Hava Blog and Latest News

In Cloud Computing This Week [Sep 2nd 2022]

Written by Team Hava | September 2, 2022

This week's roundup of all the cloud news.


Here's a cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday September 2nd 2022.

To stay in the loop, make sure you subscribe using the box on the right of this page.

Of course we'd love to keep in touch at the usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.

AWS Updates and Releases

Source: aws.amazon.com

Amazon Athena is now available in the AWS Asia Pacific (Jakarta) Region

Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.

With today’s release, Amazon Athena and its latest features and benefits are available in the AWS Asia Pacific (Jakarta) Region. This release expands Athena’s availability in Asia Pacific to include Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Tokyo) regions.

AWS Config conformance pack templates can now be stored in AWS Systems Manager

AWS Config conformance pack templates can now be stored in and deployed from AWS Systems Manager documents (SSM documents). Conformance packs are collections of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a Region or across an organization in AWS Organizations. Conformance packs are defined through a YAML-based template and deployed by AWS Config. As templates are offline files, customers had to maintain manual processes for version control and sharing across accounts.
With this launch, AWS customers can now utilize SSM documents to store their conformance pack templates on AWS and directly deploy conformance packs using SSM document names. With SSM document support, customers now have another storage mechanism to maintain their conformance pack templates. SSM documents also provide customers with built-in versioning, access control, and sharing capabilities to ensure the integrity of the conformance pack templates and make the deployment process more efficient.

Amazon Polly NTTS voices now available in Asia Pacific (Mumbai)

Amazon Polly is a service that turns text into lifelike speech. This week, AWS are excited to announce the general availability of all Neural Text-to-Speech (NTTS) voices in the Asia Pacific (Mumbai) Region.

Amazon Polly is a service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products. Polly's Text-to-Speech (TTS) service uses advanced deep learning technologies to synthesize natural sounding human speech.

Amazon Polly voices can be applied to a diverse set of use cases to increase customer engagement. For example, giving interactive voice response (IVR) or virtual assistant agents’ natural sounding voices or producing spoken versions of text-based content. For eLearning, audiobooks, newsreaders, and other content, you can also provide audio/visual experiences by synchronizing speech with facial animation or karaoke-style word highlighting.

Customers in the following 13 regions can now experience higher voice quality and lower latency when using Amazon Polly: US East (N. Virginia), US West (Oregon), Africa (Cape Town), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London) and AWS GovCloud (US-West).

Amazon EBS adds the ability to take crash-consistent snapshots of a subset of EBS volumes attached to an Amazon EC2 instance

In May 2019, Amazon Elastic Block Store (EBS) launched the ability for customers to take crash-consistent snapshots of all Amazon EBS volumes attached to an Amazon EC2 instance with a single API call. Now you can choose to take crash-consistent snapshots of a subset of Amazon EBS data volumes attached to an Amazon EC2 instance. You can also use Amazon Data Lifecycle Manager (DLM) to automate taking crash-consistent snapshots of the same subset of Amazon EBS volumes on a retention schedule defined by DLM policies.

Amazon EBS Snapshots are point-in-time copies of Amazon EBS volumes stored on Amazon S3. Customers use snapshots in their backup or disaster recovery plans. Snapshots are commonly used to create a backup of a critical workload such as a large database or file system. Customers often have multiple EBS volumes attached to an EC2 instance. Some of these volumes may belong to different applications or may contain temporary data such as cache. As a result, a subset of these volumes may not need to be backed up.

With this change, you can now choose to snapshot only the Amazon EBS volumes you want using a single API call or the Amazon EC2 console, also saving cost. If you are using DLM, you can set your policies to automatically backup the subset of volumes using DLM policies and tags. This saves you from having to manage scripts, or manually delete the snapshots you don’t want, thus simplifying your operations.

Amazon RDS for PostgreSQL supports new minor version 14.4

Amazon Relational Database Service (Amazon RDS) for PostgreSQL now supports PostgreSQL minor version 14.4. We recommend you upgrade to this latest minor version to fix known security vulnerabilities and bugs from prior versions of PostgreSQL. Please refer to the PostgreSQL community announcement for more details about the release.
While this release from PostgreSQL community includes a number of fixes, a noteworthy fix included in this release is for CREATE INDEX CONCURRENTLY and REINDEX CONCURRENTLY that can potentially cause silent data corruption of indexes. Amazon RDS has made the fix for the index corruption available since the release of Amazon RDS for PostgreSQL 14.3.

You can leverage automatic minor version upgrades to automatically upgrade your databases to more recent minor versions during scheduled maintenance windows. Learn more about upgrading your database instances, including automatic minor version upgrades, in the Amazon RDS User Guide.

Amazon QuickSight Q Authors can now identify questions that Q did not answer or required user disambiguation to generate an answer

QuickSight Authors can now better analyze user activity; new enhancements to user activity in Topics make it easy for authors to - a. Identify questions that required user disambiguation to generate an answer, b. Filter questions based on whether they were answered or required user disambiguation and c. Filter questions based on the User who submitted the question. Authors can navigate to the User Activity section of a Topic and identify questions that required disambiguation with specific phrase highlighted, they can also filter the list of questions by choosing either “unanswered”, “has user disambiguations” or by typing in a specific User ID.

