Welcome to episode 296 of The Cloud Pod – where the forecast is always cloudy! Today is a twofer – Justin and Ryan are in the house to make sure you don’t miss out on any of today’s important cloud and AI news. From AI Protection, to Google Next, to Amazon Q Developer, we’ve got it all, this week on TCP! 

Titles we almost went with this week:

• 🪜 Amazon Step Functions, walks step by step into my IDE
• 🔍 Deepseek seeks the truth of “is it serverless or servers”? 
• 🏗️ Well Architected Reviews by AI… What will my solutions architects do now? 
• ⌨️ The cloud pod hosts steps over the Azure EU Data Boundary
• 🗓️ BYOIP to ALBs… only years too late for everyone.

A big thanks to this week’s sponsor:

We’re sponsorless! Want to get your brand, company, or service in front of a very enthusiastic group of cloud news seekers? You’ve come to the right place! Send us an email or hit us up on our slack channel for more info. 

General News 

01:02 HashiCorp and Red Hat, better together 

• Hashicorp has more details on its future, with the recent IBM acquisition in this blog post. 
• They talk about the wide range of Day 2 operations, including things like drift detection, image management and patching, rightsizing, and configuration management.  
• As Red Hat Ansible is a purpose built operational management platform, it makes it easier to properly configure resources after the initial creation, but also to evolve the configuration after setup, and then execute ad-hoc playbooks to keep things running reliably and more securely at scale. 
• Some additional things they’re exploring, now that the acquisition has closed:
  • Red Hat Ansible Inventory generated dynamically by Terraform. 
  • Official Terraform modules for Redhat Ansible, making it easier to trigger terraform from Ansible Playbooks.
  • Redhat and Hashicorp officially support the Red Hat Ansible Provider for Terraform, making it easier to trigger Ansible from Terraform.
  • Evolving Terraform provisioners to support a more comprehensive set of lifecycle integrations.
  • Improved mechanisms to invoke Ansible Playbooks outside of the resource provisioning lifecycle
• Customers – not surprisingly – regularly integrate Vault and Openshift, and they have identified dozens of connection points that can add value, including:
  • Vault Secrets Operator for OpenShift
  • Etcd data encryption 
  • Argo CI/CD
  • Istio Certificate issuance

01:48 📢 Justin – “That’s a lot of promise for Ansible there, that I’m not sure it completely lives up to…”

07:09 Justice Department Reiterates Demand to Break Up Google 

• New Administration means new head of the DOJ – and we’re sure Google was hoping for a break in the Antitrust area.
• Unfortunately for them, the Justice Department reiterated last week that many aspects of its proposed final judgement, including the prohibition of payments to Apple and other companies for a share of search revenue or preferential treatment, still stand, as does the demand that they sell their Chrome web browser.
• They did, however, drop their request that Google be prohibited from making investments in AI companies like Anthropic. 
• This is a sign that the Justice Department may continue their aggressive antitrust stance started by the Biden administration. 

08:12 📢 Ryan – “The Chrome browser, if they have to sell it off, it’s going to be just a nightmare for them. They’ve put a lot into Chrome that’s not just browser-based. A lot of their zero trust for BeyondCorp has moved into that, into the Chrome enterprise and a whole bunch of sort…that’s gonna sting. But I mean, that’s, it also speaks to the you know, what the DOG is trying to accomplish, which is those things are very tied together and you have to use them.”

AI Is Going Great, Or How ML Makes Money 

09:07 Google Is Still Behind in AI. Why?

• AI isn’t going so well for everyone, from Apple (who has now delayed several exciting IOS features another year) to Google Gemini, who is falling further and further behind Open AI and even Grok.
• The Information points at the increasing disparity and the struggles of AI. 
• So In general… Where do we feel AI is between the vendors? 

11:18 📢 Justin – “I think it’s good. Copilot, I feel is behind in some other areas, but like for code completion and scaffolding, I think it’s still doing a pretty good job. But, you know, there were an area, it’s still pretty weak as an agentic coding exercise, like being able to give it a prompt and have it write, you know, code pieces. That’s why people are, you know, doing a lot with cursor these days and they’re doing a lot with Claude CLI and you these things where they can do a lot more interesting things. so I suspect that that’s going to have to change this year for GitHub.”

