GCP This Month

GCP This Month: Log4j 2 issue support with Cloud IDS & Cloud WAF, new Chile region, Pub/Sub updates

Episode description

Mattias is back with the biggest GCP news this month. In the final episode of 2021, GCP Regions expanded to include Chile, Cloud Tasks are unchained from App Engine, and we look at how Google offers support for the Log4j 2 issue with Cloud IDS and Google Cloud Armor WAF. Also, GCP updates PubSub to store topic messages for longer, and more!

Sign up for an ACG free plan to get access to monthly rotating courses, quizzes and more – no credit card needed!

Subscribe to A Cloud Guru for monthly GCP news updates

Join the conversation on Discord!

Quick jump to the Google Cloud Platform news:Introduction (0:00)
New GCP Region in Santiago, Chile (0:26)
Google named Leader in The Forrester Wave: AI Infrastructure (0:49)
Cloud IDS (Intrusion Detection System) now GA (1:07)
Google offers support for Log4j 2 Issue (1:24)

  • Cloud IDS Detection of Log4j 2 Issue (1:44)
  • Cloud WAF Mitigation of Log4j 2 Issue (1:55)
    Cloud Tasks no longer dependent on AppEngine (2:20)
    Anthos MultiCloud API GA for Azure (2:42)
    Datastream now GA (3:02)
    Mute noisy findings with Security Command Center (SCC) (3:14)
    PubSub can now store topic messages for 31 days (3:29)
    Workload Identity Federation for GitHub Actions (3:48)

Get more GCP news updates!

Follow us on Facebook & Twitter!

Series description

Welcome to GCP This Month! We've created this new show to let you all know about the awesome news, happenings, events and analysis on what Google is doing in the cloud space.In each episode, join our hosts Mattias Andersson and Tim Berry as they go through GCP quick bites to give you rapid-fire updates on various releases. We'll then move into the GCP Gems segment, and mention ACG's hand-picked releases from GCP, which are the releases we've found to be most interesting. We'll then finish up with any other notable news from Google or GCP. Finally, we'll end off with our GCP edition of Guru of the Month!

Hello, cloud gurus. We have a new region in Santiago Chile, cloud tasks are unchained from app engine and available all over the place. Plus we cover Log4j related stuff and more I'm Mattias Anderson. And you're watching GCP this month for December, 2021. Let's start with Google's early holiday present to south Americans.

The GCP region in Santiago, Chile is now open for business. This is Google's 30th cloud region and their second one in south America. This is a great region to pair with the Sao Paolo Brazil region for lower latency multi-region systems, whether for disaster failover or for an active-active setup next, you may not be so surprised to hear it. But Forrester research has just named Google as a leader in their Q4 2021 Forrester wave for AI infrastructure. And not only that Google was ranked as having the strongest strategy and strongest current offering of all contenders. As for product announcements,

Google has just made generally available their Cloud IDS product for mirroring all your cloud network traffic into a managed Palo Alto networks, intrusion detection system, or IDS. This can help you detect all sorts of network based threats. Speaking of which, let's take a look at some things related to the very timely Log4j 2 issue. Next Google is offering their support in this difficult time. And if you're not sure what I'm talking about, then I highly recommend that you check out mark Nunnikhoven's excellent video explaining this situation in just four and a half minutes.

Check the video description for the link. Well, if you're using Google's Cloud IDS product that I just mentioned, then you already now have monitoring enabled for attempts to exploit this Log4j 2 issue completely automatically. Furthermore, if you're using Google's cloud armor product to help protect your systems, then you can turn on their new preconfigured web application firewall or WAF rule to help detect and block exploit attempts. Now, all this support from Google can give you a little extra breathing room while you continue your critical work to properly patch your affected systems. Now let's move on to some other product announcements.

