11. AWS::AppSync::GraphQLApi
12. AWS::ServiceDiscovery::Service
13. AWS::ServiceDiscovery::PublicDnsNamespace
14. AWS::AppConfig::Application
15. AWS::EC2::NetworkInsightsAccessScopeAnalysis

AWS Lambda Functions powered by AWS Graviton2 now available in 12 additional regions

AWS Lambda functions powered by AWS Graviton2 processors are now available in 12 additional regions - Africa (Cape Town), Asia Pacific (Seoul), Asia Pacific (Jakarta), Asia Pacific (Hong Kong), Asia Pacific (Osaka), Canada (Central), Europe (Paris), Europe (Stockholm), Europe (Milan), Middle East (Bahrain), South America (Sao Paulo) and US West (N. California). With up to 34% better price-performance, functions running on AWS Graviton2 are ideal for powering mission critical Serverless applications.

AWS Lambda functions on AWS Graviton2, using an Arm-based processor architecture, are designed to deliver up to 19% better performance at 20% lower cost for a variety of Serverless workloads, such as web and mobile backends, data, and media processing. Customers can configure existing x86-based functions to target the AWS Graviton2 processor or create new functions powered by AWS Graviton2 using the Console, API, AWS CloudFormation, and AWS CDK.

For more information on getting started with Arm-based AWS Lambda functions, please refer to this blog post. Complete details on pricing and regional availability can be found on the AWS Lambda pricing page.

Amazon GuardDuty is now available in the Middle East (UAE) Region

Amazon GuardDuty is now available in the Middle East (UAE) Region. You can now continuously monitor and detect security threats in this additional region to help protect your AWS accounts, workloads, and data. 

Available globally, Amazon GuardDuty continuously monitors for malicious or unauthorized behavior to help protect your AWS resources, including your AWS accounts, EC2 workloads, access keys, container applications, and data stored in Amazon S3. GuardDuty can identify unusual or unauthorized activity like crypto-currency mining, access to data stores in S3 from unusual locations, infrastructure deployments in a region that has never been used, or unauthorized access to Amazon Elastic Kubernetes Service (EKS) clusters.

GuardDuty Malware Protection adds file scanning for workloads utilizing Amazon Elastic Block Store (EBS) volumes to detect malware that can be used to compromise resources, modify access permissions, and gain unauthorized access to your data. GuardDuty continually evolves its techniques to identify indicators of compromise, such as updating machine learning (ML) models, adding new anomaly detections, and growing integrated threat intelligence to identify and prioritize potential threats.

AWS Storage Gateway now supports 15 TiB tapes

AWS Storage Gateway increases the maximum supported virtual tape size on Tape Gateway from 5 TiB to 15 TiB, enabling you to store more data on a single virtual tape and reducing the number of tapes you need to manage. Additionally, this enhancement makes migrating long-term retention data stored on physical tapes to AWS easier by enabling you to copy data from Linear Tape-Open (LTO) generation 1 to generation 7 tapes to a virtual tape in AWS.

Tape Gateway supports all leading backup applications and enables you to replace physical tapes on premises with virtual tapes in AWS without changing existing workflows. Tape Gateway caches data on premises for low-latency access, compresses and encrypts data in transit to AWS, and moves virtual tapes from Amazon S3 Standard to Amazon S3 Glacier Flexible Retrieval or Amazon S3 Glacier Deep Archive to help you minimize storage costs. AWS Snowball with Tape Gateway supports offline migration of data stored on physical tapes to AWS.

The new capability is available on new gateways starting today, and will be made available on existing gateways through a software update starting October 13, 2022

AWS Storage Gateway simplifies creating new gateways and alarms

AWS Storage Gateway makes it simpler and faster for you to start setting up and managing your hybrid-cloud storage workflows. Now, using the Storage Gateway console, you can easily create an Amazon EC2 instance for your cloud-based gateway in just a few clicks. In the updated Create Gateway wizard, simply enter the VPC network, VPC subnet, and key pair for your EC2 instance and select Launch instance to automatically create and launch an EC2 instance with minimally required settings including instance type, cache storage, upload buffer, and inbound security ports.

In addition, you can now automatically configure recommended Amazon CloudWatch alarms for your gateway, helping you proactively monitor your gateway’s health in one click. In the updated Create Gateway wizard, select Create Storage Gateway’s recommended alarms and Storage Gateway automatically configures a set of best practice alarms for your new gateway. You can also add recommended or custom alarms to your existing gateway by navigating to your gateway’s detail page and selecting this option from the Monitoring tab. Once you have configured your alarms, you can easily monitor the alarm state of your gateways from the Gateway overview page.