QuickSight Authors can log in to their QuickSight accounts and click on “Q Topics“ in the left hand navigation and click on a specific Topic to explore it further. Within a Topic, Authors can click on User Activity to see the list of all questions asked by users on that Topic. With the launch of new enhancements Authors can now easily identify questions that required user disambiguation with specific question phrases highlighted. Clicking on the disambiguated question provides details of the question phrase that was disambiguated and the field to which the phrase was associated. Using this information authors can enhance their topic language coverage. If such usage is common across other users of the Topic, Author can add these phrases as synonyms to the field and prevent requiring other users to perform similar disambiguation. Authors can also filter the list of all questions to only those that were either unanswered or required user disambiguation, by the user who submitted the question and analyze these questions to identify opportunities for improvement.

Custom forecast frequencies now supported in Amazon Forecast

This week, Amazon Forecast was excited to announce the ability to customize the forecast frequency, enabling you to more closely align forecast intervals with your demand cycles. Amazon Forecast is a fully managed service that uses machine learning (ML) algorithms to deliver highly accurate time series forecasts.

Previously, forecasting frequencies were fixed at specific (yearly, monthly, daily, hourly) intervals or minute (30, 15, 10, 5, 1) increments. These frequencies were not customizable - restricting you from forecasting at user-defined frequencies such as every two hours or every three weeks - and resulted in additional effort to manually aggregate forecasts to desired increments, increasing costs. With the launch of custom forecast frequencies, you can now specify your desired forecasting frequency and Amazon Forecast will automatically aggregate your data. This feature simplifies forecasting at intervals such quarterly (3-months) or bi-weekly frequencies, and allows you create forecasts that are better aligned with your business cycles.

Automate AWS Control Tower guardrail management through APIs

AWS Control Tower customers can now programmatically manage controls, also known as guardrails, across their organization at scale. Customers can programmatically enable, disable, and view application status of controls available in the AWS Control Tower library. Control APIs include AWS CloudFormation support, allowing customers to manage AWS resources as infrastructure as code (IaC). AWS Control Tower provides optional preventive and detective controls that customers can use to express their policy intentions to an entire organizational unit (OU), and every AWS account within the OU. These rules remain in effect as customers create new accounts or make changes to their existing accounts.

To call these APIs, customers need to know the control Amazon Resource Name (ARN) for the guardrail they are targeting, and the ARN associated with the target organizational unit (OU).

EnableControl - This API call activates a control. It starts an asynchronous operation that creates AWS resources on the specified organizational unit and the accounts it contains.

DisableControl - This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified organizational unit and the accounts it contains.

GetControlOperation - Returns the status of a particular EnableControl or DisableControl operation.

ListEnabledControls - Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it contains.

AWS GameKit adds Unity Support

AWS are excited to announce AWS GameKit is now available for the Unity game engine. AWS GameKit allows game developers to deploy and customize game backend features directly from a game engine. AWS GameKit launched on March 23, 2022 with support for Unreal Engine and with today’s release for Unity, game developers can integrate the following cloud-based game features into Win64, MacOS, Android, or iOS games from both the Unreal and Unity engines with just a few clicks: 

  • Identity and Authentication: Create unique identities for each player and allow players to sign into the game. Verify player identities and manage player sessions.
  • Achievements: Create and track game-related rewards earned by players.
  • Game State Cloud Saving: Maintain a synchronized copy of player game progress in AWS to allow players to resume gameplay across sessions.
  • User Gameplay Data: Maintain game-related data for each player, such as inventory, statistics, and cross-play persistence.

AWS GameKit can be used to deploy cloud-connected game backend features in 17 AWS Regions: US East (Ohio, N. Virginia), US West (Oregon, N. California), Canada (Central), South America (Sao Paulo), Europe (Ireland, London, Paris, Frankfurt, Stockholm), Asia Pacific (Tokyo, Seoul, Mumbai, Singapore, Sydney), Middle East (Bahrain).

AWS SAM CLI esbuild support is now generally available

The AWS Serverless Application Model (SAM) Command Line Interface (CLI) announces general availability of esbuild support in SAM CLI. The AWS SAM CLI is a developer tool that makes it easier to build, test, package, and deploy serverless applications. Esbuild, “an extremely fast JavaScript bundler”, links JavaScript ( js , jsx , ts , and tsx ) and CSS dependencies as deployable assets for the web. Starting today, you can now use esbuild in the SAM CLI build workflow for your JavaScript applications.

Developers using JavaScript and TypeScript can now use esbuild and SAM Accelerate to rapidly iterate on their code changes in the cloud, achieving the same levels of productivity they're used to when testing locally, while testing against a realistic application environment in the cloud. Support for esbuild includes features such as Minification, Tree Shaking, Source Maps, Loader, External and Main-Fields which can help simplify AWS Lambda development with JavaScript and TypeScript.

