Monthly Cloudy Updates, December 2024
Table of Contents
Hello World!
Loads of updates this month thanks to re:Invent. But before going into the updates let me share some interesting news and articles I found.
-
Have you ever struggled to understand your own code? Cognitive load is what matters.
-
If you have been using AI for coding, you’ll find this post resonates with your experiences. The 70% problem: Hard truths about AI-assisted coding.
-
This article emphasizes the importance of managing transitive dependencies for a robust software ecosystem. Our Software Dependency Problem.
-
Generative AI is not going to build your engineering team for you.
And now, let’s get to the updates!
AWS
Storage Browser for Amazon S3 is now generally available
This is an open source component that you can add to your web applications to provide your end users with a simple interface for data stored in S3. More info here.
Amazon MemoryDB Multi-Region in now generally available
MemoryDB is a fully managed, Valkey- and Redis OSS-compatible database service providing multi-AZ durability, microsecond read and single-digit millisecond write latency, and high throughput. More info here.
AWS announces access to VPC resources over AWS PrivateLink
AWS PrivateLink customers can now use VPC endpoints (powered by AWS PrivateLink) to privately and securely access VPC resources. These resources, such as databases or clusters, can be in your VPC or on-premises network, and can be shared with other teams in your organization or with external independent software vendor (ISV) partners. More info here.
Amazon CloudWatch adds network performance monitoring for AWS workloads using flow monitors
CloudWatch Network Monitoring uses flow monitors to provide TCP-based performance metrics for packet loss and latency, and network health indicators of your AWS workloads to help you quickly pinpoint the root cause of issues. More info here.
Amazon CloudWatch Container Insights launches enhanced observability for Amazon ECS
Enhanced observability enables customers to visually drill up and down across various container layers and directly spot issues like memory leaks in individual containers, reducing mean time to resolution. More info here.
Amazon CloudWatch and Amazon OpenSearch Service launch an integrated analytics experience
CloudWatch customers can now leverage OpenSearch’s Piped Processing Language (PPL) and OpenSearch SQL. Additionally, CloudWatch customers can accelerate troubleshooting with out-of-the-box curated dashboards for vended logs like Amazon Virtual Private Cloud (VPC), AWS CloudTrail, and AWS WAF. More info here.
Amazon FSx Intelligent-Tiering
AWS announces the general availability of Amazon FSx Intelligent-Tiering, a new storage class for Amazon FSx that costs up to 85% less than the FSx SSD storage class and up to 20% less than traditional HDD-based NAS storage on premises. More info here.
AWS Clean Rooms now supports multiple clouds and data sources
AWS Clean Rooms announces support for collaboration with datasets from multiple clouds and data sources. This launch allows companies and their partners to easily collaborate with data stored in Snowflake and Amazon Athena, without having to move or share their underlying data among collaborators. More info here.
AWS announces Invoice Configuration
This enables you to group AWS accounts according to your internal business entities such as legal entities, subsidiaries, cost centers etc. and receive separate AWS invoices for each of your business entities, within the same AWS Organization. More info here.
Amazon EKS Hybrid Nodes
With Amazon EKS Hybrid Nodes, you can use your on-premises and edge infrastructure as nodes in Amazon EKS clusters.
Amazon Web Services announces declarative policies
Declarative policies are designed to prevent actions that are non-compliant with the policy. The configuration defined in the declarative policy is maintained even when services add new APIs or features, or when customers add new principals or accounts to their organization. More info here.
VPC Lattice now includes TCP support with VPC Resources
More info here.
Amazon S3 Tables
Amazon S3 Tables deliver the first cloud object store with built-in Apache Iceberg support, and the easiest way to store tabular data at scale. S3 Tables are specifically optimized for analytics workloads, resulting in up to 3x faster query throughput and up to 10x higher transactions per second compared to self-managed tables. More info here.
AWS Security Hub now supports PCI DSS v4.0.1 standard
More info here.
Node Health Monitoring and Auto-Repair for Amazon EKS
EKS node health monitoring and auto-repair is available today at no additional cost, More info here.
Amazon ECS now supports network fault injection experiments on AWS Fargate
More info here.
