This week's roundup of all the cloud news.
Hi folks, it's been a reasonably busy week in cloud computing , as usual we've read all the cloud computing news from the big three; AWS, Azure and GCP, so you don't have to.
AWS lead the way again this week with lots of new enhancements to existing services, a little from Microsoft and the GCP camp.
It looks like Oracle have won the race for TikTok, so may finally have a cloud customer.....
Here's all the latest.
AWS Cloudwatch Synthetics now supports enhanced monitoring for broken links and GUI workflow blueprints
AWS CloudWatch Synthetics makes it easy to proactively monitor critical graphical user interface (GUI) workflows and broken or ‘dead’ links in your web application. Starting this week, you can individually debug each step of the GUI workflow and hone in on a specific broken or ‘dead’ link when you are alerted that something does not behave as expected. Screenshots and latencies for each step of the workflow helps identify if the failure was because of issues related to the web application or its underlying infrastructure.
Broken password reset links, or misconfigured buttons preventing customers from taking an action often go unnoticed unless reported by end customers. With CloudWatch Synthetics, you can continuously verify your customer experience even when there is no customer traffic on your web applications. This lets you discover issues before your customers do and react quickly to fix them.
New S3 Bucket owner condition enables validation of bucket ownership
Amazon S3 now provides bucket owner condition, allowing you to validate the AWS Account ID of the owner of an S3 bucket. Bucket owner condition helps you to easily verify that the S3 buckets that you interact with are owned by expected AWS Accounts.
S3 Request APIs can now include an optional bucket ownership condition parameter containing an AWS Account ID, that helps AWS customers to verify that a specified AWS Account ID is associated with the bucket they are communicating with. When bucket owner condition is used, S3 API requests will only succeed if the bucket owner matches the account specified. This helps to prevent accidental interaction with buckets owned by unexpected AWS Accounts.
S3 clients will need to be updated to support bucket owner condition. Bucket owner condition is available in the latest AWS Command Line Interface (CLI), Application Programming Interface (API), and the updated AWS Software Development Kit (SDK).
Amazon Pinpoint expands regional coverage
Amazon Pinpoint is now available in the Asia Pacific (Tokyo), Europe (London), and Canada (Central) regions. With Amazon Pinpoint, you can increase customer engagement by sending marketing campaigns and transactional messages across multiple channels: email, SMS, and push notifications.
Amazon Pinpoint helps you monitor and analyze the performance of your engagement efforts and develop a deeper understanding of your users. You can segment your audience, deliver messages at scale to your users, and measure the success of your campaigns.
Data API for Amazon Redshift
Amazon Redshift can now be accessed using the built-in Data API, making it easy to build web-services based applications and integrating with services, including AWS Lambda, AWS AppSync, and AWS Cloud9. Redshift Data API simplifies data access, ingest, and egress from languages supported with AWS SDK such as Python, Go, Java, Node.js, PHP, Ruby, and C++ so you can focus on building applications versus managing infrastructure.
The Data API simplifies access to Amazon Redshift by removing the need to manage database connections and credentials. Instead, you can execute SQL commands to an Amazon Redshift cluster by simply invoking an HTTPS API endpoint provided by the Data API. The Data API takes care of managing database connections and returning data. The Data API stores your query results for 24 hours and is asynchronous so you can retrieve your results later.
Since the Data API leverages IAM user credentials or database credentials stored in AWS Secrets Manager, you don’t need to pass credentials in API calls. For customers using AWS Lambda, the Data API provides a secure way to access your database without the additional overhead for Lambda functions to be launched in an Amazon VPC. Integration with the AWS SDK provides a programmatic interface to execute SQL statements with parameters.
AWS Redshift now supports 100k tables in a single cluster
Amazon Redshift now supports up to 100K tables in a single cluster for clusters with DC2.8XL, DS2.8XL, RA3.4XL, and RA3.16XL node types. This feature is intended for AWS customers with workloads that require a large number of tables to run with Amazon Redshift without having to split the tables across clusters or storing them in Amazon S3.
Until now Amazon Redshift supported 20K tables for above-mentioned node types. Customers with more tables had to split their tables across Redshift clusters or move some tables to Amazon S3. Now customers can migrate their workloads that use up to 100K tables to Amazon Redshift without splitting or moving their tables. This capability is automatically enabled for all supported node types for existing and new clusters. AWS customers don’t need to change their workloads, data ingestion, or their applications to take advantage of this feature. The limit includes user-defined temporary tables and temporary tables created by Amazon Redshift during query processing or system maintenance.
AWS Elastic Beanstalk now supports sharing of ALBs amongst ELB environments
You can now associate an existing Application Load Balancer when you create an AWS Elastic Beanstalk application environment. This capability enables you to share your existing Application Load Balancer and allow it to serve traffic for multiple applications running on Elastic Beanstalk within the same VPC.
