Aug 18 - 25 | AWS, Azure & GCP Updates

AWS CodeBuild Now Supports macOS Builds

AWS CodeBuild now supports building applications on macOS, utilizing managed Apple M2 instances running macOS 14 Sonoma. This enables building, testing, signing, and distributing Apple system applications, including iOS, iPadOS, watchOS, tvOS, and macOS, with Xcode.

Amazon S3 Update: No Charges for Unauthorized HTTP Error Responses

Amazon S3 has implemented a change where unauthorized requests resulting in certain HTTP error codes, such as 403 (Access Denied), are now free of charge. This applies to requests initiated from outside your AWS account or organization.

Amazon SageMaker Pipelines Introduces Drag-and-Drop UI for ML Workflows

Amazon SageMaker Pipelines now features a drag-and-drop user interface, enabling data scientists and ML engineers to easily create, configure, and deploy AI/ML workflows without writing code.

Amazon S3 Enhances HTTP 403 Access Denied Error Messages with Additional Context

Amazon S3 now provides more detailed context in HTTP 403 Access Denied error messages for requests within the same AWS account. The enhanced error messages include the type of policy that denied access, the reason for denial, and information about the AWS IAM user or role that made the request. This additional context helps you troubleshoot access issues, identify the root cause of errors, and correct access controls by updating relevant policies.

Amazon S3 Introduces Support for Conditional Writes

Amazon S3 now supports conditional writes, allowing you to check for the existence of an object before creating it. This feature helps prevent overwriting existing objects during data uploads and simplifies the process for distributed applications with multiple clients. By using the if-none-match conditional header with PutObject or CompleteMultipartUpload API requests, you can ensure that no existing objects are overwritten, eliminating the need for client-side consensus mechanisms or additional checks. This enhancement improves performance and efficiency for large-scale analytics, distributed machine learning, and other parallelized workloads.

Amazon DocumentDB Global Clusters Introduce Failover and Switchover Capabilities

Amazon DocumentDB now supports two key features for Global Clusters: Global Cluster Failover and Global Cluster Switchover.

• Global Cluster Failover allows you to quickly convert a secondary region into the new primary region in response to unplanned events, such as regional outages, ensuring minimal downtime and maintaining your multi-region configuration.

• Global Cluster Switchover enables you to seamlessly change the primary AWS Region of your global cluster for planned events, such as regulatory compliance or disaster recovery exercises, without disrupting replication or requiring application changes.

Both features enhance the resilience and flexibility of your DocumentDB deployments across up to 6 AWS Regions, supporting disaster recovery and low-latency global reads.

Public Preview: Instance Mix on Virtual Machine Scale Sets

Instance Mix allows you to specify multiple VM sizes within a single Virtual Machine Scale Set (VMSS), providing greater flexibility and cost efficiency. To further optimize deployments, Instance Mix allows you to specify an allocation strategy to optimize price or capacity.

Generally Available: Workspaces in Azure API Management

Workspaces enable organizations to manage APIs more productively, securely, and reliably using a federated approach. By providing isolated administrative access and API runtime, workspaces empower API teams, while allowing the API platform team to retain oversight with central monitoring, enforcement of API policies and compliance, and publishing APIs for discovery through a unified developer portal.

Public Preview: JavaScript (JS) Challenge on Azure WAF integrated with Azure Front Door

Azure Web Application Firewall (WAF) integrated with Azure Front Door now supports JavaScript (JS) challenge. Azure WAF JS challenge is available as a new mitigation action as part of the Bot Manager rule set and custom rules. The JavaScript challenge is an invisible web challenge used to distinguish between legitimate users and bots. Malicious bots fail the challenge, which protects web applications.

Public Preview: Attach and detach of VMs on Virtual Machine Scale Sets for a single fault domain

With attach and detach support for Virtual Machines (VMs), you can easily bring your existing VMs to Virtual Machine Scale Sets (VMSS) with Flexible Orchestration Mode and a fault domain count of 1. After attaching a VM to the VMSS, it’s considered as part of the scale set and benefits from scale set features like autoscale, Instance Repair, Automatic OS Upgrades, and more. Attaching the VM to the VMSS requires no downtime.

Generally Available: Azure NetApp Files storage with cool access for all service levels

With the general availability of cool access feature, your standard service level capacity pools in addition to volumes created in premium and ultra service level capacity pools can transparently store data more cost-effectively on Azure storage accounts based on their access pattern. The cool access feature provides the ability to configure a capacity pool with cool access, that moves cold (infrequently accessed) data transparently to Azure storage account to help reduce the total cost of storage.

Secret Manager Updates: Tag-Based Access Control and GKE Integration

You can now attach tags to secrets in Secret Manager to conditionally grant or deny access based on those tags, a feature currently in Preview. This allows for more granular control over access through IAM roles.

Additionally, the Secret Manager add-on for Google Kubernetes Engine (GKE) is now generally available. This add-on enables you to access secrets stored in Secret Manager as volumes in Kubernetes Pods, supported on both Standard and Autopilot clusters. It is a Google-managed, officially supported version of the open-source Kubernetes Secrets Store CSI driver.

Cloud Functions Renamed to Cloud Run Functions

Cloud Functions has been rebranded as Cloud Run functions. The first-generation Cloud Functions are now referred to as Cloud Run functions (1st gen), while the second-generation Cloud Functions are simply called Cloud Run functions. You can now deploy and modify functions created with the Cloud Functions v2 API within Cloud Run, allowing for greater customization similar to a Cloud Run service.

Pub/Sub Updates: Schema Support and Increased Limits

• BigQuery Subscriptions: BigQuery subscriptions with the use table schema option now support type conversions for DATE, TIME, DATETIME, TIMESTAMP, NUMERIC, and BIGNUMERIC data types, enhancing data flexibility.

• Increased Schema Limit: Pub/Sub has raised the schema definition size limit to 300 KB, allowing for more complex and detailed schema definitions.

• Cloud Storage Integration: Cloud Storage subscriptions now support using the schema of the attached Pub/Sub topic when writing Avro files, improving data consistency and management.

BigQuery Updates: Python Code Completion and Anomaly Detection

• Python Code Completion: Python code completion is now available for all BigQuery projects in Preview. To enable and activate this feature, refer to the setup guide for Gemini in BigQuery.

• Anomaly Detection: BigQuery ML now supports anomaly detection using multivariate time series (ARIMA_PLUS_XREG) models. This feature, now generally available (GA), allows you to detect anomalies in both historical and new data with multiple feature columns.