- cloudengineer.ing
- Posts
- Sep 23 - Sep 29 Updates
Sep 23 - Sep 29 Updates
Last Week Cloud Platform Updates
Sep 23 - Sep 29 | AWS, Azure & GCP Updates
Amazon EC2 Instance Connect now supports IPv6, enabling customers to securely connect to their instances using SSH over both IPv6 and IPv4. This update allows for seamless IPv6 connectivity with a single click or command. Additionally, customers can use prefix lists to manage security group rules for SSH traffic.
Amazon EKS and Amazon EKS Distro now support Kubernetes version 1.31, offering new features and bug fixes. You can create new EKS clusters or upgrade existing ones to version 1.31 using the EKS console, eksctl, or infrastructure-as-code tools.
Amazon SageMaker Studio now supports automatic shutdown of idle applications, helping users control costs by avoiding charges for inactive instances. Administrators can configure idle shutdown time for JupyterLab and CodeEditor applications using SageMaker Distribution image version 2.0 or newer. Settings can be applied at the SageMaker domain or user profile level, with the option for users to adjust idle shutdown time based on their needs. The system automatically detects inactivity and shuts down applications after the specified period.
Amazon Kinesis Data Streams now supports Attribute-Based Access Control (ABAC), allowing customers to define fine-grained access permissions using stream tags. This enables scalable, tag-based authorization for Kinesis Data Streams, simplifying access management without needing policy updates for changes to users or projects. IAM policies can now allow or deny Kinesis Data Streams API actions based on matching tags between IAM principals and data streams. You can manage stream tags via the Amazon APIs, CLI, or AWS Management Console.
Amazon SageMaker with MLflow now supports AWS PrivateLink, allowing secure, private data transfer from your VPC to MLflow Tracking Servers. This ensures that sensitive information remains within the AWS network, avoiding exposure to the public internet. MLflow, a tool for tracking and managing ML and GenAI experiments, can be easily set up in SageMaker Studio. By using AWS PrivateLink, communication between your VPC and MLflow Tracking Servers stays secure and private. To get started, create a VPC Endpoint and connect it to the experiments service via the AWS Console or CLI.
Amazon Managed Grafana now supports silences for Grafana alerts, allowing you to temporarily suppress alert notifications without disabling the underlying alert rules. Silences can be applied based on alert labels or directly to specific Grafana alert rules, helping reduce alert fatigue during maintenance, operational events, or known issues. This feature enables more controlled and efficient alert management.
Azure Functions now supports .NET 9 preview 7 for applications using the isolated worker model and running on Linux plans.
To use .NET 9, Functions projects can adjust their target framework and update their references of Microsoft.Azure.Functions.Worker and Microsoft.Azure.Functions.Worker.Sdk to version 2.0.0-preview1 or later. .NET 9 projects can be deployed to apps on Linux plans. These apps need to be configured to support .NET 9.
With virtual machines node pools, Azure Kubernetes Service directly manages the provisioning and bootstrapping of every single node. Typically, when deploying a workload onto Azure Kubernetes Service (AKS), each node pool can only contain one virtual machine (VM) type or SKU. Virtual Machines node pools allow the capability to add multiple VM SKUs of a similar family to a single node pool. Virtual Machines node pools allow you to specify a family of SKUs for a node pool without the need to maintain one node pool per SKU type, reducing the node pool footprint.
Thanks to your feedback, Azure Cosmos DB now provides dynamic scaling to help you optimize costs for nonuniform, large-scale workloads. By default, Azure Cosmos DB autoscale scales your workloads uniformly based on the most active region and partition. This behavior can cause unnecessary scale-ups if only one or few your partitions are active. The new dynamic scaling behavior enables your workload partitions and regions to scale independently based on usage—improving cost efficiency with zero downtime or performance impact.
Application Gateway for Containers is introducing support for gRPC and frontend mutual authentication (mTLS).
Frontend mutual authentication (mTLS) brings feature parity to Application Gateway for Containers, for customers using Application Gateway Ingress Controller. This enhancement increases security by ensuring only specific clients are authenticated before their requests are proxied to a backend service. Combined with the previously released backend mutual authentication, this update unlocks end-to-end mutual authentication.
Additionally, Application Gateway for Containers now supports gRPC. With gRPC, four new communication methods between the client and Application Gateway for Containers are enabled: unary, client streaming, server streaming, and bidirectional streaming capabilities.
We're excited to announce that reservations are now available for Azure Database for PostgreSQL – Flexible Server V5 instances (both Intel and AMD). By reserving compute resources, you can save significantly compared to pay-as-you-go pricing. With Azure Database for PostgreSQL – Flexible Server reserved capacity, you can commit to a one-year or three-year term, receiving a substantial discount on compute costs—up to 65%.
Reserved instances provide greater control over your budget, allowing you to better manage workloads and forecast costs with upfront payments. You also have the flexibility to exchange or cancel reservations as your business requirements change.
You can now use the online migration option to migrate from Azure Database for PostgreSQL –Single Server to Flexible Server. Online migration is the ideal choice when you have large databases and require limited application downtime.
In online migration, applications connecting to your source instance aren't stopped while databases are copied to a flexible server. The initial copy of the databases is followed by replication to keep the flexible server in sync with the source instance. A cutover is performed when the flexible server completely syncs with the source instance, resulting in very minimal downtime to applications.
Cloud KMS with Autokey is now generally available for Cloud Storage, Compute Engine, BigQuery, Secret Manager, Cloud SQL, and Spanner. Autokey automates the creation and assignment of customer-managed encryption keys (CMEKs), generating keys on demand as resources are created, eliminating the need for pre-provisioned key rings and service accounts. This simplifies compliance with data security best practices, including HSM protection, key rotation, and separation of duties. Autokey-generated keys function identically to other Cloud HSM keys.
Private Service Connect now supports IPv6, allowing:
Service consumers to access published services via Private Service Connect endpoints with IPv6 addresses.
Service producers using supported load balancers to publish services through service attachments with IPv6 addresses.
This feature enhances connectivity and scalability for IPv6-enabled services.
The FinOps hub now provides recommendations to modify or delete underutilized Compute Engine reservations. If you've consumed less than your specified threshold of resources for at least 7 days, you will receive suggestions to optimize or remove those reservations, helping you avoid unnecessary costs.
Cloud Storage now supports cross-bucket replication, allowing you to asynchronously copy new and updated objects from a source bucket to a destination bucket. This feature helps ensure data redundancy and synchronization across buckets.