Monthly Cloudy Updates, August 2024
Table of Contents
Hello World!
First, let me share with you some interesting news and articles I found this last month.
AWS and Multicloud: Existing capabilities & continued enhancements.
Why Cutting Costs is Expensive: How $9/Hour Software Engineers Cost Boeing Billions.
Mergers and Acquisitions: Achieving Cloud Cost Synergies.
CloudFront WAF bypass resulted in a 9k bill.
AI to go nuclear? Datacenter deals say it’s inevitable.
And now, let’s get to the updates!
AWS
Amazon WorkSpaces now offers Microsoft Visual Studio
With this launch, Amazon WorkSpaces adds Microsoft Visual Studio Enterprise 2022 and Microsoft Visual Studio Professional 2022 to the list of available license included applications on WorkSpaces Personal. More info here.
AWS Systems Manager launches API support for Quick Setup
Quick Setup, a capability of AWS Systems Manager, provides an intuitive console experience for configuring frequently used Amazon Web Services features and services with recommended best practices. More info here.
Amazon DataZone achieves PCI DSS Certification
More info here.
Amazon Cognito enhances Advanced Security Features (ASF) to disallow password reuse and stream security events
Amazon Cognito enhances Advanced Security Features (ASF) to address additional enterprise needs. You now have the option to disallow users from reusing previous passwords, helping you address compliance needs. More info here.
Amazon QuickSight now includes nested filters
Amazon QuickSight includes a new advanced filter type: nested filters. Authors can use a nested filter to use one field in a dataset to filter another field in the dataset. More info here.
Delegated administrator for Cost Optimization Hub
You can now designate a member account as the delegated administrator, allowing that account to view cost optimization recommendations in the Cost Optimization Hub with administrator privileges, giving you greater flexibility to identify resource optimization opportunities centrally. more info.
AWS Backup logically air-gapped vault
A new type of AWS Backup vault that allows secure sharing of backups across accounts and organizations, more info here.
Cost Allocation Tags on AWS Transit Gateway
With this capability, administrators can tag their AWS Transit Gateway resource and use AWS cost allocation tags to categorize and allocate costs by team, department or application. More info here.
AWS Batch adds support for cancelling queued jobs
More info here.
Amazon S3 no longer charges for several HTTP error codes
Amazon S3 has completed a change so unauthorized requests that customers did not initiate are free of charge. To see the full list of error codes that are free of charge, visit Billing for Amazon S3 error responses.
Amazon S3 now supports conditional writes
Amazon S3 adds support for conditional writes that can check for the existence of an object before creating it. This capability can help you more easily prevent applications from overwriting any existing objects when uploading data. More info here.
AWS Identity and Access Management now supports AWS PrivateLink in all commercial regions
More info here.
AWS Network Firewall introduces GeoIP Filtering to inspect traffic based on geographic location
AWS Network Firewall now supports GeoIP Filtering on ingress and egress Amazon Virtual Private Cloud (VPC) traffic. This new feature makes it easy for customers to block traffic coming from or going to specific countries and meet compliance requirements. More info here.
AWS AppConfig now provides deletion protection for additional guardrails
More info here.
Azure
Azure API Management WordPress plugin enables customers to build highly customizable developer portals
More info here.
Vaulted backup for Azure Blob Storage
More info here.
Azure Container Storage for Ephemeral (Local NVMe/Temp SSD) and Azure Disk
You can now use Azure Container Storage to run production-level stateful container workloads. Azure Container Storage orchestrates the placement and lifecycle of persistent volumes (PV) on your behalf.
Azure Carbon Optimization
Azure Carbon Optimization, now in preview, equips Azure developers and IT professionals with the data and insight to optimize the carbon footprint of their cloud consumption. More info here.
App Configuration references on App Service
With App Configuration, you can centrally manage configuration and feature settings for multiple services in a single configuration store and seamlessly access them through references in your environment variables.
Generally Available: OS SKU in-place migration for AKS
The OS SKU in-place migration feature, now GA, allows you to trigger a node image upgrade between one Linux SKU (i.e. Ubuntu) to another (i.e. Azure Linux) on an existing nodepool.
Generally Available: Dev Containers templates for Azure SQL Database
These templates provide a streamlined and efficient way to set up development environments with all necessary tools and dependencies pre-configured. More info here.
Generally Available: Enforce passwordless authentication with Azure Cache for Redis
For Azure Cache for Redis caches in the Basic, Standard and Premium tiers, you can now disable access key-based authentication and use only Microsoft Entra ID managed identities and service principals.
Public Preview: Customer managed planned failover for Azure Storage
More info here.
Public Preview: JavaScript (JS) Challenge on Azure WAF integrated with Azure Front Door
Azure Web Application Firewall (WAF) integrated with Azure Front Door now supports JavaScript (JS) challenge.
GCP
Identity and Access Management
You can use IAM attributes in custom organization policies to control how your allow policies can be modified.
App Engine standard environment
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned. More info here.
VPC Service Controls feature
VPC Service Controls supports using identity groups and third-party identities (only single identities) in ingress and egress rules to allow access to resources protected by service perimeters. More info here.
BigQuery
Workload management now provides the following benefits:
- The autoscaler now scales up immediately.
- The autoscaler now scales more precisely.
- The autoscaler scales to the nearest multiple of 50 slots, instead of 100.
- You can now purchase capacity commitments, set baseline slots, and set autoscale max slots in incremental steps of 50 slots.
- If one minute or more has passed since the most recent increase in capacity, you can now reduce capacity without resetting the one minute minimum. More information here.
Compute Engine
You can use instant snapshots to take in-place disk backups that can be restored to new disks in under a minute. More info here.
Cloud Storage
You can now use parallel downloads with Cloud Storage FUSE to accelerate read performance of large files over 1 GB in size. More info here.
Cloud Load Balancing
Regional external Application Load Balancer, regional internal Application Load Balancer, and cross-region internal Application Load Balancer support mutual TLS (mTLS). More info here.
Secret Manager
Secret Manager add-on for Google Kubernetes Engine (GKE) is now generally available (GA). With the add-on, you can access the secrets stored in Secret Manager as volumes mounted in Kubernetes Pods. More info here.
Cloud Run
You can now configure GPU in your Cloud Run service.
You can now configure traffic routing between Cloud Run, Google Kubernetes Engine, and Google Compute Engine services using Cloud Service Mesh service routing APIs. More info here.