Amazon SageMaker Autopilot now provides custom data split options along with an improved experience for creating an AutoML experiment

SageMaker Autopilot automatically builds, trains and tunes the best machine learning models based on your data, while allowing you to maintain full control and visibility. Starting this week, when creating Autopilot experiment to train a machine learning model, you can customize the splits of data used for training and validation of models. By default Autopilot splits the specified dataset into 80-20 percent splits reserved for training and validation respectively. With this release, you can customize the training and validation data split percentages or alternatively provide two datasets, one for training and another for validation. This feature is available for use in both Amazon SageMaker Studio and SageMaker Autopilot API.

To make selection of training and validation dataset more efficient, this release also includes an improved user interface that provides a friendly S3 browsing experience and a guided step-by-step workflow that helps you gain full control and visibility into the advanced settings.

Amazon Inspector now supports Windows operating system (OS) for continual software vulnerability scanning of EC2 workloads

Inspector has added Windows Server 2012, 2012 R2, 2016, and 2019, 2022 support for continual EC2 vulnerability scanning. Customers that have Inspector EC2 scanning already enabled and the AWS Systems Manager (SSM) agent installed and configured, do not need to take any additional actions. Windows instances will now automatically and continually be scanned for software vulnerabilities and unintended network exposure. New customers can get started with Inspector with a single click in the AWS Management Console to start assessing for software vulnerabilities in their EC2 instances, both Windows and Linux, along with their container images in the Amazon Elastic Container Registry (ECR). A complete list of operating systems supported by Inspector can be found here.

Amazon Inspector is a vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure. With Amazon Inspector you can enable the service across your organization with a single click in the AWS Management Console. Once enabled, Inspector automatically discovers all of your EC2 workloads and intelligently scans them for software vulnerabilities and unintended network exposure. Inspector also supports Amazon ECR, allowing for a consolidated view of vulnerabilities across your Amazon EC2 instances and container images residing in ECR. Inspector uses the widely-adopted Amazon Systems Manager (SSM) agent for EC2 vulnerability scanning, eliminating the need to deploy a stand-alone security agent for software vulnerability assessments. Inspector provides a highly contextualized vulnerability risk score by correlating vulnerability information with environmental factors such as external network accessibility to help you prioritize the highest risks to address. Inspector security findings are presented in the Inspector console, routed to Amazon Security Hub, and pushed to Amazon EventBridge to make it easier to integrate with existing security tooling and workflow systems.

AWS Directory Service for Microsoft Active Directory and AD Connector are now available in the AWS Asia Pacific (Jakarta) Region

AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, and AD Connector are now available in the AWS Asia Pacific (Jakarta) Region.

Built from actual Microsoft Active Directory (AD), AWS Managed Microsoft AD makes it easy to migrate AD-aware applications while reducing the work of managing AD infrastructure in the AWS Cloud. You can use your Microsoft AD credentials to connect to AWS applications such as Amazon Relational Database Service (RDS) for SQL Server, PostgreSQL and Oracle database engines. You have the flexibility to keep your identities in your existing Microsoft AD or create and manage identities in your AWS managed directory.

AD Connector is a proxy that enables AWS applications to use your existing on-premises AD identities without requiring AD infrastructure in the AWS Cloud. You can also use AD Connector to join Amazon EC2 instances to your on-premises AD domain and manage these instances using your existing group policies.

Enterprise On-Ramp Support is now supported with AWS Outposts

Starting this week, AWS customers now have the option of using Enterprise On-Ramp Support or Enterprise Support to satisfy the prerequisite for ordering AWS Outposts. With the addition of Enterprise On-Ramp Support, customers now have more flexibility in selecting the AWS Support plan that best suits their Outposts workloads and support needs.

AWS Outposts is a family of fully managed solutions delivering AWS infrastructure and services to virtually any on-premises or edge location for a truly consistent hybrid experience. Launched in re:Invent 2021, Enterprise On-Ramp Support is a new AWS Support tier between the existing Business Support tier and Enterprise Support tier to help customers that are starting their cloud journey and need expert guidance to grow and optimize on cloud. Enterprise On-Ramp Support includes 24/7 access to Support engineers with 30 minute case response time for high severity issues. Customers also get access to consultative architectural guidance, operations reviews, cost optimization recommendations, and event management support delivered by a pool of Technical Account Managers (TAMs).

AWS announces open-sourced credentials-fetcher to simplify Microsoft AD access from Linux containers

AWS announces the general availability of the credentials-fetcher open source project. As you modernize your .NET applications to Linux containers, you no longer need to worry about Microsoft Active Directory (AD) dependency. You can use credentials-fetcher to access AD from services hosted on Linux containers using the service account authentication model. This package makes it possible to create kerberos tickets specific to group managed service accounts (gMSAs) in applications running on Linux containers. As part of our launch, we have packaged credential-fetcher in RPM format and added it to Fedora Linux. You can install this package by using dnf install credentials-fetcher.

A group managed service account is a managed account that provides automatic password management, service principal name (SPN) management, and the ability to delegate management to administrators over multiple servers or instances. Through this release, credential-fetcher unblocks a range of modernization use cases around identity management using Microsoft AD.

AWS Fargate announces availability of Microsoft Windows Server 2022 images for Amazon ECS

AWS Fargate launches support for the Microsoft Windows Server 2022 runtime platform for applications running on Amazon Elastic Container Services (Amazon ECS). This adds to the list of already supported Windows Server 2019 runtime platforms for AWS Fargate, and helps customers take advantage of the latest Windows features on AWS Fargate.
By running Windows Server 2022 on Amazon ECS with AWS Fargate, customers can reduce their Server Core container image RTM layer by up to 33%, enabling a reduction in the overall image size. Customers also get other benefits, such as longer support cycle (five years of mainstream and five years of extended support) and improved networking . The complete list of features and improvements are available in the official Microsoft documentation for Windows Server 2022 here.

AWS Fargate is a Serverless Containers platform where customers no longer need to set up automatic scaling groups or manage host instances for their application running on containers. In addition to providing task-level isolation, Fargate handles the patching of infrastructure/servers to help provide a secure compute environment. Customers can reduce the time spent on operational efforts, and instead focus on delivering and developing innovative applications. Fargate support for Amazon ECS with Windows Server 2022 is available in all public AWS Regions.

EBS Recycle Bin is now available in AWS GovCloud (US) regions

EBS Recycle Bin is now available in the AWS GovCloud (US) Regions with Federal Information Processing Standards (FIPS) 140-2 validated endpoints to protect sensitive information.

You can use Recycle Bin for EBS Snapshots and EBS-backed AMIs to recover from accidental deletions to meet business continuity needs. Previously, if you accidentally deleted a snapshot, you would have to roll back to a snapshot from an earlier point in time, increasing your recovery point objective. It was also not possible to recover accidentally deregistered AMIs. With Recycle Bin, you can specify a retention time period and recover a deleted snapshot or a deregistered AMI before the expiration of the retention period. A recovered snapshot or AMI retains its attributes such as tags, permissions, and encryption status, which it had prior to deletion. Snapshots and AMIs that are not recovered from the Recycle Bin are permanently deleted upon expiration of the retention time.

You can enable Recycle Bin for all or a subset of the snapshots and AMIs in your account by creating one or more Retention Rules. You can use tags in Retention Rules to specify which subset of snapshots or AMIs should move to the Recycle Bin upon deletion.

AWS Step Functions adds 14 new intrinsic functions so you can process data more efficiently in workflows.

AWS Step Functions expands support for manipulation of your input and output data with the addition of 14 new intrinsic functions so you can simplify data processing, reduce calls to downstream services, and write less code. Step Functions is a low-code, visual workflow service that supports integrations with over 220 AWS services, 10,000 API actions, and now 18 intrinsic functions.

Now, Step Functions makes it easier to perform data processing tasks such as array manipulation, JSON object manipulation, and math functions within your workflows without having to invoke downstream services or add Task states. When building workflows, you may need to check the result of map and parallel states, merge JSON objects, or create a UUID. Previously, to accomplish these tasks you needed to write functions in downstream services such as AWS Lambda which resulted in more code and integration points to manage. With Step Functions new intrinsic functions, you can perform basic data processing and data manipulations such as merging two JSON objects using states.JsonMerge directly in your workflow so you can combine the results of a task and its original input, allowing you to use downstream services for more business-critical tasks.

The new intrinsic functions are added directly to Amazon States Language and available where you build Step Functions workflows today including the Step Functions console with Workflow Studio, AWS CloudFormation, the AWS Command Line Interface (CLI), or the AWS Cloud Development Kit (CDK).

EBS Recycle Bin is now available in the Asia Pacific (Jakarta) Region

EBS Recycle Bin is now available in the Asia Pacific (Jakarta) Region. You can use Recycle Bin for EBS Snapshots and EBS-backed AMIs to recover from accidental deletions to meet business continuity needs. Previously, if you accidentally deleted a snapshot, you would have to roll back to a snapshot from an earlier point in time, increasing your recovery point objective. It was also not possible to recover accidentally deregistered AMIs. With Recycle Bin, you can specify a retention time period and recover a deleted snapshot or a deregistered AMI before the expiration of the retention period. A recovered snapshot or AMI retains its attributes such as tags, permissions, and encryption status, which it had prior to deletion. Snapshots and AMIs that are not recovered from the Recycle Bin are permanently deleted upon expiration of the retention time.
You can enable Recycle Bin for all or a subset of the snapshots and AMIs in your account by creating one or more Retention Rules. You can use tags in Retention Rules to specify which subset of snapshots or AMIs should move to the Recycle Bin upon deletion.

Amazon QuickSight launches a new user interface for dataset management

Amazon QuickSight launches a new user interface for dataset management. Previously, the dataset management experience was a popup dialog modal with limited space and all functionality shown up in one small modal. The new dataset management user interface replaces the existing popup dialog modal with a full-page experience, providing a clearer breakdown of dataset management categories, including Summary, Refresh, Permissions and Usage. This update also lays the foundation for future enhancement and features.

Amazon RDS for Oracle now supports M6i and R6i instances in new regions

Amazon Relational Database Service (Amazon RDS) for Oracle now supports M6i and R6i instances in new regions. In April 2022, Amazon RDS for Oracle has already launched the support of M6i and R6i instances in some regions.

M6i instances for RDS for Oracle will now be available in 7 new regions: Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), Canada (Central), Europe (London), Europe (Paris), and South America (São Paulo) regions.

R6i instance for RDS for Oracle will now be available in 10 new regions: US West (N. California), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (London), Europe (Paris), Canada (Central), and South America (São Paulo) regions.

Both M6i and R6i instances are available in 9 sizes with 2, 4, 8, 16, 32, 48, 64, 96, and 128 vCPUs. You can launch the new instances in the Amazon RDS Management Console or using the AWS CLI.

Amazon RDS for Oracle allows you to set up, operate, and scale Oracle database deployments in the cloud

AppFlow now supports Salesforce version 55.0 and additional AWS PrivateLink regions

Amazon AppFlow, a fully managed integration service that helps customers to securely transfer data between AWS services and software-as-a-service (SaaS) applications in just a few clicks, now supports Salesforce API version 55.0 which is the latest API in the Salesforce Summer ’22 release.

Customers are now able to leverage enhanced features provided by version 55.0. For instance, customers can now read and write recently added Salesforce objects and object-fields with both AppFlow batch-type and Change Data Capture (CDC) event-type flows. API version 55.0 will be the default API for all newly created flows while maintaining backward compatibility for existing flows.

Additionally, Amazon AppFlow now supports AWS PrivateLink connections to Salesforce in seven AWS regions: US East (N. Virginia), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central) and Europe (Frankfurt). Amazon AppFlow previously supported AWS PrivateLink connections to US East (N. Virginia) and US West (Oregon), and has now extended support to additional Private Connect regions recently introduced by Salesforce. This provides more of Amazon AppFlow’s global customers with the option of leveraging a higher degree of data security afforded by AWS PrivateLink.

A new sign-in experience is now generally available for Amazon QuickSight

Amazon QuickSight is changing the way users sign in to the service with a new look and feel that aligns the sign-in experience with existing AWS application sign-in patterns. The QuickSight sign-in process is now a three-step experience: 1) the first page requires your QuickSight account name, 2) the second page asks for your user name, 3) the third page varies depending on your sign in configuration: native QuickSight or Active Directory user, AWS root user, or IAM user. This change does not affect users who use single sign on (SSO.)

Account administrators may need to add new domains to their organization’s allow list to maintain access to QuickSight.

Amazon SageMaker Data Wrangler accelerates onboarding with sample dataset and guided feature discovery

Amazon SageMaker Data Wrangler reduces the time it takes to aggregate and prepare data for machine learning (ML) from weeks to minutes in Amazon SageMaker Studio, the first fully integrated development environment (IDE) for ML. With SageMaker Data Wrangler, you can simplify the process of data preparation and feature engineering, and complete each step of the data preparation workflow, including data selection, cleansing, exploration, and visualization, from a single visual interface. Customers using Data Wrangler can import data from Amazon S3, Amazon Athena, Amazon Redshift, Snowflake, Databricks Lakehouse Platform and more coming.

Starting this week, AWS customers new to Data Wrangler can get started faster with Data Wrangler by using a sample dataset and following guided steps to navigate the product for the first time. Data Wrangler offers the public Titanic dataset widely used to teach and experiment with ML so customer no longer need to import their own data to get started. Data Wrangler now suggests actions to help first time users discover key features such as Data Quality and Insights report, a popular feature that check data quality and helps detect abnormalities in your data.

Amazon Personalize expands the number of events considered by filters to make recommendations even more relevant

Amazon Personalize has extended the capabilities of its filters, increasing limits and providing control over the number of interactions considered by each filter. Amazon Personalize filters improve the relevance of recommendations by removing products that users have already purchased, videos they have already watched, or other digital content they have already consumed in their recent interactions. Receiving repeated recommendations may be frustrating for users, which could lead to lower user engagement and lost revenue opportunities. Amazon Personalize now offers the option to extend the number of interactions considered by the filters to better capture users’ historical activity, particularly for use-cases where customers have a high volume of interactions. Filters now consider up to 100 interactions per user per event type.

Setting up and using Recommendation Filters is simple. First, you use the Amazon Personalize console or API to create a filter using an Amazon Personalize-specific DSL (Domain Specific Language). Next, you apply this filter while querying for real time recommendations using the GetRecommendations or GetPersonalizedRanking API; or while generating recommendations in batch mode through a batch inference job. To increase the number of interactions considered by your filters, simply request a service quota increase via the Service Quota console.