13:35 Google’s AI Unit Reorganizes Product Work, Announces Changes to Gemini App Team 

• Google has disbanded its product impact unit, whose goal was to incorporate DeepMind research into Google products, as it attempts to streamline the process of creating AI products. 
• DeepMind Leader Demis Hassabis wrote in an email to employees that the move was designed to optimize and simplify their product work, model development work, and product area engagements. 
• They also announced changes to the Gemini team, which has struggled to compete with Open AI.  
• Google has hired former Meta VP of Product, Chris Strahar, to lead product on Gemini, and is adding product teams from Google’s more experimental multimodal assistant product Astra, into Gemini. 
• They will also be moving Gemini to use models developed by DeepMind’s main post training teams rather than a chatbot specific team per the memo. 

14:58 New tools for building agents 

• OpenAI is releasing the first set of tools to help developers and enterprises build useful and reliable agents.  
• Over the last year, they have introduced new model capabilities including reasoning, multimodal interactions, and new safety techniques, but customers have complained that turning these features into production ready agents was challenging, requiring extensive prompt iteration and custom orchestration logic without sufficient visibility or built-in support.
• To address these challenges, Open AI is launching a new set of APIs and tools to help build agentic applications:
  • New Response API, combining the simplicity of chat completion API with the tool use capabilities of the Assistant API for building Agents.
  • Built in tools including web search, file search and computer use. 
  • The new Agents SDK to orchestrate single-agent and multi-agent workflows.
  • Integrated observability tools to trace and inspect agent workflow execution.

16:57 📢 Justin – “You know those Pinterest fails – you know, those those memes, I feel like I’ve done that with Agentic AIs left and right, like where I’m like, I have this cool idea, you know, like where I’ll read a watch a YouTube video and like how to automate this daily task. And then by the time I get through it, I’ve got this three quarters of the way created monstrosity of things shrug together with string and it’s never going to run reliably or repeatedly.”

18:11 Microsoft’s Relationship With OpenAI Is Not Looking Good 

• Things may not be going great with Microsoft and Open AI, with the latest report that Microsoft is developing its own in-house reasoning models to compete with OpenAI. The Information also says Microsoft has been testing models from Elon Musk’s xAI, Meta, and DeepSeek to replace ChatGPT in Copilot, its AI bot for the workplace. 
• Microsoft Copilot has received poor reception in enterprises due to the high costs and limited results. 
• Microsoft even let OpenAI out of a contract that required it to use Azure for all of its hosting needs.  
• It may make sense in the long run if both companies continue to see themselves as competitors vs partners. 

19:37 📢 Justin – “Microsoft needs an office assistant. Those are different needs and potentially different models. And so I think that’s maybe where you’re seeing the divergence of interest, because of, they want to make, AGI at open AI and, know, really, that’s not what Microsoft wants. They would like to sell more office licenses at higher prices and that helps them with revenue. So they have different goals, perhaps, between the two of them.”

Cloud Tools

20:55 Vault Enterprise 1.19 reduces risk with encryption updates and automated root rotation 

• Hashicorp Vault 1.19 is now GA, with enhanced security workflows, post-quantum computing features and long-term support. 
• Notable features in Vault Enterprise 1.19 include:
  • Module-Lattice-Based Digital Signature Standard (ML-DSA) Post Quantum Cryptography (PQC) support: Transit secrets engine adds support for ML-DSA PQC sign and verify functionality for experimental purposes.
  • Vault transit engine support for ED25519 with pre-hashing: The vault transit engine now supports ED25519PH signing, which is commonly used in remote and embedded devices.
  • Constrained certificate authorities (CA): Constrained CA’s reduce risk by providing isolation for PKI workloads.
  • Extended automated root rotation: Vault 1.19 extends its centralized rotation manager, which now provides a mechanism to automate rotation of root credentials for AWS, Azure, and Google Cloud auth methods and secret engines, along with LDAP and database plugins.
  • Additional UI support for Workload Identity Federation (WIF): Vault 1.19 now provides UI support for WIF on Google Cloud and Azure.
  • Long-term support (LTS): While Vault 1.16 enters one year of extended support, 1.19 represents Vault Enterprise’s second LTS release.
  • Seal-wrap AppRole data for Federal Information Processing Standards (FIPS): FIPS-compliant Hardware Security Module (HSM) deployments.

21:24 📢 Justin – “So not quite production ready yet, but they’re getting ready for quantum as well.”

