Welcome to issue #351 June 19th, 2023

News

Networking Official Blog Secure Web Proxy

Introducing Secure Web Proxy for egress traffic protection - Our new Secure Web Proxy is now generally available. This cloud-first network security offering provides web egress traffic inspection, protection, and control.

Networking Official Blog

Introducing client authentication with Mutual TLS on Google Cloud Load Balancing - With support for front-end mutual TLS (mTLS), you can now offload client certificate authentication using External HTTPS Load Balancing.

Google Maps Platform Official Blog

Introducing the Google Maps Platform Architecture Center - We are excited to announce the launch of Google Maps Platform’s Architecture Center! The Architecture Center is a central resource for product managers, architects, and technical leads who are looking to design a location-based application or accelerate the integration of Google Maps Platform into their products or infrastructure.

Cloud Security Command Center Official Blog

A better way to stay ahead of attacks: Security Command Center adds attack path simulation - Security Command Center’s new attack path simulation automatically analyzes a customer’s environment to pinpoint where and how vulnerable resources may be attacked.

Chronicle Official Blog

Introducing simplified end-to-end TDIR for Chronicle - Chronicle Security Operations now provides turnkey TDIR for Google Cloud, to collect and analyze data, detect and investigate threats, and automate responses to mitigate risks.

Cloud Monitoring Official Blog SRE

New in Cloud Monitoring: Better tools for analysis, uptime checks, and alerts - We recently launched several new Cloud Monitoring features to improve your visualization and troubleshooting experience.

Official Blog Security

Expanding our Security AI ecosystem at Security Summit 2023 - Top of mind at Security Summit 2023 are insights into the evolving threat landscape, and how our innovations, including generative AI-driven capabilities, can help.

Sponsor

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

BeyondCorp Official Blog

Why Snap chose BeyondCorp Enterprise to build a durable Zero Trust framework - Snap has been working with Google Cloud to build their context-aware, Zero Trust framework. Here’s why.

CISO Official Blog

Cloud CISO Perspectives: Early June 2023

IAM Official Blog Security

IAM: There and back again using resource hierarchies - You might still hate IAM and all it requires, but you can make your headaches smaller with strategic use of resource hierarchies.

Cloud Build

Creating GitOps-Style Automation with GCP and ArgoCD - Setting up a GitOps-style automation pipeline using Google Container Registry, Cloud Build and ArgoCD.

DevOps GKE Autopilot Kubernetes

GKE Autopilot for beginners - A brief overview and intro to GKE Autopilot.

IAM Security

Leverage Custom Constraints/Org Policy in GCP - Security with Organization Policies.

App Development, Serverless, Databases, DevOps

DevOps Official Blog SRE

2022 State of DevOps Report data deep dive: Documentation is like sunshine - The State of DevOps Report finds a clear link between documentation quality and an organization’s ability to meet its performance goals.

AlloyDB Official Blog

AlloyDB for PostgreSQL under the hood: Business continuity - Built on Google Cloud's highly available and reliable infrastructure, AlloyDB makes it easy to recover from database disruptions and outages.

Cloud Firestore GCP Experience Official Blog

Forbes uses Firestore to publish high-performing content - Forbes migrated its statistical processing to Firestore for an agile, cloud-based system that reduced technical debt and enabled real-time metrics.

AlloyDB Migration

Unlocking the Power of Hybrid Transactional and Analytical Processing with AlloyDB Omni - Step by step tutorial to migrate from Postgres to AlloyDB Omni, an HTAP database.

Machine Learning Python

Using Google Cloud from Colab - Colab is a great tool for Pythonistas. It can be used for a variety of tasks and also offers a simple way to use Google Cloud services.

Javascript Workspace

Connect an Apps Script to Google Cloud Platform via OAuth 2.0 tokens (June 2023) - An example of connecting an Apps Script to APIs on the Google Cloud Platform.

Colab Jupyter Notebook Python

A Better Way to Use Google Cloud from Colab - Using GCP products on Colab.