AWS Storage Gateway is a hybrid-cloud storage service that provides on-premises applications access to virtually unlimited storage in the cloud. You can use Storage Gateway for backing up and archiving data to AWS, providing on-premises file shares backed by cloud storage, and providing on-premises applications low-latency access to in-cloud data.

Amazon RDS for Oracle now supports July 2022 Patch Set Update (PSU) for 12.1 and Release Updates (RU) for 19c

Amazon Relational Database Service (Amazon RDS) for Oracle now supports the July 2022 Patch Set Update (PSU) for Oracle Database 12.1 and Release Updates (RU) for Oracle Database 19c.

To learn more about the Oracle RUs supported on Amazon RDS for each engine versions, see the Amazon RDS for Oracle Release notes. If the auto minor version upgrade (AmVU) option is enabled, the DB instance is upgraded to the latest quarterly PSU or RU six to eight weeks after it is made available by Amazon RDS for Oracle in your AWS region. These upgrades will happen during the maintenance window. To learn more, see the Amazon RDS maintenance window documentation.

Amazon Redshift Serverless now supports resource tagging

Amazon Redshift Serverless now supports tagging of resources such as namespace and workgroup. Tagging allows you to assign a key-value pair to your resources and organize them by business departments, billing groups, and production environments.

With resource tagging in Amazon Redshift Serverless, you can create simplified views of your data warehouse resources and more easily manage billing across teams and projects. This is imperative as you grow your data warehouse usage across numerous accounts and regions. Tagging for Amazon Redshift Serverless is available in all AWS commercial regions where Amazon Redshift Serverless is generally available.

Amazon WorkMail now supports Impersonation Roles

Amazon WorkMail now offers Impersonation Roles, a secure way to more easily grant programmatic access to mailboxes. Customers can use Impersonation Roles with Exchange Web Services (EWS) to perform impersonated actions in other users’ mailboxes. Administrators have the ability to limit the scope of Impersonation Roles to specific users, including choosing whether actions have full or read-only access.

The Impersonation Roles feature provides administrators an alternative to having to share and securely store user credentials, since authentication is done by using the short lived bearer tokens from each role. In addition, Impersonation Roles help administrators provide an extra layer of security by allowing them to restrict the actions that can be performed by impersonated calls. Administrators can choose to create impersonation roles with type “Read only”, which will only allow read actions in the impersonated user’s mailbox.

The WorkMail administrator can create an impersonation role for the service or programmatic user that will be making impersonated calls. This service will then call AssumeImpersonationRole via the WorkMail API to get a bearer token. This token can then be passed as an Authorization header in subsequent EWS impersonation calls along with the primary email address of the user being impersonated.

IAM Access Analyzer now reviews your AWS CloudTrail history to identify actions used across 140 AWS services and generates fine-grained policies

AWS Identity and Access Management (IAM) Access Analyzer policy generation has expanded support to identify actions used from over 140 services to help developers create fine-grained policies based on their AWS CloudTrail access activity. New additions include actions from services such as AWS CloudFormation, Amazon DynamoDB, and Amazon Simple Queue Service.

When developers request a policy, IAM Access Analyzer gets to work and generates a policy by analyzing their AWS CloudTrail logs to identify actions used. For example, developers using AWS CloudFormation to set up resources need to provide CloudFormation permissions to create resources.

They can use policy generation to create a fine-grained policy and limit CloudFormation role’s permissions to only those necessary to deploy a given template. The generated policy makes it easier for developers to grant only the required permissions to run their workloads.

AWS Budgets now supports filtering by Invoicing Entity and Legal Entity

Starting this week, you can now budget by two new dimensions, invoicing entity and legal entity, in AWS Budgets. This additional granularity allows you to setup specific budget thresholds according to your invoice issuer using invoicing entity or AWS Marketplace seller using legal entity. Once you’ve saved your budget, you can then receive alerts when your actual costs exceed (or are forecasted to exceed) your budget thresholds. AWS Budgets is generally available in all public AWS Regions.

If you are a multinational organization leveraging consolidated billing, you can separately track costs originating from your Sellers of Records (SoRs) around the world, such as Amazon Web Services, Inc., Amazon Web Services EMEA SARL, or Amazon Web Services Korea LLC by filtering by invoicing entity in your budgets. Using legal entity, you can easily track and alert on costs by individual AWS Marketplace sellers which helps you quickly identify and manage costs associated with specific AWS Marketplace seller, because you can now view the seller names in AWS Budgets.

