This week's roundup of all the cloud news.
Here's a cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday September 16th 2022.
To stay in the loop, make sure you subscribe using the box on the right of this page.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
Source: aws.amazon.com
Local gateway ingress routing for AWS Outposts rack is now available
You can now create Outposts rack local gateway (LGW) inbound routes to redirect incoming traffic to an elastic network interface (ENI) attached to an Amazon EC2 instance before the traffic reaches your enterprise workloads running on your Outpost. The EC2 instance may run virtual network appliance software to inspect, modify, or filter network traffic before relaying the traffic to other EC2 instances.
AWS Outposts rack installed at customer locations uses LGW for communication between your Outpost and on-premises traffic. With AWS Outposts rack LGW ingress routing, you can now create an ENI for your virtual network appliance to receive traffic from the local network destined for any IP address range that do not belong to VPCs on Outposts rack. This enables you to use LGW ingress routing to steer traffic to an EC2 instance on the Outposts rack functioning as a virtual network appliance, thereby creating the fine-grained network and security policies for your workload.
AppFlow now supports deleting records in Salesforce
Amazon AppFlow, a fully managed integration service that helps AWS customers to securely transfer data between AWS services and software-as-a-service (SaaS) applications in just a few clicks, now supports deleting records in Salesforce. Customers of Amazon AppFlow may now execute Amazon Appflow flows which delete targeted records in a destination Salesforce instance. This new capability enhances Amazon AppFlow’s connector for Salesforce which already supports write methods such as Insert, Update, and Upsert.
Customers can now use this capability to maintain sync between Salesforce and a data source within AWS or one of Amazon AppFlow’s many other flow sources. Additionally, customers can use this Delete functionality to perform data lifecycle tasks such as deleting records as they exit a retention period.
Amazon AppFlow makes it easy for customers to configure data transfers with Salesforce in just a few clicks.
Patch Manager, a capability of AWS Systems Manager, now helps you automate patch deployments for instances running SUSE Linux Enterprise Server (SLES) versions 15.2, 15.3, and 15.4, Oracle Linux versions 8.4 and 8.5, and Red Hat Enterprise Linux (RHEL) version 8.6.
Patch Manager helps you automate the process of patching nodes with both security related and other types of updates. Patch Manager also helps you automate patch deployments for instances running Windows Server, RHEL, Ubuntu Server, Amazon Linux, Amazon Linux 2, CentOS, and SUSE Linux Enterprise Server (SLES).
FreeRTOS Extended Maintenance Plan registration now open
AWS are excited to announce that registration for the FreeRTOS Extended Maintenance Plan (EMP) is now open. FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS EMP subscriptions allow embedded developers to receive critical bug fixes and security patches on their chosen FreeRTOS Long Term Support (LTS) version for up to 10 years beyond the end of its initial support period.
During the subscription period, developers will receive notifications for upcoming patches on FreeRTOS libraries, allowing them to systematically plan their product maintenance activities. This helps developers to secure their microcontroller-based devices for years, save operating system upgrade costs, and reduce the risk associated with patching their devices.
AWS PrivateLink announces enhanced tagging capability for service owners
You can now use tags to better track and manage your AWS PrivateLink-powered VPC Endpoint Services. AWS PrivateLink is a fully-managed private connectivity solution that enables customers to connect to other services hosted on AWS using a secure and scalable method while keeping network traffic private.
Until now, service owners were able to tag their PrivateLink-based services and consumers could tag their PrivateLink endpoints. With today’s launch, you can now tag the customer principals (accounts/users/roles) that use your service. Similarly, you can also tag the endpoint-connections created by your customers. The tags are visible only to the account hosting the service and not to other accounts that may use the service. You can use tags to store customer metadata to inform business logic, and to tie-back accounts and endpoint-connections to customers during troubleshooting.
AWS Enterprise Support launches AWS Incident Detection and Response
This week, AWS announced the general availability of AWS Incident Detection and Response, that offers AWS Enterprise Support customers proactive monitoring and incident management for their selected workloads.
AWS Incident Detection and Response is designed to help you improve your operations, increase workload resiliency, and accelerate your recovery from critical incidents. AWS Incident Detection and Response leverages the proven operational, enhanced monitoring, and incident management capabilities used internally by AWS teams and externally by AWS Managed Services (AMS).
To establish a strong foundation to securely operate your workloads in the cloud, it is critical to have an observable environment that tracks the right workload metrics. AWS Incident Detection and Response begins with a review of your workloads for reliability and operational excellence.
AWS experts work with you to define critical metrics and alarms that provide improved visibility into the application and infrastructure layers of your workloads, making it easy to find and prioritize issues during an incident. AWS Incident Management Engineers continuously monitor your workloads, detect critical incidents, and engage you on a call bridge with the right AWS experts to accelerate the recovery of your workloads.
All incidents are managed with the highest level of severity and escalation, and AWS remains engaged until the incidents are resolved. Lessons learned from previous incidents inform improvements to response plans and workload architecture, driving a continuous improvement cycle to improve the resiliency of your workloads.
AWS Cloud Development Kit (CDK) announces CDK Construct tree view in the AWS CloudFormation console
Customers using CDK want a simple way to map the resources synthesized in a CloudFormation template back to the source CDK Construct. In an effort to display all resources in a CloudFormation template the Management Console loses the hierarchical nature of CDK Constructs, which customers are used to today.