Google's cloud tasks product is now available in 23 regions around the world, but that's not even the big news. The more exciting thing at least to me is that cloud tasks has now grown up and left the nest. I mean, it's now independent from app engine. So you can now create cloud task queues in multiple regions within the same GCP project. All right now, with Google's anthos multi-cloud API creating and managing Kubernetes clusters in multiple clouds is just a GCloud command away. And now the Azure version of that functionality is ready for prime time and generally available.

You just run GCloud container Azure clusters create and, there you go. Also now generally available is Google's data stream product. This is a serverless way to capture data changes from all sorts of different databases or custom sources and replicate them to a variety of different destination next to help enable the SRE practice of practical alerting the security command center, SCC, now lets you mute noisy findings that you deem lower priority. This can let you focus on more critical ones instead. Finally, it's not a huge change maybe, but it's still a welcome one. You can now have a pubsub store a copy of your topics messages for 31 days up from the previous seven.

This can gives you a lot more breathing room to address any issues you might come across and replay them to your fixed application. All right now, for the things I include in GCP this month, I usually stick to just new stuff in Google cloud platform, but this month's jam revolves around a Google managed GitHub action though it definitely does tie into GCP first to set the context, we already know that we should use service accounts to enable applications running within our GCP projects to use other GCP resources, right? We do this so that we avoid having any long lived credentials that need to be securely distributed, kept secret and frequently rotated all that stuff is a pain in the butt, not to mention less secure well Google's workload identity Federation support enables us to use service accounts from outside our GCP projects too. And this is definitely a good thing. Unfortunately, it is also enough more complicated to use compared to making some long lived keys that people don't use it well, not nearly as much as they should, but enter our hero. Seth Vargo is someone you might recognize from the excellent class SRE implements DevOps playlist. And if you don't recognize him,

then you should definitely follow my link to that below. Anyway, he is also the key contributor ("key" contributor) to the new GitHub action to enable keyless authentication into GCP. uh, when I wrote that, that was actually just a happy little accident. Anyway, this enables just what I was talking about. Short-lived credentials, less overhead and finer grain scoping to boot.

So you no longer have any excuse to not do the right thing. I mean, if you're doing your CICD on GitHub actions, then use this to create a trust relationship for your deployment into GCP and remove the unnecessary security risk and management overhead. That result from your long lived keys, check out the linked blog post for more details. Well, cloud gurus, this about wraps things up for 2021. We've really enjoyed interacting with you all this year, whether it was on our discord or on social media or at the rare in person event or whatever we truly value connecting with you because you are why we do what we do. And I mean all of it, videos like this one. Sure.

But also our entire training platform to help you succeed in your technology career. Now, I absolutely want you to get a chance to relax, recharge and enjoy your holidays. But I'd also like to make a small suggestion that comes out of my own personal experience. And it's this, if you do get the chance to have a stretch of time off this season, then consider carving off a chunk of that to invest in yourself, not the whole break, mind you, but maybe set aside a day or three to sit down and make some serious and meaningful progress on learning some important technology that will help you. I've done this myself some years and I have found it to be an amazing investment. Now, feel free to do this however you'd like of course,

and I'll be very happy for you. But I also want to encourage you to check out our a cloud guru training platform because we definitely have stuff that would be valuable for you regardless of where you are in your career or learning journey and jumping into a supportive and engaging course can make all the difference for you to make real progress and to efficient use of that incredibly precious resource. That is your time. We've got a link for you from this video to sign up for a completely free trial that gives you access to everything. And if you're concerned about entering a credit card, then at least consider our free plan where you'll get to try out a subset of the courses.

And my final tip for you is to make learning a regular or habit this upcoming year, get into a groove of studying a little bit each day, continuous progress. Like this makes a huge difference over time. Remember that your career won't happen by accident. You need to take responsibility for it. And if you have any of your own tips, then please share them in our comments section below.

Also let us know if you have any stories that could encourage us and inspire other learners. We absolutely love that. All right, from all of us here at A Cloud Guru and Pluralsight, we genuinely wanna wish you an amazing holiday season and all manner of success in your upcoming 2022. Keep being awesome cloud gurus.

More videos in this series

Master the Cloud with ACG

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?