Amazon Translate now adds formality customization support for Dutch, Korean, and Mexican Spanish

Amazon Translate is a neural machine translation service that delivers fast, high-quality, affordable, and customizable language translation. Today, we are adding formality customization support for Dutch, Korean, and Mexican Spanish. We are also adding support for asynchronous batch translation. Now you can customize the formality of your translated output to suit your communication needs.

With Amazon Translate’s formality customization, customers have three options - default, formal and informal - to control the level of formality in the output. The default option does not change the formality of the neural machine translation output. The formal option has a higher level of formality compared to the default option, and can be used by customers in Insurance and Healthcare industry who need highly formal translations. The informal option has a lower level of formality, and can be used by customers in Gaming and Social Media who prefer informal translations

Formality customization is now available in both the real-time and asynchronous batch operations in commercial AWS regions where Amazon Translate is available.

Amazon SageMaker Clarify now can provide near real-time explanations for ML predictions

AWS are excited to announce that Amazon SageMaker Clarify supports online explainability by providing explanations for machine learning (ML) model’s individual predictions in near real-time on live endpoints. SageMaker Clarify gives ML developers greater visibility into their training data and models so they can identify potential bias and explain predictions. ML models may consider some feature inputs more strongly than others when generating predictions.

SageMaker Clarify provides scores detailing which features contributed the most to your model’s individual prediction after the model has been run on new data. These details can help determine if a particular input features has more influence on the model predictions than expected. You can view these details for each prediction in real-time via online explainability or get a report in bulk that utilize batch processing of all the individual predictions.

This new feature reduces latency for explanations from minutes to seconds or less. The possibilities for real-time explanations are broad. For example, customer service representatives can better understand the reasons why a customer may churn when they call for help resolving a problem in real time. As the representative learns more about the nature of the customer’s issue and enters that data, real-time explanations can provide updated reasoning for suggested resolutions.

Announcing the general availability of AWS Local Zones in Delhi and Taipei

AWS Local Zones are now available in Delhi and Taipei. You can now use these AWS Local Zones to deliver applications that require single-digit millisecond latency or local data processing.

AWS Local Zones allow you to run applications that require low latency for use cases such as online gaming, hybrid migrations, media and entertainment content creation, live video streaming, engineering simulations, augmented reality (AR), virtual reality (VR), and machine learning inference at the edge. AWS Local Zones can also help you meet data residency requirements in regulated industries such as healthcare, financial services, and the public sector.

At the beginning of this year, AWS announced plans to launch AWS Local Zones in an additional 33 metro areas across 27 countries. This first international expansion of AWS Local Zones brings AWS infrastructure closer to millions of end users. AWS Local Zones are also generally available in 16 metro areas in the US (Atlanta, Boston, Chicago, Dallas, Denver, Houston, Kansas City, Las Vegas, Los Angeles, Miami, Minneapolis, New York City, Philadelphia, Phoenix, Portland, and Seattle).

Amazon Aurora Serverless v2 now supports AWS CloudFormation

Amazon Aurora Serverless v2, the next version of Aurora Serverless, now supports AWS CloudFormation. You can use AWS CloudFormation templates to deploy and modify Aurora Serverless v2 along with the rest of your AWS infrastructure in a secure, efficient, and repeatable manner. To learn more, read the AWS CloudFormation user guide.

Aurora Serverless is an on-demand, automatic scaling configuration for Amazon Aurora. Aurora Serverless v2 scales instantly to support even the most demanding applications, delivering up to 90% cost savings compared to provisioning for peak capacity. It is available for the MySQL 8.0-, PostgreSQL 13- and PostgreSQL 14-compatible editions of Amazon Aurora. To learn more, read the documentation, and get started by creating an Aurora Serverless v2 database using only a few steps in the AWS Management Console or by using CloudFormation

Amazon Virtual Private Cloud (VPC) now supports two new CloudWatch metrics to measure and track network address usage

Amazon Virtual Private Cloud (VPC) has introduced two new networking metrics; 1) Network Address Usage and 2) Peered Network Address Usage. These new metrics will help network administrators plan for expansion of their VPC architecture while proactively managing service quotas.

As one of AWS's foundational services, Amazon Virtual Private Cloud (VPC) lets you launch AWS resources in a logically isolated virtual network that you define. Each resource in a VPC uses one or more network addresses to communicate with other resources within and across VPCs. With these metrics, you can now monitor the Network Address Usage in your VPCs and set alarms in CloudWatch.

You can also plan for your growth by either requesting more quota in Service Quotas or create a new VPC for additional resources. Each VPC can grow up to 256,000 network addresses in a single VPC and 512,000 network addresses when peered within a region.

