Monthly Cloudy Updates, September 2024
Table of Contents
Hello World!
First, let me share with you some interesting news and articles I found this last month.
-
A very useful list of tools that can help you with IAM Roles: Industrial IAM Service Role Creation.
-
This post is a good reminder of the importance of continuously monitoring your cloud spending. Increasing your AWS Expenditure by 200% in a week.
-
Curious about how far you can push MySQL limits? Shard Balancing: Moving Shops Confidently with Zero-Downtime at Terabyte-scale.
-
Looking for ways to improve security of your IAM Roles? An AWS IAM Security Tooling Reference.
And now, let’s get to the updates!
AWS
AWS Network Load Balancer now supports configurable TCP idle timeout
Using this capability you can now reduce TCP connection retries and latency in applications that use long-lived flows, such as telemetry reporting devices, databases, streaming services and ERP systems, when using NLB. More info here.
Session reuse with Amazon Redshift Data API
Data API session reuse allows you to retain the context of a session from one query execution to another, which reduces connection setup latency on repeated queries to the same data warehouse. More info here.
DynamoDB announces support for Attribute-Based Access Control
With the flexibility of using tag-based conditions, you can now set more granular access permissions based on your organizational structures. More info here.
AWS Glue now provides job queuing
AWS Glue job queuing monitors your account level quotas and limits. If quotas or limits are insufficient to start a Glue job run, AWS Glue will automatically queue the job and wait for limits to free up. More info here.
Amazon Timestream for InfluxDB now supports enhanced management features
This allows you to scale your instance sizes up or down as needed and update your deployment configuration between Single-AZ and Multi-AZ, giving you greater flexibility and control over your time-series data processing and analysis. More info here.
Storage Browser for Amazon S3 for your web applications (alpha release)
This is an open source component that you can add to your web applications to provide your end users with a simple interface for data stored in S3. More info here.
Amazon RDS Custom for SQL Server supports Cross-region Snapshot Copying
Amazon RDS Custom for SQL Server now supports copying database snapshots, either created automatically or manually, across commercial AWS Regions. More info here.
AWS Gateway Load Balancer now supports configurable TCP idle timeout
This new capability that allows you to align the TCP idle timeout value of GWLB with clients and target appliances. More info here.
Amazon WorkSpaces Pools now allows you to bring your Windows 10 or 11 licenses
Now, customers can bring their Windows 10 or 11 licenses (provided they meet Microsoft’s licensing requirements) to support their eligible Microsoft 365 Apps for enterprise, providing a consistent desktop experience to their users when they switch between on-premise and virtual desktops. More info here.
Amazon ECS now supports AWS Graviton-based Spot compute with AWS Fargate
This capability helps you run fault-tolerant Arm-based applications with up to 70% discount compared to Fargate prices. AWS Graviton processors are custom-built by AWS to deliver the best price-performance for cloud workloads. More info here.
CloudWatch Application Signals now supports request based Service Level Objectives (SLOs)
CloudWatch Application Signals, which helps troubleshoot issues quickly by providing out-of-the-box dashboards that correlate telemetry across metrics, traces, and logs for your applications and their dependencies, now supports Service Level Objectives (SLOs) calculated based on the request count. More info here.
Amazon EventBridge Pipes now supports customer managed KMS keys
This allows you to to encrypt Pipes filter patterns, enrichment parameters, and target parameters with your own keys instead of default AWS owned keys. Using keys that you create, own, and manage can satisfy your organization’s security and governance requirements. More info here.
AWS Cost Management now provides purchase recommendations for Amazon DynamoDB reserved capacity
AWS Cost Explorer offers now purchase recommendations for Amazon DynamoDB reserved capacity. DynamoDB reserved capacity allows you to save up to 77% compared to provisioned capacity pricing in exchange for a usage commitment over a one or three-year term. More info here.