Amazon Route 53 Resolver Endpoints announces 99.99% Service Level Agreement and updates its Service Level Agreement for Route 53 hosted zones

AWS has published a service level agreement (SLA) for Amazon Route 53 Resolver Endpoints, which provides availability guarantees for this service. AWS will use commercially reasonable efforts to make Amazon Route 53 Multi-AZ Resolver Endpoints available with a Monthly Uptime Percentage, during any monthly billing cycle, of at least 99.99% (the “Service Commitment”). In the event Amazon Route 53 Resolver Endpoints does not meet the Service Commitment, you will be eligible to receive a Service Credit as described in the Amazon Route 53 Resolver Endpoints Service Level Agreement.
This SLA is now available in all regions where Amazon Route 53 Resolver Endpoints is available. For more information on where Amazon Route 53 is available, see the AWS region table.
In addition, AWS has updated its 100% service level agreement for Route 53 hosted zones with an increased Service Credit Percentage, as described in the Amazon Route 53 Authoritative DNS Service Level Agreement.

Amazon AppFlow now supports Jira Cloud as a source

Amazon AppFlow, a fully managed integration service that helps customers to securely transfer data between AWS services and software-as-a-service (SaaS) applications in just a few clicks, now supports Jira Cloud as a source.

With this launch, AppFlow customers can now bring data from Jira Cloud into Amazon S3, Amazon Redshift, or any of Amazon AppFlow’s many other destinations. Jira Cloud data unlocks many compelling analytics and reporting use cases. For instance, customers are now able to perform statistical analysis and machine learning on Jira Issues in order to identify patterns or trends, and software development leaders can develop new metrics and reporting for software development velocity.

Introducing AWS Application Discovery Service Agentless Collector, a new discovery tool for AWS Application Discovery Service

AWS Application Discovery Service now includes the Application Discovery Service Agentless Collector to support enterprise customers gathering information for their migration projects. Deployment occurs via a virtual appliance installed within the user’s on-premises data centers, allowing one install to monitor hundreds of servers.

With the Agentless Collector, users can configure the discovery tool in a matter of minutes. The Agentless Collector currently supports gathering metadata for VMware virtual machines. The data then can be used in AWS Migration Hub to explore recommended Amazon EC2 instance types or exported in a CSV file.

The new Agentless Collector feature is now generally available, and can be used in all AWS Regions where AWS Application Discovery Service is available.

Amazon ElastiCache for Memcached is now HIPAA eligible

Amazon ElastiCache for Memcached is now a HIPAA (Health Insurance Portability and Accountability Act) eligible service. You can now use ElastiCache for Memcached to store, process, and access protected health information (PHI) and power secure healthcare and life sciences applications. ElastiCache for Memcached is a fully managed, Memcached-compatible, in-memory, key-value store service that delivers sub-millisecond latency to power real-time applications.

HIPAA eligibility applies to all AWS Regions where ElastiCache for Memcached is available. To learn more, visit the AWS services compliance page and AWS compliance resources.

AWS Security Hub launches announcements notification topic

AWS Security Hub now publishes announcements through Amazon Simple Notification Service (SNS), helping you stay up to date with the latest feature releases and announcements. To receive announcements about new AWS Security Hub features, subscribe to the AWS Security Hub SNS topic in your preferred Region.

You can also use an AWS Lambda function to trigger events when notifications are received. For more information, see Invoking Lambda functions using Amazon SNS notifications.

Available globally, AWS Security Hub gives you a centralized and comprehensive view of your security posture across all of your AWS accounts and across all Regions. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, and AWS IAM Access Analyzer, as well as from over 65 AWS Partner Network (APN) solutions. You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. You can also take action on these findings by investigating findings in Amazon Detective and by using Amazon CloudWatch Event rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), and incident management tools or custom remediation playbooks. 

Google Cloud Releases and Updates
Source: cloud.google.com

Anthos Service Mesh
  • 1.13.7-asm.3 is now available.

    This patch release contains a fix for an issue where istiod starts up very slowly when connectivity to the Google Cloud metadata service is partially broken. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

    Anthos Service Mesh 1.13.7-asm.3 includes the features of Istio 1.13.7 subject to the list of Anthos Service Mesh supported features.

    Google-managed data plane is now generally available (GA) as a part of managed Anthos Service Mesh. Google-managed data plane helps you upgrade data plane proxies automatically. For more information see Configure managed Anthos Service Mesh.


Apigee Integration

Region support for integration endpoint

Apigee X

On August 30, 2022, Apigee announced the GA launch of Pay-as-you-go pricing, a consumption-based model for Google's Apigee Platform.

When you use Pay-as-you-go pricing for Apigee, you are charged for the following:

  • The number of Apigee gateway nodes in the Apigee organization
  • The number of API requests processed by Apigee Analytics services
  • The amount of network usage

For more information, see the Pay-as-you-go overview and the Pay-as-you-go Example pricing.

With this release, the Apigee Pay-as-you-go pricing model includes a maximum Apigee gateway node count of 1,000 across all environments in a region.


Customer-managed encryption keys are now integrated with CMEK organization policies. This feature is generally available (GA).

The slot recommender creates recommendations for customers using on-demand billing and is now generally available (GA).

The Random Forest model is now generally available (GA). For more information, see the random forest sections in the end-to-end user journey page.

Community contributed UDFs are now generally available in the bigquery-utils GitHub repository and the bigquery-public-data.persistent_udfs public dataset.

