Tech Updates for Busy People, August 2023

Table of Contents

Quite an interesting August we’ve been having, and I’m not talking about the crazy weather. Let’s cut to the chase and get to the updates.

Terraform

HashiCorp adopts Business Source License

This has caused a lot of buzz on the internet these days and I’m not going to get into the details of the license, but I’ll leave you with the links to the official announcement. A lot of people got worried about this change (not the Pululmi folks), so we now have the OpenTF Manifesto.

AWS

AWS IPv4 charges

AWS announced that they will start charging for IPv4 addresses even those not associated with a resource. This change will be effective on February 1, 2024.
This means you have a few months more to clean up your unused IPv4 addresses, or to finally start the IPv6 migration you have been delaying for the last 10 years.

Mountpoint for Amazon S3 is now GA

This is a great feature that allows you to mount an S3 bucket as a local file system on a Linux instance. This is for those use cases where you need to access the data stored in S3 as if it was a local file system. Mountpoint for Amazon S3.

Improvements to multi-account management for GuardDuty

This new capability will help customers to manage GuardDuty across multiple accounts through delegated administrators. More info here.

Amazon RDS for MariaDB now supports MariaDB 10.11

Amazon RDS for MariaDB 10.11 includes performance improvements that enable up to 40% higher transaction throughput than previous versions. You can deploy RDS for MariaDB 10.11 on RDS Optimized Read and Optimized Write enabled instance classes for additional performance gains. For more information about this version of MariaDB please visit the Changes and Improvements in MariaDB 10.11 and the AWS documentation.

AWS PrivateLink now supports user defined IP addresses for VPC endpoints. This feature allows you to specify the IP address of the VPC endpoint in your VPC CIDR range. This is a great feature for those customers that need to control the IP addresses used by the VPC endpoints. More info .

AWS Glue Studio Visual ETL adds 5 new visual transforms

Good news for those who don’t like to write code or enjoy using their mouse a lot, AWS Glue Studio now supports 5 new visual transforms to remove nulls rows, extract strings from a regex, parse a JSON column, match records, and extract JSON paths.

AWS AppSync now supports JavaScript for all resolvers in GraphQL APIs

Developers can now use JavaScript to write their unit resolvers, pipeline resolvers, and AppSync functions that are executed on the AppSync JavaScript runtime. More info here. And if you don’t know what GraphQL is, check it out, it’s powerful technology that can take you API to he next level GraphQL.

Amazon RDS Performance Insights provides an on-demand analysis experience

This launch allows you to analyze Performance Insights data for a time period of your choice. For example, you can analyze the time frame when your application experienced “slowdowns” to see whether and how database behavior changed.You can learn how the selected time period differs from normal, what went wrong, and get advice on corrective actions. Check out the demo.

Network Load Balancer now supports security groups

You might think this announcement is from 2017 but it is not; Network Load Balancers (NLB) now supports security groups, you can now filter the traffic that your NLB accepts and forwards to your application. More information.

AWS Fargate supports process ID namespace sharing and kernel parameter configuration

AWS Fargate now supports Process ID (PID) namespace sharing and kernel parameter configuration (sysctl) for applications orchestrated by Amazon ECS. You can now configure the pidMode and the sysctl parameters in your ECS task definition for tasks running on Fargate. Additional Linux controls for Amazon ECS tasks on AWS Fargate.

AWS Security Hub launches 12 new security controls

AWS Security Hub has released 12 new security controls, increasing the overall number of controls Security Hub offers to 276. With these new controls, Security Hub now supports three additional AWS services: Amazon Athena, Amazon DocumentDB (with MongoDB compatibility), and Amazon Neptune. Security Hub has also added an additional control against Amazon Relational Database Service (Amazon RDS). For the full list of recently-released controls and the AWS Regions in which they are available, visit the Security Hub User Guide.

Azure

Azure AD is becoming Microsoft Entra ID

I guess someone decided it’d be fun to confuse all those familiar with the AD name. Fortunately, only the name is changing (for now) Azure AD is Becoming Microsoft Entra ID.

Azure AD signing key got stolen

Microsoft says it still doesn’t know how Chinese hackers stole an inactive Microsoft account (MSA) consumer signing key used to breach the Exchange Online and Azure AD accounts of two dozen organizations, including government agencies.

Retirement: Azure Container Apps preview API versions 2022-06-01-preview and 2022-11-01-preview

If you’re using Azure Resource Manager API version 2022-06-01-preview or 2022-11-01-preview to manage Azure Container Apps, update your API requests to use version 2023-04-01-preview or later.

Public Preview: Azure Elastic SAN Updates: Private endpoints & shared volumes

With the addition of private endpoint support, you can now access Elastic SAN volumes via either private endpoints or via public endpoints that are restricted to allow network access from specific virtual network subnets only. If you require the additional layer of security that private endpoints add, this is an essential update.

Durable Functions for Python v2 Programming Model

Support of Durable Functions with the Azure Functions v2 programming model for development in Python is now Generally Available.

Kubernetes 1.27 support in AKS

AKS support for Kubernetes 1.27 is now generally available. this version has over 50 features and enhancements focused on improving security, scalability, reliability, and performance of cloud native applications. With the general availability of 1.27 support, you can now take advantage of these capabilities in production. Check the Changelog for more info.

Azure Key Vault references for secrets in Azure Container Apps

Azure Container Apps support for Azure Key Vault references in application secrets is now generally available.

Azure Key Vault references enable you to source a container app’s secrets from secrets stored in Azure Key Vault. Using the container app’s managed identity, the platform automatically retrieves the secret values from Azure Key Vault and injects it into your application’s secrets.

AKS now facilitates Private Link Service (PLS) creation for Kubernetes services through annotations, simplifying PLS setup. You can add the necessary PLS annotation to the service manifest file with an ‘azure-load-balancer-internal’ annotation and LoadBalancer service type.

This eliminates searching for Azure Load Balancer IP configuration for PLS creation, as AKS will handle PLS provisioning with the Kubernetes service. You can also establish a PLS resource by adding the PLS annotation to the manifest file after service provisioning.

Azure Container Apps enhancements

Public Preview: Storage auto-grow & online disk scaling for Azure Database for PostgreSQL Flexible Server

With auto-grow enabled, Azure Database for PostgreSQL Flexible Server will automatically increase the size of the provisioned storage of your database servers. As a result, there’s no longer a need to worry about rightsizing when beginning to use these services or about running out of storage.

Additionally, we have introduced online disk scaling globally, eliminating the requirement for server restarts during storage scaling operations. Storage auto-grow.

Public preview: Azure VNet flow logs

Virtual Network (VNet) flow logs enable you to capture information about IP traffic flowing through your Virtual Networks for usage monitoring & optimization, troubleshooting connectivity, compliance, and security analysis.

Flow data is sent to Azure Storage accounts. From there, you can access the data and export it to any visualization tool, SIEM (security information and event management) solution, or intrusion detection system (IDS) of your choice. You can also enable Traffic Analytics that aggregates and enriches flow data to provide advanced visibility into user and application activity as well as malicious IP communication in your networks. VNet flow logs.

New Monitoring and Logging Updates in Azure Firewall

Structured Logs: New logging format that provides a more detailed view of firewall events. Structured Logs provide the following benefits: they are easier to work with data in log queries and help discover schemas; they improves performance and reduce latency; they allow ability to grant Azure RBAC rights on specific tables.

Latency Probe Metric: The Latency Probe metric is designed to measure the overall latency of Azure Firewall and provide insight into the health of the service.

Public preview: Support for new custom error pages in Application Gateway

In addition to the response codes 403 and 502, the Azure Application Gateway now lets you configure company-branded error pages for more response codes - 400, 405, 408, 500, 503, and 504. You can configure these error pages at a global level to apply to all the listeners on your gateway or individually for each listener. The custom error pages you set are displayed to the clients when the Application Gateway generates these response codes. You can host these error page files at any publicly accessible URLs.

Public preview: Azure Storage Mover support for SMB and Azure Files

Azure Storage Mover can now migrate your SMB shares to Azure file shares.

Storage Mover is a fully managed migration service that enables you to migrate on-premises files and folders to Azure Storage while minimizing downtime for your workload. Together with Just-in-time permission setting and Azure Key Vault, your migration is secure from source to target. Azure Storage Mover.

Azure Load Testings

Run tests for up to 24 hours

You can now run tests for durations up to 24 hours in Azure Load Testing. To run tests longer than 3 hours (up to 24), raise a support ticket request to increase your quota for ‘Test duration’ by following the steps mentioned here.

Create and manage tests and test runs using Azure CLI

Azure CLI now supports the following:

  • az load test command group to manage load tests.
  • az load test-run command group to manage load test runs. More info, here.

Run tests with 100,000 virtual users

You can now run tests with up to 400 engine instances, simulating up to 100,000 virtual users in Azure Load Testing. To run tests with 100,000 virtual users, raise a support ticket to increase your quota for ‘Engines instances per test run’ following the steps mentioned here.

Enhanced Security and Compliance add-on for Azure Databricks now Generally Available

Enhanced Security and Compliance (“ESC”) provides the technical capabilities to support the security and compliance needs of Azure Databricks customers when processing regulated and sensitive data sets.

It is comprised of two offerings:

  • Enhanced Security Monitoring (“ESM”): ESM couples a hardened security image with additional security agents to support customers that need additional protection and security monitoring capabilities for their most sensitive data.
  • Compliance Security Profile (“CSP”): CSP facilitates the compliance governance for workspaces by providing a validated security baseline that combines the security capabilities of ESM with additional security features to address the applicable controls of PCI-DSS and HIPAA.

For additional information, visit the Azure Databricks Documentation.

Google Cloud Platform (GCP)

Proactively manage your subnet IP address allocation with Network Analyzer

You can now use Network Analyzer and Recommender API to query the IP address utilization of your GCP subnets, to identify subnets that might be full or oversized.

Backup and DR

Backup and DR Service now supports backup and restore of Compute Engine instances with local SSDs. More info here and here.

Decision tree for data & analytics workloads

Data & Analytics decision tree helps you select the services on Google Cloud that best match your data workloads needs, and the accompanying blog provides an overview of the services offered for data ingestion, processing, storage, governance, and orchestration.

Assured Open Source Software

This tool will help to reduce the risk to your software supply chain by using the same OSS packages that Google uses and secures in your own developer workflows. For more information go to the Assured Open Source Software website.

Other Stuff

New Relic to be Acquired

New Relic is being acquired by Francisco Partners and TPG for $87 USD per share in cash, congratulations to all those who are making money out of this deal, for those who didn’t, keep trying. New Relic to be Acquired.

Snyk Report: Application Security in Cloud Modernization

This is a great report from Snyk, you should definitively invest some time to read it. The State of Application Security in Cloud Modernization.