AWS CloudTrail launches network activity events for VPC endpoints (preview)
With network activity events for VPC endpoints, you can view details of who is accessing resources within your network giving you greater ability to identify and respond to malicious or unauthorized actions in your data perimeter. More info here.
Security Group Referencing on AWS Transit Gateway is now Generally Available
Customers can configure Security Groups by specifying a list of rules that allow network traffic based on criteria such as IP CIDRs, Prefix-Lists, Ports and SG references. More info here.
Amazon Kinesis Data Streams support for Attribute-Based Access Control (ABAC)
ABAC support for Kinesis Data Streams makes it simple for you to give granular access to developers without requiring a policy update when a user or project is added, removed or updated. More info here.
Amazon Redshift mTLS support for Amazon MSK
Amazon is now extending authentication methods with the addition of mutual transport layer security (mTLS) authentication between Amazon Redshift provisioned cluster or serverless workgroup and Amazon Managed Streaming for Apache Kafka (MSK) cluster or serverless.
Amazon Inspector enhances engine for Lambda standard scanning
This upgrade will provide you with a more comprehensive view of the vulnerabilities in the third-party dependencies used in your Lambda functions and associated Lambda layers in your environment. More info here.
CloudWatch Internet Monitor from Amazon Network Load Balancer console
You can now create or associate a monitor for an NLB directly when you create an NLB in the AWS Management console. You can create a monitor for the load balancer, or add the load balancer to an existing monitor, directly from the Integrations tab on the console. More info here.
Amazon EventBridge event delivery latency metric for Event Buses
EventBridge Event Bus now provides an end-to-end event delivery latency metric in Amazon CloudWatch that tracks the duration between event ingestion and successful delivery to the targets on your Event Bus. This new IngestionToInvocationSuccessLatency allows you to now detect and respond to event processing delays caused by under-performing, under-scaled, or unresponsive targets. More information here.
Azure
Generally Available: Azure Public IPs are zone redundant by default
Azure Public IPs are zone redundant by default. Unless you specifically select a single zone when you create Standard Public IPs, it will be zone redundant. More info here.
Public Preview: Entra ID support for SSH connections in portal
With Microsoft Entra ID authentication, there are two main benefits to users connecting to their virtual machines. First, it eliminates the need for local authentication mechanisms, reducing a point of attack for malicious actors. Second, with Microsoft Entra ID authentication set as the authentication mechanism, instead of providing additional authentication to connect, users can experience a one-click sign-on into their virtual machines. More info here.
Generally Available: VMSS Automatic Instance Repairs – Reimage, Restart Repair Actions
Automatic instance repairs help Virtual Machine Scale Set customers achieve high application availability by automatically detecting and recovering unhealthy VM instances at runtime.
Generally Available: Auto-renewal of certificates for on-premises to Azure Site Recovery
Azure Site Recovery has introduced automatic renewal of certificates for on-premises to Azure disaster recovery. More info here.
Generally Available: Azure SQL Database Hyperscale elastic pools
With Hyperscale elastic pools, you can focus on optimizing and enhancing your application workloads at a great price point.
Public Preview: Live Resize for Azure Premium SSD v2 and Ultra Disks
More info here.
Public Preview: DNAT on Azure Firewall Private IP address
This capability is also relevant for hybrid scenarios, connecting on-premises datacenters to Azure, where DNAT bridges the gap, enabling communication between private resources over non-routable IP addresses. More info here.
Generally Available: Java on Azure Container Apps
You can now leverage managed Java components for seamless app-to-app communication. Enhance your monitor and diagnostic experience with managed Spring Boot Admin, dynamic logger, and embedded Java metrics in Azure Monitor. More info here.
Public Preview: Advanced Container Networking Services: Enhancing security and observability in AKS
Advanced Container Networking Service offers advanced security feature, FQDN filtering. FQDN filtering allows you to define granular network policies based on domain names rather than IP addresses. More info here.
Generally Available: Force detach zone redundant data disks during zone outage
More info here.