Amazon Nimble Studio announces availability of Windows Server 2022 base image

Amazon Nimble Studio now provides a Amazon Machine Image (AMI) running Windows Server 2022 in the AWS Marketplace that contains the same pre-installed software as our existing AMIs. Nimble Studio users can further customize this baseline AMI for studio specific workflows. Microsoft Windows Server 2022 helps studios take advantage of the latest Windows features and support of content creation software, such as Epic’s Unreal Engine and Adobe Creative Cloud.

The complete list of features and improvements are available in the official Microsoft documentation for Windows Server 2022 here. The supported Windows Server 2022 AMI is an addition to our supported Windows Server 2019 AMI and Linux AMI.

AWS Backup Launches New Backup Vault Lock Console Experience

AWS Backup now offers a new Backup Vault Lock console experience that provides you a more intuitive way to configure your vault lock details. AWS Backup Vault Lock allows you to deploy and manage your vault’s immutability policies, protecting your backups from accidental or malicious deletions.

Depending on your data retention needs, with AWS Backup Vault Lock, you can set governance mode or compliance mode to configure your vault’s immutability policies with greater flexibility and multiple levels of security. Under governance mode, users with the appropriate role-based permissions can test and change retention policies or even remove the lock completely.

In compliance mode, the user can specify a lock date after which the vault is locked immutably. Once locked, the acceptable retention periods cannot be changed and the lock cannot be disabled even by the root user. With this feature, the console also provides you with visibility into into your vaults’ lock status and facilitates reporting across all locked vaults. 

To get started with AWS Backup Vault Lock, you can select the backup vault you want to lock. Then, you can select your desired retention period and specify the acceptable retention periods for your vault lock configuration. With AWS Backup, you can set up multiple layers of data protection, including independent copies of backups across multiple AWS Regions and accounts, separate resource access policies, and long-term data retention. 

AWS Backup Vault Lock is available in the US East (Ohio, N. Virginia), US West (N. California, Oregon), Canada (Central), Europe (Frankfurt, Ireland, London, Paris, Stockholm), South America (São Paulo), Asia Pacific (Hong Kong, Mumbai, Seoul, Singapore, Sydney, Tokyo), Middle East (Bahrain), and AWS GovCloud (US) Regions. 

AWS Cloud WAN is now available in AWS Asia Pacific (Seoul) Region

With Cloud WAN, you can use a central dashboard and network policies to create a global network that spans multiple locations and networks, removing the need to configure and manage different networks using different technologies. You can use network policies to specify the Amazon Virtual Private Clouds, AWS Transit Gateways, and on-premises locations you want to connect to using an AWS Site-to-Site VPN, AWS Direct Connect, or third-party software-defined WAN (SD-WAN) products.

The Cloud WAN central dashboard generates a complete view of the network to help you monitor network health, security, and performance. In addition, cloud WAN automatically creates a global network across AWS Regions by using Border Gateway Protocol (BGP) so that you can easily exchange routes worldwide.

IAM Access Analyzer makes it easier to author and validate role trust policies

IAM Access Analyzer policy validation helps you author secure and functional policies. Now, we are extending policy validation to role trust policy to make it easier to author and validate the policy that determines who can assume a role. The new IAM console experience for role trust policy guides you to add each element of the policy, such as the list of available actions for role trust policies, and offers context specific documentation.

As you are authoring your policy, IAM Access Analyzer policy validation evaluates the policy for any issues to make it easier for you to author secure policies. This includes new policy checks specific to role trust policies, such as validating the format of your identity provider. Prior to saving the policy, IAM Access Analyzer generates preview findings for the external access granted by the role trust policy. This helps you review external access, such as access granted to a federated identity provider, and ensure only the intended access is granted when the policy is created.

AWS IoT SiteWise increasing quota limit for Assets and Asset Models

AWS IoT SiteWise has increased quota limits for Assets and Asset Models to support larger and more complex equipment representations, and allow customers to perform bulk operations on resources.

The increase in asset model limits enables customers to create larger and more complex Asset and Asset Model hierarchies without requesting a limit increase.

The following quotas were increased: number of parent asset models per child asset model, number of child assets per parent asset, number of asset models per hierarchy tree, number of asset models, number of asset model hierarchy definitions per asset model and depth of asset model hierarchy tree.

Additionally, we removed the quota limit for number of parent asset models per child asset model. For example, in the past a customer who needed to create more than 200 properties per asset model would have been required to request a quota limit increase. With the new changes customers can create up to 500 properties per asset model without requesting a limit increase.