Monitoring

Monitoring Cloud SQL using Dynatrace - Leveraging Dynatrace to monitor Cloud SQL instances for SQL Server.

Cloud CDN Cloud Storage

How to exclude a file in GCS from Cloud CDN Cache? - Steps to exclude a particular file from Cloud CDN Cache.

Cloud Run GitHub NoSQL Python

Creating a Scalable Flask App with HarperDB and Deploying on Google Cloud: A Step-by-Step Guide - In this step-by-step guide, that goes through the process of creating a Flask app with HarperDB as the backend database and deploying it on the Cloud Run via CI/CDD pipeline with GitHub Actions.

Big Data, Analytics, ML&AI

Data Analytics Looker Official Blog

Top hacks from Cloud BI Hackathon 2022 - Check out the top hacks from Cloud BI Hackathon 2022.

Billing Cloud Dataflow Official Blog

A guide for understanding and optimizing your Dataflow costs - Learn how to understand your costs for Dataflow batch and streaming data processing, then learn how to evaluate and optimize your Dataflow pipelines.

Cloud Dataproc Data Analytics Official Blog

Statsig unlocks new features by migrating Spark to BigQuery - Migrating to BigQuery from Spark helped Statsig to develop new features for customers and help them run scalable experimentation programs.

Batch Workflows

How to Run Batch Data Jobs with GCP Batch and Cloud Workflows - Exploring how to use GCP Batch and Cloud Workflows together to run sequential batch data jobs that last for long hours.

Active Assist BigQuery Official Blog

Optimize your cloud by exporting Active Assist recommendations to a BigQuery dataset - New features and discoverability and usability improvements in Active Assist BigQuery Export make viewing and acting on recommendations even easier.

BigQuery Data Analytics GCP Experience Official Blog

Built with BigQuery: Quantum Metric unlocks data for frictionless customer experiences - Quantum Metric uses BigQuery to analyze vast amounts of data to drive customer-centric digital experiences.

Data Analytics Official Blog

Discover the benefits of cross-cloud geospatial analytics with BigQuery Omni - BigQuery Omni lets you do data analytics on data, including geospatial data, stored across public cloud environments.

BigQuery Billing Storage

Estimate Your BigQuery Storage Cost - Have you been using BigQuery as a data warehouse to retrieve data using Structured Query Language (SQL)?

BigQuery dbt

Adventures in Sourcing the Global Database of Events, Language and Tone (GDELT) Data - How discursus.io revamped its approach to sourcing and processing GDELT data for the monitoring of protest movements.

BigQuery Billing

Don’t Lose Your Billing History: Preserve Historical Data during a Billing ID Change - This guide explains how to preserve your historical billing data while changing the billing ID.

BigQuery GIS

Doppelgänger Geography - Finding duplicate place names across Great Britain using BigQuery & CARTO.

Data Science Vertex AI

Google Generative AI Transformations - Using Generative AI for simple ETL.

Various

AI Business Official Blog

Generative AI: The next phase of cloud transformation for communications service providers - Generative AI has the potential, alongside other forms of AI, to accelerate the transformation already underway in the telecommunications industry.

AI Business Official Blog

AI in financial services: Applying model risk management guidance in a new world - AI in financial services: Applying model risk management guidance in a new world.

AI Machine Learning

Generative AI Learning Path Notes — Part 2 - Notes from Generative AI Learning course.

Slides, Videos, Audio

Security Podcast - #125 EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future.

GCP Life Podcast - #42 In this episode we discuss; Kasna & UniSuper, Twitter Stops Paying Bills, Motherboard Back Door, Google Cross Cloud Interconnect, Cloud Firewall Threat Intelligence, The Cloud Wars, Oracle Cloud, Google Crypto Mining Protection, Free AI Courses, Banning AI, META AI.

 

Releases

AlloyDB - AlloyDB for PostgreSQL is now available in europe-west9 (Paris). You can increase your quotas by submitting a request in the Quotas page. You can now manage the storage quota for clusters through the Quotas page.