CDK Construct tree view in the CloudFormation console is intended for the customers who want to observe the context from which the resources were created to the CloudFormation console, in order to provide a better, focused experience.
Tree view capability will automatically organize the resources that were synthesized by AWS CDK Constructs: the top level will be the AWS CDK Construct (by name) and all resources will be placed as a second level under the Construct that generated them.
As a user, the Constructs tree view will allow you to easily identify the hierarchy of the resources and their logical location in the application: each resource is placed in an app-logical context, which is presented as a tree view in CloudFormation Console.
CDK Construct tree view in the CloudFormation console is generally available in all public AWS Regions where CloudFormation is available.
Direct VPC routing for AWS Outposts rack is now available
With direct VPC routing for AWS Outposts rack, you can now directly use the VPC private IP address of an Amazon EC2 instance on Outposts rack to communicate with your on-premises network. This new direct VPC routing mode is an alternative to the Customer-owned IP (CoIP) routing mode where Outposts rack uses a separate IP address pool provided by you from your on-premises network.
Until today, during an Outposts rack installation, you had to provide a separate IP address range/CIDR from your on-premises network for AWS to create an address pool, known as a CoIP pool.
When an EC2 instance on your Outposts rack needed to communicate with your on-premises network, Outposts rack would perform a 1:1 network address translation (NAT) from the VPC private IP address to a CoIP address in the CoIP pool. Outposts rack now supports a new direct VPC routing mode where you can simply use the VPC private IP of the EC2 instance for routing traffic between your Outpost and your on-premises network.
Direct VPC routing is available in all AWS Regions where Outposts rack is supported. You can choose CoIP or direct VPC routing mode depending on your local network needs. Outposts rack will continue to support CoIP mode for those who prefer to use separate on-premises IP ranges for routing in on-premises networks.
Amazon Connect Customer Profiles now supports Amazon AppFlow connectors
Amazon Connect Customer Profiles is now available as a destination in the Amazon AppFlow console. With a few clicks, customers can now bring data from 20+ application connectors into Customer Profiles and equip contact center agents with the information needed to provide personalized customer service.
Amazon AppFlow connectors allows ingestion of data such as transactions (e.g., purchase orders from SAP OData), profile information (e.g., leads from Zendesk Sell) and customer interactions (e.g., Slack conversations) to create a single, unified profile for each of your customers.
You can prepare customer data for your specific contact center use cases by leveraging Amazon AppFlow’s no-code console experience. For instance, hiding sensitive credit card information by using the masking feature or ingesting the data for a specific geography using the filter feature that transfers only the records that meet the filter criteria.
AWS Backup Audit Manager is now available in Africa (Cape Town) and Europe (Milan)
This week, AWS announced the availability of AWS Backup Audit Manager in the AWS Africa (Cape Town) and Europe (Milan) Regions. AWS Backup Audit Manager is a feature within the AWS Backup service that allows you to audit and report on the compliance of your data protection policies to help you meet your business and regulatory needs.
AWS Backup enables you to centralize and automate data protection policies across AWS services based on organizational best practices and regulatory standards, and AWS Backup Audit Manager helps you maintain and demonstrate compliance with those policies. With AWS Backup Audit Manager, you can generate auditor-ready reports to help prove compliance of your data protection policies with your defined industry-specific regulatory requirements.
AWS Config announces a price reduction up to 58% for conformance packs
AWS are excited to announce that AWS Config has reduced conformance pack prices by up to 58% depending on your usage levels. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a Region or across an entire organization, helping you manage the compliance of your AWS resources at scale.
Conformance packs are charged using a three-tiered pricing model based on the number of conformance pack evaluations, defined as an evaluation of a resource by an AWS Config rule within the conformance pack. This price reduction lowers the cost per conformance pack evaluation across every tier and also decreases the number of evaluations needed to reach each tier. The end result is that users of conformance packs may see their bills decrease up to 58% depending on where their usage falls within the different tiers.
AWS Certificate Manager (ACM) for Nitro Enclaves now supports Apache HTTP webservers
AWS are excited to introduce two new enhancements to AWS IoT Device Defender ML Detect, Custom Metrics and Dimensions support. ML Detect now supports monitoring of custom metrics, allowing you to evaluate operational health parameters that are unique to your fleet.
Besides setting static alarms manually with Rules Detect, you can now use machine learning to automatically learn your fleet's expected behaviors on custom metrics. Further, with the new Dimensions filter support for ML Detect, you can define attributes to evaluate more precise metrics in your ML security profile.
In this release, custom metrics on ML Detect supports the number-type metrics, such as device’s connection signal strength or percentage of CPU usage, while the dimensions feature provides support for MQTT-topic-filter on four cloud-side metrics (number of messages received, message byte size, number of messages sent, and number of authorization failures).
AWS IoT Device Defender ML Detect Custom Metrics and Dimensions support
AWS are excited to introduce two new enhancements to AWS IoT Device Defender ML Detect, Custom Metrics and Dimensions support.
ML Detect now supports monitoring of custom metrics, allowing you to evaluate operational health parameters that are unique to your fleet. Besides setting static alarms manually with Rules Detect, you can now use machine learning to automatically learn your fleet's expected behaviors on custom metrics.
