Nov 18 - Nov 24 Updates

Last Week Cloud Platform Updates

November 25, 2024

Nov 18 - Nov 24 | AWS, Azure & GCP Updates

Amazon S3 Express One Zone now supports S3 Lifecycle expirations, allowing users to automatically expire objects based on age, optimizing storage costs. Configure rules for entire buckets or specific subsets, with monitoring and auditing available through AWS CloudTrail.

AWS Compute Optimizer now provides idle resource recommendations, helping identify unused EC2 instances, Auto Scaling groups, EBS volumes, ECS services on Fargate, and RDS instances. By analyzing 14 days of usage, it highlights cost-saving opportunities by suggesting resources to stop or delete. View these insights across accounts in the Cost Optimization Hub for comprehensive savings potential.

AWS announces Virtual Private Cloud (VPC) Block Public Access (BPA), a centralized control to block Internet traffic for VPCs, ensuring compliance with organizational security policies. BPA supersedes all other settings, preventing unintended public exposure. Administrators can apply BPA across all or select VPCs, control ingress and egress traffic, and exclude specific subnets. Integrated with AWS Network Access Analyzer and VPC Flow Logs, BPA enhances visibility, supports impact analysis, and aids in meeting audit and compliance requirements.

Amazon EKS now integrates EKS add-ons with EKS Pod Identity, streamlining IAM permission management for cluster operational software requiring access to AWS services. Administrators can manage Pod Identities directly via the EKS console, CLI, API, eksctl, or AWS CloudFormation, simplifying lifecycle management for EKS add-ons.

Amazon ECS now lets you configure software version consistency for specific containers in your services. By default, ECS resolves container image tags to digests for consistent task deployments. With the new versionConsistency attribute, you can disable this for select containers (e.g., telemetry sidecars) to use mutable tags like "LATEST." Changes apply when redeploying services with updated task definitions.

We are excited to announce the general availability of Kubernetes Metadata and Logs Filtering in Azure Monitor – Container Insights! This enhancement adds Kubernetes metadata to the ContainerLogsV2 schema, including PodLabels, PodAnnotations, PodUid, Image, ImageID, ImageRepo, and ImageTag. Users can customize metadata fields via ConfigMap, and all fields are collected by default. The new Logs Filtering feature allows for precise filtering of both workload and system pods/containers.

Generally Available: Enhancements on Azure Container Storage for performance, scalability, and operational insights

We are excited to unveil key advancements in Azure Container Storage, our purpose-built storage solution for stateful containers on Azure Kubernetes Service (AKS). These updates bring increased performance and improved reliability to support even the most demanding containerized applications. 

We have optimized ephemeral disk performance to improve read and write IOPS. These enhancements include updates to local NVMe performance both with and without replication

You can now use Managed Service Identity to authenticate the Azure Storage extension in Azure Database for PostgreSQL – Flexible Server against Azure Blob Storage accounts. The Azure Storage extension enables interactions with Azure Blob Storage accounts from within Azure Database for PostgreSQL - Flexible Server. The extension supports both reading from and writing to Azure Blob Storage accounts, including the built-in COPY command of PostgreSQL.  

With this change, you no longer need to store access keys and shared access signature (SAS) tokens within your database. 

Check out the new Azure Cosmos DB Emulator for Mac developers and give us your feedback. The emulator supports Mac ARM64 and x86 architectures and is optimized for Linux-based continuous improvement and continuous deployment (CI/CD) systems—giving you a great development experience with faster startup times. This preview release includes a select subset of Azure Cosmos DB features.

Azure DNS now supports DNSSEC (Domain Name System Security Extensions) in our azure public cloud, a significant enhancement to our DNS services. This new feature provides an additional layer of security to your domain names, ensuring the integrity and authenticity of your DNS data. API, CLI and PowerShell is available today, with portal being deployed over the next 2 weeks. For more information, please refer to our Azure DNSSEC documentation.

We’re excited to announce a new VS Code extension for Azure Cosmos DB. Now you can connect, query, and manage your Azure Cosmos DB resources directly within VS Code, streamlining your workflow.

We’re excited to announce the general availability (GA) of Vaulted Backup support in Azure Backup for Azure Kubernetes Service (AKS). This new feature helps organizations meet compliance requirements, enhance operational resilience, and protect cloud-native applications from regional disasters.

Google Cloud's Active Assist offering recommendations and insights to improve database reliability. This feature helps identify potential issues and provides actionable steps to optimize and maintain the health of your databases.

Enhancements include advanced disaster recovery (GA), write endpoints (Preview), IAM-based authentication, and near-zero downtime for cache changes and compute scale downs. Updates also feature AlloyDB cluster setup from PostgreSQL backups and the pgvector extension upgrade to version 0.8.0.

Cross-region and regional internal Application Load Balancers now allow you to configure mirrored backend services to receive only a specified percentage of requests using the mirrorPercent flag, enabling more granular traffic management.

Artifact Registry now allows you to enable or disable vulnerability scanning on individual repositories, offering more precise control to manage scanning costs and reduce noise in vulnerability reports.