The AWS IoT SiteWise quota increase on Asset Model APIs also enables developers who require higher rates to perform bulk operations on asset models, assets, and asset hierarchies. For example, previously, an application developer was able to retrieve information from 30 assets in 1 second with the DescribeAsset API. Now, the developer can retrieve information from 100 assets in 1 second.

For more details on the new quota limits for Asset Models refer to AWS IoT SiteWise quotas.

Amazon EC2 High Memory instances with 3, 6, 9, and 12TiB of memory are now available in Asia Pacific (Tokyo) region

Starting this week, Amazon EC2 High Memory instances with 3TiB (u-3tb1.56xlarge), 6TiB (u-6tb1.56xlarge, u-6tb1.112xlarge), 9TiB (u-9tb1.112xlarge), and 12TiB of memory (u-12tb1.112xlarge) are available in Asia Pacific (Tokyo) region. AWS customers can start using these new High Memory instances with On Demand and Savings Plan purchase options.

Amazon EC2 High Memory instances are certified by SAP for running Business Suite on HANA, SAP S/4HANA, Data Mart Solutions on HANA, Business Warehouse on HANA, and SAP BW/4HANA in production environments. For details, see the Certified and Supported SAP HANA Hardware Directory.

With this regional expansion, High Memory instances with 3TiB, 6TiB, 9TiB, and 12TiB of memory are now all available in Europe (Ireland), Europe (Frankfurt), US East (N. Virginia), US West (Oregon), and Asia Pacific (Tokyo). Instances with 3TiB of memory are also available in the South America (Sao Paulo), Asia Pacific (Sydney) and Europe (Milan) regions. Instances with 6TiB of memory are also available in Europe (Stockholm), Asia Pacific (Mumbai), Europe (Paris), US East (Ohio), South America (Sao Paulo), Asia Pacific (Seoul), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Singapore), and Asia Pacific (Sydney) regions. Instances with 9TiB of memory are also available in AWS GovCloud (US-West) and Asia Pacific (Singapore) regions. Instances with 12TiB of memory are also available in US East (Ohio), AWS GovCloud (US-West), and Asia Pacific (Singapore) regions.

Amazon S3 Object Lambda now supports using your own code to modify the results of S3 HEAD and LIST API requests

Amazon S3 Object Lambda now supports adding your own code to S3 HEAD and LIST API requests, in addition to S3 GET requests. With S3 Object Lambda, you can modify the data returned by S3 GET requests to filter rows, dynamically resize images, redact confidential data, and much more.

Now, you can also use S3 Object Lambda to modify the output of S3 LIST requests to create a custom view of all objects in a bucket and S3 HEAD requests to modify object metadata such as object name and size. With this update, S3 Object Lambda now uses AWS Lambda functions to automatically process the output of S3 GET, HEAD, and LIST requests.

Previously, S3 Object Lambda supported processing the output of an S3 GET request, making it ideal for converting data formats (for example, XML to JSON), resizing and watermarking images, and redacting confidential data. Other S3 API calls, such as HEAD and LIST requests, made to S3 Object Lambda would return the standard S3 API response. Now, you can use S3 Object Lambda to enrich your object lists by querying an external index that contains additional object metadata, filter and mask your object lists to only include objects with a specific object tag, or add a file extension to all the object names in your object lists.

For example, if you have an S3 bucket with multiple discrete data sets, you can use S3 Object Lambda to filter an S3 LIST response depending on the requester. With S3 Object Lambda, you can save on storage costs by easily presenting multiple views of your data for different applications, without having to run complex software and infrastructure.

With just a few clicks in the AWS Management Console, you can configure a Lambda function and attach it to a S3 Object Lambda Access Point. From that point forward, S3 will automatically call your Lambda function to process any data retrieved through the S3 Object Lambda Access Point, returning a transformed result back to the application. You can also now author a Lambda function that is specific to each supported S3 API (GET, HEAD, and LIST).

You can get started with S3 Object Lambda through the AWS Management Console, AWS Command Line Interface (CLI), Application Programming Interface (API), or AWS Software Development Kit (SDK) client.

Amazon Connect Cases is now generally available

Amazon Connect Cases provides built-in case management capabilities that make it easy for your contact center agents to create, collaborate on, and quickly resolve customer issues that require multiple customer conversations and follow-up tasks, all without having to build custom applications or integrate with third-party products. Cases provides your agents with a unified timeline view of all activities and customer information associated with a case, including individual tasks that can be assigned and tracked across multiple agents. Additionally, case information can be used to answer customer questions in self-service IVR and chatbot interactions.