Further, with the new Dimensions filter support for ML Detect, you can define attributes to evaluate more precise metrics in your ML security profile.
In this release, custom metrics on ML Detect supports the number-type metrics, such as device’s connection signal strength or percentage of CPU usage, while the dimensions feature provides support for MQTT-topic-filter on four cloud-side metrics (number of messages received, message byte size, number of messages sent, and number of authorization failures).
Introducing Visual Conversation builder for Amazon Lex
Amazon Lex is a service for building conversational interfaces into any application using voice and text. With Amazon Lex, you can quickly and easily build conversational bots (“chatbots”), virtual agents, and interactive voice response (IVR) systems.
AWS are excited to introduce the Visual Conversation Builder, a drag and drop interface to visualize and build conversation flows in a no-code environment. The Visual Conversation Builder greatly simplifies bot design. In addition to the already available menu-based editor, and Lex APIs, the visual builder provides a complete view of the entire conversation flow in one location. It empowers any user to build engaging conversational experiences more quickly.
Using the visual builder, you can build and manage complex conversations with dynamic paths. By adding conditions directly to your Lex bot, and manage the conversation path dynamically based on user input and business knowledge, all within a no-code environment.
The Visual Conversation builder enables efficient collaboration between design and development team members, eliminating the need for another diagramming tool and reducing the time needed to build production-ready bots.
AWS Transfer Family now supports multiple host keys and key types per server
AWS Transfer Family now supports up to ten host keys per SFTP server. In addition, ED25519 and ECDSA key types are now supported for server host keys. Previously, AWS Transfer Family only supported one host key per server, and only the RSA key type.
These enhancements allow you to move your existing SFTP servers with multiple host keys and host key types to AWS Transfer Family. You will also be able to add and tag host keys before rotating them, giving you more control over your managed file transfer environments.
Multiple host keys and host key types are supported in all Regions where AWS Transfer Family is available. You can configure server host keys using the AWS Management Console, AWS Transfer Family API, or AWS Command Line Interface (CLI).
Amazon Relational Database Service (Amazon RDS) for Oracle now supports the instance store for temporary tablespaces and the Database Smart Flash Cache (flash cache) for M5d and R5d instances. M5d and R5d instances are ideal fit for applications that need access to high-speed, low latency local storage including those that need temporary storage of data for scratch space, temporary files, and caches.
With M5d and R5d instances, You can now place the temporary tablespaces in the instance store. A database session can write temporary, intermediate data to a temporary tablespace, and then read the data back into memory for processing. This strategy improves throughput for sorts, hash aggregations, high-load joins, and much more. The temporary tablespaces feature is available in both Oracle Database Enterprise Edition (EE) and Oracle Database Standard Edition 2 (SE2).
Furthermore, you can also configure a flash cache in the instance store. The flash cache works well for read-intensive workloads that use mostly single-block random reads. As a best practice, size the cache to hold a large portion of the active data set that doesn't fit in the buffer cache.
Without the flash cache, queries read data from EBS storage, which has a higher latency than local storage. With the flash cache, queries can read data blocks from the cache, which improves performance. The flash cache is available in Oracle Database Enterprise Edition (EE).
AWS Graviton2-based Amazon EC2 C6gd instances now available in Europe (Stockholm) region
Starting this week, Amazon EC2 C6gd instances powered by AWS Graviton2 processors are available in Europe (Stockholm) region. C6gd instances are ideal for compute-intensive workloads such as high performance computing (HPC), batch processing, ad serving, video encoding, gaming, scientific modelling, distributed analytics, and CPU-based machine learning inference.
The local SSD storage provided on these instances will benefit applications that need access to high-speed, low latency storage, as well as for temporary storage of data such as batch and log processing, and for high-speed caches and scratch files.
These instances are built on the AWS Nitro System, which offloads many of the traditional virtualization functions to dedicated hardware, that enable the delivery of high availability, and highly-secure cloud instances. These instances offer up to 25 Gbps of network bandwidth, and up to 19 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS). The C6gd instances also offer up to 3.8 TB of NVMe-based SSD storage.
SageMaker Studio now supports Glue Interactive Sessions
Amazon SageMaker Studio is a fully integrated development environment (IDE) for machine learning (ML) that enables data scientists and developers to perform every step of the machine learning workflow, from preparing data to building, training, tuning, and deploying models.
SageMaker Studio comes with fast start, collaborative notebooks. You can quickly launch notebooks in Studio, easily dial up or down the underlying compute resources without interrupting your work, and even share your notebook as a link in few simple clicks.
This week, AWS are excited to announce that Amazon SageMaker Studio notebooks now come with built-in integration with AWS Glue Interactive Sessions. Data scientists and data engineers can use the serverless Apache Spark runtime environment managed by AWS Glue Interactive Sessions to interactively prepare data at scale right in their Studio notebooks.
Using Glue Interactive Session from SageMaker Studio Notebooks is simple; you choose the built-in Glue PySpark or Glue Spark kernel for your Studio notebook to initialize interactive, serverless Spark sessions within seconds, without having to worry about provisioning and managing complex compute cluster infrastructure. Once initialized, you can quickly browse the Glue data catalog, run large queries, and interactively analyze and prepare data using Spark, right in your Studio notebook. You can then use the prepared data to build, train, tune and deploy models using the purpose-built ML tools within SageMaker Studio.