Anthos clusters on bare metal - 1.6 & 1.7 & 1.8 & 1.9 & 1.10 & 1.11 & 1.12 & 1.13 & 1.14 & 1.15 & 1.16. Security bulletin (all minor versions) Two new security issues were discovered in Kubernetes where users may be able to launch containers that bypass policy restrictions when using ephemeral containers and either ImagePolicyWebhook (CVE-2023-2727) or the ServiceAccount admission plugin (CVE-2023-2728).

Anthos clusters on VMware - Security bulletin Two new security issues were discovered in Kubernetes where users may be able to launch containers that bypass policy restrictions when using ephemeral containers and either ImagePolicyWebhook (CVE-2023-2727) or the ServiceAccount admission plugin (CVE-2023-2728). Anthos clusters on VMware 1.14.5-gke.41 is now available. The component access service account key for an admin cluster using a private registry can be updated in 1.14.5 and later. The following issues are fixed in 1.14.5-gke.41: Fixed a known issue where the kind cluster downloads container images from docker.io. The following vulnerabilities are fixed in 1.14.5-gke.41 High-severity container vulnerabilities: CVE-2023-0286 CVE-2022-4450 CVE-2023-0215 Container-optimized OS vulnerabilities: CVE-2023-2235 CVE-2023-28840 CVE-2023-2248 CVE-2023-1872 CVE-2023-27534. Anthos clusters on VMware 1.13.9-gke.29 is now available. The following issues are fixed in 1.13.9-gke.29: Fixed a known issue where the kind cluster downloads container images from docker.io. The following high-severity container vulnerabilities are fixed in 1.13.9-gke.29: CVE-2023-27561 CVE-2023-29013.

Google Cloud Armor - Cloud Armor for regional HTTP(S) load balancers is now available in public preview.

Cloud Asset Inventory - The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies). The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

BigQuery - The following Generative AI features are now in preview with allowlist: Creating a remote model based on the Vertex AI large language model (LLM) text-bison. BigQuery now provides information about the fail-safe period. The INFORMATION_SCHEMA views that show table storage metadata are now generally available (GA): Use the TABLE_STORAGE view to get a snapshot of current storage usage for tables at the project level. BigLake Metastore is now generally available (GA). The query execution graph is now generally available (GA).

Chronicle - A new Google Cloud Threat Intelligence (GCTI) data source is available, called GCTI Remote Access Tools, that provides additional contextual information when investigating activity in your environment. IOC matching has been changed so that a domain match occurs only if the event timestamp lies within the active time range interval present in the threat intelligence feed. The following supported default parsers have changed.

Cloud Composer - Cloud Composer 2.3.1 release started on June 15, 2023. Cloud Composer 2 is now available in Finland (europe-north1), Toronto (northamerica-northeast2), and Delhi (asia-south2).

Data Fusion - Cloud Data Fusion version 6.9.1 is in Preview. Features in Cloud Data Fusion 6.9.1: Cloud Data Fusion supports using Source Control Management to manage pipeline versions through GitHub repositories. Changes in Cloud Data Fusion 6.9.1: Updated Cloud Data Fusion docker image dependencies to include fixes for security vulnerabilities. Fixed in Cloud Data Fusion 6.9.1: For SQL Server replication sources, fixed an issue on the Review assessment page, where SQL Server DATETIME and DATETIME2 columns were shown as mapped to TIMESTAMP columns in BigQuery. With the introduction of editing deployed pipelines in Cloud Data Fusion 6.9.1, the behavior of some APIs have significantly changed. In Cloud Data Fusion 6.9.1, all datasets except FileSet and ExternalDataset are deprecated and will be removed in a future release.

Dataflow - Dataflow now supports Confidential VMs for Dataflow worker VMs.