23:24 Terraform migrate now generally available

• Terraform Migrate, which we previously talked about, is now generally available – making it easy to move from Terraform Community Edition to HCP Terraform and Terraform Enterprise. 
• Designed to reduce manual effort and improve accuracy, it streamlines the migration process, helping teams Adopt HCP Terraform and Terraform Enterprise with confidence. 
• Key features include:
  • Automating state transfer
  • State refactoring
  • Validation and Verification
• In addition, they’ve expanded features such as Variable management and migration
• Gitlab integration
• Security and validation for Git Personal Access tokens
• Refined directory skipping
• Dry run mode
• Improved target branch naming
• And optimizations for error handling, logging and debugging 

AWS

25:06 Application Load Balancer announces integration with Amazon VPC IPAM

• ALB allows you to provide a pool of Public IPV4 addresses for IP address assignment to load balancer nodes.  You can configure these via IPAM, and this can consist of BYOIP or contiguous IPv4 address blocks provided by Amazon.

26:01 📢 Ryan – “That’s cool. didn’t quite catch on that this was a contiguous Amazon blocks…. You can provide a smaller range without actually having to go through and you know, sacrifice your first born and sell your liver for IP space. like, that’s pretty rad.”

28:00 Announcing AWS Step Functions Workflow Studio for the VS Code IDE

• AWS Step Functions Workflow Studio is now available in AWS Toolkit for Visual Studio Code, enabling you to visually create, edit and debug state machine workflows directly in your IDE. 
• AWS Step Functions are a visual workflow service capable of orchestrating over 14,000+ API actions from over 220 AWS services to build distributed applications and data processing workloads.  
• Workflow studio is a visual builder that allows you to compose workflows on canvas, while generating workflow definitions in the background. 

28:33 📢 Ryan – “I think it was two or three years ago I was an old man yelling at cloud. ‘You can just switch over.’ But now I am so addicted to everything being my ID. This is great. I won’t use studio to create a whole bunch of step functions, but debugging them? Oh yeah. Like it’s, it’s super helpful there. That’s pretty cool. I like it.”

29:12 AWS Lambda adds support for Amazon CloudWatch Logs Live Tail in VS Code IDE

• AWS Lambda now supports Amazon Cloudwatch Logs Live Tail in VS Code IDE through the AWS toolkit for visual studio code. 
• Live tail is an interactive log streaming and analytics capability which provides real-time visibility into logs, making it easier to develop and troubleshoot lambda functions.

30:26 Amazon Q Developer announces a new CLI agent within the command line

• Amazon Q Developer announced an enhanced CLI agent within the Amazon Q command line interface (CLI) that allows you to have more dynamic conversations.  
• With this update, Amazon Q developer can now use the information in your CLI environment to help you read and write files locally, query AWS resources or create code. 

31:10 📢 Ryan – “Well, I mean, it would be nice to be able to natural language query your ginormous AWS infrastructure and have it just figure it out. Right. Like that would be fantastic if they can get there, but I don’t know if it’s there yet.”

31:56 DeepSeek-R1 now available as a fully managed serverless model in Amazon Bedrock 

• In January you could access DeepSeek-R1 models that became available in Bedrock, through the marketplace or custom model import.  
• Now they’re making it easier to use DeepSeek in Amazon Bedrock through an expanded range of options, including a new serverless solution.
• The fully managed DeepSeek-R1 model is now GA in Bedrock. 

32:30 📢 Justin – “You’ll be able to then tune these and do all kinds of other things as you go in the future and use RAG, et cetera, with DeepSeq. So if you’re okay with the ramifications, they may have stolen all their data from OpenAI. You can use DeepSeq in your product. Good luck to you.”

33:18 Accelerate AWS Well-Architected reviews with Generative AI  

• Building cloud infrastructure baked on proven best practices promoting security, reliability, and cost efficiency.  
• To achieve these goals, the AWS Well Architected Framework provides comprehensive guidance for building and improving cloud architectures. 
• As your system scales, conducting well architected framework reviews becomes more crucial, offering deeper insights and strategic value to help organizations optimize their growing cloud environments. 
• To address these challenges, they have built a WAFR Accelerator solution that uses generative AI to help streamline and expedite the WAFR process. By automating the initial assessment and documentation process, the solution significantly reduces time spent on evaluations while providing consistent architecture assessments against AWS Well-Architected principles.  This allows teams to focus more on implementing improvements and optimizing AWS infrastructure. The solution incorporates the following features:
  • RAG to create context aware detailed assessments
  • An interactive Chat interface
  • Integrated with AWS well-architected tool which prepopulates workload information and initial assessment responses. 