Generally Available: gRPC and frontend mTLS now available for Application Gateway for Containers
Frontend mutual authentication (mTLS) brings feature parity to Application Gateway for Containers, for customers using Application Gateway Ingress Controller. This enhancement increases security by ensuring only specific clients are authenticated before their requests are proxied to a backend service. More info here.
Public Preview: Virtual machines node pools support in AKS
With virtual machines node pools, Azure Kubernetes Service directly manages the provisioning and bootstrapping of every single node. Typically, when deploying a workload onto Azure Kubernetes Service (AKS), each node pool can only contain one virtual machine (VM) type or SKU. More info here.
Google Cloud
Compute Engine now supports performance monitoring unit (PMU)
Using the PMU is helpful to analyze and optimize the performance of the software running on your VM when running performance-sensitive workloads, such as high-performance computing (HPC) or machine learning (ML) workloads. More info here.
Import Grafana Dashboards into Cloud Monitoring
You can now import Grafana dashboards into Cloud Monitoring by using the console. More info here.
Workflows Execution Backlogging
Backlogged executions automatically run as soon as execution concurrency quota becomes available. More info here.
Cloud SQL for
-
SQL Server: When you clone your zonal instance, you can now specify a preferred zone for the instance. More info here.
-
PostgreSQL: You can now use point-in-time recovery to restore your zonal instance to a preferred primary zone and your regional instance to both a preferred primary zone and a preferred secondary zone. More info here.
-
MySQL: When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. More info here.
Cloud Run
Deterministic URLs, which let you predict a Cloud Run service URL before the service is created, is now in general availability (GA). More info here.
You can now apply custom constraints for projects that get enforced by organization policies on your Cloud Run services and jobs (in Preview).
BigQuery
You can now use vector search and vector index features in BigQuery. More info here, and here.
Firestore
You can now use Firestore to perform K-nearest neighbor (KNN) vector searches. More info here.
Compute Engine Multi-writer support
Up to 8 VMs can simultaneously read from and write to the same disk. More info here.
Capacity Planner
You can use the Capacity Planner API to export usage and forecast data of the VMs, Persistent Disk volumes, or GPUs in your project, folder, or organization. More info here.
You can view the on-demand reservations and future reservation requests available for consumption in your project, folder, or organization. More info here.
Cloud Storage
You can now use the Google Cloud console to do the following:
- Create buckets with hierarchical namespace enabled. To learn more, see Create a bucket.
- Create and manage folders in buckets with hierarchical namespace enabled. To learn more, see Create and manage folders.
- Rename and move folders. To learn more, see Rename and move folders.
Google Kubernetes Engine
For GPU node pools created in GKE Standard clusters running version 1.30.1-gke.115600 or later, GKE automatically installs the default NVIDIA GPU driver version corresponding to the GKE version if you don’t specify the gpu-driver-version flag.
Cloud SQL Upgrades
- PostgreSQL* You can now upgrade your instances to Cloud SQL Enterprise Plus edition with near-zero downtime. More info here.
- MySQL You can now upgrade your instances to Cloud SQL Enterprise Plus edition with near-zero downtime. More info here.
Oracle Database@Google Cloud
With native integration, you can deploy your Oracle database services in a Google Cloud data center running on OCI Exadata hardware with minimal latency. More info here.
Media CDN
HTTP method filtering for specific route rules is now Generally Available. You can now also implement such filtering by using the GUI. More info here.
Cloud Load Balancing
Envoy-based Application Load Balancers now support authorization policies that let you establish access control checks for incoming traffic. More info here.
Spanner
You can choose between the Standard, Enterprise, and Enterprise Plus editions, letting you pick the right set of capabilities to fit your needs and budget. More info here.
Cloud Storage Cross-Bucket Replication
You can use cross-bucket replication to copy new and updated objects asynchronously from a source bucket to a destination bucket. More info here.