This week's roundup of all the cloud news.
Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 10th September 2021
To stay in the loop, make sure you subscribe on the right - There's a new newsletter series starting later this year that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
With this week's launch, AWS customers can execute custom scripts before, during, and after Amplify CLI commands (“amplify push”, “amplify api gql-compile”, and more). This allows you to extend Amplify’s best-practice defaults to meet your organization’s specific security guidelines and operational requirements. AWS Amplify CLI is a command line toolchain that helps frontend web and mobile developers create cloud backends and connect them to their app for common use cases. To create a command hook, customers place their bash shell scripts into the “amplify/hooks" folder with the associated Amplify CLI command as the script file name, such as "post-push.sh" or "pre-add-function.sh”. Command hooks support bash scripts by-default but customers can extend it with their preferred scripting runtime.
Amazon CloudWatch Application Insights and AWS Systems Manager Application Manager combine to offer an integrated application management experience
Manage and monitor your applications on AWS seamlessly and easily with new service integrations for AWS Systems Manager Application Manager and CloudWatch Application Insights. AWS Systems Manager Application Manager is a service in AWS Systems Manager which brings together operations information from multiple AWS services so customers can investigate and remediate issues. CloudWatch Application Insights is a service that helps customers easily setup monitoring and troubleshoot their enterprise applications running on AWS resources. Together, the two services provide a combined view of your application health and an ability to dive deep into problems to quickly resolve issues
Amazon EC2 now supports Hibernation for On-Demand Nitro-based instances running Red Hat Enterprise Linux (RHEL) version 8, CentOS version 8, and Fedora version 34 onwards. Hibernation allows you to pause your EC2 Instances and resume them at a later time, rather than fully terminating and restarting them. Resuming your instance lets your applications continue from where they left off so that you don’t have to restart your OS and application from scratch. Hibernation is useful for cases where rebuilding application state is time-consuming (e.g., developer desktops) or an application’s start-up steps can be prepared in advance of a scale-out.
AWS Gateway Load Balancer (GWLB) is now a Payment Card Industry Data Security Standard (PCI DSS) compliant service. GWLB helps you deploy, scale, and manage third-party virtual network appliances such as firewalls, intrusion detection and prevention systems, analytics, and traffic visibility systems. As an addition to the Elastic Load Balancer family, GWLB combines a transparent network gateway (that is, a single entry and exit point for all traffic) and a load balancer that distributes traffic and scales your virtual appliances horizontally based on demand.
Amazon EC2 now offers increased instance bandwidth from AWS region to traffic destined towards Internet Gateway, Direct Connect and between regions for the current generation of instances .
Ability to customize reverse DNS for Elastic IP addresses now available in additional regions for Virtual Private Cloud customers
Starting this week, the ability to customize reverse DNS for Elastic IP addresses for Virtual Private Clouds (VPC) is available in 16 additional regions. These AWS Regions are US East (N. Virginia), US West (N. California, Oregon), Asia Pacific (Hong Kong, Osaka, Seoul, Singapore, Sydney, Tokyo), Europe (Frankfurt, Ireland, London, Paris, Stockholm), Middle East (Bahrain), and South America (São Paulo). With today’s launch, this feature is available in all commercial regions.
AWS announces enhancements to the AWS Marketplace Consulting Partner Private Offer self-service experience.
This week, AWS Marketplace announced a new feature the enables Consulting Partners the ability to easily view and create offers from Independent Software Vendors' (ISV) resell authorization opportunities in the AWS Marketplace Management Portal (AMMP). With this launch, Consulting Partners can now review all resell Opportunities ISVs have granted them, and quickly create a Consulting Partner Private Offer (CPPO) from the Opportunity. A CPPO allows customers to purchase software solutions in AWS Marketplace directly from Consulting Partners with custom terms and pricing not publicly available. With the improved transparency of resell opportunities and streamlined private offer creation process, Consulting Partners can reduce operational load while accelerating deal delivery.
AWS Cloud Map is now available in both AWS GovCloud (US) Regions.
Amazon EC2 I3en Instances are Now Available in AWS Regions in the Middle East (Bahrain), South Africa (Cape Town), and Europe (Milan)
Starting this week, Amazon EC2 I3en Instances are Now Available in Amazon Web Services regions in the Middle East (Bahrain), South Africa (Cape Town), and Europe (Milan). I3en instances offer up to 60 TB of low latency NVMe SSD instance storage and up to 50% lower cost per GB over I3 instances.
Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) now supports index transforms that enables customers to extract significant information from large data sets and store summarized views in new indices. Customers can derive new insights, further analyze, and visualize trends from the new summary index.
Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) now supports Data Streams with OpenSearch 1.0 to simplify management of time-series data
Amazon OpenSearch Service now supports data streams to help simplify management of time-series data such as logs, metrics, and traces. Data streams abstract the underlying indexes required for your time-series data, the rollover process, and the optimizations required to efficiently manage and query time-based data, reducing operational overhead. You can move your older rolled-over indexes that are part of a data stream to UltraWarm and beyond that to cold storage, helping you retain data for longer, cost-effectively.
AWS Managed Services (AMS) is excited to announce Operations on Demand, a flexible and scalable option to gain access to additional skilled AMS operations capacity, skills, and experience. Operations on Demand gives customers access to a full range of operational capabilities above and beyond the extensive scope provided by AMS Operations Plans . Customers choose from a curated and continually expanding catalog of operational offerings which are delivered by a combination of automation and highly skilled AMS resources. The catalog includes a mix of short-term and ongoing operational use cases and can be used to supplement your existing operations or fill a knowledge or capacity gap. Examples of catalog offerings include assisting with the maintenance of Amazon Elastic Kubernetes Service (EKS), operations of AWS Control Tower, management of SAP clusters, and performing in-place upgrades of instances running out-of-support operating systems. Customers pay for what they use in blocks of hours, and can unsubscribe from a catalog offering at any time. Please see our public documentation for a listing of current catalog offerings . The Operations on Demand feature is available for both the AMS Advanced and Accelerate Operations Plans in all regions where AMS is available.
AWS CDK releases v1.117.0 - v1.120.0 with improved support for Amazon Kinesis Firehose, Amazon CloudFront, Amazon Cognito, and more
Amazon Elastic Kubernetes Service (Amazon EKS) now allows you to connect any conformant Kubernetes cluster to AWS and visualize it in the Amazon EKS console. You can connect any conformant Kubernetes cluster, including Amazon EKS Anywhere clusters running on-premises, self-managed clusters on Amazon Elastic Compute Cloud (Amazon EC2), and other Kubernetes clusters running outside of AWS. Regardless where your cluster is running, you can use the Amazon EKS console to view all connected clusters and the Kubernetes resources running on them.
This week AWS are announcing the general availability of AWS Local Zones in Chicago, Kansas City, and Minneapolis. Customers can now use these new Local Zones to deliver applications that require single-digit millisecond latency to end-users or for on-premises installations in these three metro areas.
The AWS Firewall Manager Automations for AWS Organizations solution allows you to centrally configure, manage, and audit firewall rules across all your accounts and resources in AWS Organizations. This solution is a reference implementation to automate the process to setup AWS Firewall Manager security policies. This solution supersedes AWS Centralized WAF and VPC Security Group Management solution.
This week, AWS were excited to announce the general availability of Amazon Elastic Kubernetes Service (Amazon EKS) Anywhere, a new deployment option for Amazon EKS that allows customers to create and operate Kubernetes clusters on customer-managed infrastructure, supported by AWS. Customers can now run Amazon EKS Anywhere on their own on-premises infrastructure using VMware vSphere starting today, with support for other deployment targets in the near future, including support for bare metal coming in 2022.
You can now launch RabbitMQ 3.8.22 brokers on Amazon MQ. This release includes a fix for an issue with queues using per-message TTL (time to live) , identified in the previously supported version, RabbitMQ 3.8.17, and we recommend upgrading to RabbitMQ 3.8.22.
This week, AWS announced that customers can use aliases to refer to Amazon Machine Images (AMI) purchased from AWS Marketplace. AMI aliases are unique identifiers that be used instead of an AMI ID in deployment scripts. Starting today, aliases are available for all single AMI products on AWS Marketplace. This simplifies launching new AMIs as customers don’t have to change AMI IDs for each region every time there is a version update. Customers can rather use a single alias that will auto-resolve to current AWS region. Additionally, customers can always refer to the latest version by using the ‘latest’ alias for a given AMI product. This will automate deployment pipelines and reduce the manual steps required to upgrade to a new version of AMI purchased from AWS Marketplace.
