Tech Updates for Busy People, November 2023

Table of Contents

Hello World!

This month’s post is late as I was at AWS re:Invent, we will have quite a lot of announcements to cover over there.

Generative AI exists because of the transformer

An excellent article that explains how the transformer architecture is the foundation of
Generative AI.

Making Software Last Forever

Very interesting post that Pachi (a friend of mine) shared with my in the past days.

What Every Developer Should Know About GPU Computing

A very good article that explains the architectural differences between CPUs and GPUs.

Now, let’s get to the updates!


Introducing highly durable Amazon OpenSearch Service clusters with 30% price/performance improvement

Ingest, store, index, and access just about any amount of data, while also enjoying a 30% price/performance improvement over existing instance types, eleven nines of data durability, and a zero-time Recovery Point Objective (RPO). More info here.

Amazon OpenSearch Service zero-ETL integration with Amazon S3 (preview)

This is a new way to query operational logs in Amazon S3 and S3-based data lakes without needing to switch between services. More info here.

New generative AI capabilities for Amazon DataZone further simplify data cataloging and discovery (preview)

This new feature can automate the traditionally labor-intensive process of data cataloging and dramatically decrease the amount of time needed to provide context for organizational data.

Anomaly detection with AWS Glue to improve data quality (preview)

This new feature will help to improve your data quality by using machine learning to detect statistical anomalies and unusual patterns.

Amazon CloudWatch Logs now offers automated pattern analytics and anomaly detection

Amazon CloudWatch can now automatically recognize and cluster patterns among log records, extract noteworthy content and trends, and notify you of anomalies using advanced machine learning algorithms.

AWS Step Functions Workflow Studio is now available in AWS Application Composer

This new integration brings together the development of workflows and application resources into a unified visual infrastructure as code (IaC) builder. More info here.

Throughput increase and dead letter queue redrive support for Amazon SQS FIFO queues

With Amazon Simple Queue Service, you can send, store, and receive messages between software components at any volume. Today, we’ve introduced two new capabilities for first-in, first-out (FIFO) queues.

Check your AWS Free Tier usage programmatically with a new API

You can use the API directly with the AWS Command Line Interface or integrate it into an application with the AWS SDKs.

This new AWS Billing and Cost Management feature makes it easy for you to identify, filter, aggregate, and quantify savings for AWS cost optimization recommendations.

AWS Graviton4-powered Amazon EC2 instances (R8g)

Equipped with brand-new Graviton4 processors, the new R8g instances will deliver better price performance than any existing memory-optimized instance.

Amazon Managed Service for Prometheus collector provides agentless metric collection for Amazon EKS

This new capability discovers and collects Prometheus metrics from Amazon Elastic Kubernetes Service (Amazon EKS) automatically and without an agent.

Amazon EKS Pod Identity simplifies IAM permissions for applications on Amazon EKS clusters

This enhancement lets you define required IAM permissions for your applications in Amazon Elastic Kubernetes Service clusters so you can connect with AWS services outside the cluster.

DB2 now available on AWS

IBM and AWS have come together to offer Amazon Relational Database Service (Amazon RDS) for Db2, a fully managed Db2 database engine running on AWS infrastructure.

Amazon ElastiCache Serverless for Redis and Memcached is now available

This new serverless offering allows customers to create a cache in under a minute and instantly scale capacity based on application traffic patterns.

Amazon DynamoDB zero-ETL integration with Amazon OpenSearch Service is now available

This capability lets you perform a search on your DynamoDB data by automatically replicating and transforming it without custom code or infrastructure.

Vector search for Amazon DocumentDB (with MongoDB compatibility) is now generally available

This new built-in capability lets you store, index, and search millions of vectors with millisecond response times within your document database.

Use AWS Fault Injection Service to demonstrate multi-region and multi-AZ application resilience

New scenarios let you demonstrate that your applications perform as intended if an AWS Availability Zone experiences a full power interruption or connectivity from one AWS region to another is lost.

Amazon CloudWatch Application Signals for automatic instrumentation of your applications (preview)

You get a pre-built, standardized dashboard showing the most important metrics, such as volume of requests, availability, latency, and more, for the performance of your applications. More info here.

New myApplications in the AWS Management Console simplifies managing your application resources

Now, you can more easily manage and monitor the cost, health, security posture, and performance of your applications on AWS from a widget in the AWS Management Console. More info here.

Use natural language to query Amazon CloudWatch logs and metrics (preview)

To make it easy to interact with your operational data, Amazon CloudWatch is introducing natural language query generation for Logs and Metrics Insights.

New Amazon CloudWatch log class for infrequent access logs at a reduced price

This new log class offers a tailored set of capabilities at a lower cost for infrequently accessed logs, enabling customers to consolidate all their logs in one place in a cost-effective manner.

Zonal autoshift automatically shifts your traffic away from Availability Zones when we detect potential issues

The new capability of Amazon Route 53 Application Recovery Controller shifts your workload’s traffic away from an Availability Zone when it identifies a potential failure and shifts it back once the failure is resolved.

Mutual authentication for Application Load Balancer reliably verifies certificate-based client identities

With this new feature, you can now offload client authentication to Application Load Balancer, ensuring only trusted clients communicate with backend applications. More info here.

AWS Control Tower adds 65 new controls

With this launch, we’ve added a set of purpose-built controls to help you meet your digital sovereignty requirements.

Three new capabilities for Amazon Inspector broaden the realm of vulnerability scanning for workloads

Amazon Inspector introduces a new set of open source plugins and an API, continuous monitoring for your Amazon EC2 instances, and generative AI-powered assisted code remediation for your AWS Lambda functions. More info here.

Detect runtime security threats in Amazon ECS and AWS Fargate, new in Amazon GuardDuty

The new capability helps detect potential runtime security issues in Amazon Elastic Container Service (Amazon ECS) clusters running on both AWS Fargate and Amazon Elastic Compute Cloud (Amazon EC2).

IAM Access Analyzer updates: Find unused access, check policies before deployment

A new analyzer continuously monitors roles and users looking for permissions that are granted but not actually used, and a policy checker validates that newly authored policies do not grant additional (and perhaps unintended) permissions.

AWS Lambda functions now scale 12 times faster when handling high-volume requests

Each synchronously invoked Lambda function now scales by 1,000 concurrent executions every 10 seconds until the aggregate concurrency across all functions reaches the account’s concurrency limit. More info here.


Generally Available: gRPC support on Azure App Service

gRPC support on App Service is now generally available for Linux workloads, check the documentation here.

TLS 1.2 to become the minimum TLS version for Azure Storage

Azure Storage will remove support for TLS version 1.1 and 1.0, and the minimum supported version will be TLS1.2 starting November 1, 2024. TLS 1.2 is more secure and faster than older TLS versions. TLS 1.0 and 1.1 do not support modern cryptographic algorithms and cipher suites.
More information here.

Public preview: Application Gateway IPv6 support

Azure Application Gateway v2 now supports dual-stack (IPv4 and IPv6) connections at the front end. This means that Application Gateway can handle traffic from both IPv4 and IPv6 clients, offering more flexibility and connectivity to our users. More information here.

Ability to add dynamic values in Alert’s custom fields

Alerts help you detect and address issues before users notice them by proactively notifying you when Azure Monitor data indicates there might be a problem with your infrastructure or application. More details here.

Preview: Azure Container Storage in AKS

Azure Container Storage (in preview) provides highly scalable, cost-effective persistent volumes, built natively for containers. You can now deploy and use Azure Container Storage seamlessly via the Azure Kubernetes Service (AKS). More information here

Public preview: Image integrity support in Azure Kubernetes Service (AKS)

Using signed container images helps verify that your deployments are built from a trusted entity and that images haven’t been tampered with since their creation. Image integrity for AKS allows you to add an Azure Policy built-in definition to verify that only signed images are deployed to your AKS clusters.

Public preview: Artifact streaming support in Azure Kubernetes Service (AKS)

You can now accelerate your containerized workloads on Azure Kubernetes Service (AKS) using Azure Container Registry (ACR) artifact streaming. Artifact streaming will allow you to scale your workloads without having to fully wait for images to be pulled into the clusters.

Public preview: Dual-stack networking in Azure CNI Overlay for AKS

Dual-stack support in Azure CNI Overlay for AKS is now in public preview. This preview release enhances AKS networking capabilities, allowing both IPv4 and IPv6 addresses to coexist and operate within the same Cluster, offering greater flexibility and connectivity options. More information here.

Generally Available: Kube-reserved resource optimization in Azure Kubernetes Service (AKS)

Reserved space contains resources set aside on a node, such as system daemons that back Kubernetes and the operating system itself. If these resources are not allocated sufficient reserved space, pods and system daemons will compete. This competition leads to starvation on the node.

Optimized AKS reservation logic reduces Kube-reserved memory by up to 20% depending on the node configuration and will apply to everyone.

Generally Available: Application routing add-on for Azure Kubernetes Service (AKS)

App routing is the easiest way to get your web application up and running in AKS securely while removing the complexity of setting up an ingress controller, certificate, and DNS management all while constructing a solid foundation that enterprises can utilize as their demands grow. Lean more here.

Provider for running Karpenter on Azure Kubernetes Service (AKS)

Karpenter is an open-source node provisioning project for Kubernetes. A new provider for running Karpenter on Azure Kubernetes Service is now available as an open-source project. More information here.

Public Preview: Azure SQL updates for early-November 2023

In early November 2023, the following updates and enhancements were made to Azure SQL:

  • Announcing a significant update to the Azure SQL Database Elastic Jobs preview! This update adds many new features, while maintaining full backward compatibility for existing job agents.
  • Securely schedule and execute elastic database jobs with support for Microsoft Entra ID (AAD) and Private Links.
  • Set up Azure Alerts to be notified on job execution status.
  • Scale your Job Agent to connect to more concurrent targets.
  • Track and monitor your database jobs with enhanced Azure Portal support.

General Availability: Rate-limit rules for Application Gateway Web Application Firewall

Rate-limit custom rules on Azure’s regional Web Application Firewall (WAF) running on Application Gateway are now available. Rate-limiting enables you to detect and block abnormally high levels of traffic destined for your application. Learn more here.

General Availability: Using a common port for public and private listeners

The support for configuring the same port number for public and private listeners on your Application Gateway is now generally available. An additional configuration may be needed for Inbound rules if you use Network Security Groups with your application gateway. Learn more here.

Azure Monitor Logs archive provides up to 12 years of retention

To learn how to configure it, check the documentation here.

Azure support for TLS 1.0 and TLS 1.1 will end by 31 October 2024

To enhance security and provide best-in-class encryption for your data, we’ll require interactions with Azure services to be secured using Transport Layer Security (TLS) 1.2 or later beginning 31 October 2024, when support for TLS 1.0 and 1.1 will end. More info here.

Export cost details using the FinOps Open Cost and Usage Specification (FOCUS)

Microsoft Cost Management is introducing support for cost and usage data exports aligned to the FOCUS schema as part of a limited preview leading up to the next major FOCUS release. More info about the FOCUS specification here.

Public Preview: Support for GraphQL APIs in Azure API Management Self-hosted Gateway

Customers now have the power to expose GraphQL APIs through Azure API Management’s self-hosted gateway. This feature enables users to leverage Azure API Management’s GraphQL capabilities, including:

  • Validating GraphQL requests.
  • Utilizing GraphQL subscriptions.*
  • Creating GraphQL resolvers with HTTP/Azure Cosmos DB/Azure SQL data sources.

General Availability: Azure Boost

Azure Boost is a new system that offloads server virtualization processes traditionally performed by the hypervisor and host OS - such as networking, storage, and host management - onto purpose-built hardware and software optimized for these processes. By moving hypervisor and host OS functions from the host infrastructure to optimized hardware and software, Azure Boost enables greater network and storage performance at scale, improves security by adding another layer of logical isolation, and reduces the maintenance impact for future Azure software and hardware upgrades. More info here.

Public preview: VM Hibernation

You can now hibernate your VMs to save compute costs. When you hibernate a VM, Azure persists the VM’s in-memory state in the OS disk and deallocates the VM. As a result, you don’t have to pay for the VM when its hibernated and you only pay for any storage and networking resources associated with the VM. More info here

Public Preview: Microsoft Copilot for Azure

an AI companion, that helps you design, operate, optimize, and troubleshoot your cloud infrastructure and services. Combining the power of cutting-edge large language models (LLMs) with the Azure Resource Model, Copilot for Azure enables rich understanding and management of everything that’s happening in Azure, from the cloud to the edge. More info here.

Public Preview: Azure Database for PostgreSQL Networking with private endpoints

Azure Private Link, now in public preview, will allow you to create private endpoints for Azure Database for PostgreSQL - Flexible Server, bringing the database inside your virtual network (VNet).More info here.

General Availability: Azure SQL updates for mid-November 2023

In mid-November 2023, the following updates and enhancements were made to Azure SQL:

Purchase 1 year capacity reservations for the Premium service tier of Azure SQL database. Learn More.

  • Enable Always Encrypted with secure enclaves that require stronger security protection of hardware enclave and have CPU or memory-heavy workload requirements using new DC-series databases with up to 40 vCores.
  • Azure SQL Managed Instance business critical improvements including more vCores, doubled max log rate, better storage-to-vCore ratio, and more click stops.
  • Bring the benefits of Always Encrypted to all Azure SQL Database offerings with software-based Always Encrypted with virtualization-based security (VBS) enclaves.
  • Make your data tamper-proof and establish trust with ledger in Azure SQL Managed Instance.

Azure Chaos Studio is now generally available

The general availability of Azure Chaos Studios allows users to boost their resilience against faults and failures by gaining a better understanding of application resiliency, conducting experiments with a wide variety of agent- and service-based faults, and maintaining production quality through continuous validation. More info here.

Public Preview: Azure Container Apps adds native support for CNCF Buildpacks to automatically containerize your code

Cloud build feature, now in public preview, adds support for CNCF Buildpacks to Azure Container Apps. You no longer have the overhead of creating containers for existing or new applications. This lets you focus on your code and quickly take your application from source to cloud. There’s no need to understand containers or how to package application code for deployment. More info here.

Public preview: Cost analysis add-on for AKS

AKS Cost Analysis add-on for AKS, now available in public preview, is a native Azure Portal experience that breaks down underlying cluster infrastructure costs by Kubernetes specific constructs such as cluster and namespace. More info here.

Azure Functions brings new flexibility with scale, VNet and long execution time

Flex Consumption Plan is a new Azure Functions hosting plan that builds on the consumption pay for what you use, serverless billing model, and gives users more flexibility and customizability without compromising on existing capabilities. Request access here.

Public Preview: Attach and VMs to and from Existing Virtual Machine Scale Sets

With Attach and Detach support for Virtual Machines (VMs), you can easily bring your VMs to Virtual Machine Scale Sets (VMSS) with Flexible Orchestration Mode and a Fault Domain Count of 1. After attaching a VM to the VMSS, it’s considered as part of the scale set and benefits from scale set features like Autoscale, Instance Repair, Automatic OS Upgrades, and more. Attaching the VM to the VMSS requires no downtime. More info here.

Part numbers from EA invoice are now added to the cost and usage file.

With this update the records in cost and usage file and other cost management experiences, such as cost analysis, will have a part number that matches the one printed on the invoice. This update is relevant for EA customers only.

General Availability: User and group quota management in Azure NetApp Files

Azure NetApp Files provide flexible, large and scalable storage shares for applications and users. In some scenarios, you may want to limit storage consumption of users and groups within the volume. Info about the quota concept here.

General Availability: Azure Automation supports PowerShell 7.2 runbooks

Azure Automation announces General Availability of PowerShell 7.2 runbooks. You can easily author runbooks in the long-term supported version of PowerShell, using Azure Automation extension for VS code (powered with GitHub Copilot), and execute them on a secure and reliable platform. Learn more here.

Generally available: Azure Monitor OpenTelemetry-based Distro for ASP.NET Core Applications

Azure Monitor application insights is a cloud native application monitoring offering which enables customers to observe failures, bottlenecks, and usage patterns to resolve incidents faster and reduce downtime. Learn more here.

Announcing the new Amazon S3 Express One Zone high performance storage class

The new Amazon S3 Express One Zone storage class is designed to deliver up to 10x better performance than the S3 Standard storage class and is a great fit for your most frequently accessed data and your most demanding applications.

Amazon EBS Snapshots Archive is now available with AWS Backup

This feature lets you transition your infrequently accessed Amazon EBS Snapshots to low-cost archive, long-term storage.

Automatic restore testing and validation now available in AWS Backup

With this feature, you can automate the entire restore testing process and avoid surprises later by determining now whether you can successfully recover using your backups in the event of a data loss such as ransomware.

Optimize your storage costs for rarely-accessed files with Amazon EFS Archive

We’ve added a new storage class for Amazon Elastic File System optimized for long-lived data that is rarely accessed.


Artifact Registry

Artifact Registry virtual repositories are now generally available (GA). Virtual repositories act as a single access point to download, install, or deploy artifacts in the same format from one or more upstream repositories.

Cloud Deploy

  • Deploy hooks (GA) allow users to specify and execute pre- and post- deploy actions using Cloud Deploy. This allows customers to run infrastructure deployment, database schema updates, and other activities immediately before a deploy job, and cleanup operations as part of a post (successful) deploy job. More info here.
  • Cloud Deploy now uses Skaffold 2.8 as the default Skaffold version for all target types. Learn More here.