Amazon Cognito fügt Signieren, Verschlüsseln und vom Identitätsanbieter initiiertes SSO für den SAML-basierten Verbund hinzu

Für Kunden, die SAML als Standard für den Verbund verwenden, fügt Amazon Cognito drei Features hinzu. Kunden können Amazon-Cognito-Benutzerpools verwenden, um signierte SAML-Authentifizierungsanforderung zu senden, verschlüsselte Antworten von einem SAML-Identitätsanbieter anzufordern und vom Identitätsanbieter initiiertes Single Sign-On (SSO) für den SAML-Verbund verwenden.  
Quelle: aws.amazon.com

Docker Desktop 4.27: Synchronized File Shares, Docker Init GA, Private Extensions Marketplace, Moby 25, Support for Testcontainers with ECI, Docker Build Cloud, and Docker Debug Beta

We’re pleased to announce Docker Desktop 4.27, packed with exciting new features and updates. The new release includes key advancements such as synchronized file shares, collaboration enhancements in Docker Build Cloud, the introduction of the private marketplace for extensions (available for Docker Business customers), and the much-anticipated release of Moby 25. 

Additionally, we explore the support for Testcontainers with Enhanced Container Isolation, the general availability of docker init with expanded language support, and the beta release of Docker Debug. These updates represent significant strides in improving development workflows, enhancing security, and offering advanced customization for Docker users.

Docker Desktop synchronized file shares GA

We’re diving into some fantastic updates for Docker Desktop, and we’re especially thrilled to introduce our latest feature, synchronized file shares, which is available now in version 4.27 (Figure 1). Following our acquisition announcement in June 2023, we have integrated the technology behind Mutagen into the core of Docker Desktop.

You can now say goodbye to the challenges of using large codebases in containers with virtual filesystems. Synchronized file shares unlock native filesystem performance for bind mounts and provides a remarkable 2-10x boost in file operation speeds. For developers managing extensive codebases, this is a game-changer.

Figure 1: Shares have been created and are available for use in containers.

To get started, log in to Docker Desktop with your subscription account (Pro, Teams, or Business) to harness the power of Docker Desktop synchronized file shares. You can read more about this feature in the Docker documentation.

Collaborate on shared Docker Build Cloud builds in Docker Desktop

With the recent GA of Docker Build Cloud, your team can now leverage Docker Desktop to use powerful cloud-based build machines and shared caching to reduce unnecessary rebuilds and get your build done in a fraction of the time, regardless of your local physical hardware.

New builds can make instant use of the shared cache. Even if this is your first time building the project, you can immediately speed up build times with shared caches.

We know that team members have varying levels of Docker expertise. When a new developer has issues with their build failing, the Builds view makes it effortless for anyone on the team to locate the troublesome build using search and filtering. They can then collaborate on a fix and get unblocked in no time.

When all your team is building on the same cloud builder, it can get noisy, so we added filtering by specific build types, helping you focus on the builds that are important to you.

Link to builder settings for a build

Previously, to access builder settings, you had to jump back to the build list or the settings page, but now you can access them directly from a build (Figure 2).

Figure 2: Access builder settings directly from a build.

Delete build history for a builder

And, until now you could only delete build in batches, which meant if you wanted to clear the build history it required a lot of clicks. This update enables you to clear all builds easily (Figure 3).

Figure 3: Painlessly clear the build history for an individual builder.

Refresh storage data for your builder at any point in time

Refreshing the storage data is an intensive operation, so it only happens periodically. Previously, when you were clearing data, you would have to wait a while to see the update. Now it’s just a one-click process (Figure 4).

Figure 4: Quickly refresh storage data for a builder to get an up-to-date view of your usage.

New feature: Private marketplace for extensions available for Docker Business subscribers

Docker Business customers now have exclusive access to a new feature: the private marketplace for extensions. This enhancement focuses on security, compliance, and customization, and empowering developers, providing:

Controlled access: Manage which extensions developers can use through allow-listing.

Private distribution: Easily distribute company-specific extensions from a private registry.

Customized development: Deploy customized team processes and tools as unpublished/private Docker extensions tailored to a specific organization.

The private marketplace for extensions enables a secure, efficient, and tailored development environment, aligning with your enterprise’s specific needs. Get started today by learning how to configure a private marketplace for extensions.

Moby 25 release — containerd image store 

We are happy to announce the release of Moby 25.0 with Docker Desktop 4.27. In case you’re unfamiliar, Moby is the open source project for Docker Engine, which ships in Docker Desktop. We have dedicated significant effort to this release, which marks a major release milestone for the open source Moby project. You can read a comprehensive list of enhancements in the v25.0.0 release notes.

With the release of Docker Desktop 4.27,  support for the containerd image store has graduated from beta to general availability. This work began in September 2022 when we started extending the Docker Engine integration with containerd, so we are excited to have this functionality reach general availability.

This support provides a more robust user experience by natively storing and building multi-platform images and using snapshotters for lazy pulling images (e.g., stargz) and peer-to-peer image distribution (e.g., dragonfly, nydus). It also provides a foundation for you to run Wasm containers (currently in beta). 

Using the containerd image store is not currently enabled by default for all users but can be enabled in the general settings in Docker Desktop under Use containers for pulling and storing images (Figure 5).

Figure 5: Enable use of the containerd image store in the general settings in Docker Desktop.

Going forward, we will continue improving the user experience of pushing, pulling, and storing images with the containerd image store, help migrate user images to use containerd, and work toward enabling it by default for all users. 

As always, you can try any of the features landing in Moby 25 in Docker Desktop.

Support for Testcontainers with Enhanced Container Isolation

Docker Desktop 4.27 introduces the ability to use the popular Testcontainers framework with Enhanced Container Isolation (ECI). 

