Monthly Cloudy Updates, June 2024
Table of Contents
Hello World!
First, let me share with you some interesting news and articles I found this month.
Datadog’s “State of Cloud Costs” report is out, and you should check it out.
Want to learn more about queues and you are a visual learner? This excellent post will help you.
This is one of those posts that blows my mind because it is very well written and goes deep into the technical details. How we migrated from AWS to GCP with minimal downtime.
And the last one on my list is A Short IPv6 Guide for Home IPv4 Admins that I’m sure it won’t help home admins only.
And now, to the updates.
AWS
Amazon CloudWatch Logs announces Live Tail streaming CLI support
It is now possible to view, search and filter relevant log events in real-time. More info here.
Amazon Timestream for LiveAnalytics now an Amazon EventBridge Pipes target
This simplifies the ingestion of time-series data from sources such as Amazon Kinesis, Amazon DynamoDB, Amazon SQS, and more. More info here.
Amazon API Gateway integration timeout limit increase beyond 29 seconds
You can raise the integration timeout to greater than 29 seconds for Regional REST APIs and private REST APIs, but this might require a reduction in your account-level throttle quota limit. With this launch, customers with workloads requiring longer timeouts, such as Generative AI use cases with Large Language Models (LLMs), can leverage API Gateway.
Introducing Amazon EMR Serverless Streaming jobs for continuous processing on streaming data
AWS has announced a new streaming job mode on Amazon EMR Serverless, enabling you to continuously analyze and process streaming data. This is generally available on EMR release versions 7.1.0 and later. More info here.
AWS IoT Device Management adds a unified connectivity metrics monitoring dashboard
With this launch, you can now select and view a range of connectivity metrics sourced from AWS IoT Core and AWS IoT Device Management on a single page. More info here.
Amazon FSx for Lustre increases maximum metadata IOPS by 15x
More info here.
Amazon Data Firehose now supports integration with AWS Secrets Manager
Amazon Data Firehose (Firehose) now supports integration with AWS Secrets Manager (Secrets Manager) to configure secrets such as database credentials or keys to connect to streaming destinations such as Amazon Redshift, Snowflake, Splunk, and HTTP endpoints. More info here.
Amazon CloudWatch announces AI-Powered natural language query generation
Natural language query generation powered by generative AI for Logs Insights and Metrics Insights is now available. This feature enables you to quickly generate queries in context of your logs and metrics data using plain language. More info here.
Amazon ECS on AWS Fargate now allows you to encrypt ephemeral storage with customer-managed KMS keys
Amazon ECS and AWS Fargate now allow you to use customer managed keys in AWS Key Management Service (KMS) to encrypt data stored in Fargate task ephemeral storage. Ephemeral storage for tasks running on Fargate platform version 1.4.0 or higher is encrypted with AWS owned keys by default. More info here.
AWS IAM Access Analyzer now offers recommendations to refine unused access
More information here.
Detect malware in new object uploads to Amazon S3 with Amazon GuardDuty
More info here.
Amazon DataZone achieves SOC, ISO, and CSTAR certifications
More info here.
AWS Compute Optimizer supports rightsizing recommendations for Amazon RDS MySQL and RDS PostgreSQL
More info here.
AWS Billing and Cost Management now provides Data Exports for FOCUS 1.0 (Preview)
With Data Exports for FOCUS 1.0, customers receive their costs in four standardized columns, ListCost, ContractedCost, BilledCost, and EffectiveCost. It provides a consistent treatment of discounts and amortization of Savings Plans and Reserved Instances. The standardized schema of FOCUS ensures each type of billing data appears in a consistent column with a common set of values, so data can be reliably referenced across sources. More info here.
Azure
Log search alert rules using linked storage will require using a managed identity staring July 2024
Starting July 2024, alert rules using linked storage will require a managed identity to access the linked storage. This requirement will be enforced on alert rules created with API version 2023-12-01 or newer. Creating or updating linked storage rules using an older API version will be blocked. More info here.
Azure Monitor OpenTelemetry-based Distro adds Live Metrics
Live Metrics is a production-grade capability within Azure Monitor application insights that enables you to see telemetry flowing off your application with one-second latency. For example, you may use Live Metrics as you deploy updates to production to see real-time key metrics (e.g. failure rate change). More info here.
Azure Virtual Network Manager mesh and direct connectivity
This feature allows a group of virtual networks to directly communicate with each other without an additional hop, thus improving the latency and management overhead of connectivity of each virtual network. More info here.
Azure support plan offer being discontinued on June 30, 2024
The existing Azure Support offer is being discontinued on June 30, 2024. Beginning July 1, 2024, all customers who do not already have a paid support plan (Microsoft Unified, ProDirect support, etc.) will need to purchase a support plan if they wish to maintain technical support coverage.
Azure Cosmos DB continuous backup for accounts using Azure Synapse Link
Continuous backup is now in public preview for Azure Cosmos DB accounts using Azure Synapse Link. Migrate to continuous backup to optimize costs and unlock point-in-time restores. More info here.
Run load tests in debug mode on Azure Load Testing
Azure Load Testing now supports running low scale test runs in Debug mode enabling better debuggability with enhanced logging.
Run Azure Load Testing on Azure Functions
You can now create and run load tests directly from Azure Functions in Azure portal.
Public Preview: Force detach zone redundant data disks during zone outage
Support to force detach ZRS data disks from a VM residing on a zone impacted by failure is now in public preview. Customers will now be able to detach the ZRS data disks and attach them to another VM, decreasing the RTO.
Azure Log Alerts support for Azure Data Explorer
Until now, log alert rules have supported running queries on Log Analytics and Application Insights data. Azure is now introducing support for running queries also on Azure Data Explorer (ADX) tables. More info here.
Windows Server 2025 now available in Public Preview
More info here.
Online migration in migration service Azure Database for PostgreSQL
This feature empowers you to migrate your PostgreSQL databases to Azure seamlessly and with minimal downtime.
Public Preview: Geo-Replication for Azure Service Bus Premium
This feature ensures that the metadata and data of a namespace are continuously replicated from a primary region to a secondary region. Moreover, this feature allows promoting a secondary region at any time. More info here.
Cluster operation status for AKS
With this feature, you can get a snapshot of progress for your long standing operations such as upgrade, scale, create and more.
Kube-egress-gateway for Kubernetes
The kube-egress-gateway components run within Kubernetes clusters—whether managed (Azure Kubernetes Service, AKS) or unmanaged—and use one or more dedicated Kubernetes nodes as pod egress gateways, routing pod outbound traffic through a WireGuard tunnel. More info here.
az command invoke in AKS
AKS run command allows users to remotely invoke commands in an AKS cluster through the AKS API. For example, this feature introduces a new API that supports executing just-in-time commands from a remote laptop for a private cluster.
Public Preview: Cisco Firepower Threat Defense (FTD) integration with Virtual WAN
This solution is jointly managed by Microsoft Azure and Cisco. Customers can deploy Cisco FTD into a Virtual WAN hub that performs Next-Generation Firewall capabilities. More info here.
Azure cross-subscription Load Balancer
Cross-subscription load balancing enables the load balancers components to be located in different subscriptions. For example, the frontend IP address or the backend instances could be located in a different subscription from the one that the load balancer belongs to.
JavaScript (JS) challenge on Azure WAF integrated with Azure Application Gateway
Azure Web Application Firewall (WAF) integrated with Azure Application Gateway now supports JavaScript (JS) challenge. Azure WAF JS challenge is available as a new mitigation action as part of the Bot Manager rule set and custom rules. More info here.
Public Preview: Continuous Performance Diagnostics for Windows VMs to enhance VM troubleshooting
This new feature enhances the existing on-demand Performance Diagnostics for an Azure VM, offering continuous, actionable insights into high resource usage. Data is collected every 5 seconds and updates are uploaded every 5 minutes to your preferred storage account. More info here.
GCP
Virtual Private Cloud
Bring your own IP for IPv6 addresses is available in General Availability.
Support for IPv6 static routes with a next hop instance identified by address next-hop-address
is available in Preview.
VPC Flow Logs includes internet routing details for egress flows. For more information, see InternetRoutingDetails field format.
Private Service Connect port mapping is available in Preview. Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint.
Private Service Connect propagated connections are available in Preview. With propagated connections, services that are accessible in one consumer VPC spoke through Private Service Connect endpoints can be privately accessed by other consumer VPC spokes that are connected to the same Network Connectivity Center hub.
Security Command Center
The Vulnerability Assessment for AWS service, a built-in service of the Enterprise tier of Security Command Center, is released to General Availability.
Cloud Infrastructure Entitlement Management (CIEM) for Amazon Web Services (AWS) and other identity providers on Google Cloud, such as Entra ID (Azure AD) and Okta, is now in preview. More info here.
Cloud Load Balancing
IPv6 BYOIP addresses can be used with external passthrough Network Load Balancers.
You can now access backend services residing in different projects than the external or internal Application Load Balancers with cross-project service referencing. More info here.
Resource Manager
Cloud Data Fusion supports annotating resources with tags in Preview. For more information, see the Services that support tags.
Media CDN
By default, Media CDN proxies only GET, HEAD, and OPTIONS methods to your origin and filters out the methods that can modify your origin. In Preview, you can override this default behavior for a specific route rule by specifying other supported methods that you would like proxied to your origin. More info here.
Compute Engine
You can now order and request quota for X4 bare metal instances. You create bare metal instances using a new predefined machine type for the X4 memory-optimized machine series. X4 instances can be used to host the largest production SAP HANA databases. More info here.
Generally available: You can now use the Require OS Config organization policy constraint to automatically enable VM Manager for all new VMs in your organization, folder, or project. For more information, see Enable VM Manager using an organization policy.
Cloud Billing
You can now view granular cost data for more Google Cloud services, some of these services are: Cloud Logging log bucket, Managed Microsoft Active Directory, Dataproc Metastore, Cloud Deploy and Cloud Data Fusion. More info here.
BigQuery
Analytics Hub data egress controls are now generally available (GA). Publishers can now enforce egress restrictions on Analytics Hub listings to prevent subscribers from copying or exporting the shared data.
The slot recommender for editions analyzes historical usage data to recommend optimal capacity purchasing for edition and on-demand workloads. This feature is generally available (GA).
Cloud Monitoring
You can now pin your event type selections for custom dashboards. Pinning saves your selections to the dashboard configuration, so they are applied when you reopen the dashboard. More info here.
Identity and Access Management
You can use principal access boundary policies to limit the resources that a principal is eligible to access. This feature is available in Preview.
Memorystore for Redis Cluster
Added support for single-zone instances (Preview). Also removed network billing charge for Consumer Data Processing for same-zone traffic. For more details about same-zone (intra-zone) traffic billing, see Network pricing. More info here.
Secret Manager
Delayed destruction of secret versions is now generally available (GA). You can set up a duration for delayed destruction at the time of creating or updating a secret.
Cloud Domains
If your domain expired within the past 30 days, you can renew it using the Google Cloud CLI or the Cloud Domains API. More info here.
Cloud Storage
Hierarchical namespace for Cloud Storage buckets is now available in Preview. With hierarchical namespace, you can store your data in a logical file system structure.
Cloud Storage FUSE now offers list caching, which is a cache for directory and file list, or ls, responses that improves list operation speeds. To learn more about list caching and how to enable it, see the Cloud Storage FUSE caching overview page.