34:51 📢 Ryan – “This has the potential of being really amazing. I have very mixed feelings about the well-architected framework process. I’ve done both the self-serve many times and even the walkthrough from technical account support. And I always just feel like it lacks the ability to find any real problems. Once you get past the like, you know, regional distribution and being able to rehydrate data sort of problems, it sort of falls down very quickly and, and doesn’t help solve, complex issues that may arrive due to conditions. And so I’m sort of hoping that, you know, introducing AI into this mix might give it that ability to sort of have a lot more context into your deployment as it’s asking you questions.”

39:21 Amazon Bedrock now supports multi-agent collaboration  

• AWS Announces the GA of multi-agent collaboration for Amazon Bedrock, allowing developers to create networks of specialized agents that communicate and coordinate under the guidance of a supervisor Agent. This new capability allows you to tackle more intricate, multi-step workflows and scale your AI-driven applications more effectively. 
• Bedrock multi-agent collaboration GA introduces key enhancements designed to improve scalability, flexibility and operational efficiency.  Inline agents allow you to dynamically adjust agent roles and behaviors at runtime, making workflows more adaptable as your business needs evolve. 

39:38 📢 Ryan – “Do you think that supervisor agent just stands around, doesn’t really do anything and then takes credit for all the other agents work?”

GCP

40:51 Google Next is coming up in a few short weeks!

• April 9-11 at Mandalay Bay in Las Vegas. 
• Two courses you should definitely be aware of (for guaranteed Cloud Pod stickers)
  • BRK2-024 – Workload-optimized data protection for mission-critical enterprise apps
  • BRK1-028 – Unlock value for your workloads: Microsoft, Oracle, OpenShift and more

43:08 Meet Kubernetes History Inspector, a log visualization tool for Kubernetes clusters

• Google has been directly confronting K8 troubleshooting challenges for years as they support large-scale, complex deployments. 
• Google cloud support teams have developed deep expertise in diagnosing issues with K8 environments through routinely analyzing a vast number of customer support tickets, diving into user environments, and leveraging our collective knowledge to pinpoint the root cause of problems.  
• To address this, they released Kubernetes History Inspector (KHI) as open source to the community. 
• Effective K8 troubleshooting requires collecting, correlating, and analyzing these disparate log streams. Manually configuring logging for each of these components can be a significant burden, requiring careful attention to detail and a thorough understanding of the K8 ecosystem. 
• Collecting logs is the easy part, the real challenge lies in analyzing the logs. 
• Many issues in K8 are not revealed by a single obvious error message. Instead they’ll manifest as a chain of events, requiring a deep understanding of the causal relationships between numerous log entries across multiple components. 
• KHI is a powerful tool that analyzes logs collected by cloud logging, extracts state information for each component, and visualizes it in a chronological timeline.  Furthermore, KHI links this timeline back to the raw log data, allowing you to track how each element evolved over time. 

46:19 📢 Justin – “Because like even in ECS, I’ve had this problem before where I’ve had like multiple containers that talk to each other and then like, my God, why do we this error? And it’s like, if I could see the state, I would have known that the other container crashed, which is why this error occurred in my container as a dependency on it. So like there’s definitely value in this visualization, but it’s not exactly how I would have visualized it. So like when I was reading through the article, I was very excited and then I saw the screenshots and I was like, huh, it’s not bad, but it’s definitely not how I thought it was going to look when I saw it.”

47:16 Hej Sverige! Google Cloud launches new region in Sweden

(hey-j sver-ee-geh)

• Google’s new cloud region in Sweden is now open, it represents an investment by Google into Sweden’s future and Google’s ongoing commitment to empowering businesses and individuals with the power of the cloud.  This new region, the 42nd globally for Google, and 13th in europe, opens doors to opportunities for innovation, sustainability, and growth within sweden and across the globe.

49:04 Announcing AI Protection: Security for the AI era 

• As AI use increases, security remains a top concern, and they often hear that organizations are worried about risks that can come with rapid adoption. 
• Google Cloud is committed to helping our customers confidently build and deploy AI in a secure, compliant and private manner. 
• Google is making it easier to mitigate risk throughout the AI lifecycle. With their new AI protection, a set of capabilities designed to safeguard AI workloads and data across clouds and models — irrespective of the platforms you choose to use. 
• AI protection helps teams comprehensively manage AI risk by:
  • Discovering AI inventory in your environment and assessing it for potential vulnerabilities
  • Securing AI assets with controls, policies and guardrails
  • Managing threats against AI systems with detection, investigation, and response capabilities. 
• AI protection is integrated with SCC, our Multi-cloud risk-management platform, so that security teams can get a centralized view of their AI posture and manage AI risks holistically in context with their other cloud risks. 

