Monthly Cloudy Updates, August 2024

Table of Contents

Hello World!

First, let me share with you some interesting news and articles I found this last month.

And now, let’s get to the updates!




AWS

Amazon WorkSpaces now offers Microsoft Visual Studio

With this launch, Amazon WorkSpaces adds Microsoft Visual Studio Enterprise 2022 and Microsoft Visual Studio Professional 2022 to the list of available license included applications on WorkSpaces Personal. More info here.

AWS Systems Manager launches API support for Quick Setup

Quick Setup, a capability of AWS Systems Manager, provides an intuitive console experience for configuring frequently used Amazon Web Services features and services with recommended best practices. More info here.

Amazon DataZone achieves PCI DSS Certification

More info here.

Amazon Cognito enhances Advanced Security Features (ASF) to disallow password reuse and stream security events

Amazon Cognito enhances Advanced Security Features (ASF) to address additional enterprise needs. You now have the option to disallow users from reusing previous passwords, helping you address compliance needs. More info here.

Amazon QuickSight now includes nested filters

Amazon QuickSight includes a new advanced filter type: nested filters. Authors can use a nested filter to use one field in a dataset to filter another field in the dataset. More info here.

Delegated administrator for Cost Optimization Hub

You can now designate a member account as the delegated administrator, allowing that account to view cost optimization recommendations in the Cost Optimization Hub with administrator privileges, giving you greater flexibility to identify resource optimization opportunities centrally. more info.

AWS Backup logically air-gapped vault

A new type of AWS Backup vault that allows secure sharing of backups across accounts and organizations, more info here.

Cost Allocation Tags on AWS Transit Gateway

With this capability, administrators can tag their AWS Transit Gateway resource and use AWS cost allocation tags to categorize and allocate costs by team, department or application. More info here.

AWS Batch adds support for cancelling queued jobs

More info here.

Amazon S3 no longer charges for several HTTP error codes

Amazon S3 has completed a change so unauthorized requests that customers did not initiate are free of charge. To see the full list of error codes that are free of charge, visit Billing for Amazon S3 error responses.

Amazon S3 now supports conditional writes

Amazon S3 adds support for conditional writes that can check for the existence of an object before creating it. This capability can help you more easily prevent applications from overwriting any existing objects when uploading data. More info here.

More info here.

AWS Network Firewall introduces GeoIP Filtering to inspect traffic based on geographic location

AWS Network Firewall now supports GeoIP Filtering on ingress and egress Amazon Virtual Private Cloud (VPC) traffic. This new feature makes it easy for customers to block traffic coming from or going to specific countries and meet compliance requirements. More info here.

AWS AppConfig now provides deletion protection for additional guardrails

More info here.

Azure

Azure API Management WordPress plugin enables customers to build highly customizable developer portals

More info here.

Vaulted backup for Azure Blob Storage

More info here.

Azure Container Storage for Ephemeral (Local NVMe/Temp SSD) and Azure Disk

You can now use Azure Container Storage to run production-level stateful container workloads. Azure Container Storage orchestrates the placement and lifecycle of persistent volumes (PV) on your behalf.

Azure Carbon Optimization

Azure Carbon Optimization, now in preview, equips Azure developers and IT professionals with the data and insight to optimize the carbon footprint of their cloud consumption. More info here.

App Configuration references on App Service

With App Configuration, you can centrally manage configuration and feature settings for multiple services in a single configuration store and seamlessly access them through references in your environment variables.

Generally Available: OS SKU in-place migration for AKS

The OS SKU in-place migration feature, now GA, allows you to trigger a node image upgrade between one Linux SKU (i.e. Ubuntu) to another (i.e. Azure Linux) on an existing nodepool.

Generally Available: Dev Containers templates for Azure SQL Database

These templates provide a streamlined and efficient way to set up development environments with all necessary tools and dependencies pre-configured. More info here.

Generally Available: Enforce passwordless authentication with Azure Cache for Redis

For Azure Cache for Redis caches in the Basic, Standard and Premium tiers, you can now disable access key-based authentication and use only Microsoft Entra ID managed identities and service principals.

Public Preview: Customer managed planned failover for Azure Storage

More info here.

Public Preview: JavaScript (JS) Challenge on Azure WAF integrated with Azure Front Door

Azure Web Application Firewall (WAF) integrated with Azure Front Door now supports JavaScript (JS) challenge.

GCP

Identity and Access Management

You can use IAM attributes in custom organization policies to control how your allow policies can be modified.

App Engine standard environment

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned. More info here.

VPC Service Controls feature

VPC Service Controls supports using identity groups and third-party identities (only single identities) in ingress and egress rules to allow access to resources protected by service perimeters. More info here.

BigQuery

Workload management now provides the following benefits:

  • The autoscaler now scales up immediately.
  • The autoscaler now scales more precisely.
  • The autoscaler scales to the nearest multiple of 50 slots, instead of 100.
  • You can now purchase capacity commitments, set baseline slots, and set autoscale max slots in incremental steps of 50 slots.
  • If one minute or more has passed since the most recent increase in capacity, you can now reduce capacity without resetting the one minute minimum. More information here.

Compute Engine

You can use instant snapshots to take in-place disk backups that can be restored to new disks in under a minute. More info here.

Cloud Storage

You can now use parallel downloads with Cloud Storage FUSE to accelerate read performance of large files over 1 GB in size. More info here.

Cloud Load Balancing

Regional external Application Load Balancer, regional internal Application Load Balancer, and cross-region internal Application Load Balancer support mutual TLS (mTLS). More info here.

Secret Manager

Secret Manager add-on for Google Kubernetes Engine (GKE) is now generally available (GA). With the add-on, you can access the secrets stored in Secret Manager as volumes mounted in Kubernetes Pods. More info here.

Cloud Run

You can now configure GPU in your Cloud Run service.

You can now configure traffic routing between Cloud Run, Google Kubernetes Engine, and Google Compute Engine services using Cloud Service Mesh service routing APIs. More info here.