This week in DevOps we have a new security product from AWS, improvements to Managed Disks from Azure, Memcached support from Google Cloud and more. We have also moved to a Friday release instead of Monday as we will cover the events of the current week instead of the week previous, in keeping with the name of the newsletter.
Contributor insights for DynamoDB allows you to identify the top apps or queries interacting with your DynamoDB table and gather statistics about them. AWS released the beta version of Contributor Insights in November of 2019 but they have now assigned general availability status so it can be used in any major region.
Amazon Detective has been available in private preview for a while but it is now generally available to all customers. Detective collects and analyzes logs from Guard Duty, Cloud Trail and VPC Flow Logs and makes it easy to investigate potential security incidents.
Detective appears to support multi-account setups by default and can aggregate data into a master account.
A third availability zone has been added to the AWS Canada region. Amazon has disclosed that each AZ is connected to both of the others via a 100% underground fiber path to ensure resiliency to ice storms. In addition the AZs are a minimum of 27 miles apart ensuring further resiliency to other types of natural or man made disasters.
MemoryStore for Memcached is fully open source protocol compatible, so migrating existing applications should be pretty easy. It’s also fully managed and supports auto discovery protocol.
Memory store for Memcached can be accessed by compute engine, GKE, app engine and cloud functions. Google released a quickstart guide here for those interested in giving it a try.
Organizations can now define access policies in BigQuery on the column level, making compliance with GDPR and similar data compliance regulations easier. BigQuery already had container level security for data, but that was insufficient for companies with complex access models and a need for least privilege security controls.
Server Side Encryption for Managed Disks allows customers to manage their own encryption keys. Previously encryption of managed disks was available but keys were managed by Azure. Keys can now be imported into Azure Key Vault for use or generated by the vault. Azure Key Vault uses Hardware Security Modules for key storage.
Server Side Encryption is now generally available for Standard HDD, SSD and Premium SSD Managed Disks.
Azure has added 4, 8 and 16 GB SSD disk for both standard and premium tiers. In addition bursting support is now standard for all SSD managed disks in all tiers. Bursting works on a credit system similar to AWS EBS bursting. A table with specific IOPS and credit amounts for each disk size and tier is provided in the linked announcement.
The major focus of this release was the Vault Transform Secrets engine which is available in Vault Enterprise only. A Vault Helm Chart was also released for the open source version along with Open LDAP support and a Kerberos Auth method.
The Integrated Storage feature was also promoted from beta and included in this release. Checkout the full changelog for release details.
Thanks for being a subscriber. This weeks sponsor is OpsCentric, your step by step DevOps career builder. If you are interested in taking your DevOps skills to the next level OpsCentric will help you not only get better technically but also teach you the leadership and soft skills you need to succeed. For a limited time enrollment for the fall semester is 10% off, or you can reserve a spot for just $997.
As always please feel free to email me with feedback or suggestions.