Monitor Amazon EMR Serverless applications in near real-time with CloudWatch metrics
Amazon EMR Serverless is a serverless option in Amazon EMR that makes it easy for data analysts and engineers to run open-source big data analytics frameworks without configuring, managing, and scaling clusters or servers.
This week, AWS were excited to launch live monitoring of EMR Serverless capacity usage using Amazon Cloudwatch metrics. With this feature, you can track how much CPU, memory, or disk space is currently being used by an EMR serverless application, how resources have been added or removed over time to run the application, or how many drivers and executors have been running at any time.
You can get a single view to monitor application capacity usage in a Cloudwatch dashboard. To get started, use the EMR Serverless Cloudwatch dashboard template provided in emr-serverless-samples git repo and deploy it.
Amazon WorkSpaces is available in the Africa (Cape Town) Region
Amazon WorkSpaces is now available in the Africa (Cape Town) Region. This expansion into a new AWS Region allows you to provision WorkSpaces closer to your users, providing a more responsive experience. Additionally, you can quickly add or remove WorkSpaces to meet changing demand, without the cost and complexity of on-premises Virtual Desktop Infrastructure (VDI).
Amazon WorkSpaces is a fully managed, secure Desktop-as-a-Service (DaaS) solution which runs on AWS. With WorkSpaces, you can provision virtual, cloud-based Windows desktops for your users, providing them access to the documents, applications, and resources they need, anywhere, anytime, from any supported device. You can pay either monthly or hourly, just for the Amazon WorkSpaces you launch, which helps you save money when compared to traditional desktops and on-premises VDI solutions.
Amazon EC2 X2idn and X2iedn instances now available in Europe (Paris) region
Starting this week, memory optimized Amazon EC2 X2idn and X2iedn instances are available in Europe (Paris) region. X2idn and X2iedn instances, powered by 3rd generation Intel Xeon Scalable Processors (code named Ice Lake), are designed for memory-intensive workloads and deliver improvements in performance, price performance, and cost per GiB of memory compared to previous generation X1 instances. X2idn has a 16:1 ratio of memory to vCPU and X2iedn has a 32:1 ratio, making these instances a great fit for workloads such as in-memory databases and analytics, big data processing engines, and Electronic Design Automation (EDA) workloads.
X2idn and X2iedn deliver up to 45% more SAPS than comparable X1 instances and are SAP-Certified for running Business Suite on HANA, SAP S/4HANA, Data Mart Solutions on HANA, Business Warehouse on HANA, SAP BW/4HANA, and SAP NetWeaver workloads on any database. You can view the certification data for X2idn and X2iedn on the Certified and Supported SAP HANA Hardware Directory.
X2idn and X2iedn instances offer the highest Amazon Elastic Block Store (Amazon EBS) performance of Amazon EC2 instances with up to 80 Gbps bandwidth and 260k IOPS, and are designed to meet the reliability needs of mission-critical workloads. X2idn and X2iedn will also be available in bare metal.
Workloads on bare metal instances will be able to take advantage of all the comprehensive services and features of the AWS Cloud, such as Amazon EBS, Elastic Load Balancing (ELB), and Amazon Virtual Private Cloud (Amazon VPC).
Amazon RDS Performance Insights now supports displaying top 25 SQL queries
Amazon Relational Database Service (Amazon RDS) Performance Insights’ Top SQL tab shows the SQL queries that are contributing the most to database load. Starting this week, AWS are increasing the top SQL queries displayed in Amazon RDS Performance Insights from 10 to 25.
Amazon RDS Performance Insights is a database performance tuning and monitoring feature of RDS and Amazon Aurora that helps you quickly assess the load on your database and determine when and where to take action.
Amazon RDS Performance Insights allows non-experts to measure database performance with a simple-to-understand dashboard that visualizes database load. With one click, you can add a fully managed performance monitoring solution to your Aurora clusters and Amazon RDS instances.
Amazon RDS Performance Insights automatically gathers necessary performance metrics and visualizes them in a dynamic dashboard on the RDS console. You can identify your database’s top performance bottlenecks from a single graph.
To get started, log into the Amazon RDS Management Console and enable Amazon RDS Performance Insights when creating or modifying an instance of a supported Amazon RDS engine. Then go to the Amazon RDS Performance Insights dashboard to start monitoring performance.
Amazon RDS Performance Insights is included with supported Aurora clusters and Amazon RDS instances, and stores seven days of performance history in a rolling window at no additional cost. If you need longer-term retention, you can pay for 1-24 months of performance history retention.
Amazon SWF launches new console experience
Amazon SWF has launched a new console experience, making it easier for you to manage SWF workflows with more visibility and control.
Amazon SWF is a workflow service that makes it easier for you to build distributed applications. You have full control over the implementation and coordination of tasks and Amazon SWF manages the underlying complexities such as tracking their progress and maintaining their state. You can run your application on-premise, or on Amazon EC2, a web service that provides resizable compute capacity in the cloud.
The new console experience for Amazon SWF provides improved visibility of your SWF domains, a way of scoping Amazon SWF resources within your AWS account, as well as more information about workflow executions and their events. You can search and filter executions and events using properties such as execution ID, workflow, type, and output. The new console makes it easier for you to manage high volume workloads and quickly find the detailed information you need to operate efficiently.