With Cases, businesses have the tools and information they need to be more productive, resolve issues faster, and improve customer satisfaction. For example, when a call or chat comes in, the flow can identify the customer, find the relevant case, and provide an update to the customer without agent interaction. Contact center managers can access these capabilities and configure case templates, case fields, and permissions from the Amazon Connect administrator website.

Amazon Machine Images now support Instance Metadata Service Version 2 by default

You can now set an EC2 Amazon Machine Image (AMI) to use Instance Metadata Service Version 2 (IMDSv2) by default. IMDSv2 is an enhancement to instance metadata access that requires session-oriented requests to add defense in depth against unauthorized metadata access. IMDSv2 requires a PUT request to initiate a session to the instance metadata service and retrieve a token. To set your instances as IMDSv2-only, you previously had to configure Instance Metadata Options during instance launch or update your instance after launch using the ModifyInstanceMetadataOptions API.

Now, by using the IMDS AMI property, you can set all new instances launched from the AMI to be IMDSv2-only by default. When you set this property to IMDSv2 supported, any instance launched with the AMI will use IMDSv2-only and your default hop limit will be set to 2 to allow for containerized workload support..

To get started, register your AMI to set this property to IMDSv2. You can still manually override these settings and enable IMDSv1 using Instance Metadata option launch properties. You can also still use IAM controls to enforce different IMDS settings.

AWS Security Hub launches announcements notification topic in AWS GovCloud (US)

AWS Security Hub now publishes announcements through Amazon Simple Notification Service (SNS) in AWS GovCloud (US), helping you stay up to date with the latest feature releases and announcements. To receive announcements about new AWS Security Hub features, subscribe to the AWS Security Hub SNS topic in your preferred Region.

You can also use an AWS Lambda function to trigger events when notifications are received. For more information, see Invoking Lambda functions using Amazon SNS notifications.

Available globally, AWS Security Hub gives you a centralized and comprehensive view of your security posture across all of your AWS accounts and across all Regions. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, and AWS IAM Access Analyzer, as well as from over 65 AWS Partner Network (APN) solutions.

You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. You can also take action on these findings by investigating findings in Amazon Detective and by using Amazon CloudWatch Event rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), and incident management tools or custom remediation playbooks.

Amazon SageMaker Canvas supports quicker set up of time-series forecasting models

Amazon SageMaker Canvas now supports quicker set up of time-series forecasting models with simplified administration of required permissions. SageMaker Canvas is a visual point-and-click service that enables business analysts to generate accurate machine learning (ML) models for insights and predictions on their own — without requiring any machine learning experience or having to write a single line of code.

SageMaker Canvas supports a number of use cases, including time-series forecasting used for inventory management in retail, demand planning in manufacturing, workforce and guest planning in travel and hospitality, revenue prediction in finance, and many other functions where highly-accurate forecasts are important. As an example, time-series forecasting allows retailers to predict future sales demand and plan for inventory levels, logistics, and marketing campaigns. Time-series forecasting models in SageMaker Canvas use advanced technologies such as Amazon Forecast to ensemble model statistical and machine learning algorithms, and deliver highly accurate forecasts.

Previously, setting up time-series forecasting models in Canvas required IT administrators to manually configure Identity and Access Management (IAM) policies in the AWS management console and add explicit permissions for time-series forecasting. Starting today, time-series forecasting permissions are enabled by default making it intuitive for IT administrators while setting up a SageMaker domain. This allows Canvas users to quickly set up time-series forecasting models, train these models, and generate predictions to achieve effective business outcomes.

AWS announces new course for practical decision making using no-code ML with Amazon SageMaker Canvas

AWS is excited to announce the launch of a new hands-on course on Coursera for business analysts - “Practical Decision Making using No-Code ML on AWS," featuring Amazon SageMaker Canvas.

Today, Artificial Intelligence (AI) is experienced everywhere, be it personalized recommendations while shopping online, suggestions to watch your favorite TV show, or predicting future demand for retail sales. To understand AI and related topics such as machine learning (ML) better, we’ve designed a new course on Coursera that will teach you the fundamentals of AI/ML, how to extract value from AI/ML, and make better business decisions. The course uses real-life examples and provides practical hands-on exercises to address business challenges using Amazon SageMaker Canvas, a visual, no-code ML tool.

No-code ML is becoming popular especially with companies looking to democratize machine learning through the enterprise. This 5-hour course is designed to help non-ML experts such as business analysts explore their data better and shape the data into the right format to address business problems, build and evaluate a machine learning model without writing code, generate predictions, and make practical business decisions.

