Google Cloud Platform Newsletter

Check Archive for older issues

News

Introducing Secure Web Proxy for egress traffic protection - Our new Secure Web Proxy is now generally available. This cloud-first network security offering provides web egress traffic inspection, protection, and control.

Introducing client authentication with Mutual TLS on Google Cloud Load Balancing - With support for front-end mutual TLS (mTLS), you can now offload client certificate authentication using External HTTPS Load Balancing.

Introducing the Google Maps Platform Architecture Center - We are excited to announce the launch of Google Maps Platform’s Architecture Center! The Architecture Center is a central resource for product managers, architects, and technical leads who are looking to design a location-based application or accelerate the integration of Google Maps Platform into their products or infrastructure.

A better way to stay ahead of attacks: Security Command Center adds attack path simulation - Security Command Center’s new attack path simulation automatically analyzes a customer’s environment to pinpoint where and how vulnerable resources may be attacked.

Introducing simplified end-to-end TDIR for Chronicle - Chronicle Security Operations now provides turnkey TDIR for Google Cloud, to collect and analyze data, detect and investigate threats, and automate responses to mitigate risks.

New in Cloud Monitoring: Better tools for analysis, uptime checks, and alerts - We recently launched several new Cloud Monitoring features to improve your visualization and troubleshooting experience.

Expanding our Security AI ecosystem at Security Summit 2023 - Top of mind at Security Summit 2023 are insights into the evolving threat landscape, and how our innovations, including generative AI-driven capabilities, can help.

---

Meet DoiT

The true promise of the cloud with ease, not cost. DoiT provides technology and cloud expertise to reduce cloud costs and boost engineer productivity. All from a Google Cloud Partner.

---

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Why Snap chose BeyondCorp Enterprise to build a durable Zero Trust framework - Snap has been working with Google Cloud to build their context-aware, Zero Trust framework. Here’s why.

Cloud CISO Perspectives: Early June 2023

IAM: There and back again using resource hierarchies - You might still hate IAM and all it requires, but you can make your headaches smaller with strategic use of resource hierarchies.

Creating GitOps-Style Automation with GCP and ArgoCD - Setting up a GitOps-style automation pipeline using Google Container Registry, Cloud Build and ArgoCD.

GKE Autopilot for beginners - A brief overview and intro to GKE Autopilot.

Leverage Custom Constraints/Org Policy in GCP - Security with Organization Policies.

App Development, Serverless, Databases, DevOps

2022 State of DevOps Report data deep dive: Documentation is like sunshine - The State of DevOps Report finds a clear link between documentation quality and an organization’s ability to meet its performance goals.

AlloyDB for PostgreSQL under the hood: Business continuity - Built on Google Cloud's highly available and reliable infrastructure, AlloyDB makes it easy to recover from database disruptions and outages.

Forbes uses Firestore to publish high-performing content - Forbes migrated its statistical processing to Firestore for an agile, cloud-based system that reduced technical debt and enabled real-time metrics.

Unlocking the Power of Hybrid Transactional and Analytical Processing with AlloyDB Omni - Step by step tutorial to migrate from Postgres to AlloyDB Omni, an HTAP database.

Using Google Cloud from Colab - Colab is a great tool for Pythonistas. It can be used for a variety of tasks and also offers a simple way to use Google Cloud services.

Connect an Apps Script to Google Cloud Platform via OAuth 2.0 tokens (June 2023) - An example of connecting an Apps Script to APIs on the Google Cloud Platform.

A Better Way to Use Google Cloud from Colab - Using GCP products on Colab.

Monitoring Cloud SQL using Dynatrace - Leveraging Dynatrace to monitor Cloud SQL instances for SQL Server.

How to exclude a file in GCS from Cloud CDN Cache? - Steps to exclude a particular file from Cloud CDN Cache.

Creating a Scalable Flask App with HarperDB and Deploying on Google Cloud: A Step-by-Step Guide - In this step-by-step guide, that goes through the process of creating a Flask app with HarperDB as the backend database and deploying it on the Cloud Run via CI/CDD pipeline with GitHub Actions.

Big Data, Analytics, ML&AI

Top hacks from Cloud BI Hackathon 2022 - Check out the top hacks from Cloud BI Hackathon 2022.

A guide for understanding and optimizing your Dataflow costs - Learn how to understand your costs for Dataflow batch and streaming data processing, then learn how to evaluate and optimize your Dataflow pipelines.

Statsig unlocks new features by migrating Spark to BigQuery - Migrating to BigQuery from Spark helped Statsig to develop new features for customers and help them run scalable experimentation programs.

How to Run Batch Data Jobs with GCP Batch and Cloud Workflows - Exploring how to use GCP Batch and Cloud Workflows together to run sequential batch data jobs that last for long hours.

Optimize your cloud by exporting Active Assist recommendations to a BigQuery dataset - New features and discoverability and usability improvements in Active Assist BigQuery Export make viewing and acting on recommendations even easier.