50:28 📢 Justin – “It pulls in a model armor, STP discovery, AI related toxic combinations, posture management for AI threat detection for AI, the notebook security scanner and the data security posture management. all into sec for this. Yeah. It’s pretty full featured out of the box, which I’m pretty impressed with for a Google product.”

50:54 Introducing tiered storage for Spanner 

• Google is announcing full managed tiered storage for Spanner, a new capability that lets you use larger datasets with Spanner by striking the right balance between cost and performance, while minimizing operational overhead through a simple, easy-to-use, interface. 
• Tiered storage with spanner addresses the challenge of hot and cold data, and allows you to tier based on hard disks that are 80% cheaper.
• In addition to the cost savings you get ease of management, you get unified and consistent experience and flexibility and control. 

51:31 📢 Ryan – “This looks great. You know, the ability to have data stored cold and pay a lower price for it.”

Azure

51:57 What’s new in Azure Elastic SAN

• The least cloudiest service gets more features this week, released last year Azure Elastic San has new capabilities
• Autoscale for capacity in public preview.
  • Helps save you time by simplifying the management of the Elastic San, as you can set a policy for auto scaling your capacity when you are running out of storage rather than needing to actively track whether your storage is reaching its limits. 
• Snapshot support is now GA. 
• CRC Protection to maintain the integrity of your data
• Fully Validated and Optimized for costs with SQL FCI workloads
• Reduced TCO for Azure VMware on Elastic San
• Full AKS support

52:55 📢 Ryan – “So if you’re using a storage shared model, running your database on in the container. Yeah, I don’t know. I mean, you know, these types of things are what I want. If I’m going to have to manage infrastructure at this level, I want it to be auto-scaling and fairly automatic.”

53:30 Microsoft completes landmark EU Data Boundary, offering enhanced data residency and transparency 

• Microsoft has completed the EU Data Boundary for the Microsoft Cloud, an industry leading solution that stores and processes public sector and commercial customer data in the EU and European Free Trade Association (EFTA.)
• With the completion of the boundary, the European commercial and public sector customers are now able to store and process their customer data and pseudonymized personal data for Microsoft core cloud services including MS365, Dynamics 365, Power Platform and most Azure services within the EU and EFTA. 

54:46 📢 Ryan – “Hopefully it’s not just all duct tape and baling wire in the backend.”

55:04 Azure Load Testing Celebrates Two Years with Two Exciting Announcements! 

• Azure Load Testing is celebrating its 2 year anniversary with a few announcements. 
• Starting March 1st, you’ll benefit from significant pricing changes including no monthly resource fee, eliminating the $10 monthly resource fee to help you save on overall costs. 
• 20% price reduction the cost per Virtual User Hour for > 10,000 VUH is reduced from 7.5 cents to 6 cents, as well as the consumption limit per resource. 
• They also are excited to announce Locust-based tests. 
• This addition allows you to leverage the power, flexibility, and developer friendly nature of the Python-based Locust load testing framework, in addition to the already supported Apache Jmeter load testing framework.

57:04 Announcing the Responses API and Computer-Using Agent in Azure AI Foundry

• Azure Foundry has added two new capabilities: responses API and the Computer Using Agent. 
• Covered in previous shows when OpenAI announced them… but don’t let Azure fool you into not thinking they’re innovating. 

Oracle

57:40 Oracle Announces Fiscal 2025 Third Quarter Financial Results 

Oracle won some big cloud contracts. Here’s why its stock is falling 

• Oracle stock was a bit of a mixed bag to the analysts.  Fiscal third quarter earnings missed wall street expectations. Oracle shares surged last year amid the artificial-intelligence boom but are down 14% in 2025. 
• Oracle’s guidance for the fiscal fourth quarter was also below Wall Street’s expectations, implying fiscal 2025 revenue growth of 7.5% to 8% versus prior commentary of double digit growth, BNP Paribas analyst Stefan Slowinski pointed out in a note to clients. 
• Free cash flow is a bit of a challenge due to the large investments in AI which could lead to slower growth in the short term while they regain free cash flow.
• Good luck, Azure.

Closing

And that is the week in the cloud! Visit our website, the home of the Cloud Pod where you can join our newsletter, slack team, send feedback or ask questions at theCloud Pod.net or tweet at us with hashtag #theCloudPod