Amazon FSx for Lustre is now available in the AWS Asia Pacific (Jakarta) Region
AWS customers in the AWS Asia Pacific (Jakarta) Region can now use Amazon FSx for Lustre.
Amazon FSx makes it easy and cost effective to launch, run, and scale feature-rich, high-performance file systems in the cloud. It supports a wide range of workloads with its reliability, security, scalability, and broad set of capabilities.
Amazon FSx for Lustre provides fully-managed shared storage built on the world’s most popular high-performance file system, designed for fast processing of workloads such as machine learning, high performance computing (HPC), video processing, financial modelling, and electronic design automation (EDA).
Google Cloud Releases and Updates
Source: cloud.google.com
Google Cloud Database Migration Service has added support for AlloyDB. This service can make it easier to migrate your existing PostgreSQL data and workloads to an AlloyDB cluster.
On October 31, 2022, GCP will introduce a new billing SKU for Policy Controller which is a part of Anthos Config Management. However, we won't make any changes to the pricing or billing model.
Customers who use Policy Controller do not need to take any action.
Non-Anthos customers will see a new SKU appear on their monthly bill, but there is no change in pricing. The SKU "Anthos Configuration Management" (81D5-A275-98BF) will be replaced with the SKU "Anthos Policy Controller" (6707-0251-B8E2).
Anthos customers will not see a change as their usage of Policy Controller is covered by their Anthos license.
Anthos Config Management release 1.10 is no longer supported with the release of Anthos Config Management 1.13. For reference, see Get support.
The Config Sync feature to sync configurations stored as OCI images in Google Artifact Registry or Container Registry is generally available (GA). To learn more, see Publish config images to Artifact Registry.
Config Sync is open sourced. We are open to contributions and bug fixes if you want to get involved in development of Config Sync. You can also use the repository to track ongoing work, or build from source to try out bleeding-edge functionalities.
Config Sync supports syncing from private Helm repositories (including OCI-based ones) as a preview feature. Google Artifact Registry is the preferred Helm registry. To learn more, see Sync Helm charts from Artifact Registry.
The Google Cloud Console now shows the sync status for all syncs in clusters registered to fleet. It also allows for drilling down to see the reconciliation status for individual resources. To learn more, see View Config Sync status in the Google Cloud console.
Config Sync now supports user-provided CA certificates for verifying HTTPS connections to Git servers. To learn more, see Configuration of the Git Repository.
The constraint template library includes a new template: K8sStorageClass. Requires Anthos Config Management version 1.12.1 or higher. For reference see Constraint template library.
The contraint template library's K8sEmptyDirHasSizeLimit template now supports regular expression matching of exempt volume names by using the new exemptVolumesRegex parameter. For reference see Constraint template library.
The contraint template library's K8sMemoryRequestEqualsLimit template now supports regular expression matching of exempt container names by using the new exemptContainersRegex parameter. For reference see Constraint template library.
On September 12, 2022 GCP released an updated version of Apigee integrated portal.
Fixed an issue where some SMTP settings were not migrated to an upgraded portal. Implemented a minor security fix to block content spoofing in the API search page.
When creating a new App key for products that have been set to manual approval, but have already been approved, the new key will "auto" approve and not have to go through the approval process again.
Apigee X
On September 14, 2022 GCP released an updated version of the Apigee X software.
When using local development with Apigee in VS Code, the following pre-release features are available as part of the Insiders build (v1.21.0 and higher):
Artifact Registry
Artifact Registry is now available in the me-west1 region (Tel Aviv, Israel).
Batch
Preview: Data Access audit logs are now available for Batch. For more information, see Batch audit logging information.
BigQuery
The BigQuery Data Transfer Service for Google Ads now supports the new Google Ads API. This feature is now in preview.
In addition to standard rounding, BigQuery now supports the rounding mode ROUND_HALF_EVEN for parameterized NUMERIC or BIGNUMERIC columns. The ROUND() function also accepts the rounding mode as an optional argument. This feature is now in preview.
BigQuery is now available in the Madrid (europe-southwest1), Milan (europe-west8), and Paris (europe-southwest1) regions. The Madrid and Paris regions have the lowest carbon impact.
The Merge is coming! You may experience disruptions in the Ethereum public datasets in BigQuery.
The is_case_insensitive schema option, which allows you to make a dataset and its table names case-insensitive, is now in preview.
JDBC driver update, release 1.3.0 1001
- You can now configure the connector to authenticate the connection using an external account (workforce or workload identity federation).
- You can now configure the connector to use Private Service Connect URLs.
- The connector now supports JDBC transaction APIs. BigQuery supports multi-statement transactions inside a single query, or across multiple queries, when using sessions.
- The connector is now verified to use a default project for datasets. To do this, set the
dataset_project_idproperty inQueryPropertiesof the connection string to the desired project. MATERIALIZED_VIEWhas been added to the list of table types when using thegetTableTypesfunction.- The connector now supports the JSON data type.
ODBC driver update, release 2.5.0 1001
- You can now configure the connector to authenticate the connection using an external account (workforce or workload identity federation), with limited support, using Azure AD and Okta identity providers.