With the Elastic Beanstalk support for Application Load Balancer sharing, you can simply choose the existing Application Load Balancer to share and a default Listener for routing the traffic while creating an Elastic Beanstalk web server environment. Elastic Beanstalk automatically applies default rules to route traffic from the Application Load Balancer to your web server environment. You can optionally add additional host-based and path-based rules while creating your web server environment with a shared Application Load Balancer.
To get started, create an Application Load Balancer in Elastic Compute Cloud (EC2), then create your Elastic Beanstalk web server environments with the shared Application Load Balancer using the Elastic Beanstalk console, the EB CLI, or the Elastic Beanstalk APIs.
AWS SSO adds account assignment APIs and Cloudformation support
AWS Single Sign-On (SSO) adds new account assignment APIs and AWS CloudFormation support to automate access across AWS Organizations accounts. You can also use the APIs to retrieve permissions programmatically for audit and governance purposes. The new release enables you to automate control of the AWS SSO central permissions, making it easier to manage access at scale across all your AWS accounts.
AWS SSO account assignment APIs enable you to build automation to create and update permissions that align with your company's common job functions. You can then assign the permissions to users and groups to entitle them for access in their required accounts. For example, you can give your developers broad control over resources in developer accounts, and limit that control to authorized operations personnel in production accounts. The new AWS CloudFormation support enables you to automate account assignments as you build new accounts. You can also use the APIs to decode user and group names from the unique identifiers that appear in AWS CloudTrail logs.
It is easy to get started with AWS SSO. With just a few clicks in the AWS SSO management console, you can choose AWS SSO, Active Directory, or an external identity provider such as Okta Universal Directory, Azure Active Directory, or OneLogin as your identity source. Your users sign in with the convenience of their familiar sign-in experience and get single-click access to all their assigned accounts from the AWS SSO user portal.
Amazon EKS now supports assigning EC2 security groups to Kubernetes pods
Amazon Elastic Kubernetes Service (EKS) customers can now leverage EC2 security groups to secure applications with varying network security requirements on shared cluster compute resources.
Previously, all pods on a node shared the same security groups. While IAM roles for service accounts solves the pod level security challenge at the authentication layer, many organization’s compliance requirements also mandate network segmentation as an additional defense in depth step. Kubernetes network policies provide an option for controlling network traffic within the cluster, but do not support controlling access to AWS resources outside the cluster.
Now, network security rules that span pod to pod and pod to external AWS service traffic can be defined in a single place with EC2 security groups, and applied to individual pods and applications with Kubernetes native APIs. This makes it easy to achieve network security compliance in clusters that are shared across multiple teams and applications.
Support for assigning security groups to pods is available for most AWS Nitro based instances launched with new EKS clusters running Kubernetes version 1.17. Support for existing clusters will be rolled out over the coming weeks.
AWS System manager now supports on demand patching with two clicks
You can now initiate on-demand scanning for patch compliance in accordance with your patch rules, remediate when patches are out of compliance within seconds using AWS Systems Managers Patch Manager, and track the progress in real time. You can patch your instances using pre-defined concurrency and error threshold configurations offered by Patch Manager. This new feature enables you to update your patch compliance on-demand without waiting for the next maintenance window by initiating patching with 2 clicks.
To get started, you can visit Systems Manager Patch Manager and use “Patch Now” to launch on-demand patching. You can scan for non-compliant instances using “Scan” and then remediate them using “Scan and install”. You can track the patching operation's progress in real time.
AWS ALBs now support AWS Outposts
Application Load Balancer (ALB) now support AWS Outposts, a fully managed service that extends AWS infrastructure, services, and tools to virtually any datacenter, co-location space, or on-premises facility for a truly consistent hybrid experience.
ALB on Outposts is a fully managed and secure request level (layer 7) load balancing service that automatically distributes incoming HTTP(S) traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. Within Outposts, ALB will operate in a single subnet and will scale automatically up to the capacity available on the rack to meet varying levels of application load without manual intervention. Similar to ALB in the Region, ALB on Outposts will promote high security posture for your application as it works within your Amazon Virtual Private Cloud (VPC) and provides robust security features like integrated certificate management and TLS offload. With this release, customers also get the benefits of increased availability and low latency load balancing for applications that need to run close to their on-premises facility. To get started, you can use the same AWS Console, APIs, and CLI to provision and manage ALB on Outposts as you do today for ALB running in a traditional AWS Region.
GCP Assured Workloads for Government now supports FedRAMP Moderate
Earlier this year, Google announced Assured Workloads for Government, a first-of-its kind service that allows Google Cloud Platform (GCP) customers to quickly and easily create controlled environments where U.S. data location and personnel access controls are enforced in any of GCP's U.S. cloud regions (private beta). Starting today, GCP customers who require FedRAMP Moderate support will also be able to leverage Assured Workloads, which is now generally available (GA). All new projects that require FedRAMP Moderate controls can be created at no additional charge in Assured Workloads—and if you've already accepted FedRAMP Moderate terms, GCP will automatically transition those projects.