Cloud console updates: In the query editor, when you select a function signature from the autocomplete list, you can remove the parameter names quickly by pressing the Backspace or Delete key.

  • bigquery/storage: allow users to set Apache Avro output format options through avro_serialization_options param in TableReadOptions message Through AvroSerializationOptions, users can set enable_display_name_attribute, which populates displayName for every avro field with the original column name Improved documentation for selected_fields, added example for clarity. (41ab4ec)

  • bigquery: add PreserveAsciiControlCharacters support for CSV (#6448) (b7bac2f)

  • bigquery: add preview support for default values (#6464) (edc3be5)


The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • Arcsight CEF (ARCSIGHT_CEF)
  • AWS Security Hub (AWS_SECURITY_HUB)
  • Azure AD (AZURE_AD)
  • BeyondTrust (BOMGAR)
  • Bitdefender (BITDEFENDER)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Bluecat DDI (BLUECAT_DDI)
  • Cisco ACS (CISCO_ACS)
  • Cisco Router (CISCO_ROUTER)
  • Cisco UCM (CISCO_UCM)
  • Cisco Umbrella IP (UMBRELLA_IP)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco VPN (CISCO_VPN)
  • CrowdStrike Falcon (CS_EDR)
  • Falco IDS (FALCO_IDS)
  • FireEye HX (FIREEYE_HX)
  • GCP Load Balancing (GCP_LOADBALANCING)
  • GCP Cloud Audit (N/A)
  • HP Aruba Clearpass (CLEARPASS)
  • Infoblox DNS (INFOBLOX_DNS)
  • Microsoft Intune (AZURE_MDM_INTUNE)
  • Office 365 (OFFICE_365)
  • Ordr IoT (ORDR_IOT)
  • Palo Alto Networks Traps (PAN_EDR)
  • Pivotal (PIVOTAL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Red Hat OpenShift (REDHAT_OPENSHIFT)
  • Sophos Firewall Next Gen (SOPHOS_FIREWALL)
  • Sourcefire (SOURCEFIRE_IDS)
  • Suricata EVE (SURICATA_EVE)
  • Symantec Event export (SYMANTEC_EVENT_EXPORT)
  • Tanium Comply (TANIUM_COMPLY)
  • Vectra Detect (VECTRA_DETECT)
  • VMware ESXi (VMWARE_ESX)
  • Windows Event (WINEVTLOG)

For details about changes in each parser, see Supported default parsers.

The following changes are available in the Unified Data Model:

  • The ip_location field was added to Noun type.
  • The day_max_sub_domains field was added to the Prevalence type.
  • The source_type field was added to the EntityMetadata type.

For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list.

Cloud Interconnect

Dedicated Interconnect support is available in the following colocation facilities:

  • Telecom Italia Cebrosa Campus, Turin
  • Telecom Italia Moncalieri Campus, Turin

For more information, see the Locations table.

Cloud Load Balancing

External TCP and SSL proxy load balancers now allow you to specify a forwarding rule with a global anycast IP address and any port from 1-65535. The target TCP or SSL proxy terminates IPv4 or IPv6 client traffic at the specified port and then proxies the traffic to backend instances.

For more information, see the following:

This feature is available in General Availability.

Cloud Composer

Cloud Composer 1.19.8 and 2.0.25 release started on August 29, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

The apache-airflow-providers-google package was upgraded to 2022.8.23+composer. Changes compared to version 2022.8.16+composer:

  • Added missing google-cloud-dataform package.

Cloud Composer uses a custom version of the apache-airflow-providers-google package. This custom version is based on the public version 6.8.0. For information about other changes compared to version 6.8.0, see release notes for the previous versions of this package.

Cloud Composer now generates an error message if an environment label matches internal environment labels used by Cloud Composer.

(Available without upgrading) It is no longer possible to set environment variables with names http_proxy and https_proxy.

(Cloud Composer 1) Fixed a transient issue that caused environment creation operations to fail with the Couldn't bring up ['composer-fluentd-daemon', 'airflow-worker'] in time message.

Cloud Composer 1.19.8 and 2.0.25 images are available:

  • composer-1.19.8-airflow-1.10.15 (default)
  • composer-1.19.8-airflow-2.1.4
  • composer-1.19.8-airflow-2.2.5
  • composer-2.0.25-airflow-2.1.4
  • composer-2.0.25-airflow-2.2.5

Cloud Composer versions 1.16.15 and 1.17.0.preview.11 have reached their end of full support period.

Cloud Monitoring

You can now collect additional MongoDB metrics from the Ops Agent, starting with version 2.19.0. For more information, see Monitoring third-party applications: MongoDB.

You can now manage Monitoring-specific roles by using the Cloud Monitoring pages in the Google Cloud console. For more information, see Grant access to Cloud Monitoring.

Cloud Run

Terraform samples are now available in many of the Cloud Run tutorials and guides, such as:

and many other pages. You can also find a full list of Terraform samples in Github.