- You can now configure the connector to use Private Service Connect URLs.
- The connector now supports ODBC transaction APIs. BigQuery supports multi-statement transactions inside a single query, or across multiple queries, when using sessions.
- The connector is now verified to use a default project for datasets. To do this, set the
dataset_project_idproperty inQueryPropertiesof the connection string to the desired project. MATERIALIZED_VIEWhas been added to the list of table types. To retrieve these table types, configureSQLTablestoTABLE_TYPES_ONLY.- The connector now supports the JSON data type.
In Cloud Monitoring, you can view metrics for quota usage and limits of the Storage Write API's concurrent connections and throughput quotas. This feature is now generally available (GA).
Removed (Node.js) pip install statements
BigQuery ML
BigQuery ML is now available in the Madrid (europe-southwest1), Milan (europe-west8), and Paris (europe-southwest1) regions. The Madrid and Paris regions have the lowest carbon impact.
Cloud Bigtable
Cloud Bigtable is available in the me-west1 (Tel Aviv) region. For more information, see Bigtable locations.
Cloud Billing
You can now estimate the cost of your workloads using the Cost Estimation API (Preview). The Cost Estimation API provides customer-specific estimates that include all your discounts, such as those negotiated as part of a contract and those based on committed usage. These cost estimates can help you make more informed business decisions.
-
For information on using the API, and example API requests, see Get cost estimates for your Google Cloud workloads.
-
For detailed information on the API request and response formats, see the API overview.
Cloud Build
Users can now use Cloud Build's GitHub Issues notifier to create issues in their GitHub repository in response to build events. The GitHub Issues notifier is available as an experimental release. To learn more, see Configuring GitHub Issue notifications.
Users can now use Cloud Console to configure a trigger to send build logs to GitHub or GitHub Enterprise. For more information, see Building repositories from GitHub and Building repositories from GitHub Enterprise.
gcloud support for manual triggers is now available. To learn more, see Manually build code in source repositories.
Cloud Build now supports Supply chain Levels for Software Artifacts (SLSA) level 3 assurance. Taking steps to reach SLSA level 3 can help you protect your build pipeline. To learn more, see Viewing build provenance.
Cloud Composer
Cloud Composer 1.19.9 and 2.0.26 release started on September 12, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.
Encryption with customer-managed encryption keys (CMEK) now applies to the persistent disk of the environment's Redis queue.
(Available without upgrading) Fixed a problem where the termination grace period for Airflow worker Pods in Cloud Composer 2 was set to 30 seconds (from 3600 seconds) after updating an environment. If your environment is impacted, this fix will apply automatically on the next update (or upgrade) operation. To apply the fix immediately, you can override and then delete a non-existing environment variable in your environment.
(Available without upgrading) When an environment is deleted, Cloud Composer automatically deletes the persistent disk of the environment's Redis queue.
Set the logging level of Airflow's DeprecationWarning messages to Warning.
(Available without upgrading) Cloud Composer now makes several attempts to create an environment when the Cloud Composer connection subnetwork is locked by another operation. This change improves the reliability when creating environments with Public Service Connect.
Fixed a potential race condition in Airflow workers that could cause new tasks to be executed on a worker that is scheduled to be scaled down. This fix prevents Airflow tasks from being stuck in the running state.
Adjusted CPU limits for the FluentD environment component (responsible for uploading task logs to Cloud Logging), to avoid potential problems that might result in missing logs in Cloud Logging.
The apache-airflow-providers-google package was upgraded to 2022.8.26+composer. Changes compared to version 2022.8.23+composer:
-
Added
deferrableoption to Dataproc operators to run the task asynchronously. (#25302)Cloud Composer team plans to add support for Deferrable operators in October, 2022.
Cloud Composer 1.19.9 and 2.0.26 images are available:
- composer-1.19.9-airflow-1.10.15 (default)
- composer-1.19.9-airflow-2.1.4
- composer-1.19.9-airflow-2.2.5
- composer-2.0.26-airflow-2.1.4
- composer-2.0.26-airflow-2.2.5
Cloud Database Migration Service
Database Migration Service now supports migrating PostgreSQL workloads into AlloyDB for PostgreSQL. Click here to access the documentation.
Cloud Functions
Cloud Functions has added support for a new runtime, .NET Core 6.0, at the Preview release level.
Cloud Logging
Support for adding custom indexed LogEntry fields to your Cloud Logging buckets is now Generally Available. These indexes make querying your logs data faster.
Cloud Monitoring
Cloud Run
Startup CPU boost for revisions is now available to provide additional CPU during container instance startup time.
The following new region is now available: me-west1.
You can now deploy Cloud Run services from Cloud Deploy (Preview).
Startup healthcheck probes are now available (Preview).
Cloud Spanner
Fine grained access control for Spanner is now available in public preview. Fine-grained access control lets you secure your Spanner databases at the table and column level by using new RDBMS-style roles and GRANT/REVOKE SQL statements. With fine-grained access control, you can protect your transactional data and ensure that the right controls are in place when granting access to data. For more information, see About fine-grained access control.
The Spanner Golang database/sql driver is now generally available. Add the driver to your application to enable the use of the database/sql package with Spanner. For more information, see the Spanner blog and the package documentation.
You can create Cloud Spanner regional instances in Tel Aviv, Israel (me-west1).
