GCP News
Share on facebook
Share on twitter
Share on linkedin

GCP offers support for Log4j 2 vulnerability

Mattias Andersson
Mattias Andersson

What’s new with Google Cloud this month? Log4j-related stuff, a new GCP region in Chile, Cloud Tasks are unchained from App Engine and available all over the place, and so much more! Consider this your round-up of GCP news for the month of December. Let’s go!

Accelerate your career

Get started with ACG and transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.

New GCP Region in Santiago, Chile

Let’s start with Google’s early holiday present to South Americans!  The GCP region in Santiago, Chile, is now open for business! This is Google’s 13th region, and their second one in South America. This is a great region to pair with the São Paulo, Brazil, region for lower-latency multi-region systems — whether for disaster failover or an active-active setup.

Google named a “Leader” in The Forrester Wave: AI Infrastructure, Q4 2021

Next, you may not be so surprised to hear it, but Forrester Research has just named Google as a “Leader” in their Q4 2021 “Forrester Wave” for “AI Infrastructure.” And not only that, Google was ranked as having the strongest strategy and strongest current offering of all contenders.

Cloud IDS (Intrusion Detection System) now GA

As for product announcements, Google has just made generally available their Cloud IDS product for mirroring all your cloud network traffic into a managed Palo Alto Networks Intrusion Detection System, or IDS. This can help you detect all sorts of network-based threats.  Speaking of which…

Google offers support for Log4j 2 Issue

Let’s take a look at some things related to the very timely “Log4j 2” issue, next. Google is offering their support in this difficult time. And if you’re not sure what I’m talking about, then I highly recommend that you check out Mark Nunnikhoven’s excellent video explaining this situation in just four and a half minutes.

Cloud IDS Detection of Log4j 2 Issue

Well, if you’re using Google’s Cloud IDS product that I just mentioned, then you already now have monitoring enabled for attempts to exploit this Log4j 2 issue! Completely automatically.

Cloud WAF Mitigation of Log4j 2 Issue

Furthermore, if you are using Google’s Cloud Armor product to help protect your systems, then you can turn on their new preconfigured WAF rule to help detect and block exploit attempts.

All this support from Google can give you a little extra breathing room while you continue your critical work to properly patch your affected systems.

Now, let’s move on to some other product announcements.

Cloud Tasks no longer dependent on AppEngine

Google’s Cloud Tasks product is now available in 23 regions around the world. But that’s not the big news. 

The more exciting thing is that Cloud Tasks has now grown up and left the nest: I mean, it is now independent from App Engine! So you can now create Cloud Task queues in multiple regions within the same GCP Project! Woohoo!

Anthos MultiCloud API GA for Azure

With Google’s Anthos Multi-Cloud API, creating and managing Kubernetes clusters in multiple clouds is just a “gcloud” command away.  And now, the Azure version of that functionality is ready for primetime and generally available.  You just run “gcloud container azure clusters create”.

Datastream now GA, gives Serverless change data capture (CDC) and replication

Also now generally available is Google’s Datastream product. This is a serverless way to capture data changes from all sorts of different databases or custom sources and replicate them to a variety of different destinations.

Security Command Center (SCC) now lets you mute noisy findings

Next, to help enable the SRE practice of “Practical Alerting”, The Security Command Center now lets you “mute” noisy findings that you deem lower-priority. This lets you focus on more critical ones, instead.

Pub/Sub can now store topic messages for 31 days

Finally, it’s not a huge change but still a welcome one, you can now have PubSub store a copy of your topic’s messages for 31 days–up from the previous 7. This gives you a lot more breathing room to address any issues you might come across and replay them to your fixed application.

GCP Gem: Workload Identity Federation for GitHub Actions

Alright! Now in these posts, I usually stick to just new stuff in Google Cloud Platform. But I wanted to share a gem that revolves around a Google-managed GitHub Action — though it definitely does tie into GCP!

First, to set the context, we already know that we should use Service Accounts to enable applications running within our GCP projects to use other GCP resources—right? We do this so that we avoid having any long-lived credentials that need to be securely distributed, kept secret, and frequently rotated. All that stuff is a pain in the butt, not to mention less secure.

Well, Google’s Workload Identity Federation support enables us to use Service Accounts from outside our GCP projects, too. And this is definitely a good thing. Unfortunately, it is also enough more complicated to use — compared to making some long-lived keys — that people don’t use it nearly as much as they should.

But enter our hero! Seth Vargo is someone you might recognize from the excellent “class SRE implements DevOps” playlist — and he is also the key contributor to the new GitHub Action to enable keyless authentication into GCP!  (Heh! “Key” contributor. That was a happy little accident!)

Anyway, this enables just what I was talking about: short-lived credentials, less overhead, and finer-grained scoping, to boot! So you no longer have any excuse to not do the right thing! I mean, if you’re doing your CI/CD on GitHub Actions, use this to create a trust relationship for your deployment into GCP and remove the unnecessary security risk and management overhead that result from your long-lived keys.

Keep being awesome, cloud gurus!

Well, cloud gurus, this about wraps things up for 2021. We’ve really enjoyed interacting with you, all this year — whether it was on our Discord server, Twitter and Facebook, or YouTube, or at the rare in-person event, or whatever! We truly value connecting with you because you are why we do what we do!

From all of us here at A Cloud Guru and Pluralsight, we genuinely want to wish you an amazing holiday season and all manner of success in your upcoming 2022. Keep being awesome, cloud gurus!


Get more insights, news, and assorted awesomeness around all things cloud learning.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?