Announcing new development library for building AWS IoT TwinMaker web applications

AWS are pleased to announce that AWS IoT TwinMaker has released a new Application Kit that will help IoT application developers build customized web applications for their digital twins. This Application Kit is a part of the open-source UI components library for IoT application developers - AWS IoT Application Kit.

AWS IoT TwinMaker Application Kit improves the flexibility and options in creating dashboard experiences, in addition to the already supported integration with Grafana. It introduces three components for visualizing and managing digital twins: the Scene Viewer for 3D model visualization and interaction, the Video Player component for displaying video streams, and the Data Source component to retrieve data from various data sources — including Amazon Simple Storage Service(AmazonS3), Amazon Kinesis Video Stream and AWS IoT SiteWise. Using the provided three components, developers can embed AWS IoT TwinMaker experience into their existing web applications or they can create a fully customized experience.

Google Cloud Releases and Updates
Source: cloud.google.com


Anthos Clusters on Bare Metal

Anthos clusters on bare metal 1.12.3 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.3 runs on Kubernetes 1.23.

Anthos Service Mesh

The Istio and Go projects recently disclosed a CVE that can expose Anthos Service Mesh to remotely exploitable vulnerabilities. For more information, see the security bulletin.

1.14.4-asm.2 is now available.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-020. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.13.8-asm.4 is now available.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-020. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.12.9-asm.3 is now available.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2022-020. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

Apigee X

On October 6, 2022, Apigee announced the GA launch of Cloud Monitoring for Apigee gateway node usage for Pay-as-you-go customers.

The availability of Apigee gateway node usage metrics in Cloud Monitoring enables Pay-as-you-go customers to view node usage, create dashboards, and configure alerting policies using Cloud Monitoring interfaces. For more information, see View usage and estimate your bill.

Big Query

You can now explore query results in Colab using Python libraries. This feature is now in preview.

Concurrent connections quotas are now based on the project that initiates the Storage Write API request, not the project containing the BigQuery dataset resource.


Chronicle Feed Management for the Rapid7 Insight log type now enables you to configure the Rapid7 API endpoint.

A new field, called hostname, was added to the Rapid7 Insight configuration workflow. Use this field to change the API endpoint to any one of the supported Rapid7 regions, by specifying value using the following pattern {region_id}.api.insight.rapid7.com. If you do not specify an endpoint, the default is us.api.insight.rapid7.com. The Chronicle Feed Management API was also updated to support a configurable value for the hostname field.

Chronicle Curated Detections has been enhanced with the following additional detection content:

  • Windows-based threats:
    • Living off the land (LotL): identifies tools native to Microsoft Windows operating systems that can be abused by threat actors for malicious purposes.
  • Cloud attacks and cloud misconfigurations:
    • Cloud Hacktool: detects activity from known offensive security platforms or tools used by threat actors that target resources on Google Cloud.
    • IAM Abuse: detects activity associated with abusing IAM roles and permissions to potentially escalate privilege or move laterally within a given Google Cloud project or across a Google Cloud organization.

Cloud Composer

Starting from January 2023, the default version for new Cloud Composer environments changes from Cloud Composer 1 to Cloud Composer 2. New environments will use the latest Cloud Composer 2 version with the default Airflow 2 version (composer-2-airflow-2). Currently, the default version is composer-1-airflow-1.10.15.

Cloud Interconnect

Dedicated Interconnect support is available in the following colocation facilities:

  • Equinix SO2, Sofia

For more information, see the Locations table.

Cloud Logging

You can now collect Oracle Database logs and metrics from the Ops Agent, starting with version 2.22.0. For more information, see Monitoring third-party applications: Oracle Database.

Cloud Run

New security recommendations are created for Cloud Run services, which recommends securing environment variables that might contain passwords, API keys and Google application credentials.

Cloud SQL for MySQL

Terraform is supported when you use self-service maintenance.

Cloud SQL for PostgreSQL

Cloud SQL for PostgreSQL now supports the log_timezone and TimeZone flags. For more information, see the Configure database flags page.

Terraform is supported when you use self-service maintenance.

Cloud VPN

Cloud VPN is now available in region me-west1 (Tel Aviv, Israel).

Pricing is available on the Cloud VPN pricing page.

Compute Engine

Generally available: Tau T2A, Google Cloud's first general purpose VM family to run on Arm architecture, is now generally available in these three regions.

For more information, including how to try T2A for free for a limited time, see Creating an Arm VM instance.


Dataflow is now available in Tel Aviv (me-west1).

The Dataflow VM image has been updated to include several mitigations for a recently disclosed hardware speculative execution vulnerability named Retbleed. Dataflow jobs started on or after September 21, 2022 will run VM instances that use this image.


