Sep 16 - Sep 22 Updates

Last Week Cloud Platform Updates

September 23, 2024

Sep 16 - Sep 22 | AWS, Azure & GCP Updates

AWS CodeBuild now supports managed GitLab self-hosted runners, enabling GitLab CI/CD jobs to run on CodeBuild's ephemeral hosts. This integration provides native access to AWS features like IAM, Secrets Manager, CloudTrail, and VPC, offering enhanced security and flexibility across all CodeBuild compute platforms, including Lambda, GPU, and Arm-based instances.

AWS announces the general availability of the AWS SDK for Swift, enabling developers to access AWS services natively from Swift applications on Apple platforms, AWS Lambda, and Linux. The SDK supports modern Swift features like structured concurrency, binary data streaming, and automatic retries, providing a seamless experience for Swift developers integrating with AWS.

Amazon S3 Express One Zone now supports server-side encryption using AWS Key Management Service (SSE-KMS) with customer managed keys. This enhancement provides more control over data encryption and security. S3 Bucket Keys are automatically enabled with SSE-KMS in S3 Express One Zone at no additional cost.

AWS Cost Explorer now offers purchase recommendations for Amazon DynamoDB reserved capacity, helping you save up to 77% compared to provisioned capacity pricing. This feature analyzes your usage and suggests optimal reserved capacity options, making it easier to optimize your DynamoDB spend. With this addition, Cost Explorer now provides recommendations for seven reservation models, including EC2, RDS, Redshift, and more.

Amazon Keyspaces now allows you to add columns to existing multi-Region tables. Modify the schema in one replica region, and Keyspaces will automatically replicate the changes across all regions where the table exists. This feature provides greater flexibility to update your data model as your business needs evolve.

Azure Monitor Metrics Export is configurable through Data Collection Rules (DCR), which provides the capability to route Azure resource metrics data to Azure Storage Accounts, Azure Event Hubs and Azure Log Analytics Workspace for 18 resource types and 10 Azure public regions.

Public Preview: Advanced Container Networking Services: Enhancing security and observability in AKS

Advanced Container Networking Service offers advanced security feature, FQDN filtering. FQDN filtering allows you to define granular network policies based on domain names rather than IP addresses. This simplifies policy management, reduces administrative overhead, and ensures consistent policy enforcement across the network. By restricting access to specific domains, FQDN filtering helps prevent unauthorized access and mitigate security risks.

To complement FQDN filtering, the HA DNS proxy ensures uninterrupted DNS resolution. This redundancy enhances the overall reliability and availability of your containerized applications, minimizing downtime and disruptions.

We are excited to announce the GA support to force detach ZRS data disks from a stand-alone Virtual Machine or Virtual machine scale sets residing on a zone impacted by failure. Customers will now be able to detach the ZRS data disks and attach them to another VM, decreasing the RTO. Please note that the feature is NOT supported for ZRS OS disks.

Zone-redundant storage (ZRS) synchronously replicates your Azure managed disk across three Azure availability zones within the region providing 99.9999999999% (12 9's) of durability over a given year. Zone redundant storage (ZRS) option for Azure managed disks is supported on Premium SSDs and Standard SSDs.

Pay-as-you-go pricing is the most convenient way to purchase cloud storage when your workloads are dynamic or changing over time. However, some workloads are more predictable with stable capacity usage over an extended period and can benefit from savings in exchange for a longer-term commitment.

By committing to a one-year or three-year of Azure NetApp Files reserved capacity, you can save up to 34% on sustained usage of Azure NetApp Files. Reserved capacity is available in stackable increments of 100TiB and 1PiB on Standard, Premium and Ultra service levels in a given region. Azure NetApp Files reserved capacity benefits are automatically applied to existing Azure NetApp Files capacity pools in matching region and service level.

Azure NetApp Files reserved capacity not only provides cost savings but also improves the financial predictability and stability, allowing for more effective budgeting. Additional usage is conveniently billed at the regular pay-as-you-go rate.

Generally Available: Access-based enumeration and non-browsable shares for SMB and dual-protocol Azure NetApp Files volumes

In environments with Azure NetApp Files volumes that are shared among multiple departments, projects and users, users can see the existence of other files and folders in directory listings even if they do not have permissions to access those items. Enabling Access-based enumeration (ABE) on Azure NetApp Files volumes ensures users only see those files and folders in directory listings that they have permission to access. If a user does not have Read (or equivalent) permissions for a folder, the Windows client hides the folder from the user’s view.

This new capability provides an additional layer of security by only displaying files and folders a user has access to, and conversely hiding file and folder information a user has no access to. You can now enable ABE on Azure NetApp Files SMB and dual-protocol (with NTFS security style) volumes.

Effective Sept 15th, 2027, we will be retiring the Automated Patching feature and replacing it with Azure Update Manager. This decision was made after careful consideration, and we believe it will lead to a more streamlined and efficient process for managing updates.

While Automated Patching is being deprecated, we’re excited to introduce you to Azure Update Manager. Azure Update Manager is an enterprise class powerful tool that allows you to: 

  1. Centralize Update Management: Azure Update Manager provides a unified dashboard where you can view and manage updates across your entire environment, including virtual machines, on-premises servers, and even hybrid scenarios.

  2. Customize Schedules: With Azure Update Manager, you can create custom update schedules based on your organization’s needs. Whether you prefer weekly, monthly, or specific date-based updates, Azure Update Manager has you covered.

  3. Patch Compliance Reports: Azure Update Manager generates detailed reports on patch compliance, helping you stay informed about the status of updates across your infrastructure.

  • Cloud Logging:

  • Query log data using reserved BigQuery slots in the Log Analytics page.

  • Create and manage log scopes using the Logging API, now in public preview.

  • A new customizable Cloud Observability Overview page provides insights into logs, dashboards, and incidents to help detect issues and view relevant events.

  • Cloud Monitoring:

  • The new Cloud Observability Overview page in the Google Cloud Console offers a centralized view of logs, dashboards, incidents, and signals, helping you monitor and manage resources effectively.

You can now use authorization policies to delegate authorization to Identity-Aware Proxy (IAP) and Identity and Access Management (IAM), currently available in Preview.

  • Cloud SQL for PostgreSQL: You can now switch transaction log storage for point-in-time recovery to Cloud Storage using gcloud or the Cloud SQL Admin API without downtime.

  • Cloud SQL for MySQL: Support for legacy high availability (HA) configurations will be discontinued on January 6, 2025. Upgrade to regional persistent disk HA instances to avoid automatic migration starting May 1, 2025.

Envoy-based Application Load Balancers now support authorization policies, enabling access control checks for incoming traffic.