Monthly Cloudy Updates, July 2025

Hello World!

Hello everyone! Let’s start this year with some interesting news and articles I found interesting.

• How Databases Store Your Tables on Disk.

• How we decreased GitLab repo backup times from 48 hours to 41 minutes.

• In Praise of “Normal” Engineers.

• LLMs bring new nature of abstraction.

• DNS Does Not Have to be Hard.

And now, let’s get to the updates!

---

---

---

AWS

Amazon CloudFront announces support for HTTPS DNS records

HTTPS resource records allow domain name systems (DNS) such as Amazon Route 53 to provide additional information such as supported HTTP protocol versions and port numbers before the HTTP connection is attempted.

Amazon Relational Database Service Custom (Amazon RDS Custom) for Oracle now supports Multi-AZ deployments

To set up an RDS Custom for Oracle database instance with Multi-AZ deployment, customers can specify their configuration when they create their database instance. RDS Custom automatically provisions primary and standby database instances in the different availability zones, and synchronously replicates data to the standby instance.

Amazon Keyspaces (for Apache Cassandra) now supports Change Data Capture (CDC) Streams

CDC streams in Amazon Keyspaces automatically capture insert, update, and delete operations as change events, delivering them in order with automatic deduplication. With CDC streams, you can build event-driven applications and implement use cases such as data analytics, text search, ML training/inference, and continuous data backups for archival.

Amazon Neptune Graph Explorer Introduces Native Query Support for Gremlin and openCypher

This enhancement empowers data scientists, developers, and database administrators to seamlessly interact with their graph databases using their preferred query language, eliminating the need for additional tools or interfaces.

AWS Fargate now supports SOCI Index Manifest v2

Seekable OCI (SOCI) accelerates Amazon ECS task launches by enabling containers to start running before the full container image is downloaded. SOCI Index Manifest v2 uses a cryptographic method to establish an explicit link between the image and its manifest, ensuring integrity and consistency during and across all deployment stages.

Oracle Database@AWS is now generally available

More info here.

Amazon VPC Lattice announces support for Oracle Database@AWS

With this launch, your ODB databases can easily connect to AWS services, HTTP APIs and TCP applications, across thousands of VPCs and on-premises, without the need to setup complex networking.

Amazon S3 Tables reduce compaction costs by up to 90%

Amazon S3 Tables now offer more cost-effective compaction operations for Apache Iceberg tables, with processing fees reduced by up to 90%. More info here.

Amazon VPC CNI now supports higher bandwidth and network performance per pod

With this enhancement, you can now leverage the full bandwidth and network performance capabilities of underlying Amazon EC2 instances that support multiple network cards. This is especially useful for Artificial Intelligence (AI), Machine Learning (ML), and High Performance Computing (HPC) use cases. More info here.

Amazon EKS now supports up to 100,000 worker nodes per cluster

More info here.

AWS Free Tier now offers $200 in credits and 6-month free plan to explore AWS at no cost

More info here.

AWS Lambda enables developers to debug functions running in the cloud from VS Code IDE

More info here.

Amazon ECS enables built-in blue/green deployments

You can now deploy software updates to Amazon ECS services which serve traffic from an Application Load Balancer (ALB), Network Load Balancer (NLB), or ECS Service Connect with a blue/green deployment strategy.

Amazon SQS introduces fair queues for multi-tenant workloads

When one tenant (such as a customer, client application, or request type) sends too many messages or has messages that require longer processing time, fair queues help keep other tenants’ messages flowing without long delays. This preserves quality of service for all tenants while maintaining the scalability and throughput of standard queues. More info here.

Amazon EC2 now supports skipping the operating system shutdown when stopping or terminating instances

You can now skip the graceful operating system shutdown attempt during stop or terminate for a faster application recovery when instance data preservation is not critical. More info here.

---

---

---

Azure

FQDN Filtering in DNAT rules in Azure Firewall is now Generally Available

More info here.

Azure DNS Security Policy is now Generally Available

DNS security policy offers the ability to filter DNS queries on VNETs. You can allow, alert, or block name resolution of known or malicious domains and gain insight into your DNS traffic. Detailed DNS logs can be sent to a storage account, log analytics workspace, or event hubs.

Customer Controlled Maintenance for Azure Firewall is now Generally Available

Azure Firewall enables users to set a maintenance window with a minimum duration of 5 hours, recurring daily, to best accommodate their requirements and minimize unexpected downtime.

Granular Role-Based Access Control (RBAC) for Azure File Sync is now Generally Available

These new roles, Azure File Sync Administrator and Azure File Sync Reader provide more granular access control compared to broad roles like Owner and Contributor, empowering organizations to enforce the principle of least privilege. More info here and here.

Microsoft Azure Cloud HSM is now Generally Available

More info here.

AZNFS 3.0 for BlobNFS with Fuse for superior performance is now in Public Preview

For customers requiring NFS 3.0 protocol support or POSIX compliance, Azure Blob Storage natively supports NFSv3 (aka BlobNFS). BlobNFS is accessed via the Linux NFS client with our AZNFS mount helper package, which streamlines mounting and reliably connecting to Blob Storage’s NFS endpoints. More info here.

Node auto-provisioning support in AKS is now Generally Available

NAP automatically provisions single-instance nodes (VMs) in response to unscheduled pods, eliminating the need for pre-configured node pools.

Virtual Machine node pools support in AKS

When deploying a workload onto Azure Kubernetes Services (AKS), each node pool typically can only contain one virtual machine (VM) type or SKU. Virtual Machines node pools allow the capability to add multiple VM SKUs of a similar family to a single node pool.

Max blocked nodes allowed support in AKS is now in Public Preview

The max blocked nodes allowed feature for AKS lets you specify how many nodes that fail to drain (blocked nodes) can be tolerated during upgrades or similar operations. This feature only works if the undrainable node behavior property is set; otherwise, the command will return an error.

Cluster Extension Manager move to AKS control plane is now Generally Available

This has been moved from customer worker nodes to the AKS control plane. This transition enhances security, simplifies networking, and reduces operational overhead - delivering a more robust and streamlined experience for managing extensions like Azure Backup, Azure Container Storage, Flux (GitOps) as well as third-party solutions such as Cast AI and Cilium. More info here.

Geo-Replication for Azure Event Hubs Premium and Dedicated is now Generally Available

More info here.

Azure Firewall now supports ingestion-time transformation in Log Analytics

For customers using Log Analytics to analyze firewall logs, the cost of log ingestion and storage itself can be significant. This feature lets you filter and transform logs before ingestion, helping reduce costs while retaining critical data. More info here.

Web Application Firewall (WAF) running on App Gateway for Containers is in Public Preview

More info here.

Azure Managed Lustre now supports VNET encryption for in-transit data protection

Azure Managed Lustre now supports Virtual Network (VNet) Encryption, enabling encryption of data in transit between Azure Managed Lustre and client virtual machines. This feature helps customers meet compliance requirements for data confidentiality in regulated industries such as finance, healthcare, and government. More info here.

Azure CNI static block allocation for pods subnet

Azure CNI Pod Subnet - Static Block Allocation enables VNET routed IP addresses that can scale to over 1M pods, providing the simplicity and low latency of a flat network. Each node receives pre-allocated CIDR blocks, and all pods on that node obtain IP addresses from these ranges. This approach delivers massive scale, previously only available with overlay networks (up to 1M pods) while maintaining all the benefits of a flat network architecture. It also works seamlessly alongside existing dynamic IP allocation for pod subnet – simply deploy it on new node pools with dedicated subnets. More info here.

ExpressRoute Auto-assigned Public IP for ExpressRoute Gateways is now Generally Available

All newly deployed ExpressRoute Virtual Network Gateways will use auto-assigned Public IPs. This change simplifies gateway configuration by removing the requirement to explicitly assign a Public IP address. More info here.

---

---

---

Google Cloud

Backup for GKE

Backup for GKE now supports backing up and restoring Hyperdisk ML and Hyperdisk Balanced High Availability volumes. This feature is available for GKE clusters running version 1.33.1-gke.1959000 and later.

Gemini Code Assist

• Gemini 2.5 Pro and Gemini 2.5 Flash are Generally Available (GA). These models are used for Gemini Code Assist Standard and Enterprise, and power Gemini Code Assist’s chat, code generation, and code transformation capabilities.

• Checkpoints, selected code snippets and terminal output, and other features are now Generally Available (GA)

BigQuery Connector for SAP version 2.9

Version 2.9 of the BigQuery Connector for SAP is generally available (GA). This version introduces Change Data Capture (CDC) replication of SAP data into BigQuery through Pub/Sub.

Enhanced tagging capabilities for Secret Manager

You can now add tags directly at the time of secret creation. This new feature lets you provide essential metadata for your resources and helps with better organization, cost tracking, and automated policy application from the time a secret is created.

Editable Backup Plans

You can now modify your existing backup plans directly, eliminating the need to create new plans and reassign them when your requirements change.

Cloud Service Mesh

Advanced load balancing for managed Cloud Service Mesh (TD) now generally available (GA).

Apigee X Server-sent events and EventFlows are Generally Available

Apigee supports continuous response streaming from server-sent event (SSE) endpoints to clients in real time. The Apigee SSE feature is useful for handling large language model (LLM) APIs that operate most effectively by streaming their responses back to the client.