Cloud SQL for MySQL
Cloud SQL read replicas now follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?
Support for me-west1 (Tel Aviv).
The In-place Major Version Upgrade feature is now generally available for Cloud SQL for MySQL.
Cascading Replicas is now generally available for Cloud SQL. Customers can now configure PostgreSQL and MySQL for Cloud SQL read replicas to have read replicas under them.
Cloud SQL for PostgreSQL
Cloud SQL read replicas now follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?
Support for me-west1 (Tel Aviv).
Cascading Replicas is now generally available for Cloud SQL. Customers can now configure PostgreSQL and MySQL for Cloud SQL read replicas to have read replicas under them.
Cloud SQL for SQL Server
Cloud SQL read replicas now follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?
Support for me-west1 (Tel Aviv).
Cloud Storage
Cloud Storage is now available in Tel Aviv, Israel (me-west1 region).
gcloud storage is now in GA
gcloud storageprovides faster uploading and downloading performance when compared to the gsutil command line tool.
Cloud TPU
Cloud TPU now supports Tensorflow 2.10.0. For more information see TensorFlow 2.10 release notes.
Cloud VPN
Cloud VPN is now available in region me-west1 (Tel Aviv, Israel).
Pricing is available on the Cloud VPN pricing page.
Compute Engine
Generally available: NVIDIA® T4 GPUs are now available in the following region and zones in Middle East:
- Tel Aviv, Israel:
me-west1-b,c.
For more information about using GPUs on Compute Engine, see GPU platforms.
Generally available: Tel Aviv, Israel, Middle East me-west1-a,b,c has launched with E2 and N2 VMs available in all three zones, and M1 VMs in zones a and c.
See VM instance pricing for details.
Config Connector
Config Connector version 1.94.0 is now available.
Added spec.memberFrom.sqlInstanceRef field to IAMPolicyMember (Issue #689).
Added spec.bindings[].members[].memberFrom.sqlInstanceRef field to IAMPartialPolicy (Issue #689).
Removed the validation on spec.cluster.numNodes > 0 in BigtableInstance (Issue #673).
Added support for major version upgrades to SQLInstance (spec.databaseVersion is now mutable).
Added spec.nodeConfig.reservationAffinity to ContainerCluster.
Added spec.nodePoolAutoConfig to ContainerCluster.
Added spec.nodeConfig.reservationAffinity to ContainerNodePool.
Extended support for value absent in state-into-spec annotation to most Config Connector resources.
Document AI
- Customers using Document AI Workbench, and processors for Purchase Order (PO), Invoice, or Expense, now have access to a new schema. This schema enables customers to label checkboxes, if they are defined in the schema, and to accurately represent nested entities, such as parent-child relationships, on the HITL annotation and review console. As additional processors adapt the new schema, these release notes will be updated to include those.
Nested entities
- The Annotation console now supports labeling for nested entities. The left panel is refreshed with a new look for nested rows to represent nested entities. The value of "parent" will now be the concatenation of all its "children". The parent is effectively a container for all of its children.
CVE-2022-2068 has been patched in the Filestore CSI driver for GKE clusters running version 1.23 or later.
Starting from GKE version 1.25 and gke-metrics-agent version 1.0.0, we increase the memory request and limit of gke-metrics-agent to 100 MiB. This change makes the system metrics collection more stable and reliable.
Kubernetes 1.25 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.25 Release Notes, especially the action required and deprecation sections.
Notable changes
Support for the deprecated quobyte and storageOS volume types is removed in 1.25.
- Version 1.1.22.12-gke.500 is now the default version in the Stable channel.
-
The following versions are now available in the Stable channel:
-
The following versions are no longer available in the Stable channel:
- 1.20.15-gke.11400
- 1.21.13-gke.900
-
Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.
The me-west1 region in Tel Aviv, Israel is now available.
On GKE Standard clusters using control plane version 1.24.2-gke.300 or later, you can configure the cluster and node pools to deploy an alternative version of the Logging agent designed to maximize logging throughput. The default Logging agent running in each GKE cluster guarantees at least 100 KB per second log throughput per node for system and workload logs. This Logging agent variant provides a 100x improvement, allowing for throughput as high as 10 MB per second on nodes that have at least 2 unused CPU cores.
Additionally, all GKE clusters with system metrics enabled now export a new metric (kubernetes.io/node/logs/input_bytes), which indicates the number of log bytes generated on a node. Using this metric can help you decide which variant of the logging agent makes sense to deploy in your cluster or node pools.
Google Cloud Deploy
Deploying your application to Cloud Run is now supported in preview.
Memorystore for Memcached
Added new Memorystore for Memcached region: Tel Aviv (me-west1).
Pub/Sub
BigQuery subscriptions support writing string fields in a Pub/Sub message to TIMESTAMP, DATETIME, DATE, or TIME columns in a BigQuery table. For more information about schema compatibility between a Pub/Sub topic and a BigQuery table, see Schema compatibility.
Pub/Sub is now available in me-west1 (Tel Aviv, Israel).