Dataproc is now available in the me-west1 region (Tel Aviv, Israel).

Preemptible SPOT VMs can be used as secondary workers in a Dataproc cluster. Unlike legacy preemptible VMs with a 24-hour maximum lifetime, Spot VMs have no maximum lifetime.

Dataproc Serverless for Spark now supports Artifact Registry with image streaming.


Dialogflow CX now provides a conversation history tool, which can be used to browse, filter, and analyze production conversations.


GKE cluster versions have been updated.

New versions available for upgrades and new clusters

Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Google Cloud VMware Engine

VMware Engine adds five service subnets for newly created private clouds. Service subnets are used for appliance or service deployment scenarios, such as storage, backup, Site Recovery Manager (SRM), disaster recovery (DR), media streaming, and providing high scale linear throughput and packet processing for private clouds at any scale.

See Subnets for more information on service subnets.

Media CDN

Media CDN now supports origin redirect following and origin header overrides in Preview.

You can improve performance and caching for frequent redirection by configuring origin redirect following in Media CDN. When configured, Media CDN follows origin redirect responses and caches the final retrieved object. For more information, see Configure following origin redirects.

You can also configure Media CDN to manipulate headers on a per-origin basis, which supports distinct host rewrites and static authorization headers for failover origins. For more information, see Failover and timeouts and Example: Failover with redirect following.

Memorystore for Memcached

Added new Memorystore for Memcached region: Tel Aviv (me-west1).

Memorystore for Redis

Added new Memorystore for Redis region: Tel Aviv (me-west1).

Security Command Center

Error notifications in Security Command Center console

When Security Command Center detects configuration errors that prevent services from detecting threats or vulnerabilities, a pop-up notification appears in the Security Command Center console. The notification includes the number of configuration errors currently detected.

After you fix an error, the error notification is cleared after the next scan for that error type. For information about the scan interval for each error type, see Error detectors.


Speaker Diarization is now available for "Latest" models in en-US. This feature recognizes multiple speakers in the same audio clip. Latest models use a new model for diarization from previous models. For more information see Speaker Diarization.

Storage Transfer Service

The Storage Transfer Service REST API now provides a transferJobs.delete method. Deleting a transfer job stops all current and future operations associated with the job, and removes the job from all transfer job listings. Learn more on the Manage transfers page.

Support for exporting data from Cloud Storage to a file system is now generally available (GA).

You can use this bidirectional data movement capability to move data in and out of Cloud Storage, on-premises clusters, and edge locations including Google Distributed Cloud. To get started, see Requirements for file system transfers.

Vertex AI

You can now incrementally train an AutoML image classification or object detection model by selecting a previously trained model. This feature is in Preview. For more information, see Train an AutoML image classification model.

Vertex AI Feature Store

The ability to delete feature values from an entity type is now available in Preview. The following features are available:

Links to additional resources:

Vertex AI model evaluation is now available in Preview. Model evaluation provides model evaluation metrics, such as precision and recall, to help you determine the performance of your models.


For auto mode VPC networks, added a new subnet for the Tel Aviv me-west1 region. For more information, see Auto mode IP ranges.

Accessing managed services using Private Service Connect with consumer HTTP(S) controls is available in General Availability for the global external HTTP(S) load balancer.

Microsoft Azure Releases And Updates
Source: azure.microsoft.com

Public preview: Azure Firewall Basic

Azure Firewall Basic provides cost-effective, enterprise-grade network security for small and medium businesses (SMBs).

Generally available: Query Store hints Azure SQL Database, Azure SQL Managed Instance

Shape your query plans without changing the code.

Generally available: Azure Ultra Disk Storage in China North 3

Azure Ultra Disk Storage provides high-performance along with sub-millisecond latency for your most-demanding workloads, now available in China North 3.

Azure Machine Learning—General availability updates for September 2022

New features include the ability to establish event-driven notifications and the capability to label data in text documents using text named-identity recognition.


Azure Machine Learning—Public preview updates for September 2022

Includes the ability to control access to sensitive data, the capability to contrast differences to assess their performance, and the functionality to stop idle compute instances automatically.


General availability: Smart tiering to vault-archive tier for Azure Backup

You can now configure your backup policy to move all your eligible and recommended recovery points to vault-archive tier for Azure Virtual Machines, SQL Server/SAP HANA in Azure Virtual Machines.


Have you tried Hava automated diagrams for AWS, Azure, GCP and Kubernetes.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure, GCP accounts or stand alone K8s clusters. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here (includes forever free tier):