Monthly Cloudy Updates, January 2024
Table of Contents
Hello World!
Busy beginning of the year, so the updates are late (again).
Let’s start with a couple of interesting posts a good friend of mine shared with me, you should definitely check his website.
The main differences between OpenBSD, FreeBSD, NetBSD and DragonFly BSD
Cool *BSD post.
Comparing SSH Keys - RSA, DSA, ECDSA, or EdDSA?
Ever wondered what the differences are between RSA, DSA, ECDSA, and EdDSA? This post explains it.
AWS
Amazon EC2 Serial Console is now available in all Local Zones
Amazon EC2 Serial console is now available in all AWS Local Zones. Amazon EC2 Serial Console provides a simple and secure way to troubleshoot boot and network connectivity issues by establishing a connection to the serial port of an instance.
AWS Systems Manager now supports Ubuntu 23.04, Debian 12, MacOS 14, and SUSE SP5
AWS Systems Manager now supports instances running Ubuntu 23.04, Debian 12, MacOS 14 (Sonoma), and SUSE SP5. Systems Manager customers running these operating systems versions now have access to all AWS Systems Manager Node Management capabilities, including Fleet Manager, Compliance, Inventory, Hybrid Activations, Session Manager, Run Command, State Manager, Patch Manager, and Distributor. More information here.
AWS Accounts discontinues the use of security challenge questions
Starting on January 5, 2024, AWS Accounts will no longer support security challenge questions for accounts that have not already enabled them. This will remove the option for customers to add new security challenge questions from the Accounts page in the AWS Management Console.
AWS CloudShell now supports Docker
AWS CloudShell now has built-in support for Docker, making it easier than ever for developers to quickly spin up containers and run commands inside them directly from their CloudShell environment.
Amazon Route 53 expands geoproximity routing
Amazon Route 53 supports geoproximity routing as an additional routing policy for DNS records in public and private hosted zones. Geoproximity routing improves application responsiveness for your end users and helps organizations apply data residency preferences by routing traffic to the geographically nearest resource. More information in the following blog post.
Kinesis Data Firehose supports delivering data to Splunk clusters using ALB
Amazon Kinesis Data Firehose (Firehose) enables customers to capture, transform, and deliver data streams into Amazon S3, Redshift, OpenSearch, Splunk, and 10+ other destinations for analytics. With this new feature, customers can now use Firehose to deliver streams to their Splunk cluster configured with either an Application Load Balancer (ALB) or a Classic Load Balancer (CLB).
Amazon Route 53 Resolver DNS Firewall now supports query type filtering
Route 53 Resolver DNS Firewall is a managed service that enables customers to block DNS queries made for domains identified as low-reputation or suspected to be malicious, and to allow queries for trusted domains. Check it out here.
Amazon RDS for MySQL now supports multi-source replication
Amazon Relational Database Service (Amazon RDS) for MySQL now supports multi-source replication, which allows you to configure multiple RDS for MySQL database instances as sources for a single RDS for MySQL target database instance.
Amazon ECS announces managed instance draining
This facilitates graceful shutdown of workloads deployed on Amazon Elastic Compute Cloud (Amazon EC2) instances by safely stopping and rescheduling workloads to other, non-terminating instances.
NLB supports RSA 3072-bit, ECDSA 256/384/521-bit certificates via AWS Certificate Manager
RSA and ECDSA are two widely used public-key cryptographic algorithms to encrypt and decrypt data. With RSA 3072-bit and ECDSA 384/521-bit certificates, the longer key size will enhance security, making it more difficult for an attacker to decrypt the communication. Compared to RSA, ECDSA has the advantage of increased performance, providing higher security strength with smaller key sizes and lower computational cost. More info here.
Amazon Inspector now supports CIS Benchmark assessments for operating systems in EC2 instances
The CIS Security Benchmarks program provides well-defined, unbiased, consensus-based industry best practices to help organizations assess and improve their security. AWS is a CIS Security Benchmarks Member company.
Amazon VPC now supports idempotency for route table and network ACL creation
Idempotent creation of route tables and network ACLs is intended for customers that use network orchestration systems or automation scripts that create route tables and network ACLs as part of a workflow.
AWS AppFabric is now ISO, PCI, and SOC compliant
Customers can now use AWS AppFabric for use cases that are subject to International Organization for Standardization (ISO), Payment Card Industry Data Security Standard (PCI), and Service Organization Control (SOC I, II, and II) requirements.
Azure
Azure Data Explorer connector for Apache Flink
The Azure Data Explorer connector for Flink is an open source project that can run on any Flink cluster. It implements data sink for moving data from a Flink cluster to an Azure Data Explorer table.
Azure Load Testing supports fetching secrets from Azure Key Vault with access restrictions
In Azure Load Testing, you can use secrets from Azure Key Vault to set up your load test. If access to the Key Vault is restricted by a firewall or virtual networking, you can now access secrets from such a Key Vault by granting access to Azure Load Testing as a trusted Azure service.
General Availability: Customer-managed keys for Azure NetApp Files volume encryption
With this capability,you can increase security of your encryption keys by taking direct ownership of managing key rotation, access, permissions and auditing tasks. More information here.
General Availability: Azure Virtual Network encryption
With Virtual Network encryption, customers can enable encryption of traffic between Virtual Machines and Virtual Machines Scale Sets within the same virtual network and between regionally and globally peered virtual networks. This new feature enhances the existing encryption in transit capabilities in Azure.
Public Preview: Load Balancer in Azure API Management
Customers have the ability to create a load balancer that directs traffic to multiple endpoints. Customers can now create backend pools, allowing them to add multiple backends for an API and implement load balancing across those backends. More information here.
Public Preview: Circuit Breaker in Azure API Management
Customers now have the capability to configure the circuit breaker property in the backend resource, providing protection for a backend service against being overwhelmed by excessive requests. More information here.
Azure Advisor integration with Azure Monitor Log Analytics Workspace
Now Azure Advisor provides recommendations for Log Analytics workspaces. More information here.
Automatic Image Creation using Azure VM Image Builder is now generally available
Finally GA, more info here.
Public Preview: Azure Automation Runtime environment & support for Azure CLI commands in runbooks
Improved exports experience for FinOps
Improved export experience for FinOps data in Azure, Additional information available on the export and FOCUS compliant now. More information here.
Public Preview: Azure Business Continuity Center is now available in all regions
With the Azure Business Continuity Center, enterprises can seamlessly govern, monitor, operate, and analyze protection at scale, more information here.
Public preview: ExpressRoute guided portal experience for multi-site resiliency
This new service makes it easier for you to configure multi-site resilient ExpressRoute circuits and connect them to a virtual network gateway. More information here and [here]https://aka.ms/ExpressRouteGuidedPortal.
General availability: Azure Cosmos DB for PostgreSQL Customer-managed keys (CMK)
Data stored in your Azure Cosmos DB for PostgreSQL cluster is automatically and seamlessly encrypted with keys managed by Microsoft (service-managed keys). Optionally, you can now choose to add an additional layer of security by enabling encryption with customer-managed keys.
GCP
BigQuery
- Analytics Hub listings can now include data encrypted with customer-managed encryption keys (CMEK).
- You can now use tags on BigQuery tables to conditionally grant or deny access with Identity and Access Management (IAM) policies. This feature is in preview.
Cloud Spanner directed reads is now available in Preview.
Directed reads provides the flexibility to route read-only transactions and single reads to a specific replica type or region in a multi-region instance configuration. For more information, see Directed reads.
Cloud VPN support for IPv6-only HA VPN gateways is in Preview
For more information, see IPv6 support.
Snapshot Settings
Snapshot settings are centralized configuration parameters for all snapshots in a project. You can use snapshot settings to customize the default storage location for all future snapshots in your project. By enabling you to do this, snapshot settings remove the need for you to manually specify a storage location during each individual snapshot creation. More information at he snapshot settings documentation.
Recommendations for Compute Engine Flexible committed use discounts are now Generally Available
Flexible CUDs add flexibility to your spending capabilities by eliminating the need to restrict your commitments to a single project, region, or machine series. Flexible CUDs recommendations in the FinOps Hub help you optimize costs by analyzing your spending trends and existing commitments to suggest purchase amounts for Flexible CUDs. Learn more about Flexible CUDs
Security Command Center Management API
The Security Command Center Management API, which provides API support for managing settings and custom modules, is now GA. For more information, see Security Center Management API.
Cloud Billing
Subscription IDs for your committed use discounts are now available in the Detailed cost data export. View the schema of the Detailed cost data export
Cloud Functions now supports the [.NET 8]
Available for 2nd gen functions, more information here.
NVIDIA L4 GPUs
These are now available in more regions, for more information see GPU platforms.