OpenSearch Dashboards Notebooks, a new visual reporting feature, now available on Amazon OpenSearch Service (successor to Amazon Elasticsearch Service)
Amazon OpenSearch Service now supports OpenSearch Dashboards Notebooks, a new feature that enables OpenSearch users to interactively and collaboratively develop rich reports backed by live data and queries. A notebook is a document made up of cells or paragraphs that can combine markdown, SQL and Piped Processing Language (PPL) queries, and visualizations with support for multi-timelines so that users can easily tell a story. Notebooks can be developed, shared as an OpenSearch Dashboards link, PDF or PNG, and refreshed directly from OpenSearch Dashboards to foster data driven exploration and collaboration among OpenSearch users and their stakeholders. Common use cases for notebooks includes creating postmortem reports, designing run books, building live infrastructure reports, or even documentation.
Amazon Elasticsearch Service has a new name: Amazon OpenSearch Service. This change, which was previously announced here, coincides with the addition of support for OpenSearch 1.0. You can now run and scale both OpenSearch and Elasticsearch (until version 7.10) clusters on Amazon OpenSearch Service and get all of the same benefits you have enjoyed so far from Amazon Elasticsearch Service.
AWS Systems Manager Change Calendar now supports third-party calendar imports, giving you a more holistic view of events
Change Calendar, a capability of AWS Systems Manager, now supports importing of third-party calendars, such as Microsoft Outlook calendars, thereby enabling you to view all your events centrally and control what changes can be made to your AWS resources during those events.
Amazon Pinpoint now supports encrypted SNS topics as destinations for incoming SMS text messages. This enables you to add another layer of protection when using Amazon Pinpoint for two-way SMS text messaging. When you enable two-way SMS messaging, you can publish inbound messages to encrypted SNS topics for retrieval and processing. Amazon SNS uses an AWS Key Management Service (AWS KMS) key to encrypt the messages that it sends to these topics.
AWS Elemental MediaPackage now supports version 2.0 of the Secure Packager and Encoder Key Exchange (SPEKE) API. SPEKE v2 makes it possible to use native Content Protection Information Exchange Format (CPIX) 2.3 documents which allows for the use of multiple encryption keys for different media tracks. With MediaPackage and SPEKE v2 you can now use two keys, one for audio tracks and one for video tracks with live DASH and CMAF streams, with support for more complex encryption models for content protection requirements to follow.
Starting today, AWS Network Firewall is a HIPAA eligible service. This means you can use AWS Network Firewall to secure and inspect protected health information (PHI) stored in your accounts.
Amazon CodeGuru Reviewer is a developer tool that leverages automated reasoning and machine learning to detect potential code defects that are difficult to find and offers suggestions for improvements. Today, we are announcing the addition of a new set of detectors that can identify inconsistencies within a code repository. These inconsistency detectors are a new type of machine learning based detector that analyzes coding patterns within a developer’s repository and helps detects when there is an anomaly that deviates from their standard pattern.
Amazon Detective, in coordination with the Splunk Trumpet project, has released the ability to pivot from an Amazon GuardDuty finding in Splunk directly to an Amazon Detective entity profile so that customers can quickly identify the root cause of potential security issues or suspicious activities.
AWS Cloud9 is now available in Asia Pacific (Osaka) and Africa (Cape Town). AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser.
Amazon RDS for SQL Server now supports MSDTC JDBC XA transactions. With MSDTC you can either execute the transaction using SQL Server as the Transaction manager using linked servers, or you can promote MSDTC running on the same host as the Client application to the role of Transaction manager.
Google Cloud Releases and Updates
Storage and network egress charges apply to all formats that are in Preview or are generally available.
- You can associate your SQL activities in a session across scripts and multi-statement transactions in BigQuery with a unique session identifier.
- You can use session variables (for example, default timezone or dataset) and temporary tables throughout the life of the session and also across scripts and transactions
- When you enable sessions, all actions performed across multiple sessions can be viewed using the
SESSION_IDcolumn now available in jobs
Cloud Billing Budgets & alerts now support configurable budget time periods, beyond monthly budgets
In the Cloud Billing Console Budgets & alerts settings, you can now specify the time period of your budgets. Using the Time range settings now available to budgets in the Cloud Console, you can configure the budget's time range to a calendar period or a custom date range, allowing you to create budgets to monitor spend for time frames beyond the default calendar month, such as a quarter, a year, or a custom date range that you specify.
