Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 17th September 2021
To stay in the loop, make sure you subscribe on the right - There's a new newsletter series starting later this year that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
Source: aws.amazon.com
AWS CodeCommit is now available in the Africa (Cape Town) region. AWS CodeCommit is a secure, highly scalable, managed source control service that hosts private Git repositories. CodeCommit eliminates the need for you to manage your own source control system or worry about scaling its infrastructure. You can use CodeCommit to store anything from code to binaries. It supports the standard functionality of Git, so it works seamlessly with your existing Git-based tools
AWS IQ now supports AWS Certified experts and consulting firms located in the UK & France. Quickly find, engage, & get help from experts and consulting firms in UK and France for on-demand work.
Setting up monitoring and managing the health of your business applications is now even easier with the ability to discover the applications and resources in your account even without a Resource Group, automatically set up monitoring for them and see their health at a glance in a summary health dashboard presented when you complete setup or open CloudWatch Application Insights. CloudWatch Application Insights is a service that helps customers easily setup monitoring and troubleshoot their enterprise applications running on AWS resources. The new feature makes setting up monitoring for all the resources in your account a truly one step process.
Amazon Corretto 17 is now generally available. This version supports the latest Java feature release JDK 17 and is available on Linux, Windows, and macOS. You can download Corretto 17 from the downloads page .
Amazon MSK Connect is now available, enabling you to run fully managed Kafka Connect clusters with Amazon Managed Streaming for Apache Kafka (Amazon MSK). With a few clicks, MSK Connect allows you to easily deploy, monitor, and scale connectors that move data in and out of Apache Kafka and Amazon MSK clusters from external systems such as databases, file systems, and search indices. MSK Connect eliminates the need to provision and maintain cluster infrastructure. Connectors scale automatically in response to increases in usage and you pay only for the resources you use. With full compatibility with Kafka Connect, it is easy to migrate workloads without code changes. MSK Connect will support both Amazon MSK-managed and self-managed Apache Kafka clusters.
Amazon Relational Database Service (Amazon RDS) now supports AWS Graviton2-based T4g database (DB) instances for MySQL, MariaDB, and PostgreSQL databases. T4g DB instances offer up to 36% better price performance over comparable current generation x86-based T3 DB instances depending on the workload characteristics
Amazon Web Services (AWS) announces the general availability of Build on AWS, a new offering from AWS Activate designed to help startups build their infrastructure on AWS in minutes. Build on AWS is a collection of infrastructure templates and reference architectures covering a wide variety of solutions curated specifically for startups. These solutions are built by experts at AWS and based on AWS best practices. This enables startups to focus on building their core product knowing they’re using AWS best practices for their underlying cloud infrastructure. With the launch of Build on AWS, we’ve simplified the first steps of launching scalable, reliable, secure, and optimized infrastructure tailored to startups’ industry or use case.
This week, AWS were pleased to announced that the Route 53 Resolver DNS Firewall is now generally available in the Asia Pacific (Osaka) Region. The Route 53 Resolver DNS Firewall is a managed firewall that allows customers to block DNS queries made for known malicious domains and to allow queries for trusted domains.
Amazon Relational Database Service (Amazon RDS) now supports AWS Graviton2-based X2g database (DB) instances for MySQL, MariaDB, and PostgreSQL databases. X2g DB instances offer double the memory per vCPU compared to R6g/R5 instances and the lowest cost per GiB of memory in Amazon RDS for MySQL, MariaDB, and PostgreSQL databases. The X2g.16xl DB instance has 33% more memory than previously available in Amazon RDS DB instances for MySQL, MariaDB, and PostgreSQL databases and is a great choice for memory-intensive DB workloads.
Amazon Relational Database Service (Amazon RDS) now supports R5b database (DB) instances for MySQL and PostgreSQL databases. R5b DB instances support up to 3x the I/O operations per second (IOPS) and 3x the bandwidth on Amazon Elastic Block Store (Amazon EBS) compared to the latest x86-based memory-optimized DB instances (R5) available in Amazon RDS for MySQL and PostgreSQL databases. R5b DB instances are a great choice for IO-intensive DB workloads.
Starting this week, AWS customers can view their registered applications on AWS Service Catalog AppRegistry in their ServiceNow CMDB leveraging the AWS Service Management Connector for ServiceNow. Organizations are creating, migrating, and managing applications on AWS that are associated with multiple AWS resources. Customers define applications within AppRegistry by providing a name, description, and associations to the AWS CloudFormation stacks and application metadata that constitute their application. With this integration, customers can view AWS applications in their ServiceNow system of record and operational tooling. Customers can then relate ITSM process such as change requests, incidents/problem at the Application level in ServiceNow. This will allow for streamlined impact analysis and operational investigation of AWS applications.
