AWS Transit Gateway is now available in the Asia Pacific (Melbourne) AWS Region. AWS Transit Gateway enables customers to connect thousands of Amazon Virtual Private Clouds (Amazon VPCs) and their on-premises networks using a single gateway.
Read More for the details.
Today, Amazon Fraud Detector (AFD) announces Event Orchestration capability for AFD customers by integrating with Amazon EventBridge. This integration is available at no additional cost to customers. Event Orchestration is vital in fraud management after predicting fraud risk. It coordinates actions & responses to mitigate risks, generate alerts, manage workflows and enable integration with fraud prevention tools. Implementing effective event orchestration can help organizations engage customers in self-service resolution of risk, thereby reducing fraud operations costs and preserving customer trust.
Read More for the details.
Today, AWS Marketplace launched fine-grained IAM permissions to enable AWS Marketplace sellers to precisely control access to various features in AWS Marketplace Management Portal (AMMP). AWS Marketplace sellers, including Independent Software Vendors (ISVs) and channel partners, can now provide granular access to data and various features such as controlling which users can update tax information in AMMP within their organizations. This launch will enable granular permissions management for sellers in AMMP and will have a consistent authorization model across all AWS services that work with IAM.
Read More for the details.
Amazon Relational Database Service (Amazon RDS) for Oracle now supports converting existing Oracle Database 19c instances from the non-multitenant to the multitenant database architecture. DB instances using the multitenant architecture consist of a container database (CDB) with a single pluggable database (PDB). A PDB is a set of schemas, schema objects, and non-schema objects that logically appears to a client as a non-CDB.
Read More for the details.
You now have the option to create an Amazon Interactive Video Service (Amazon IVS) channel using the new Advanced-HD or Advanced-SD channel types, in addition to the original Basic or Standard channel types. Similar to Standard channels, Advanced channel types provide multiple qualities of output, allowing better playback quality across a range of devices and network conditions. Advanced channel types allow you to select “transcode presets” that are designed to match the multiple qualities of output to network performance and viewing devices. Advanced channel types allow available renditions to be capped at a maximum quality level: HD (720p) for Advanced-HD and SD (480p) for Advanced-SD.
Read More for the details.
Today, Amazon HealthLake is excited to announce three new capabilities that simplify health data interoperability for customers using Fast Healthcare Interoperability Resources (FHIR). Launching in preview, Amazon HealthLake now supports SMART on FHIR, patient access APIs, and FHIR bulk data access. SMART on FHIR authorizes users and applications to securely access FHIR data, patient access APIs power patient and provider facing applications, and FHIR Bulk Data Access APIs enable the secure exchange of health data. These new capabilities, combined with existing Amazon Healthlake APIs, help EHRs, ISVs, and SIs enabling healthcare organizations to rapidly build applications that conform to patient access rules from ONC and CMS.
Read More for the details.
In this article, we will be looking at how to configure a SAML Identity Provider (Auth0 in this case) for signing in to Apigee’s Integrated Developer Portal.
The conventional way to sign in to an Apigee Integrated Developer Portal is through the built-in Identity Provider option. It requires users to pass their credentials (username and password; user registration should be done if not an existing user) to the integrated portal for authentication. When you create a new portal, the built-in identity provider is configured and enabled. To understand the sign-in experience from the user perspective, see Signing in to the portal using user credentials (built-in provider).
You can now configure the Apigee Integrated Developer Portal with any third-party identity provider that supports Security Assertion Markup Language (SAML), a standard protocol for enforcing Single Sign-On (SSO). SSO authentication using SAML lets you log in to your Apigee Integrated Developer Portal(s) without having to create new accounts, by using your existing accounts registered with the Identity Provider. The SAML integration feature is currently in Preview.
Configuring SAML as an Identity Provider for an Integrated Developer Portal offers the following benefits:
Set up your developer program once and re-use it across multiple integrated portals. Choose your developer program when creating your Integrated Developer Portal. Easily update or change the developer program as requirements evolve.
Take full control of user management. Connect your company SAML server to the Integrated Developer Portal. When users leave your organization and are deprovisioned centrally, they will no longer be able to authenticate with your SSO service to use the Integrated Developer Portal.
To configure the SAML provider, you need to configure service provider (Apigee) as well as identity provider (such as Auth0) as below.
Select Publish > Portals in the side navigation bar to display the list of portals.
Click Accounts on the portal landing page. Alternatively, you can select Accounts in the portal drop-down in the top navigation bar.
Click the Authentication tab.
In the Identity providers section, click the SAML provider type.
Select the Enabled checkbox to enable the identity provider.
Click Save.
You will now be able to see SP metadata URL. Access it using the browser and open the downloaded xml file using any XML reader.
Then, fetch the AssertionConsumerService URL from this file as below.
<md:AssertionConsumerService Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=”https://diyyaedfgchrbui-a5vnmtygh8qzekbd.portal-login.apigee.com/saml/SSO/alias/diyyaumzqchrbui-a5vnmu1sp8qzekbd.apigee-saml-login” index=”0″ isDefault=”true”/>
This location value will be used while configuring the Identity Provider.
You also need to fill in the Sign-in URL, IdP entity ID in SAML settings, and upload a certificate in the Apigee SAML identity provider page. You can fetch these from Auth0 Identity Provider as below.
1. Create an application under the Applications tab that can serve this SAML integration.
2. Click on the newly created application, scroll to the Advanced Settings drop down menu and choose the Certificates tab.