Azure
Index tuning in Azure Database for PostgreSQL - Flexible Server
Now you can use index tuning to analyze the most resource intensive set of queries in your workload and produce recommendations of indexes that, once created, improve the performance of those queries. More info here.
Enhanced AKS logs with Kubernetes metadata and logs
Azure Kubernetes Service (AKS) logs now include detailed metadata, such as PodLabels, PodAnnotations, PodUid, Image, ImageID, ImageRepo, and ImageTag. These additions provide richer context and improved visibility into workloads, aiding in troubleshooting and monitoring. More info here.
Control the default NGINX ingress controller configuration is in preview
When you enable the application routing add-on with NGINX, it creates an ingress controller configured with a public facing Azure Load Balancer. Starting with Kubernetes 1.30, you can control this behavior when enabling the add-on by choosing if it gets a public or an internal IP.
Force attach/detach API support in AKS
With the release of Kubernetes v1.30, the Azure Disk CSI driver has adopted the force detach capability. This feature allows the driver to force detach zone-redundant storage (ZRS) data disks from VM nodes in a failed zone and attach them to another VM, reducing the Recovery Time Objective (RTO). More info here.
GPU-enabled Windows Node Pools in AKS
When creating a Windows agent pool with GPU support, you have the option to specify the type of GPU driver using the –driver-type flag.
The available options are:
- GRID: For applications requiring virtualization support.
- CUDA: Optimized for computational tasks in scientific computing and data-intensive applications.
More info here.
IMDS restriction support in AKS
Currently, all pods on AKS nodes can access the AKS worker node’s Azure Instance Metadata Service (IMDS) endpoint. AKS now offers a managed solution that restricts IMDS endpoint access for customer pods. More info here.
Parallel image pulls by default in AKS
Starting with AKS version 1.31 preview, AKS defaults to parallel image pulls. Generally, serialized image pulls are less performant than parallel pulls, especially when dealing with large or numerous container images. More info here.
Security Baseline with auto-remediation for Linux hybrid workloads
Key highlights of the Azure security baseline for Linux:
- Provided at no cost, except for the Azure Arc workloads (on-prem / other CSP).
- Enhanced compliance experience with more accurate state (Public Preview).
- Detailed information about the state of compliance (Public Preview)
- Fully open-sourced engine for compliance and remediation (Public Preview).
- Auto-remediation capabilities against the security baseline (Limited Public Preview).
More info here.
Network isolated cluster in AKS is in public preview
Today you can control an AKS cluster’s egress traffic using Azure Firewall. While this configuration is intended to isolate the cluster to protect sensitive business or customer data, it adds an additional layer of management complexity and cost.
AKS now provides the option to use network isolated clusters to simplify the process of restricting network access and reduce the risk of unintentional exposure of the cluster’s public endpoints to prevent security breaches.
More info here.
TLS changes for Azure Event Grid
Support for TLS 1.0 and TLS 1.1 will end on March 1, 2025. More info here.
Google Cloud
Hyperdisk Balanced Hight Availability is not generally available
This provides cross-zonal, synchronous replication for your disk data, offering the best set of options for RPO, RTO, and performance. More info here.
Google Kubernetes Engine Compute Engine Reservations
You can now configure custom compute classes to consume Compute Engine reservations. More info here.
Virtual Private Cloud Private Service Connect port mapping
Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint. More info here.
Policy Simulator for deny policies
You can use Policy Simulator for deny policies to simulate changes to deny policies before you apply them. This feature is available in Preview. More info here.
Google Kubernetes Engine recommendations
GKE now provides insights and recommendations that help you identify and amend clusters running a minor version that reached end of standard support, clusters with nodes in violation of version skew policy, and clusters without a maintenance window to achieve reliable operations, up-to-date security posture and supportability. More info here.
Cloud Billing
Added support for resource-based CUD (Committed Use Discount) recommendations as a starting point to simulate various usage scenarios, and customize the recommendation to purchase a CUD that maximizes your savings. More info here.
Google Cloud Architecture Center
There is a new guide for Confidential Computing for Data Analytics and AI.