You can now get real-time inference results from your models hosted by Amazon SageMaker directly from Amazon SageMaker Studio.
Amazon Comprehend, a natural-language processing (NLP) service that uses machine learning to uncover information in text, now allows you to extract custom entities from documents in a variety of formats (PDF, Word, plain text) and layouts (e.g., bullets, lists). This enables you to more easily extract insights and further automate your document processing workflows.
Amazon Redshift, a fully-managed cloud data warehouse, announces availability of Amazon Redshift RSQL, a command line client for interacting with Amazon Redshift clusters and databases. With Amazon Redshift RSQL, you connect to an Amazon Redshift cluster, describe database objects, query data, and view query results in various output formats.
You can now use Amazon Timestream in applications that are subject to System and Organization Control (SOC) compliance. Amazon Timestream is a fast, scalable, secure, and purpose-built time series database for application monitoring, IoT, and real-time analytics workloads that can scale to process trillions of time series events per day.
You can now use AWS Lake Formation in the Asia Pacific (Osaka) AWS region.
Amazon Web Services (AWS) announces the general availability of the Amazon EC2 T3 instances on EC2 Dedicated Hosts, designed to provide the most cost-efficient way for customers to run their eligible Bring Your Own Licenses (BYOL) software on AWS. With T3 Dedicated Hosts, customers can run up to 4 times more instances per host than comparable EC2 general purpose Dedicated Hosts, and reduce their infrastructure footprint and license costs by up to 70%. T3 Dedicated Hosts are best suited for running BYOL software with low-to-moderate CPU utilization and eligible per-socket, per-core or per-VM software licenses including Microsoft Windows Desktop, Windows Server and SQL Server, and Oracle Database.
Amazon Transcribe is an automatic speech recognition service that you can use to add speech-to-text capability to your applications. Starting today, you can utilize Amazon Transcribe to automatically remove personal identifiable information (PII) from your streaming transcription results. Amazon Transcribe uses state-of-the-art machine learning technology to help identify sensitive information such as Social Security number, credit card/bank account information, and contact information (i.e. name, email address, phone number and mailing address). With this feature, companies can provide their contact center agents with valuable transcripts for on-going conversation while maintaining privacy standards. These transcripts can then be used to help supervisors extract real-time insights and identify calls that require attention.
This week, AWS announced the enhancement of security findings generated by CodeGuru Reviewer’s GitHub action by adding severity fields and CWE (Common Weakness Enumerations) tags. Customers can use these new features to sort, filter, and prioritize their backlog of security vulnerabilities within GitHub’s user interface.
AWS Firewall Manager now enables customers to centrally deploy AWS WAF rate-based rules across accounts in their organization. An AWS WAF rate-based rule allows customers to track the rate of requests for each originating IP address and trigger a rule action on IPs once it goes over the limit. With this launch, security administrators on AWS Firewall Manager can now deploy rate-based rules across accounts, mandating request limits per account, using Firewall Manager security policy for AWS WAF.
Amazon Web Services (AWS) announces the general availability of Amazon EC2 VT1 instances powered by Xilinx® Alveo™ U30 media accelerators for video transcoding. VT1 instances are AWS’s first EC2 instances that feature hardware acceleration for video transcoding and are optimized for workloads such as live broadcast, video conferencing, and just-in-time transcoding. These instances deliver up to 30% lower cost per stream than Amazon EC2 G4dn GPU-based instances and up to 60% lower cost per stream than Amazon EC2 C5 CPU-based instances.
Amazon Connect now allows customers to subscribe to a near real-time stream of contact (voice calls, chat, and task) events (e.g., call is queued) in your Amazon Connect contact center in the Canada (Central) region. These events include when a voice call, chat, or task is initiated, queued to be assigned to an agent, connected to an agent, transferred to another agent or queue, and disconnected. Contact events can be used to create analytics dashboards to monitor and track contact activity, integrate into workforce management (WFM) solutions to better understand contact center performance, or to integrate applications that react to events (e.g., call disconnected) in real-time. Amazon Connect contact events are published via Amazon EventBridge, and can be set up in a couple of clicks by going to the Amazon EventBridge AWS console and creating a new rule.