Assured Workloads for Government provides GCP customers with a guided process for building compliance-centric workloads, and in Beta, helps support compliance with Department of Defense (IL4), the FBI’s Criminal Justice Information Services Division (CJIS), and Federal Risk and Authorization Management Program (FedRAMP) High requirements. This GA release now provides improved support routing and enhanced customer controls, including customer-managed encryption keys by default.
GCP VMWare Engine now available in the Americas, Europe and Asia Pacific
Google Cloud VMware Engine became generally available a couple months ago - providing everything an enterprise might need to non-disruptively migrate and run its VMware environment natively in Google Cloud, to benefit from Google Cloud’s high performance and scalable infrastructure, while reducing the operational burden and cost of managing infrastructure.
GCP customers from around the world have reportedly expressed overwhelming interest in the service, spanning use cases and industries including telecommunications, retail, manufacturing, financial services, and healthcare. To ensure GCP can serve those global customers, they have been working to expand the regional footprint. This week they announced that Google Cloud VMware Engine is now available globally in the Americas, Europe, and Asia Pacific, with the expansion into the europe-west3 (Frankfurt), europe-west2 (London), and asia-northeast1 (Tokyo) regions. The service is now live and generally available in five regions, building on existing availability in us-east4 (Ashburn) & us-west2 (Los Angeles).
GCP Cloud API Gateway now in public beta
Google see developers increasingly adopting serverless capabilities that allow them to concentrate on application code and testing, without worrying about infrastructure set up and scaling. By incorporating serverless architectures and best practices, developers are able to deliver world-class applications and services faster to customers as digital becomes the first and most preferred choice of interacting with businesses.
They also see developers increasingly packaging serverless workloads as easy-to-use APIs in order to share them with other teams or publicly over the web. Developers often package serverless functions as APIs for security, analytics and monitoring purposes.
This week, to help developers focus on building code without having to worry about the underlying infrastructure, Google are excited to announce the beta of API Gateway—a fully-managed Google Cloud offering that lets you create, secure, and monitor APIs for your serverless workloads. API Gateway is built on Envoy, giving you high performance and scalability with both consumption-based and tiered pricing options to help you manage cost.
Azure cost allocation now in preview
Managing cloud costs can be challenging; especially if your organization needs to break down costs for internal chargeback. You might have separate business units, or you might need to facilitate external billing for distinct customer solutions. This becomes even more difficult when you employ shared services to reduce costs, since there may not be a clear way to break those shared services down by business unit or customer. This is where Azure Cost Management + Billing’s cost allocation preview for Enterprise Agreement (EA) and Microsoft Customer Agreement (MCA) accounts comes in.
This function allows you to apportion a percentage of a resource cost to new subscription ID or resource group within the same billing account for internal accounting purposes.
View your Azure Cache for Redis data in new Visual Studio Code extension.
Azure Cache for Redis is an in-memory data store that is used to power fast, scalable applications. Now in preview, you can access all the caches under your Azure subscriptions and view their data with the new Azure Cache for Redis Visual Studio Code extension.
With this new integration, you’ll be able to use Visual Studio Code to view, test, and debug your caches—in one streamlined experience. This extension enhances ease of development by eliminating the need to manually track connection and access keys to connect to your caches. Simply authenticate with your Azure account, and you’ll instantly be able to access your Azure Cache for Redis instances.
This extension supports both common configurations—clustered and non-clustered caches, as well as all Redis data types, such as strings, lists, hashes, and sets. With it, you’ll be able to filter Redis keys by match expressions. Ultimately, this extension gives you more time to focus on development, debugging, and testing your application on your terms.
Google Cloud Virtual Events
To support the unique needs of GCP customers in Europe, Middle East, and Africa, on 29 September GCP are kicking off a brand-new Next OnAir event exclusively for EMEA.
Google Cloud Next OnAir EMEA offers a full roster of curated content, including more than 30 new sessions specially tailored to the region. Join Google experts and local customers to learn how organizations are already transforming in the cloud, and connect and collaborate with industry experts to solve your toughest challenges.
Each week Google will be highlighting a different focus:
29 Sept: Industry insights—Hear about how businesses are successfully transforming with Google Cloud across industries and between customers and ecosystem partners.
6 Oct: Productivity and collaboration—Discover solutions designed for humans that are changing how teams work.
13 Oct: Infrastructure and security—Explore discussions on workload migration, management, and modernisation, and learn how to protect your business from online threats.
20 Oct: Data analytics, data management, databases, and Cloud AI—Learn about how to migrate and do more with your data on a serverless, fully-managed platform and with artificial intelligence.
27 Oct: Application modernization and business application platform—Explore how to develop and modernise applications with open source and other software, and how APIs give you better visibility and control.
Register today, for free, on the Next OnAir EMEA website. You’ll get full access to all 30+ sessions being presented throughout the five-week event alongside the more than 250 sessions created for the global Google Cloud Next ’20: OnAir program.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email firstname.lastname@example.org to book a callback or demo.