Monthly Cloudy Updates, April 2024

Table of Contents

Hello World!

First, let me share with you some interesting news and articles I found this month.

Cool post about using DuckDB as a jq replacement, nice trick to have in your pocket whenever you don’t feel like using jq or Pandas for data exploration. DuckDB as the new jq.

After the controversial remarks that Jensen Huang made about learning to code, here is a good post that brings a different perspective to the table. The demise of coding is greatly exaggerated.

Looking to understand the technologies available for server-to-client communications for web applications? Look no further WebSockets vs Server-Sent-Events vs Long-Polling vs WebRTC vs WebTransport.

Essay - Any Technology Indistinguishable From Magic is Hiding Something.

HashiCorp has been acquired by IBM, and if I were you, I’d start looking for alternatives to Terraform and all the other HashiCorp products on your platform.

And now, to the updates.


Private Access to the AWS Management Console is now available in all commercial AWS Regions

AWS Management Console Private Access.

Amazon CloudWatch now supports cross-account anomaly detection

CloudWatch Anomaly Detection now lets you track unexpected changes in metric behavior across multiple accounts from a single monitoring account through CloudWatch cross-account observability.

Amazon VPC CNI now supports automatic subnet discovery

You can now leverage tag-based subnet discovery capability of Amazon VPC CNI to scale Amazon Elastic Kubernetes Service (EKS) clusters in IPv4 address space without adding operational complexity. In this new default mode, Kubernetes Pod IP addresses are allocated from all tagged and available subnets in your Amazon Virtual Private Cloud(VPC). More info here.

AWS KMS now with more flexible automatic key rotation

You can now customize the frequency of rotation period between 90 days to 7 years (2560 days) as well as invoke key rotation on demand for customer managed KMS keys. Lastly, you can now see the history of all previous rotations for any KMS key that has been rotated. More info here.

Stream data into Snowflake using Amazon Data Firehose and Snowflake Snowpipe Streaming

More info here.

Amazon Inspector agentless vulnerability assessments for Amazon EC2 are now Generally Available (GA)

Amazon Inspector now offers continuous monitoring of your Amazon EC2 instances for software vulnerabilities without installing an agent or additional software. More info here.

AWS Direct Connect adds 25 Gbps hosted connection capacities

More info here.

Network Load Balancer now supports Resource Map in AWS Management Console

Network Load Balancer (NLB) now supports Resource Map, a tool in the console that displays all your NLB resources and their relationships in a visual format on a single page, providing you a clear understanding of your NLB architecture. More info here.


Public Preview: Azure Backup enables vaulted backups for Azure Files for comprehensive data protection

Azure Backup now supports transferring your Files backups to the vault. The isolated backups enable seamless and assured recovery even if the source data gets compromised. More info here.

Public preview: ExpressRoute Metro for High Resiliency

With ExpressRoute Metro, you can benefit from a dual-homed configuration that enables diverse connections to two distinct edge sites within a city. More info here.

GA: Azure API Management Developer Portal

The API Management developer portal is an automatically generated, fully customizable website with the documentation of your APIs. It’s where API consumers can discover your APIs, learn how to use them, request access, and try them out. More info here.

General Availability of Azure API Management Basic v2 and Standard v2 Tiers

More info here.

Generally Available: AKS cost views

More info here.

With just a single click within the Azure Portal, customers can now effortlessly enable Prometheus recommended alerts. Info here.

Azure Virtual Network Manager Security Admin Rule generally available in 45 regions

This feature lets you enforce security policies for your virtual networks at scale across subscriptions and regions globally. These rules will be evaluated before network security groups (NSGs), ensuring standardized security enforcement. More info here.

Public Preview: Mirroring Azure Cosmos DB in Microsoft Fabric

You can now bring your Azure Cosmos DB data into Microsoft OneLake. Mirroring enables you to get near real-time analytics on your Cosmos DB data without impacting the performance of your transactional workloads. Data from Cosmos DB is incrementally replicated in OneLake, in Delta Parquet format, without the need for complex ETL pipelines. More info here.

General availability: Azure Virtual Network encryption availability in all regions

More info here.

Cloud Services (classic) deployment model is retiring on 31 August 2024

In order to avoid service disruption and continue to use your cloud services that were deployed using Cloud Services (classic), you must migrate them to Cloud Services (extended support) in Resource Manager before 31 August 2024. Beginning 1st September 2024, your Cloud Service deployments would be stopped and deallocated, and data will be permanently lost. More info here.

Azure Advisor will no longer display aggregated potential yearly savings beginning 30 September 2024

More info here.

General availability: Virtual network flow logs

Yes, it is 2024 and Azure is announcing this feature.

General availability: Azure Bastion Developer SKU

Bastion Developer allows users to establish a secure one-click connection to a single VM at a time without exposing public IPs on the VMs. More info here.


Cloud Load Balancing

You can now configure advanced traffic management using flexible pattern matching. This feature allows you to use wildcard syntax anywhere in your path matcher configuration. More info here.

The cross-region internal proxy Network Load Balancer supports backends in multiple regions, provides seamless cross-region failover, and is globally accessible by clients from any Google Cloud region, on premise, or other clouds. More info here.


You can now enable, disable, and analyze history-based optimizations for queries. More info here.

Backup and DR

Backup and DR Service added support to automatically protect your compute engine instances using Google Cloud tags.

Security Command Center

The Enterprise tier, which transforms Security Command Center into a cloud-native application protection platform (CNAPP) that combines cloud security and enterprise security operations with multicloud support, is released to General Availability.

Secret Manager

Delayed destruction of secret versions is now available in Preview. By default, secret versions are destroyed immediately upon request. More info here.

Artifact Registry

Artifact Analysis automatic scanning for Ruby, Rust, .NET and PHP vulnerabilities in container images is now generally available.

Google Kubernetes Engine

GKE threat detection is now available in Preview. Threats against the Kubernetes control plane impacting your GKE Enterprise clusters are now visible in the GKE security posture dashboard. More info here.

The GKE compliance dashboard now offers compliance evaluation for CIS Kubernetes Benchmark 1.5, Pod Security Standards (PSS) Baseline, and PSS Restricted standards in Preview. More info here.

Cloud Billing

Use the FinOps hub to monitor and share your current savings, explore recommended opportunities to optimize costs, and plan your optimization goals. More info here.

Cloud Firewall

Cloud NGFW Enterprise, including the intrusion prevention service, is available in General Availability. Use intrusion prevention service to safeguard your workload traffic from threats such as malware, spyware, and command-and-control attacks. More info here.

Network Intelligence Center

Flow Analyzer lets you quickly and efficiently understand your VPC traffic flows without the need to write complex SQL queries for analyzing VPC Flow Logs.