Dataproc Serverless - New Dataproc on Compute Engine subminor image versions: 2.0.67-debian10, 2.0.67-rocky8, 2.0.67-ubuntu18 2.1.15-debian11, 2.1.15-rocky8, 2.1.15-ubuntu20. Fixed a bug that caused cluster creation to fail when ATSv2 is enabled for tables that have a garbage collection policy setup other than maxversions.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.67-debian10, 2.0.67-rocky8, 2.0.67-ubuntu18 2.1.15-debian11, 2.1.15-rocky8, 2.1.15-ubuntu20. Fixed a bug that caused cluster creation to fail when ATSv2 is enabled for tables that have a garbage collection policy setup other than maxversions.

Cloud Data Loss Prevention - The subscription pricing mode for the discovery service is now generally available.

Cloud Functions - Cloud Functions 2nd gen now supports deterministic URLs (similar to 1st gen), at the General Availability release level. Cloud Functions now supports customer-managed encryption keys for 2nd gen functions at the General Availability release level.

Google Kubernetes Engine - Two new security issues were discovered in Kubernetes where users may be able to launch containers that bypass policy restrictions when using ephemeral containers and either ImagePolicyWebhook (CVE-2023-2727) or the ServiceAccount admission plugin (CVE-2023-2728). (2023-R13) Version updates GKE cluster versions have been updated. Clusters with low or no utilization can be identified by Idle Cluster insights. Dual-stack LoadBalancer Services are now available in Preview. You can now use deprecation insights to identify clusters on versions 1.21 to 1.24 that use Pod Security Policy, which is unsupported on GKE version 1.25 and later.

GKE - (2023-R13) Version updates Version 1.25.8-gke.1000 is now the default version.

Google Kubernetes Engine Rapid - (2023-R13) Version updates Version 1.27.2-gke.1200 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2023-R13) Version updates Version 1.25.8-gke.1000 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2023-R13) Version updates The following versions are now available in the Stable channel: 1.24.13-gke.2500 1.26.5-gke.1200 Version 1.24.11-gke.1000 is no longer available in the Stable channel.

Cloud Logging - You can now create log sinks with user-defined service accounts.

Migrate for Compute Engine 4.8 - 5.0. Migrate to Virtual Machines lets you set up throttling on the Migrate Connector to control the rate at which data is transferred from the Migrate Connector.

Cloud Monitoring - You can now grant a predefined role that only lets you view and manage incidents.

reCAPTCHA Enterprise - reCAPTCHA Enterprise Mobile SDK v18.2.1 is now available for iOS.

Security Command Center - New Finding attribute: userAgent The userAgent attribute is added to the Access object, which is included in the Finding object of the Security Command Center API.

Anthos Service Mesh - 1.17.x. 1.17.3-asm.1 is now available for in-cluster Anthos Service Mesh. 1.16.x. 1.16.5-asm.2 is now available for in-cluster Anthos Service Mesh. 1.15.x. 1.15.7-asm.16 is now available for in-cluster Anthos Service Mesh.

SAP Solutions - IP address support for SAP HANA deployment automation You can assign static IP addresses to your VM instances while automating the deployment of SAP HANA on Google Cloud using the following Terraform arguments: vm_static_ip, worker_static_ips, and standby_static_ips represent the master, worker, and standby nodes in a scale-out system.

Cloud SQL MySQL - The Cloud SQL System insights dashboard helps you detect and analyze system performance problems.

Cloud SQL Postgres - The Cloud SQL System insights dashboard is now generally available and includes more metrics.

Cloud Storage Transfer - Cloud Monitoring for Storage Transfer Service is now Generally Available (GA).

Cloud Trace - The Trace list page has been replaced with the Trace explorer page, which contains a more responsive and interactive Trace details section.

Vertex AI - The chat-bison@001 model has been updated to better follow instructions in the context field.

VMware Engine - Google Cloud VMware Engine now supports the provisioning of Single Node Private Clouds, configuration of Management Subnets (HCX and Service Subnets), as well as CRUD of Private Connections using the GCloud CLI and VMware Engine API.

Virtual Private Cloud - Private Service Connect interfaces are available in Preview.

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]