Node.js bug fixes:
- Add hashes to requirements.txt (#1544) (#1614) (359d098)
- Allow passing gax instance to client constructor (#1617) (8eabe38)
- Better support for fallback mode (#1610) (d9e7311)
- Change import long to require (#1611) (5553af2)
- deps: Update dependency protobufjs to v7 (#1602) (6e0ec60)
- Do not import the whole google-gax from proto JS (#1553) (#1616) (31c7fa2)
Retail API
Bulk importing of historical Google Analytics 4 user events with BigQuery is generally available. You can use this feature to import user events to the Retail API if you have integrated Google Analytics 4 with BigQuery and use Enhanced Ecommerce.
See the new documentation: Import Google Analytics 4 user events with BigQuery
Secret Manager
Secret Manager now supports using annotations to define custom metadata about the secret. The metadata in an annotation can be small or large, structured or unstructured, and can include characters. You can add annotations to secrets when you create a new secret or when you edit an existing secret. For information, see Creating and managing annotations.
Storage Transfer Service
Storage Transfer Service now offers Preview support for moving data from S3-compatible storage to Cloud Storage. This feature builds on recent Cloud Storage launches, namely support for Multipart upload and List Object V2, which makes Cloud Storage suitable for running applications written for the S3 API.
With this new feature, customers can seamlessly copy data from self-managed object storage to Google Cloud Storage. For customers moving data from AWS S3 to Cloud Storage, this feature provides an option to control network routes to Google Cloud, resulting in considerably lower egress charges.
See Transfer from S3-compatible sources for details.
Transfer Appliance
Users can now review data that successfully transferred and failed to transfer in log files that auto-generate after a transfer is completed. Learn more about data verification log files here.
VPC
For auto mode VPC networks, added a new subnet 10.208.0.0/20 for the Tel Aviv me-west1 region. For more information, see Auto mode IP ranges.
Workflows
Execution results include the current or final step of the workflow execution.
Microsoft Azure Releases And Updates
Source: azure.microsoft.com
General availability: Azure Media Services low-latency live streaming
Azure Media Services is announcing the general availability of low-latency HLS with glass-to-glass latency between 4-7 seconds with support for automatic transcriptions and digital rights management.
Generally available: Reserved capacity for Azure Backup Storage
Reserved capacity for Azure Backup Storage is now available.
Public preview: API Server VNET Integration for AKS private cluster
You can now use an API Server VNet Integration to ensure network traffic between your API server and your node pools remains on the private network only.
General availability: Read replica for Azure Database for MySQL - Flexible Server
Provision up to 10 read replicas for high availability (HA) enabled servers in Azure Database for MySQL – Flexible Server.
General availability: Azure Database for MySQL - Flexible Server data encryption with CMK
Encrypt your data with customer-managed keys (CMK) to enable an extra layer of security for data at rest.
Generally available: Fast restore for Azure Database for PostgreSQL – Flexible Server
Perform restores from the backup snapshot directly to speed up the overall provisioning time for your restored server with fast restore.
Public preview: Azure Database for MySQL - Flexible Server major version upgrade
Upgrade your instance of Azure Database for MySQL – Flexible Server from version 5.7 to 8.0.
Generally available: Multi-instance GPU support in AKS
You can now run your AKS production workloads using the A100 GPU SKU.
Public preview: Azure Load Testing in UK South
Azure Load Testing is in public preview in UK South.
Public preview: Operation abort
Stop an ongoing cluster or agentpool operation in emergency situations.
Public preview: Azure Network Policy Manager for Windows server 2022 in AKS
You can now add Azure network policies to Windows 2022 server in AKS.
Public preview: Soft delete in Azure Container Registry
You can now restore deleted artifacts from your Azure Container Registry.
Public preview: Monitoring for Ampere Altra Arm–based VMs and AKS clusters
Azure Monitor now supports monitoring for Arm–based Azure Virtual Machines and Azure Kubernetes Service with Arm nodes.
General availability: Update on metric alert rules on custom metrics
Metric alert rules that monitor custom metrics can now be saved in four European regions: North Europe, West Europe, Sweden Central, and Germany West Central
Generally available: Action groups can now be saved and processed within Europe
Action groups can now be saved in European regions Sweden Central and Germany West Central (in addition to the default “global” region).
Public preview: gRPC support in Azure App Service
gRPC support is enabled for Linux workloads across App Service.
Generally available: Built-in Azure Monitor alerts for Azure Backup
Learn about the new and improved alerting capabilities offered for Azure Backup, via Azure Monitor.
Generally available: API Management DevOps Resource Toolkit v1.0.0
Easily deploy APIs in a CI/CD pipeline with API Management DevOps Resource Toolkit v1.0.0.
Public preview: Encrypt managed disks with cross-tenant customer-managed keys
Protect your data by encrypting Premium SSD, Standard SSD, and Standard HDD managed disks with customer-managed keys.
General availability: Azure Sphere OS version 22.09 expected on September 22
Participate in the 22.09 retail evaluation now to ensure full compatibility. The OS evaluation period provides 14 days for backward compatibility testing.
Generally available: Azure Dedicated Host support for Ultra Disk Storage
Introducing support for ultra disks on Azure dedicated host.
General availability: Standard network features for Azure NetApp Files
Standard network features for Azure NetApp Files is generally available in 20 regions.
Have you tried Hava automated diagrams for AWS, Azure, GCP and Kubernetes. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure, GCP accounts or stand alone K8s clusters. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here:
