Monthly Cloudy Updates, February 2024

Table of Contents

Hello World!

First, let me share with you some interesting articles I red recently:

A very interesting article about the infrastructure decisions that a someone made while working on startup and the ones they regretted. It’s a very interesting read even if you are not working at a startup. It’s always good to learn from other people’s mistakes. (Almost) Every infrastructure decision I endorse or regret after 4 years running infrastructure at a startup.

If you ever wondered what is the difference between OpenID and OAuth, this extremely smart and short article is for you. OpenID versus OAuth from the user’s perspective.

Now going into the SRE world, this great article will help you understand how SLIs, SLOs, and SLAs should first be business decisions then technical ones. How much uptime can I afford?

Now, let’s go to the updates!


Finch for Windows

Finch an open source command line tool that allows developers to build, run, and publish Linux containers on Windows and macOS. Support for Windows was recently added. Finch for Windows.

Amazon FSx for OpenZFS

Now supports up to 400,000 IOPS, more info here.

AWS Fargate price reduction for Windows containers

Price has been reduced up to 49%, more info here.

AWS WAF Captcha improvements

New languages, revocable keys, and improved usability, more info here.

Application Load Balancer one-click WAF integration

Application Load Balancer (ALB) now supports console integration with AWS WAF that allows you to secure your applications behind ALB with a single click. More info here.

Disruptions Controls for Karpenter

Disruption controls give you more control over how Karpenter terminates EC2 instances to improve the balance between cost-efficiency, security, and application availability.

Redshift, incremental materialized views for data sharing consumer tables

Should Databricks be worried? A bit if I were them. Refreshing a materialized view.

Amazon Data Firehose

Is not a new service, is the new name for Amazon Kinesis Data Firehose.

DocumentDB now supports text search, making it easy to run text search queries on extensive string data using a native text index.

AWS Control Tower’s Account Factory for Terraform increases customization

Additional customizations for AFT, more info here.

API Gateway now supports TLS 1.3

This is now available in all regions, more info here.

AWS Resilience Hub is now PCI compliant

More info here.

AWS Systems Manager Parameter Store now supports cross-account sharing

Info here.

AWS Lambda adds support for .NET 8

Now you can create serverless applications using .NET 8, more info here.

Amazon CloudWatch Logs now supports IPv6

No, it is not 2010, it is 2024 and CloudWatch Logs now supports IPv6.

AWS Resource Groups now supports more resource types

AWS Resource Groups is adding support for an additional 161 resource types for tag-based Resource Groups. Customers can use Resource Groups to group and manage resources from services such as AWS Backup, AWS Media Connect, and AWS Network Manager. AWS Resource Groups enables you to model, manage and automate tasks on large numbers of AWS resources by using tags to logically group your resources.

Amazon Redshift now support scoped permissions and object-level privileges in data sharing

Amazon Redshift customers can now use scoped permissions to manage permissions for a role or user on a database or schema scope, avoiding the need to manually grant permissions on every object. Scoped permissions apply to objects in the selected scope when you grant or revoke the permission, as well as to new objects created after you grant or revoke the permission.


Mount Azure Storage as a local share in App Service Linux Now supports NFS

NFS support is now available for App Service Linux code and container when mounting a Azure File share as a local share for the web app. More info here.

Improvements in Azure Key Vault

Excited about FIPS 140-2 Level 3 HSMs, PCI DSS, and PCI 3DS? Probably after a google search you will be. But now all these are supported in Azure Key Vault.

AKS cluster control plane metrics in managed Prometheus - Public Preview

AKS cluster control plane metrics in managed Prometheus is a new feature that automatically scrapes the control plane – API server and etcd metrics and send them to a Azure Monitor workspace via managed Prometheus.

Azure Elastic SAN is now generally available

Need super fast storage? Azure Elastic SAN is now generally available.

Azure Firewall

  • Multiple IP Groups for Azure Firewall can now be updated in parallel. Previously, users were required to update IP Groups sequentially.
  • Azure Firewall can now autoscale based on the number of connections, in addition to throughput and CPU usage. More info here and here.

Customer managed key encryption for Enterprise tier caches

Now you can now bring your own keys (BYOK) to encrypt your Enterprise tier caches, more info here.

Azure Blob Storage Cold Tier support on Change Feed and Object Replication

Info here.

Public preview: Configuration-as-code customizations in Microsoft Dev Box

Configuration-as-code customizations in Microsoft Dev Box is now in public preview, cool feature for those working on DevEx, DX, Developer Experience, or whatever you want to call it.

Public Preview: Azure Application Gateway introduces support for TLS and TCP protocols

Wanted to use Application Gateway for SQL, MQTT, AMQP and others? This feature enables you do do it. More info here.

General availability: Application Gateway for Containers

Application Gateway for Containers is the next evolution of Application Gateway + Application Gateway Ingress Controller, providing application (layer 7) load balancing and dynamic traffic management capabilities for workloads running in a Kubernetes cluster.

Azure Kubernetes Service (AKS)

  • Wanted more control over the upgrade process? Now you can specify a soak duration for your AKS node pools. More info here.

  • Kubernetes 1.29 is now available in AKS, more info here.

  • Istio-based service mesh add-on for AKS. More info here.


Backup and DR Service

Backup and DR Service is now integrated with Cloud Monitoring. You can analyze metrics and set custom email alerts. More info here.

Google Cloud VMware Engine

Purchasing commitments for VMware Engine nodes. For more information here.

Cloud Functions

Now support to 1.22 Go runtime in preview, and PHP 8.3 and Java 21 are generally available.

Cloud Load Balancing

Global external Application Load Balancers now let you customize your own error responses when an HTTP error status code (4xx and 5xx) is generated. More info here.

Compute Engine

With managed workload identities for Compute Engine, you can implement mutually authenticated and encrypted communications between any two Compute Engine VMs. Workload applications running on the configured VMs can use the X.509 credentials for per-VM mTLS. These mTLS certificates are automatically rotated and managed for you by Certificate Authority Service. More info here.

Google Kubernetes Engine

  • You can now use the GKE API to apply Resource Manager tags to your GKE nodes. GKE attaches these tags to the underlying Compute Engine VMs.

  • Kubernetes Engine best practice observability packages, including control plane logs, control plane metrics, and kube state metrics are now enabled by default for new managed GKE Enterprise clusters to ensure availability of necessary data when it’s needed for troubleshooting or optimization

  • GKE now delivers insights and recommendations if your cluster’s Certificate Authority (CA) is expired or will expire in the next 180 days. More here.

Data masking in logs

You can now prevent sensitive data from appearing the integration execution logs. More info here.


The Bigtable Studio query builder is generally available (GA). The query builder lets you create and run queries and view the results directly from the Google Cloud console.