Contact Lens for Amazon Connect has now launched both post-call and real-time analytics support for 3 new languages, Korean (South Korea), Japanese (Japan), and Mandarin (Mainland China). In addition, 5 languages, French (Canada), French (France), Portuguese (Brazil), German (Germany), and Italian (Italy), that were already supported for post-call analysis, are now also supported for real-time analytics. With this launch, Contact Lens now supports 21 languages for post-call analytics and 12 languages for both post-call and real-time analytics .
AWS Health Aware or AHA, is an incident management & communication framework to ingest proactive and real-time alerts from AWS Health to a customer’s preferred communication channels. Customers using AWS Organizations can get aggregated active account level alerts from impacted accounts across their organization. Alerts can be configured to endpoint(s) such as Slack, Microsoft Teams, Amazon Chime and Email Alerts. AHA can also be integrated with a broad range of other endpoints during configuration. These alerts are targeted to give customers event visibility and guidance to help quickly diagnose and resolve issues that are impacting our customer’s applications or workloads.
AWS CodeBuild’s support for Arm-based workloads now run on an additional AWS Graviton2 machine type suited for less-resource intensive workloads.
Amazon Simple Email Service (Amazon SES) customers can now request a limit increase to send and receive emails with a message size of up to 40MB.
Amazon Aurora Serverless v1 now supports setting timeout for autoscaling. Based on your application’s needs, you can specify a timeout between 1 and 10 minutes with a default value of 5 minutes. Aurora Serverless v1 looks for a period of no activity to initiate a scaling operation. If the timeout period is reached without such a point, you can stay at the current capacity or force the capacity change. Learn more about autoscaling in the Aurora Serverless v1 documentation . To set the timeout, visit the AWS Management Console or use the latest AWS SDK or CLI.
Amazon Aurora now supports AWS Graviton2-based X2g database instances. Customers can now get double the memory per vCPU compared to R6g instances. X2g instances provide the highest memory per vCPU at the lowest cost per GiB of memory for Amazon Aurora. X2g instances are available when using both Amazon Aurora MySQL-Compatible Edition and Amazon Aurora PostgreSQL-Compatible Edition.
Anthos clusters on VMware
Anthos clusters on VMware 1.6.5-gke.0 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.6.5-gke.0 runs on Kubernetes 1.18.20-gke.4501.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.8, 1.7, and 1.6.
Anthos Service Mesh
1.9.8-asm.3 and 1.10.4-asm.9 are now available.
These patch releases:
Cloud Functions
Cloud Functions now supports PHP 7.4 at the General Availability release level.
Cloud Run
You can now configure Cloud Run services to have CPU allocated for the entire lifetime of container instances. Pricing depends on the CPU allocation configuration. (Available in public preview.)
Preview: Installing Cloud Run for Anthos as an Anthos feature is now available as a Preview. Currently available for new clusters only.
This preview of Cloud Run for Anthos installs as an Anthos fleet component and requires Anthos Service Mesh. Learn more.
Cloud Shell
Cloud Shell is available directly in the Google Cloud documentation.
You can use this feature to activate Cloud Shell in the documentation and run sample code in the terminal on the page. For more information, see Launching within documentation.
The following list summarizes known issues that you might encounter:
Cloud SQL for MySQL
Cloud SQL for MySQL now supports custom formatting controls for CSVs. For more information on how to select custom characters for field delimiters, quotes, escapes, and other characters in admin exports and imports, see our documentation.
Cloud SQL for PostgreSQL
Cloud SQL for PostgreSQL has enhanced the support for multiline log entries in postgres.log
. Before, when a log entry spanned multiple lines, each line was recorded as a separate entry in Cloud Logging. The lines are now recorded as a single entry in Cloud Logging for ease of query and processing.
Cloud SQL for PostgreSQL now supports custom formatting controls for CSVs. For more information on how to select custom characters for field delimiters, quotes, escapes, and other characters in admin exports and imports, see our documentation.
Compute Engine
Generally Available: NVIDIA® T4 GPUs are now available in the following additional regions and zones:
us-west4-a,b
us-west2-b,c
For more information about using GPUs on Compute Engine, see GPUs on Compute Engine.
Dataproc
New sub-minor versions of Dataproc images: 1.4.71-debian10
, 1.4.71-ubuntu18
, 1.5.46-centos8
, 1.5.46-debian10
, 1.5.46-ubuntu18
, 2.0.20-centos8
, 2.0.20-debian10
, 2.0.20-ubuntu18
Added support for enabling/disabling Ubuntu Snap daemon with cluster property dataproc:dataproc.snap.enabled
. The default value is "true". If set to "false", pre-installed Snap packages in the image won't be affected, but auto refresh will be disabled. Applies to all Ubuntu images.
