Monthly Cloudy Updates, February 2025
Table of Contents
Hello World!
Hello everyone! Let’s start this year with some interesting news and articles I found interesting.
-
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur.
-
We all assume our phones share data with third parties, but here you can how it is done, and which information is shared: Everyone knows your location: tracking myself down through in-app ads.
-
Have you ever wondered how good Redis is for rate-limiting? This post will give you an idea. Scaling Our Rate Limits to Prepare for a Billion Active Certificates.
-
How ClickHouse Cloud uses AWS Graviton to boost performance and efficiency.
And now, let’s get to the updates!
AWS
AWS Database Migration Service Serverless support for files with an S3 source endpoint
More info here.
AWS CodeBuild now integrates with Buildkite
AWS CodeBuild now offers native support for self-hosted Buildkite runners, enabling you to execute Buildkite pipeline jobs within the CodeBuild environment. More info here.
Cost Optimization Hub supports more EC2 Auto Scaling group recommendations
Cost Optimization Hub now supports idle EC2 Auto Scaling group recommendations and rightsizing recommendations for EC2 Auto Scaling groups with scaling policies and multiple instance types. More info here.
AWS Verified Access launches Zero Trust access to resources over non-HTTP(S) protocols
AWS Verified Access is now able to secure access to resources that connect over protocols such as TCP, SSH, and RDP. With this launch, you can use Verified Access to provide secure VPN-less access to all your corporate applications and resources using AWS zero trust principles. More info here.
AWS IAM announces support for encrypted SAML assertions
You can now configure your identity provider to encrypt the SAML assertions that it sends to IAM. This ensures that your assertions are encrypted when passed through intermediaries (for example, the end user’s web browser). More info here.
Amazon GuardDuty Malware Protection for S3 announces price reduction
For example in US East (N. Virginia) from $0.60 to $0.09 per GB. The price for objects evaluated remains unchanged. With this price reduction, you will be more capable of building secure and cost-effective data pipelines on Amazon S3 for applications with untrusted uploads across the enterprise. More info here.
AWS IAM Identity Center now offers improved error messages and AWS CloudTrail logging for provisioning issues
This service now provides improved error messages to simplify troubleshooting when syncing users and groups. You can also build automated monitoring and auditing for these errors using the AWS CloudTrail logs.
AWS Secrets and Configuration Provider now integrates with Pod Identity for Amazon EKS
This integration simplifies IAM authentication for Amazon EKS when retrieving secrets from AWS Secrets Manager or parameters from AWS Systems Manager Parameter Store. With this new capability, you can manage IAM permissions for Kubernetes applications more efficiently and securely, enabling granular access control through role session tags on secrets. More info here and here.
AWS AppSync GraphQL introduces operation-level caching for faster GraphQL API responses
This allows customers to cache entire GraphQL query operation responses. This enhancement enables developers to optimize read-heavy GraphQL APIs, delivering faster response times and improved application performance. More info here.
AWS Network Load Balancer now supports removing availability zones
Prior to this launch, customers could add AZs to an existing NLB, but could not remove AZs. With this capability, customers can now change their application stack locations and move them between availability zones quickly. More info here.
AWS CloudTrail network activity events for VPC endpoints are now generally available
You now have additional visibility into AWS API activity that traverses your VPC endpoints, enabling you to strengthen your data perimeter and implement better detective controls. You can enable network activity events for VPC endpoints for five AWS Services: Amazon S3, Amazon EC2, AWS Key Management Service (AWS KMS), AWS Secrets Manager, and AWS CloudTrail. More info here.
AWS Network Firewall introduces automated domain lists and insights
This new capability analyzes HTTP and HTTPS traffic logs from the last 30 days and provides insights into frequently accessed domains, enabling quick rule creation based on observed network traffic patterns.
AWS announces Backup Payment Methods for invoices
More info here.
Amazon ECS adds support for additional IAM condition keys
These new condition keys let you create IAM policies as well as Service Control Policies (SCPs) to better enforce your organizational policies in containerized environments. More info here.
EC2 announces Time-based Copy for AMIs
Similar to Time-based Copy for EBS snapshots , this feature enables customers to meet their compliance objectives by ensuring that AMIs are copied within and across AWS Regions within a specified duration. More info here.
Azure
DNSSEC for Azure DNS Public Zones is now generally available
The Azure DNS service automatically handles all key management and signing operations, simplifying the process for DNS zone administrators. By leveraging Azure’s robust infrastructure, you can ensure high availability and performance for your DNSSEC-enabled zones. More info here.
Azure Databricks Clean Rooms is now generally available
Azure Databricks Clean Rooms offers a privacy-safe environment for collaboration on all your data and AI assets, ensuring no direct access to sensitive information. More info here.
Analyze data using Log Analytics Simple mode
Simple mode experience was created to bridge this knowledge gap - allowing most popular KQL operators and actions to be utilized using a very simple, point-and-click experience requiring no KQL knowledge at all! More info here.
Public Preview: New Origin Types for Azure Front Door Premium Private Link-Enabled Origins
You can now configure Application Gateway, API Management, and Container Apps as Private Link-enabled origins in your Front Door Premium profile. Private Link-enabled origins in Front Door allow you to deliver content to your end-users through public Front Door endpoints while ensuring that your origins remain inaccessible to the public internet. More info here.
Retirement: Transition from Azure Data Studio to Visual Studio Code
Azure Data Studio (ADS) will be officially retired on February 28, 2026, to streamline development efforts and improve the user experience in Visual Studio Code (VS Code).
Fallback to internet on Private DNS Zones is now generally available
Simplifies scenarios with Private Link and Private DNS. This feature enables public recursion to occur in the event of receiving an authoritative NXDOMAIN response from Private DNS Zones. More info here.
Public Preview: Upgrade Existing Azure Gen1 VMs to Gen2-Trusted Launch
Support to enable Trusted launch on existing Azure Gen1 VMs by upgrading the Gen1 VM to Gen2-Trusted launch has been enabled. This will help improve the foundational security of existing Azure VMs. More info here.
Generally Available: Scheduled Load Tests in Azure Load Testing
With the new scheduling feature in Azure Load Testing, you can now automate test runs at a predefined time or cadence, ensuring seamless performance validation without manual intervention.
Generally Available: The Modern Version of the Azure Storage Data Movement Library
The enhanced functionality includes the ability to track transfer progress, pause and resume transfers, and checkpointing. More info here.
Azure Load Testing now supports using multiple JMeter files
Azure Load Testing now supports using multiple JMeter files and fragments in a single load test, enabling greater modularity and reuse in your test design. More info here.
Generally Available: 6th Generation Intel-based VMs - Dv6/Ev6
These Intel-based VMs come with three different memory-to-core ratios and offer options with and without local SSD across all the new VMs – the General Purpose Dsv6, Dlsv6, Ddvs6, and Dldsv6 series and the Memory Optimized Esv6 and Edsv6 series. These VMs will offer:
- Up to 27% higher vCPU performance and 3x larger L3 cache than the previous generation Intel Dl/D/Ev5 VMs
- Up to 192vCPU and >18GiB of memory
- Azure Boost which enables:
- Up to 400k IOPS and 12 GB/s remote storage throughput
- Up to 200 Gbps VM network bandwidth
- 46% larger local SSD capacity and >3X read IOPS
- NVMe interface for local and remote disks
- Enhanced security through Total Memory Encryption (TME) technology
More info here.
Public Preview: Azure Migrate Supports Premium SSD v2 Disks
Azure Migrate now supports migration to Premium SSD v2 disks, providing users with advanced disk options that offer greater flexibility and enhanced performance. These disks are ideal for mission-critical applications that require high IOPS & throughput, low latency, scalability, reliability, and competitive pricing compared to their predecessors.
Public Preview: Azure Container Storage on managed Prometheus
Customers using Azure Container Storage (ACStor) on AKS clusters can now collect storage pool and disk metrics with Azure Managed Prometheus and view/query metrics in Azure Managed Grafana. More info here.
Generally Available: Configure Notifications in Azure Load Testing
Azure Load Testing now allows you to configure notifications to receive updates for key events, such as test completion or schedule changes. These notifications can help you automate follow-up actions and improve team collaboration. More info here.
Public Preview: Azure CNI Powered by Cilium Node Subnet Support in AKS
This enhancement allows users to configure AKS clusters with Azure CNI powered by Cilium and Node Subnet. Thereby, it extends compatibility of Cilium’s eBPF dataplane to all supported IP address management configurations on AKS clusters. More info here.
Google Cloud
Model Armor
Model Armor is a Google Cloud service that enables you to apply content safety and content security controls to LLM prompts and responses to mitigate risks such as sensitive data leakage, prompt injection, and offensive content.
Cloud Monitoring
You can now create custom organization policies on alerting policies, notification channels, and snoozes. For info here.
GKE cluster notifications
GKE cluster notifications have the following new capabilities:
- You can now receive cluster notifications through Cloud Logging.
- GKE now sends a cluster notification to notify you when your cluster is running a minor version that is at or near the end of support.
- GKE now sends a cluster notification to notify you when your cluster has completed an upgrade operation.
More info here.
Cloud Run
When deploying a function in Cloud Run, you can now specify an Artifact Registry image repository to store the container. More info here.
Weighted load balancing for GKE External LoadBalancer Services is now generally available
External LoadBalancer Services support weighted load balancing, which allows nodes with more serving Pods to receive a larger proportion of new connections compared to nodes with fewer serving Pods.
Identity-Aware Proxy
You can configure Workforce Identity Federation with IAP, and use an external identity provider (IdP) to authenticate and authorize a workforce—a group of users, such as employees, partners, and contractors—using Identity and Access Management (IAM), so that the users can securely access services deployed on Google Cloud or on-premises. More info here.
VPC Service Controls
Support for adding projects as a source in the egress rules of a service perimeter is generally available. More info here.