Welcome to This Week in DevOps where I bring you the top news in the DevOps world every week. Don’t forget to Subscribe if you’re reading this on the Blog to get this info straight to your inbox each week. If you’re receiving this via email, thanks for being a subscriber!
AWS
AWS::EFS – IAM Authorization and Access Points
EFS auth management used to be somewhat tricky since mounting on a machine generally meant full access for all of that machine’s users. This update makes it easier to manage which machines can create a mount by integrating with IAM and then uses the concept of access points to further restrict access to specific groups or users.
While EFS is far from a panacea it does have good use cases and this update will undoubtedly be welcomed by many of its users. Finer grained permissions controls are almost always a good thing.
AWS::Region – Osaka local to expand to full region in 2021
AWS says they plan to expand the Osaka local region to a full region with 3 zones by early 2021. This signifies a growing demand for AWS services in Japan and possibly Asia in general which definitely bodes well for them in the eastern markets in the future.
AWS::EC2 – T3 Instances now available on dedicated single tenant hardware
All 7 sizes of T3 instances are now available on single tenant dedicated hardware. They will continue to use the same unlimited bursting model that traditional T3 instances use.
A new AWS VPN desktop client has been launched for Windows and Mac. Managing desktop clients and versions across multiple operating systems has been a challenge particularly for corporate IT departments in the past so I expect rapid adoption of this unified client. Mutual Authentication, username/password via Active Directory, and the use of Multi-Factor Authentication (MFA) are all supported.
GoogleCloud
GoogleCloud::Secrets Manager – Now in Beta
Secrets Manager Beta for Google Cloud has been launched with what looks like a pretty robust featureset. In Google Clouds own words these include:
- Global names and replication: Secrets are project-global resources. You can choose between automatic and user-managed replication policies, so you control where your secret data is stored.
- First-class versioning: Secret data is immutable and most operations take place on secret versions. With Secret Manager, you can pin a secret to specific versions like
42or floating aliases likelatest. - Principles of least privilege: Only project owners have permissions to access secrets. Other roles must explicitly be granted permissions through Cloud IAM.
- Audit logging: With Cloud Audit Logging enabled, every interaction with Secret Manager generates an audit entry. You can ingest these logs into anomaly detection systems to spot abnormal access patterns and alert on possible security breaches.
- Strong encryption guarantees: Data is encrypted in transit with TLS and at rest with AES-256-bit encryption keys. Support for customer-managed encryption keys (CMEK) is coming soon.
- VPC Service Controls: Enable context-aware access to Secret Manager from hybrid environments with VPC Service Controls.
Have a look at the quickstart here to get started. Full documentation is available here and pricing here. While this won’t work for every use case, especially for hybrid or MultiCloud users, it should be useful for those using only Google Cloud.
GoogleCloud::Certifications – Cloud Fellows and Cloud DevOps
Google Cloud has rolled out 2 new certifications for DevOps Engineers and Cloud Leaders. The Cloud Fellow Certification is invite only and seems to be aimed at thought leaders while the Cloud DevOps certification is open to anyone.
The invite only program will certainly have some allure due to its exclusivity but many DevOps Engineers are likely to think twice before committing to a cert focused mostly on Google Cloud. I’m generally bullish on third party certifications not focused on a specific cloud platform as they offer more options to potential DevOps practitioners.
GoogleCloud::GKE – Windows Server container support
Windows Server containers can now be run on GKE. This is great news for any enterprise looking to migrate Windows workloads to Google Cloud. Since Azure was the fastest growing cloud amongst enterprise customers in 2019 this may be Google’s attempt to capture some of that growing market. It will be an uphill battle for them most likely since Microsoft has invested very heavily in Enterprise marketing and features but Google leads in developer perception which may mitigate this somewhat.
GoogleCloud::CloudBuild – Advanced Github features
Google Cloud Build now supports triggering actions based on pull requests, pushes to specific branches and tags. This brings the triggering capabilities of Cloud Build up to par with standard CI/CD tools and providers such as CircleCI and Jenkins. Whether the rest of the their featureset will be as complete remains to be seen.
Azure
Azure::ManagedDisks – Enhanced bursting for Azure SSD managed disks
Premium and shared SSDs can now burst of to 30x their provisioned capacity allowing for spikier workloads. SSD bursting was announced at Microsoft Ignite in November of 2019. It’s not entirely clear what specific enhancements were added since then and the feature remains in preview. You can read more about Azure Managed disk types here and see pricing here.
Azure::Monitor – New features added to Metrics Explorer
A number of visualization and useability enhancements have been added to Metrics Explorer which is part of the Azure Monitor offering. In particular the ability to pick specific metrics, filter and sort has been enhanced. The default charts have also been improved to better represent the selected data and keep chart legends within the chart.
HashiCorp
HashiCorp::TerraformCloud – Paid offerings now generally available
Hashicorp also announced the availability of free trials for their paid tier offerings in addition to the free tier which was already available. This means you can now test the paid Terraform Cloud tiers without committing to an upgrade.
HashiCorp::Providers – Adding sources
Third party hosts can now be specified as a source for Terraform Providers. This allows provider maintainers to host the providers on their own website or in their own repo. This will be particularly welcomed by those working in highly secure environments without external internet access. It’s also a step that generally exemplifies HashiCorps commitment to a diverse and open provider ecosystem.
HashiCorp::Packer – Version 1.5 released with support for HCL 2.0
Packer Version 1.5 now supports HCL (HashiCorp Configuration Language) version 2.0. Since HCL 2.0 is quickly becoming the new standard when using HashiCorp products such as Terraform this will allow developers to use the same features they are used to in Terraform when building Packer images.
Thanks for being a subscriber. If you need help with DevOps or Cloud Automation please check out this weeks sponsor the StartOps Group. The StartOps Group provides DevOps, Automation and Developer Support for software companies looking to take their systems and processes to the next level.
As always please feel free to email me with feedback or suggestions.
Leave a Reply