For more information on budgets and alerts, see Create, edit, or delete budgets and budget alerts.
Cloud Composer 2 is available in Preview.
Cloud Composer 2 brings environments that scale automatically based on the demands of your workflows. For more information about Cloud Composer 2, see Major versions of Cloud Composer, Environment scaling, and Pricing pages in the documentation.
Cloud Load Balancing
Cloud Load Balancing now supports load-balancing traffic to endpoints that extend beyond Google Cloud, such as on-premises data centers and other public clouds that you can reach using hybrid connectivity.
Hybrid load balancing is supported by the following load balancers:
- External HTTP(S) Load Balancing
- Internal HTTP(S) Load Balancing
- TCP Proxy and SSL Proxy Load Balancing
For details, see Hybrid load balancing overview.
This feature is available in Preview.
Cloud SQL for MySQL
Cloud SQL for MySQL now allows you to specify
mysqldump options during migration from external servers. For more information, see Configuring Cloud SQL to replicate from an external server and Using a managed import to set up replication from external databases.
Preview: You can now review OS vulnerability report data, which is collected by VM Manager, from the Security Command Center. This feature is available for Security Command Center premium tier users. For more information, see View vulnerability report data.
The following previously released sub-minor versions of Dataproc images included a bug where the
dataproc user account was broken. This prevented some Dataproc services from functioning properly, which resulted in features being unavailable. In particular, this prevented Jupyter from running in clusters with Personal Cluster Authentication enabled.
These sub-minor versions have been rolled back, and can only be used when updating existing clusters that already use them:
- 1.4.66-debian10, 1.4.66-ubuntu18
- 1.4.67-debian10, 1.4.67-ubuntu18
- 1.5.41-centos8, 1.5.41-debian10, 1.5.41-ubuntu18
- 1.5.42-centos8, 1.5.42-debian10, 1.5.42-ubuntu18
- 2.0.15-centos8, 2.0.15-debian10, 2.0.15-ubuntu18
- 2.0.16-centos8, 2.0.16-debian10, 2.0.16-ubuntu18
The default Dataproc Metastore service creation version is changed to Hive 3.1.2.
The managed Filestore CSI driver for GKE is now available in GKE versions 1.21 and later to provision and manage Filestore instances for GKE workloads.
GKE cluster versions have been updated.
- Version 1.19.12-gke.2101 is now the default version in the Stable channel.
- The following control plane and node versions are now available in the Stable channel:
Memorystore for Redis
Redis version 6.x is now Generally Available on Memorystore for Redis.
Network Intelligence Centre
Firewall Insights now provides comprehensive analysis of whether your firewall rules are overly permissive. Through overly permissive rule insights, which are now in public preview, Firewall Insights identifies rules and attributes that could be made more strict and secure.
Overly permissive rule insights include the following:
Allowrules with no hits
Allowrules with unused attributes
Allowrules with overly permissive IP address or port ranges
Firewall Insights uses Firewall Rules Logging to identify these rules. It uses machine learning to predict future usage of overly permissive rules.
By default, the product analyzes the past six weeks when it identifies overly permissive rules. However, you can choose a different observation period.
Security Command Center
VM Manager vulnerability reports, which are in preview, are now available in Security Command Center Premium. The reports identify vulnerabilities in operating systems installed on Compute Engine virtual machines, including Common Vulnerabilities and Exposures (CVEs).
For more information on integrating VM Manager with Security Command Center, see VM Manager.
Microsoft Azure Releases And Updates
Now generally available in West Europe, North Europe, West US 2, and France Central, Zone-redundant storage (ZRS) for Azure Disk Storage protects disks from zonal failures which may occur due to natural disasters or hardware issues.
The latest version of the open-source Apache Spark is now available in Azure Synapse Analytics Apache Spark pools.
Participate in the retail evaluation now to ensure full compatibility. The OS evaluation period provides 14 days for backward compatibility testing.
This new Azure Virtual Desktop feature prevents sensitive information from being captured in screen captures and screen shares.
On-demand capacity reservations, now in public preview, enable you to reserve compute capacity for one or more VM size(s) in an Azure region or Availability Zone for any length of time.
This release provides improved quality and simplified Azure customer experience, giving you the opportunity to combine the functionality of Availability Sets and Virtual Machine Scale Sets.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: