Monthly Cloudy Updates, May 2024

Table of Contents

Hello World!

First, let me share with you some interesting news and articles I found this month.

Great article that not only applies to European founders hiring people in the US, it applies everywhere, read it here.

You all might already hear of UniSuper’s issues on GCP, now Google has released a statement.

Super interesting article about how DoorDash relied on LLMs to build their product knowledge graph, read it here.

Another cool article about Canva’s journey to migrate some components from OLTP to OLAP to solve some of the scaling issues they bumped into, read it here.

And now, to the updates.


Amazon CloudWatch launches resource filtering for cross-account observability

Amazon CloudWatch is excited to announce a resource filtering capability for cross-account observability, providing customers with the flexibility to share a subset of their logs or metrics across multiple AWS accounts using configurable filters. More details here.

IP prefix visibility on Amazon CloudWatch Internet Monitor console

Amazon CloudWatch Internet Monitor, an internet traffic monitoring service for AWS applications that gives you a global view of traffic patterns and health events, now displays IPv4 prefixes in its console dashboard. More info here.

Announcing a larger instance bundle for Amazon Lightsail

Amazon Lightsail now offers a larger instance bundle with 16 vCPUs and 64 GB memory. The new instance bundle is available with Linux operating system (OS) and application blueprints, for both IPv6-only and dual-stack networking types.

AWS Budgets now supports resource and tag-based access controls

AWS Budgets now supports resource and tag-based access controls for easy management and access. More info here.

AWS Cost Anomaly Detection reduces anomaly detection latency by up to 30%

More info here.

Amazon ElastiCache updates minimum TLS version to 1.2

AWS is updating the minimum supported TLS version to 1.2 on Amazon ElastiCache compatible with open-source Redis version 6 and above, across all regions.

Amazon EventBridge now supports Customer Managed Keys (CMK) for Event Buses

This capability allows you to encrypt your events using your own keys instead of an AWS owned key (which is used by default). More info here.

Amazon Virtual Private Cloud (VPC) flow logs extends support for Amazon Elastic Container Service (ECS)

You can now turn on Amazon Virtual Private Cloud (VPC) Flow Logs for your Amazon Elastic Container Service (ECS) workloads running on both Amazon EC2 and AWS Fargate to export detailed telemetry information for all network flows. More info here.

Amazon Managed Grafana now supports Grafana version 10.4

This release includes features that were launched as a part of open source Grafana versions 9.5 to 10.4, including Correlations, Subfolders, and new visualization panels such as Data Grid, XY chart and Trend panel. More info here.

AWS Database Migration Service support for S3 Parquet as a source

AWS Database Migration Service (AWS DMS) now supports AWS S3 parquet files as a source. Using AWS DMS, you can now migrate data in parquet format from S3 to any supported AWS DMS target provided the S3 Parquet data was generated by DMS. More details here.

Amazon OpenSearch Service now supports OpenSearch version 2.13

More info here.

Amazon Security Lake now supports logs from AWS WAF

More info here.

Amazon OpenSearch Service zero-ETL integration with Amazon S3 now available

Customers can quickly get started by installing out-of-the-box dashboards for AWS log types such as VPC Flow, WAF, and Elastic Load Balancer. More info here.

Amazon EKS and Amazon EKS Distro now support Kubernetes version 1.30

Additional details here.

Amazon MSK adds support for Apache Kafka version 3.7

Amazon Managed Streaming for Apache Kafka (Amazon MSK) now supports Apache Kafka version 3.7 for new and existing clusters. Apache Kafka version 3.7 includes several bug fixes and new features that improve performance. More info here.

Versioning for AWS WAF Bot & Fraud Control managed rule groups

AWS WAF now allows you to select specific versions of Bot Control and Fraud Control managed rule groups within your web ACLs. This provides greater control over managing traffic when AWS makes new managed rule groups updates available to you. More info here.

Amazon QuickSight launches multi column sorting for Tables

Amazon QuickSight now supports the ability to sort by multiple columns in Tables. This allows both authors and readers to sort by two or more columns simultaneously in a nested fashion (e.g., first by column A, then B, then C) using the new sorting pop over. More info here.


Azure API Center is now Generally Available

Azure API Center offers a unified inventory for seamless discovery, consumption, and governance of APIs, regardless of their type, lifecycle stage, or deployment location. More info here.

Azure Front Door log scrubbing of sensitive data is generally available

Azure Front Door log scrubbing tool helps you remove sensitive data (e.g. personal identifiable information) from your Azure Front Door access logs. It works by enabling log scrubbing at Azure Front Door profile level and selecting the log fields to be scrubbed. Once enabled, the tool scrubs that information from your logs generated under this profile and replaces it with “****”. More info here.

CosmosDB customer-managed keys on existing accounts

You can now enable Customer Managed Keys (CMK) on existing Azure Cosmos DB accounts. This eliminates the need to migrate data to a new account to enable CMK. More info here.

Public Preview: NFS Azure Files volume mount support in Azure Container Apps

Azure Container Apps now supports mounting Network File System (NFS) Azure Files volumes to your containerized applications. This feature is in public preview. NFS Azure Files volumes provide a scalable and high-performance file system for your apps and jobs. More info here.

Azure Cache for Redis now supports Microsoft Entra ID authentication and authorization

Microsoft Entra ID based authentication and authorization is now generally available with Azure Cache for Redis. With this Microsoft Entra ID integration, you can connect to your cache instance without an access key and use role-based access control to connect. More info here.

Azure Cosmos DB Integration with Vercel

More info here.

Automated deployments for AKS are now generally available

It simplifies the process of setting up the authorization of a workflow to a repository, more info here.

Public preview: Deployment safeguards mutations in enforcement mode for AKS

More info here.

Kubernetes version 1.30 support in AKS

Kubernetes version 1.30, the latest version of Kubernetes, is now in public preview for AKS. Version 1.30 introduces several enhancements focused on security and orchestration capabilities of the platform.

KEDA in the Azure Portal

You are now able to easily create and monitor your scaled objects all within the Portal interface, and for Azure Service Bus, Portal will handle the deployment and configuration of workload identity. More info here.

Azure Kubernetes Fleet Manager workload orchestration

You can now also set taints to restrict deployment and avoid application scheduling to specific member clusters. For added flexibility you can additionally set tolerations to allow scheduling to clusters with matching taints. More info here and here.

Azure Functions can now run on Azure Container Apps

This is not generally available and you can find more info here.

Azure Functions extension for Dapr

ou can use Dapr’s powerful cloud native building block APIs (e.g. Service Invoke with service discovery & mTLS, PubSub, Bindings, Secrets and Actors) and a large array of ecosystem components in the native and friendly Azure Functions triggers & bindings programming model. The extension is available to run on AKS and ACA services. More info here.

GA Support for gRPC APIs in Azure API Management Self-hosted Gateway

More info here.

Public Preview - Azure Compute Fleet

Need to deploy a large number of VMs with a single API call? This might be of your interest.

General Availability: Azure NetApp Files backup

Azure NetApp Files online snapshots are enhanced with backup of snapshots. With this backup capability, you can offload (vault) your Azure NetApp Files snapshots to a Backup Vault in a fast and cost-effective way, further protecting your data from accidental deletion. More info here.


BigQuery Managed Disaster Recovery

provides managed failover and redundant compute capacity for business critical workloads. It is intended for use in the case of a total region outage and is supported with the BigQuery Enterprise Plus edition only. More info here.

AWS Glue federated datasets

You can now create AWS Glue federated datasets using the the Google Cloud console. More info here.

Identity-Aware Proxy

Identity-Aware Proxy (IAP) now supports Workforce Identity Federation for application access. You can now use your extended workforce identities to access IAP-protected applications without having to sync your identities into Cloud Identity. More info here.

AlloyDB for PostgreSQL

Private Service Connect is now generally available (GA). It let’s you connect to an AlloyDB for PostgreSQL instance from multiple VPC networks belonging to different groups, teams, projects, or organizations.

Apigee X Environment-level flag for SSL enforcement

Apigee customers can specify strict SSL southbound enforcement across an Apigee environment, using the SSLInfo.Enforce flag. More info here.

Apigee Two-way HTTPS health monitor support

Apigee health monitors using can now use all SSL parameters available in the block of their TargetServer configurations when performing health checks. More info here.

Artifact Registry Generic Repositories

Generic repositories store versioned, immutable artifacts that don’t have to adhere to any specific package format in Artifact Registry. You can store and manage arbitrary files such as archives, binaries, and media files with no package specifications or management clients. More info here.

Google Kubernetes Engine

In new Standard clusters running GKE version 1.29 and later, GKE assigns IP addresses for GKE Services from a Google-managed range: by default. With this feature, you don’t need to specify your own IP address range for Services. More info here.

Cloud Billing, Generate a SQL query to BigQuery from your Cloud Billing Reports

More info here.

Cloud KMS with Autokey is now in Preview for Cloud Storage, Compute Engine, BigQuery, and Secret Manager.

Autokey simplifies creating and using customer-managed encryption keys (CMEKs) by automating provisioning and assignment. With Autokey, key rings, keys, and service accounts don’t need to be planned and provisioned before they’re needed. More info here.

Storage Transfer Service

Storage Transfer Service now supports transfers from Amazon S3 over a Google-managed private network. Transfer jobs that select this option pay no AWS egress fees; instead, a flat per-GiB rate is charged by Google Cloud. This allows you to transfer data at a potentially lower overall cost. More info here.

Google Cloud Armor

Cloud Armor now supports regional internal Application Load Balancers in public preview. You can use the regional backend security policy type with this load balancer. More info here.

Bare Metal Solution

You can now order Performance SSD storage for your Bare Metal Solution. For more information and availability in your region. More info here.

Cloud Load Balancing

Global external Application Load Balancers and global external proxy Network Load Balancers can now load balance IPv6 traffic.

Artifact Registry Cleanup Policies

Cleanup policies help you manage artifacts by automatically deleting artifacts that you no longer need, while keeping artifacts that you want to store. Learn more here.

Google Cloud Armor

Cloud Armor supports Layer 7 filtering in globally scoped edge security policies for Media CDN in Preview. More info here.