GKE
In GKE versions 1.21.0-gke.1500 and later, VPC-native is the default network mode during cluster creation. To create a routes-based cluster, you can use the --no-enable-ip-alias
flag
With GKE versions 1.21.4-gke.30 and later, users can create ServiceAttachment resources to provision Private Service Connect (PSC) for internal LoadBalancer Services. This feature is available in Preview.
Multi-cluster Ingress now supports SSL policies and HTTPS redirects using the FrontendConfig
resource. This feature is generally available in GKE versions 1.17.13-gke.2600 and later.
GKE versions 1.19.14-gke.301 and later fix the issue with v1beta1
of the Backendconfig
API, where a Cloud Armor security policy was inadvertently deleted from the backend Service of an Ingress resource.
For more information, see Kubernetes issue #1508 and the Ingress Known issues page.
Identity and Access Management
You can now disable and enable service account keys.
Kf
Improved kf doctor
reliability for Anthos on-prem clusters.
Fixed an error that can occur during the initialization of the subresource API.
Security Command Center
Event Threat Detection, a built-in service of Security Command Center Premium, has launched new detectors in public preview.
The following detectors monitor your Google Workspace and Cloud Audit logs and alert you when external members are added to privileged Google Groups—groups that are granted sensitive IAM roles and permissions:
Credential Access: Privileged Group Joinability Risk
: Detects when Google Groups are changed to be accessible to the general publicPersistence: IAM Anomalous Group Grant
: Detects when sensitive roles are granted to privileged Google Groups with external membersCredential Access: External Member In Privileged Group
: Detects when an external member is added to a privileged Google GroupThe following detectors monitor your Admin Activity logs and alert you to suspicious changes in Compute Engine instances:
Persistence: Compute Engine Admin Added SSH Key
: Detects modification of the Compute Engine instance metadata ssh key value on established instancesPersistence: Compute Engine Admin Added Startup Script
: Detects modification of the Compute Engine instance metadata startup script value on established instancesThe Persistence: IAM Anomalous Grant
detector is enhanced and detects when sensitive roles are granted to users and service accounts.
For more information on Event Threat Detection findings, see Rules. To learn how Event Threat Detection monitors changes in Google Groups and defines sensitive roles, see Unsafe Google Group changes.
Vertex AI
Vertex Explainable AI is generally available (GA).
You can use a pre-built container to serve predictions from TensorFlow 2.6 models.
Virtual Private Cloud
Full control over which protocols are mirrored by Packet Mirroring is now available in General Availability.
Microsoft Azure Releases And Updates
Source: azure.microsoft.com
With this certification, U.S. government and public sector customers can now use Azure VMware Solution as a compliant FedRAMP cloud computing environment, ensuring it meets the demanding standards for security and information protection.
JetStream Disaster Recovery is now available on Azure VMware Solution in public preview, enabling DR protection needed for business and mission-critical applications. JetStream Disaster Recovery on Azure VMware Solution is also cost-effective, as it uses minimal resources at the DR site by leveraging cloud storage, such as Azure Blob Storage.
Now with Windows Server 2022 generally available, you can start using this agent to monitor your resources running the latest Windows operating systems
A new major version of the Cosmos DB extensions for Azure Functions is now available in public preview.
Benefit from new features and enhancements in OpenShift release 4.8.
You can now create custom policy definitions for your AKS clusters
You can now select if you would like your AKS nodes to be deleted or deallocated when scaled down.
You can now execute just-in-time commands for AKS more easily.
General availability enhancements and updates released for Azure SQL Managed Instance in mid-September 2021.
You can now provision Hyperscale (Citus) for Azure Database for PostgreSQL, a managed service using the open source Postgres database, in the Japan West region.
The support of Citus 10.1, with columnar storage and more, is now included in Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open source Postgres database on Azure.
Use PostgreSQL 11.13, 12.8, and 13.4 minor versions with Hyperscale (Citus) for Azure Database for PostgreSQL, a managed service running the open source Postgres database on Azure.
Use the latest Azure Cosmos DB Azure Functions extension version 4.0 based on the .NET SDK version 3.x, enabling authentication with AAD, built-in change feed processor support, and performance enhancements.
TARGET AVAILABILITY: Q3 2021
New feature Multiple Private Endpoint for Workspace is now available in public preview in Azure Machine Learning
August updates include support for multi-tenant applications, UI enhancements, REST API refresh, and regional deployments.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: