207: AWS Puts Up a New VPC Lattice to Ease the Growth of Your Connectivity

AWS Puts Up a New VPC Lattice to Ease the Growth of Your Connectivity

AKA Welcome to April (how is it April already?) This week, Justin, Jonathan, and Matt are your guides through all the latest and greatest in Cloud news; including VPC Lattice from AWS, the one and only time we’ll talk about Service Catalog, and an ultra premium DDoS experience. All this week on The Cloud Pod. 

This week’s alternate title(s):

• AWS Finally makes service catalogs good with Terraform
• Amazon continues to believe retailers with supply chain will give all their data to them
• Azure copies your data from S3… AWS copies your data from Azure Blobs… or how I set money on fire with data egress charges

News this Week:

AWS

@00:56 -  Lots from AWS – Terraform and Service Catalog, Supply Chain and its crazy pricing, and VPC Lattice  -Self-service provisioning of Terraform open source configured with AWS Service Catalog. This means you can define your service catalog resources with either cloud formation *or* Terraform. And yes, Service Catalog inception is potentially a viable thing.  Matt: “It’s useful when you want to give people who don’t know what they’re doing very specific things; if you’re in a large organization, really just defining exactly what people can do…but to me it really starts to remove a lot of the innovation… but if you really want your teams to leverage the cloud and innovate I feel like it does start to limit some of the different aspects of the cloud.” Justin: “Don’t drink the ITSM kool-aid on Service Catalog.” @ 04:32 - AWS Supply Chain is now generally available; and yes, this is the same Supply Chain that was introduced at re:Invent. AWS says it will help mitigate risks, lower costs, increase visibility and help give actual insights on the supply chain. -Honestly, we’re talking about Supply Chain because the pricing is all over the place. For example, the first 100,000 Supply Chain insights are .40/each; the next 900,000 are .13/each, and over 900,000 its .065/each.  @ 09:26 - VPC Lattice is finally here! Also announced at re:Invent, this gives you the ability to connect, secure, & monitor communications between services. It also gives the ability to refine policies for both traffic management and network access.  -Since the announcement, a few new capabilities have been added, including the ability to use custom domains, deploy open source AWS gateway API controllers to use Lattice with a Kubernetes-native experience, as well as giving the ability to configure SSL/TLS certificates when using HTTPS that matches the custom domain.  You can also:

• use the Kubernetes gateway API to connect services across multiple clusters
• use an ALB or an NLB as a target for service
• support IPv6 connectivity with IP address target type
• -be confused by pricing

Justin: “Their examples of Lattice pricing hurts my brain just a little bit.” @ 13:36 - Guard Duty now supports Amazon EKS Runtime monitoring, which lets you detect Runtime threats from over 30 security findings via an EKS add on, which gives increased visibility on individual container Runtime activity. Guard Duty can tell you which potential containers are compromised, and it can be combined with audit logs. It’s kind of nice to see AWS growing the Guard Duty platform. @ 18:40 - AWS Data Sync now supports copying data from Azure Blob in a moment of “us too” when compared to Blob’s data sync.  Justin: “Now you can set up a really cool loop, where you can have your AWS data sync take your Blob data and then your Blob sync take the data back from S3 and that’s how you can burn a lot of money really quickly.”

GCP 

@20:23 - Nothing of interest from GCP this week, just like last week. They had two things in their “what's new this week” but neither of those things were really new. One of them centered around the Looker Modeler for BI metrics. So that happened. 

Azure 

@ 21:24 - Announcing! Firewall enhancements for Azure! Now you have the ability to troubleshoot network performance and traffic visibility. The announcement included enhancements to logging and metrics, and offered a preview of three new tools for network administrators, including latency probe metrics, a flow trace log, and the unfortunately named fat flows (or top flows) log. It’s fine if you want to prove it’s not your firewall causing the problems, but otherwise, is it too much to ask for this all to just *work*?  Justin: “Of course Azure firewall is a cloud native firewall, so I don't want any of those things; just provide those to me in a dashboard or a security tool that would tell me these things are broken…instead you’re going to charge me a bunch of money for those other three tools, so thanks for that… but I prefer not worrying about this in my cloud.” Jonathan: “I like the visibility, but I don’t want to have to worry about this stuff.” @ 24:44 - DDos IP protection is entering general availability  - a whole new skew on DDoS protection! This is geared towards small businesses, although the guys agree that you must be a REALLY small business to make this make sense monetarily, since Rapid Response Support, cost protection, and Azure Firewall Manager, and AWAF discounts are all missing from the base package. As a group, we’re just really looking forward to that ultra-premium DDos experience from Azure. 

Oracle 

• No Oracle news today. Not even any mud slinging. 

Continuing our Cloud Journey Series Talks

• We WERE going to talk about Kubernetes, because let’s be real. Who *isn’t* talking about Kubernetes. But Ryan decided he didn’t want to get out of bed this week, so we’re skipping our Cloud Journey series for this week, until he can rejoin us. 

Spotted on the Horizon

• Next week on the podcast we’re hopeful Ryan will grace us with his presence. Then we’ll get back into our Cloud Journey series.

News That Didn’t Make the Main Show

AWS

• Amazon Kendra releases Microsoft OneDrive Connector 
• Announcing general availability for macOS Support on Amplify Library for Swift
• Amazon Athena adds view support for external data sources
• AWS Migration Hub now supports High Availability SAP HANA systems
• Amazon SageMaker Feature Store now supports hard deletion in online store
• AWS Service Catalog announces support for Terraform open source
• Announcing Utilization Notifications for EC2 On-Demand Capacity Reservations
• AWS Billing Conductor pricing change
• Amazon Textract announces Bulk Document Uploader to test Textract on multiple documents 
• Amazon MWAA now supports Shell Launch Scripts
• Announcing policies validations during synthesis time with AWS Cloud Development Kit (CDK)
•  Import data from 45+ sources for no-code ML with Amazon SageMaker Canvas
• The sixth generation of Amazon EC2 instances powered by AMD processors now support faster Amazon EBS-optimized instance performance
• Amazon ElastiCache for Redis simplifies creating new clusters in the AWS Management Console
•  Amazon SWF now supports AWS PrivateLink
• AWS Trusted Advisor now includes fault tolerance checks for Amazon ECS
• Amazon Textract announces updates to the AnalyzeDocument - Tables feature
• AWS License Manager now offers improved license visibility and distribution across your organization
• Amazon Simple Email Service now detects gaps in BIMI configuration
• Amazon Simple Email Service now supports delivery and engagement graphs
• AWS Cloud Map enables service editing in AWS Console
• Console Toolbar is now generally available for AWS CloudShell
• AWS Glue Studio visual ETL adds 10 new visual transforms
• AWS Blu Insights enhances user access with single sign-on
• AWS Site-to-Site VPN adds support for better visibility and control of VPN tunnel maintenance updates
• Amazon GuardDuty now monitors runtime activity from containers running on Amazon EKS
• Amazon Kendra launches Featured Results
• AWS Compute Optimizer now supports HDD and io2 Block Express EBS volume types    
• Amazon SageMaker Canvas now supports NLP and CV use cases
• EC2 Image Builder adds real-time build tracking and improves build speeds for image pipelines
• AWS Compute Optimizer now supports EC2 instances with non-consecutive utilization data
• Amazon DevOps Guru for RDS supports RDS for PostgreSQL
• AWS Network Firewall announces support for ingress TLS inspection
• AWS Chatbot now supports search of AWS resources and AWS content
• AWS Compute Optimizer now supports 61 new EC2 instance types
• AWS Well-Architected Tool Announces Consolidated Report and Enhanced Search functionality
• Announcing the ACK Controllers for Amazon EventBridge and Pipes    
• AWS Batch now supports user-defined pod labels on Amazon EKS
• Amazon SNS launches the Extended Client Library for Python to support payloads up to 2GB 
• AWS Elastic Disaster Recovery supports automated replication of new disks
• Amazon RDS Custom now supports new General Purpose gp3 storage volumes
•  Amazon Omics now enables batch variant store imports
• Amazon CloudFront announces support for HTTP status and response generation using CloudFront Functions
• AWS re:Post now includes AWS Knowledge Center articles
• AWS Toolkits for JetBrains and VS Code now support AWS SAM Accelerate to speed up application iteration
• Amazon SageMaker Python SDK now supports setting default values for parameters
•  AWS announces Amazon DataZone (Preview)           
• New – Ready-to-use Models and Support for Custom Text and Image Classification Models in Amazon SageMaker Canvas           

GCP

Azure

• Generally available: Large disk support for disaster recovery of Hyper-V VMs using Site Recovery
• Public Preview: Support for Azure VMs using Ultra disks in Azure Backup
• Public preview: Private Application Gateway v2
• Public preview update: Azure Automation supports PowerShell 7.2 and Python 3.10 runbooks
• General Availability: New General-Purpose VMs - Dlsv5 and Dldsv5
• The “managed” IoT Edge solution on Azure stack Edge will be retired on March 31, 2024. Transition your IoT Edge workloads to an IoT Edge solution running on a Linux VM on Azure Stack Edge.
• Azure Image Builder Portal Functionality now available
• Azure Service Fabric 9.1 Second Refresh Release
• Generally available: Mount Azure Files and ephemeral storage in Azure Container Apps        
• Azure Maps is now HIPAA (Health Insurance Portability and Accountability Act) compliant
• Public Preview: Simplified flush operation for caches using active geo-replication
• Public Preview: In-place scaling for enterprise caches
• Public preview: AKS support for Kubernetes 1.26 release
• Public Preview: Storage in-place sharing in Microsoft Purview in additional regions
• Public Preview: Connection audit logs for Enterprise tier caches
• Generally Available: Larger SKUs for App Service Environment v3
• Preview: customer managed key encryption for Enterprise tier caches
• Generally available: Azure Premium SSD v2 Disk Storage in East US 2, North Europe and West US 2
• Generally available: Azure Monitor Alerts now support duplicating alert rules
• Multi-Column Distribution for Dedicated SQL pools is now available!
• General availability: IP Protection SKU for Azure DDoS Protection
• Public Preview: Azure Migrate - Discover ASP.NET & Java web apps and assess ASP.NET in all environments
• General availability: Microsoft Purview DevOps policies for Azure SQL Database              
• Enhanced Azure Arc integration with Datadog simplifies hybrid and multicloud observability                  

Oracle 

• Hands-on experimenting with Oracle Cloud Infrastructure and Roving Edge
• OCI Domain Name System (DNS) service: More than public names
• Disaster recovery at scale with OCI Full Stack Disaster Recovery
• GraalVM for Java microservices in the cloud
• Access OCI compliance reports on-demand in the Oracle Cloud Console