Compute Engine

The following changes have been introduced to how your resource usage is calculated to determine applicable sustained use discounts:

  • Usage will be calculated on an hourly basis instead of a per microsecond basis.
  • Usage will be calculated collectively for a billing account instead of on a per project basis.


You can now set the number of maximum concurrent CDC tasks for a stream using the Datastream API. To learn more, see Manage streams.


Filestore is now available in Madrid, Spain (europe-southwest1 region).

Filestore is now available in Paris, France (europe-west9 region).

Filestore is now available in Milan, Italy (europe-west8 region).

Google Cloud Armor

 The Google Cloud Armor custom rules language now supports URLURL Unicode and utf-8 decoding.

Policy Intelligence

The user interface for Policy Troubleshooter in the Cloud console has been updated to improve usability. To view the new user interface, visit the Policy Troubleshooter page in the Cloud console.

Storage Transfer Service

Storage Transfer Service now offers preview support for multipart uploads for transfers originating from a file system, if the destination or intermediate bucket uses the Standard storage class.

Multipart uploads can speed up transfers that include large files. You must grant additional permissions on the destination or intermediate bucket; see Permissions for file system transfers for details.


Added support to deploy a workflow using a cross-project service account through the Google Cloud console.


Microsoft Azure Releases And Updates
Source: azure.microsoft.com


Generally available: New Azure Virtual Machines with Ampere Altra Arm-based processors

New general-purpose and memory-optimized Azure VMs, featuring Ampere Altra Arm-based processors, engineered to efficiently run scale-out, cloud-native workloads, are now available.

Public preview: Encrypt storage account with cross-tenant customer-managed keys

Azure Storage now supports customer-managed keys using a key vault on a different Azure Active Directory tenant.

General availability: Managed identity to connect Azure Cache for Redis to storage

Connect Azure Cache for Redis to storage accounts via managed identity established through Azure Active Directory to provide a more streamlined and secure process.

Public preview: Node.js 18 in Azure Functions

You can now use the latest features in Node.js 18 with Azure Functions.

Azure SQL—General availability updates for late August 2022

General availability enhancements and updates released for Azure SQL.


Azure SQL—Public preview updates for late August 2022

Public preview enhancements and updates released for Azure SQL in late August 2022

Generally available: Unity Catalog for Azure Databricks

Unity Catalog is a unified and fine-grained governance solution for all data assets in your Lakehouse.

General availability: Azure Cosmos DB integrated cache

Optimize your Azure Cosmos DB workloads using the integrated cache, an in-memory cache built-in to the Azure Cosmos DB dedicated gateway.

Public preview: App Configuration references for App Service and Azure Functions

App Service and Azure Functions now support referencing key-values from Azure App Configuration.

Generally available: Azure Functions extension for Event Grid blob trigger

Use the Event Grid blob trigger in Azure Functions to handle events raised by a storage account.

Public preview: Azure Storage Explorer support for Azure App Configuration resources

Work with your App Configuration resources in Storage Explorer on Windows, macOS, and Linux.

Generally available: Enterprise-grade edge for Azure Static Web Apps

Azure Static Web Apps now offers faster page loads, enhanced security, and reliability for your global applications.

Generally available: API Management custom widget support in developer portal

Add custom logic to the managed developer portal capabilities and leverage improved custom widget development.

General availability: Azure Communication Services support for Teams identities

Azure Communication Services now supports communication experiences for Teams identities. With this capability developers can build custom standalone applications that integrate audio, video, and telephony for Teams users.

Generally available: Enterprise-ready Azure Monitor change analysis capability released

Azure Monitor change analysis, which extends observability into Azure, is announcing general availability with enhanced performance and security, improved change data quality, and easy navigation from the Azure Monitor portal.

Public preview: Enterprise VMware Cloud Director Service for Azure VMware Solution

VMware Cloud Director Service on Azure VMware Solutions allows you to self-service provision and manage multiple virtual datacenters through multi-tenancy in your Azure VMware Solutions private clouds, reducing time and complexity.

Generally available: Live resize for Premium SSD and Standard SSD Disk Storage

Dynamically increase your disk storage capacity without any application downtime with the Azure Disk Storage live resize feature.

Public preview: Azure Arc-enabled servers in Azure China

Secure, govern, and manage your hybrid servers from Azure

Generally available: Azure Arc-enabled servers in South Africa North

Secure, govern, and manage your hybrid servers from Azure

Generally available: IoT Edge 1.4

The Azure IoT Edge release 1.4 is the long term servicing (LTS) release of IoT Edge. The companion release of Azure IoT Edge for Linux on Windows (EFLOW) 1.4 long term servicing will be coming later this fall.

Generally available: Prevent a lifecycle management policy from archiving recently rehydrated blobs

Use daysAfterLastTierChangeGreaterThan condition in lifecycle management policy to prevent unintended archiving.

General availability: ExpressRoute IPv6 Support for Global Reach

IPv6 support for Global Reach expands the possibilities for customers building dual-stack, hybrid networks with Azure.


Have you tried Hava automated diagrams for AWS, Azure, GCP and Kubernetes.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure, GCP accounts or stand alone K8s clusters. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here: