Monthly Cloudy Updates, January 2024

Table of Contents

Hello World!

Busy beginning of the year, so the updates are late (again).

Let’s start with a couple of interesting posts a good friend of mine shared with me, you should definitely check his website.

The main differences between OpenBSD, FreeBSD, NetBSD and DragonFly BSD

Cool *BSD post.

Comparing SSH Keys - RSA, DSA, ECDSA, or EdDSA?

Ever wondered what the differences are between RSA, DSA, ECDSA, and EdDSA? This post explains it.




AWS

Amazon EC2 Serial Console is now available in all Local Zones

Amazon EC2 Serial console is now available in all AWS Local Zones. Amazon EC2 Serial Console provides a simple and secure way to troubleshoot boot and network connectivity issues by establishing a connection to the serial port of an instance.

AWS Systems Manager now supports Ubuntu 23.04, Debian 12, MacOS 14, and SUSE SP5

AWS Systems Manager now supports instances running Ubuntu 23.04, Debian 12, MacOS 14 (Sonoma), and SUSE SP5. Systems Manager customers running these operating systems versions now have access to all AWS Systems Manager Node Management capabilities, including Fleet Manager, Compliance, Inventory, Hybrid Activations, Session Manager, Run Command, State Manager, Patch Manager, and Distributor. More information here.

AWS Accounts discontinues the use of security challenge questions

Starting on January 5, 2024, AWS Accounts will no longer support security challenge questions for accounts that have not already enabled them. This will remove the option for customers to add new security challenge questions from the Accounts page in the AWS Management Console.

AWS CloudShell now supports Docker

AWS CloudShell now has built-in support for Docker, making it easier than ever for developers to quickly spin up containers and run commands inside them directly from their CloudShell environment.

Amazon Route 53 expands geoproximity routing

Amazon Route 53 supports geoproximity routing as an additional routing policy for DNS records in public and private hosted zones. Geoproximity routing improves application responsiveness for your end users and helps organizations apply data residency preferences by routing traffic to the geographically nearest resource. More information in the following blog post.

Kinesis Data Firehose supports delivering data to Splunk clusters using ALB

Amazon Kinesis Data Firehose (Firehose) enables customers to capture, transform, and deliver data streams into Amazon S3, Redshift, OpenSearch, Splunk, and 10+ other destinations for analytics. With this new feature, customers can now use Firehose to deliver streams to their Splunk cluster configured with either an Application Load Balancer (ALB) or a Classic Load Balancer (CLB).

Amazon Route 53 Resolver DNS Firewall now supports query type filtering

Route 53 Resolver DNS Firewall is a managed service that enables customers to block DNS queries made for domains identified as low-reputation or suspected to be malicious, and to allow queries for trusted domains. Check it out here.

Amazon RDS for MySQL now supports multi-source replication

Amazon Relational Database Service (Amazon RDS) for MySQL now supports multi-source replication, which allows you to configure multiple RDS for MySQL database instances as sources for a single RDS for MySQL target database instance.

Amazon ECS announces managed instance draining

This facilitates graceful shutdown of workloads deployed on Amazon Elastic Compute Cloud (Amazon EC2) instances by safely stopping and rescheduling workloads to other, non-terminating instances.

NLB supports RSA 3072-bit, ECDSA 256/384/521-bit certificates via AWS Certificate Manager

RSA and ECDSA are two widely used public-key cryptographic algorithms to encrypt and decrypt data. With RSA 3072-bit and ECDSA 384/521-bit certificates, the longer key size will enhance security, making it more difficult for an attacker to decrypt the communication. Compared to RSA, ECDSA has the advantage of increased performance, providing higher security strength with smaller key sizes and lower computational cost. More info here.

Amazon Inspector now supports CIS Benchmark assessments for operating systems in EC2 instances

The CIS Security Benchmarks program provides well-defined, unbiased, consensus-based industry best practices to help organizations assess and improve their security. AWS is a CIS Security Benchmarks Member company.

Amazon VPC now supports idempotency for route table and network ACL creation

Idempotent creation of route tables and network ACLs is intended for customers that use network orchestration systems or automation scripts that create route tables and network ACLs as part of a workflow.

AWS AppFabric is now ISO, PCI, and SOC compliant

Customers can now use AWS AppFabric for use cases that are subject to International Organization for Standardization (ISO), Payment Card Industry Data Security Standard (PCI), and Service Organization Control (SOC I, II, and II) requirements.




Azure

The Azure Data Explorer connector for Flink is an open source project that can run on any Flink cluster. It implements data sink for moving data from a Flink cluster to an Azure Data Explorer table.

Azure Load Testing supports fetching secrets from Azure Key Vault with access restrictions

In Azure Load Testing, you can use secrets from Azure Key Vault to set up your load test. If access to the Key Vault is restricted by a firewall or virtual networking, you can now access secrets from such a Key Vault by granting access to Azure Load Testing as a trusted Azure service.

General Availability: Customer-managed keys for Azure NetApp Files volume encryption

With this capability,you can increase security of your encryption keys by taking direct ownership of managing key rotation, access, permissions and auditing tasks. More information here.

General Availability: Azure Virtual Network encryption

With Virtual Network encryption, customers can enable encryption of traffic between Virtual Machines and Virtual Machines Scale Sets within the same virtual network and between regionally and globally peered virtual networks. This new feature enhances the existing encryption in transit capabilities in Azure.

Public Preview: Load Balancer in Azure API Management

Customers have the ability to create a load balancer that directs traffic to multiple endpoints. Customers can now create backend pools, allowing them to add multiple backends for an API and implement load balancing across those backends. More information here.

Public Preview: Circuit Breaker in Azure API Management

Customers now have the capability to configure the circuit breaker property in the backend resource, providing protection for a backend service against being overwhelmed by excessive requests. More information here.

Azure Advisor integration with Azure Monitor Log Analytics Workspace

Now Azure Advisor provides recommendations for Log Analytics workspaces. More information here.

Automatic Image Creation using Azure VM Image Builder is now generally available

Finally GA, more info here.

Public Preview: Azure Automation Runtime environment & support for Azure CLI commands in runbooks

More info here and here.

Improved exports experience for FinOps

Improved export experience for FinOps data in Azure, Additional information available on the export and FOCUS compliant now. More information here.

Public Preview: Azure Business Continuity Center is now available in all regions

With the Azure Business Continuity Center, enterprises can seamlessly govern, monitor, operate, and analyze protection at scale, more information here.

Public preview: ExpressRoute guided portal experience for multi-site resiliency

This new service makes it easier for you to configure multi-site resilient ExpressRoute circuits and connect them to a virtual network gateway. More information here and [here]https://aka.ms/ExpressRouteGuidedPortal.

General availability: Azure Cosmos DB for PostgreSQL Customer-managed keys (CMK)

Data stored in your Azure Cosmos DB for PostgreSQL cluster is automatically and seamlessly encrypted with keys managed by Microsoft (service-managed keys). Optionally, you can now choose to add an additional layer of security by enabling encryption with customer-managed keys.




GCP

BigQuery

  • Analytics Hub listings can now include data encrypted with customer-managed encryption keys (CMEK).
  • You can now use tags on BigQuery tables to conditionally grant or deny access with Identity and Access Management (IAM) policies. This feature is in preview.

Cloud Spanner directed reads is now available in Preview.

Directed reads provides the flexibility to route read-only transactions and single reads to a specific replica type or region in a multi-region instance configuration. For more information, see Directed reads.

Cloud VPN support for IPv6-only HA VPN gateways is in Preview

For more information, see IPv6 support.

Snapshot Settings

Snapshot settings are centralized configuration parameters for all snapshots in a project. You can use snapshot settings to customize the default storage location for all future snapshots in your project. By enabling you to do this, snapshot settings remove the need for you to manually specify a storage location during each individual snapshot creation. More information at he snapshot settings documentation.

Recommendations for Compute Engine Flexible committed use discounts are now Generally Available

Flexible CUDs add flexibility to your spending capabilities by eliminating the need to restrict your commitments to a single project, region, or machine series. Flexible CUDs recommendations in the FinOps Hub help you optimize costs by analyzing your spending trends and existing commitments to suggest purchase amounts for Flexible CUDs. Learn more about Flexible CUDs

Security Command Center Management API

The Security Command Center Management API, which provides API support for managing settings and custom modules, is now GA. For more information, see Security Center Management API.

Cloud Billing

Subscription IDs for your committed use discounts are now available in the Detailed cost data export. View the schema of the Detailed cost data export

Cloud Functions now supports the [.NET 8]

Available for 2nd gen functions, more information here.

NVIDIA L4 GPUs

These are now available in more regions, for more information see GPU platforms.