ECI, which is available to Docker Business customers, provides an additional layer of security to prevent malicious workloads running in containers from compromising the Docker Desktop or the host by running containers without root access to the Docker Desktop VM, by vetting sensitive system calls inside containers and other advanced techniques. It’s meant to better secure local development environments. 

Before Docker Desktop 4.27, ECI blocked mounting the Docker Engine socket into containers to increase security and prevent malicious containers from gaining access to Docker Engine. However, this also prevented legitimate scenarios (such as Testcontainers) from working with ECI.   

Starting with Docker Desktop 4.27, admins can now configure ECI to allow Docker socket mounts, but in a controlled way (e.g., on trusted images of their choice) and even restrict the commands that may be sent on that socket. This functionality, in turn, enables users to enjoy the combined benefits of frameworks such as Testcontainers (or any others that require containers to access the Docker engine socket) with the extra security and peace of mind provided by ECI.

Docker init GA with Java support 

Initially released in its beta form in Docker 4.18, docker init has undergone several enhancements. The docker init command-line utility aids in the initialization of Docker resources within a project. It automatically generates Dockerfiles, Compose files, and .dockerignore files based on the nature of the project, significantly reducing the setup time and complexity associated with Docker configurations. 

The initial beta release of docker init only supported Go and generic projects. The latest version, available in Docker 4.27, supports Go, Python, Node.js, Rust, ASP.NET, PHP, and Java (Figure 6).

Figure 6. Docker init will suggest the best template for the application.

The general availability of docker init offers an efficient and user-friendly way to integrate Docker into your projects. Whether you’re a seasoned Docker user or new to containerization, docker init is ready to enhance your development workflow. 

Beta release of Docker Debug 

As previously announced at DockerCon 2023, Docker Debug is now available as a beta offering in Docker Desktop 4.27.

Figure 7: Docker Debug.

Developers can spend as much as 60% of their time debugging their applications, with much of that time taken up by sorting and configuring tools and setup instead of debugging. Docker Debug (available in Pro, Teams, or Business subscriptions) provides a language-independent, integrated toolbox for debugging local and remote containerized apps — even when the container fails to launch — enabling developers to find and solve problems faster.

To get started, run docker debug <Container or Image name> in the Docker Desktop CLI while logged in with your subscription account.

Conclusion

Docker Desktop’s latest updates and features, from synchronized file shares to the first beta release of Docker Debug, reflect our ongoing commitment to enhancing developer productivity and operational efficiency. Integrating these capabilities into Docker Desktop streamlines development processes and empowers teams to collaborate more effectively and securely. As Docker continues to evolve, we remain dedicated to providing our community and customers with innovative solutions that address the dynamic needs of modern software development.Stay tuned for further updates and enhancements, and as always, we encourage you to explore these new features to see how they can benefit your development workflow.Upgrade to Docker Desktop 4.27 to explore these updates and experiment with Docker’s latest features.

Learn more

Read the Docker Desktop Release Notes.

Install and authenticate against the latest release of Docker Desktop.

Learn more about synchronized file shares.

Check out Docker Build Cloud.

Read Streamline Dockerization with Docker Init GA

Read Docker Init: Initialize Dockerfiles and Compose files with a single CLI command.

Have questions? The Docker community is here to help.

New to Docker? Get started.

Quelle: https://blog.docker.com/feed/

Die Amazon Aurora PostgreSQL-kompatible Edition unterstützt jetzt die PostgreSQL-Hauptversion 16

Die Amazon Aurora PostgreSQL-kompatible Edition unterstützt jetzt die PostgreSQL-Hauptversion 16 (16.1). PostgreSQL 16 bietet Unterstützung für SQL/JSON-Konstrukte und Identitätsfunktionen, weitere Abfragetypen, die Parallelität verwenden können, und die Ansicht „pg_stat_io“, die Statistiken zur I/O-Nutzung bereitstellt. Weitere Informationen zur Veröffentlichung finden Sie in der Ankündigung der PostgreSQL-Community. Diese Version enthält neue Funktionen für Babelfish for Aurora PostgreSQL Version 4.0, wie z. B. die Unterstützung der Funktion CONTAINS für die Volltextsuche. Weitere Informationen finden Sie in den Amazon Aurora PostgreSQL-Aktualisierungen.
Quelle: aws.amazon.com

Amazon ElastiCache für Redis unterstützt jetzt Auto Scaling in den AWS GovCloud (USA)-Regionen

Amazon ElastiCache für Redis unterstützt jetzt Auto Scaling in den Regionen AWS GovCloud (USA-West) und AWS GovCloud (USA-Ost). Mit Auto Scaling passt ElastiCache für Redis die Kapazität automatisch an, um eine stabile, vorhersehbare Leistung zu möglichst geringen Kosten aufrechtzuerhalten. Sie können Ihren Cluster automatisch horizontal skalieren, indem Sie Shards oder Replikationsknoten hinzufügen oder entfernen. ElastiCache für Redis verwendet AWS Application Auto Scaling für die Verwaltung der Skalierung und Amazon-CloudWatch-Metriken, um festzustellen, wann es Zeit ist, die Skalierung zu erhöhen oder zu verringern.
Quelle: aws.amazon.com

AWS AppFabric ist jetzt ISO-, PCI- und SOC-konform

Kunden können AWS AppFabric jetzt für Anwendungsfälle verwenden, die den Anforderungen der International Organization for Standardization (ISO), Payment Card Industry Data Security Standard (PCI) und Service Organization Control (SOC I, II und II) unterliegen. Sie können Berichte für alle drei Compliance-Programme in AWS Artifact herunterladen. Weitere Informationen finden Sie auf der Compliance-Seite für AWS-Services und in den AWS-Compliance-Ressourcen. 
Quelle: aws.amazon.com