Built with BigQuery: Quantum Metric unlocks data for frictionless customer experiences - Quantum Metric uses BigQuery to analyze vast amounts of data to drive customer-centric digital experiences.

Discover the benefits of cross-cloud geospatial analytics with BigQuery Omni - BigQuery Omni lets you do data analytics on data, including geospatial data, stored across public cloud environments.

Estimate Your BigQuery Storage Cost - Have you been using BigQuery as a data warehouse to retrieve data using Structured Query Language (SQL)?

Adventures in Sourcing the Global Database of Events, Language and Tone (GDELT) Data - How discursus.io revamped its approach to sourcing and processing GDELT data for the monitoring of protest movements.

Don’t Lose Your Billing History: Preserve Historical Data during a Billing ID Change - This guide explains how to preserve your historical billing data while changing the billing ID.

Doppelgänger Geography - Finding duplicate place names across Great Britain using BigQuery & CARTO.

Google Generative AI Transformations - Using Generative AI for simple ETL.

Various

Generative AI: The next phase of cloud transformation for communications service providers - Generative AI has the potential, alongside other forms of AI, to accelerate the transformation already underway in the telecommunications industry.

AI in financial services: Applying model risk management guidance in a new world - AI in financial services: Applying model risk management guidance in a new world.

Generative AI Learning Path Notes — Part 2 - Notes from Generative AI Learning course.

Slides, Videos, Audio

Security Podcast - #125 EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future.

GCP Life Podcast - #42 In this episode we discuss; Kasna & UniSuper, Twitter Stops Paying Bills, Motherboard Back Door, Google Cross Cloud Interconnect, Cloud Firewall Threat Intelligence, The Cloud Wars, Oracle Cloud, Google Crypto Mining Protection, Free AI Courses, Banning AI, META AI.

Releases

AlloyDB - AlloyDB for PostgreSQL is now available in europe-west9 (Paris). You can increase your quotas by submitting a request in the Quotas page. You can now manage the storage quota for clusters through the Quotas page.

Anthos clusters on bare metal - 1.6 & 1.7 & 1.8 & 1.9 & 1.10 & 1.11 & 1.12 & 1.13 & 1.14 & 1.15 & 1.16. Security bulletin (all minor versions) Two new security issues were discovered in Kubernetes where users may be able to launch containers that bypass policy restrictions when using ephemeral containers and either ImagePolicyWebhook (CVE-2023-2727) or the ServiceAccount admission plugin (CVE-2023-2728).

Anthos clusters on VMware - Security bulletin Two new security issues were discovered in Kubernetes where users may be able to launch containers that bypass policy restrictions when using ephemeral containers and either ImagePolicyWebhook (CVE-2023-2727) or the ServiceAccount admission plugin (CVE-2023-2728). Anthos clusters on VMware 1.14.5-gke.41 is now available. The component access service account key for an admin cluster using a private registry can be updated in 1.14.5 and later. The following issues are fixed in 1.14.5-gke.41: Fixed a known issue where the kind cluster downloads container images from docker.io. The following vulnerabilities are fixed in 1.14.5-gke.41 High-severity container vulnerabilities: CVE-2023-0286 CVE-2022-4450 CVE-2023-0215 Container-optimized OS vulnerabilities: CVE-2023-2235 CVE-2023-28840 CVE-2023-2248 CVE-2023-1872 CVE-2023-27534. Anthos clusters on VMware 1.13.9-gke.29 is now available. The following issues are fixed in 1.13.9-gke.29: Fixed a known issue where the kind cluster downloads container images from docker.io. The following high-severity container vulnerabilities are fixed in 1.13.9-gke.29: CVE-2023-27561 CVE-2023-29013.

Google Cloud Armor - Cloud Armor for regional HTTP(S) load balancers is now available in public preview.

Cloud Asset Inventory - The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies). The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

BigQuery - The following Generative AI features are now in preview with allowlist: Creating a remote model based on the Vertex AI large language model (LLM) text-bison. BigQuery now provides information about the fail-safe period. The INFORMATION_SCHEMA views that show table storage metadata are now generally available (GA): Use the TABLE_STORAGE view to get a snapshot of current storage usage for tables at the project level. BigLake Metastore is now generally available (GA). The query execution graph is now generally available (GA).

Chronicle - A new Google Cloud Threat Intelligence (GCTI) data source is available, called GCTI Remote Access Tools, that provides additional contextual information when investigating activity in your environment. IOC matching has been changed so that a domain match occurs only if the event timestamp lies within the active time range interval present in the threat intelligence feed. The following supported default parsers have changed.

Cloud Composer - Cloud Composer 2.3.1 release started on June 15, 2023. Cloud Composer 2 is now available in Finland (europe-north1), Toronto (northamerica-northeast2), and Delhi (asia-south2).