3. Download the .pem file of the certificate and use it to upload to the Apigee SAML Identity Provider configuration.
4. Under the Add Ons tab on the Auth0 Applications page, enable SAML2 WEB APP.
5. On clicking SAML2 WEB, you will get a pop-up that displays Issuer that will be IdP entity ID and an Identity Provider Login URL that will be Sign-in URL. Update these values on the Apigee SAML Identity Provider configuration.
6. Under the Settings tab of the SAML2 WEB APP pop-up, use the AssertionConsumerService URL value that you fetched earlier and use it as Application Callback URL.
Note: Apigee requires the nameidentifier to be an email id. Hence you need to create a rule in Auth0 to map the attribute to email id instead of nameid, as shown below. This step is specific to Auth0 and might not be needed if you use other identity providers.
Now you are ready to test SAML integration. Launch your Apigee Integrated Developer Portal and click on sign in. You should see a Login with SAML option as below.
In case of any errors, trace the network using browser developer console and debug using Auth0 monitoring logs.
You can now disable the built-in identity provider (if required) as shown below.
To disable the built-in identity provider:
Access the Built-in Identity Provider page.
Click
in the Provider Configuration section.
3. De-select the Enabled checkbox to disable the identity provider.
Note: At least one identity provider must be enabled to allow users to sign in.
4. Click Save.
And there you have it — a fully configured Auth0 SAML Identity Provider to sign into Apigee’s Integrated Developer Portal. For more information about getting started with Apigee and Integrated Developer Portal, visit here.
Read More for the details.
Today, AWS announces the general availability of AWS Database Migration Service (AWS DMS) Serverless, which automatically provisions and scales migration resources to make database migrations easier. With AWS DMS Serverless, you can replicate data across a wide variety of popular database and analytics engines and services, such as PostgreSQL, MySQL, Oracle, Amazon Redshift, Amazon DynamoDB, Amazon Aurora, and more. AWS DMS Serverless manages the undifferentiated database migration work, minimizing the need for you to manually estimate, provision, monitor, and scale resources. You can now start your migrations within hours and save money by paying only for the data migration resources you use.
Read More for the details.
VGads V620-series virtual machines (VMs), now in public preview in the East US2, Europe west, and West US3 regions, enable service providers to build differentiated cloud gaming experiences.
Read More for the details.
Read More for the details.
Today, AWS announces the expanded support of AWS Fault Injection Simulator (FIS) for Amazon Elastic Kubernetes Service (EKS) and Amazon Elastic Container Service (ECS), which adds additional FIS ‘actions’ for EKS and ECS. FIS is a fully managed service which allows you to run experiments to test how your applications will behave during an impairment, and helps you improve application performance, observability, and resilience. Using these new EKS and ECS actions, you can inject a variety of faults into EKS pods and ECS tasks, including CPU stress, memory stress, IO stress, network blackhole, network latency, network packet loss, kill process, and delete EKS pod.
Read More for the details.
AWS Lambda now supports Amazon MSK, self-manged Apache Kafka and Amazon MQ for Apache ActiveMQ and RabbitMQ as event sources in Asia Pacific (Jakarta), Asia Pacific (Osaka), Africa (Cape Town), and Middle East (UAE). This gives customers more choices for how they want to send messages to Lambda. Customers can build applications quickly and easily with Lambda functions that are invoked based on messages from these event sources connected to an event source mapping.
Read More for the details.
Amazon Elastic Container Registry (ECR) now includes registry.k8s.io, the new upstream Kubernetes container image registry, as a supported upstream for pull through cache repositories. With today’s release, customers can configure a rule that is designed to automatically sync images from the upstream Kubernetes registry to their private ECR repositories.
Read More for the details.
Amazon Relational Database Service (RDS) for PostgreSQL now supports the HypoPG extension for creating hypothetical indexes, which lets you test the performance impact of an index on query plans before you build it.
Read More for the details.
Amazon Simple Notification Service (Amazon SNS), a messaging service that provides high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications, now supports AWS X-Ray active tracing with Amazon SNS FIFO topics. You can now view traces that flow through Amazon SNS FIFO topics to Amazon Simple Queue Service (Amazon SQS) FIFO queues, in addition to traversing the application topology in Amazon CloudWatch ServiceLens. You can use Amazon SNS FIFO topics, in combination with Amazon SQS FIFO queues, to build applications that require messages to be sent and processed in a strict sequence and without duplicates. You can enable AWS X-Ray active tracing using the Amazon SNS SetTopicAttributes API, Amazon SNS Management Console, or via AWS CloudFormation.
Read More for the details.
Mv2 8TB Memory virtual machine is generally available now for your in-memory workloads.
Read More for the details.
GA release for bulk import support for Azure Digital Twins
Read More for the details.
You can now use the Instance Metadata Service (IMDS) Packet Analyzer to identify sources of IMDSv1 calls on your EC2 instances.
Read More for the details.
Amazon Detective now supports security investigations for Amazon GuardDuty EKS Runtime Monitoring, GuardDuty RDS Protection, and Lambda Protection. GuardDuty and Detective are part of a broad set of fully managed AWS security services that help customers identify potential security risks, so they can respond quickly, freeing security teams to focus on tasks with the highest value.
Read More for the details.
Amazon Managed Grafana is a fully managed service for Grafana, a popular open-source analytics platform that enables you to query, visualize, and alert on your metrics, logs, and traces.
Read More for the details.