Data Fusion - Cloud Data Fusion version 6.9.1 is in Preview. Features in Cloud Data Fusion 6.9.1: Cloud Data Fusion supports using Source Control Management to manage pipeline versions through GitHub repositories. Changes in Cloud Data Fusion 6.9.1: Updated Cloud Data Fusion docker image dependencies to include fixes for security vulnerabilities. Fixed in Cloud Data Fusion 6.9.1: For SQL Server replication sources, fixed an issue on the Review assessment page, where SQL Server DATETIME and DATETIME2 columns were shown as mapped to TIMESTAMP columns in BigQuery. With the introduction of editing deployed pipelines in Cloud Data Fusion 6.9.1, the behavior of some APIs have significantly changed. In Cloud Data Fusion 6.9.1, all datasets except FileSet and ExternalDataset are deprecated and will be removed in a future release.

Dataflow - Dataflow now supports Confidential VMs for Dataflow worker VMs.

Dataproc Serverless - New Dataproc on Compute Engine subminor image versions: 2.0.67-debian10, 2.0.67-rocky8, 2.0.67-ubuntu18 2.1.15-debian11, 2.1.15-rocky8, 2.1.15-ubuntu20. Fixed a bug that caused cluster creation to fail when ATSv2 is enabled for tables that have a garbage collection policy setup other than maxversions.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.67-debian10, 2.0.67-rocky8, 2.0.67-ubuntu18 2.1.15-debian11, 2.1.15-rocky8, 2.1.15-ubuntu20. Fixed a bug that caused cluster creation to fail when ATSv2 is enabled for tables that have a garbage collection policy setup other than maxversions.

Cloud Data Loss Prevention - The subscription pricing mode for the discovery service is now generally available.

Cloud Functions - Cloud Functions 2nd gen now supports deterministic URLs (similar to 1st gen), at the General Availability release level. Cloud Functions now supports customer-managed encryption keys for 2nd gen functions at the General Availability release level.

Google Kubernetes Engine - Two new security issues were discovered in Kubernetes where users may be able to launch containers that bypass policy restrictions when using ephemeral containers and either ImagePolicyWebhook (CVE-2023-2727) or the ServiceAccount admission plugin (CVE-2023-2728). (2023-R13) Version updates GKE cluster versions have been updated. Clusters with low or no utilization can be identified by Idle Cluster insights. Dual-stack LoadBalancer Services are now available in Preview. You can now use deprecation insights to identify clusters on versions 1.21 to 1.24 that use Pod Security Policy, which is unsupported on GKE version 1.25 and later.

GKE - (2023-R13) Version updates Version 1.25.8-gke.1000 is now the default version.

Google Kubernetes Engine Rapid - (2023-R13) Version updates Version 1.27.2-gke.1200 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2023-R13) Version updates Version 1.25.8-gke.1000 is now the default version in the Regular channel.

Google Kubernetes Engine Stable - (2023-R13) Version updates The following versions are now available in the Stable channel: 1.24.13-gke.2500 1.26.5-gke.1200 Version 1.24.11-gke.1000 is no longer available in the Stable channel.

Cloud Logging - You can now create log sinks with user-defined service accounts.

Migrate for Compute Engine 4.8 - 5.0. Migrate to Virtual Machines lets you set up throttling on the Migrate Connector to control the rate at which data is transferred from the Migrate Connector.

Cloud Monitoring - You can now grant a predefined role that only lets you view and manage incidents.

reCAPTCHA Enterprise - reCAPTCHA Enterprise Mobile SDK v18.2.1 is now available for iOS.

Security Command Center - New Finding attribute: userAgent The userAgent attribute is added to the Access object, which is included in the Finding object of the Security Command Center API.

Anthos Service Mesh - 1.17.x. 1.17.3-asm.1 is now available for in-cluster Anthos Service Mesh. 1.16.x. 1.16.5-asm.2 is now available for in-cluster Anthos Service Mesh. 1.15.x. 1.15.7-asm.16 is now available for in-cluster Anthos Service Mesh.

SAP Solutions - IP address support for SAP HANA deployment automation You can assign static IP addresses to your VM instances while automating the deployment of SAP HANA on Google Cloud using the following Terraform arguments: vm_static_ip, worker_static_ips, and standby_static_ips represent the master, worker, and standby nodes in a scale-out system.

Cloud SQL MySQL - The Cloud SQL System insights dashboard helps you detect and analyze system performance problems.

Cloud SQL Postgres - The Cloud SQL System insights dashboard is now generally available and includes more metrics.

Cloud Storage Transfer - Cloud Monitoring for Storage Transfer Service is now Generally Available (GA).

Cloud Trace - The Trace list page has been replaced with the Trace explorer page, which contains a more responsive and interactive Trace details section.

Vertex AI - The chat-bison@001 model has been updated to better follow instructions in the context field.

VMware Engine - Google Cloud VMware Engine now supports the provisioning of Single Node Private Clouds, configuration of Management Subnets (HCX and Service Subnets), as well as CRUD of Private Connections using the GCloud CLI and VMware Engine API.

Virtual Private Cloud - Private Service Connect interfaces are available in Preview.