The Cloud Pod is in Tears Trying to Understand Azure Tiers
Welcome to episode 321 of The Cloud Pod, where the forecast is always cloudy! Justin, Ryan, and Matt are all on hand to bring you the latest in cloud and AI news, including increased metrics data (because who doesn’t lov...
The Cloud Pod is in Tears Trying to Understand Azure Tiers
Welcome to episode 321 of The Cloud Pod, where the forecast is always cloudy! Justin, Ryan, and Matt are all on hand to bring you the latest in cloud and AI news, including increased metrics data (because who doesn’t love more data), some issues over at Cloudflare, and even bigger issues at Builder.ai – plus so much more.
Let’s get started!
Titles we almost went with this week
- Lost in Translation: Google Helps IPv6 Find Its Way to IPv4
- BigQuery’s Soft Landing for Hard Problems
- CloudWatch Gets a Two-Week Memory Upgrade
- VM Glow-Up: From Gen1 Zero to Gen2 Hero
- Azure Gets Contextual: API Management Learns to Speak AI
- The Cloud Pod: Now Broadcasting from 20,000 Leagues Under the Sea
- LoRA LoRA on the Wall, Who’s the Finest Model of Them All
- Azure Says MFA or the Highway for Resource Management
- Two-Factor or Two-Furious: Azure’s Security Ultimatum
- Agent 007: License to Build
- CUD You Believe It? Google’s Discounts Get More Flexible
- WAF’s New Deal: Free Logs with Every Million Requests Served
- SOC It To Me: Google’s AI Security Workshop Tour
- MFA mandatory in Azure, now you too can hate/hate MS Authenticator
- AWS AMIs no longer the Tribbles of cloud computing
- ECS Exec; Justin’s prediction from 2018 finally comes true
General News
00:56 FinOps Weekly Summit 2025
- Victor Garcia reached out and asked us to share the news about the FinOps Weekly Summit coming up on October 23rd, 2025.
- A lot of great speakers; if you’re in the FinOps space, we recommend it.
- Want to register? You can do that here.
01:53 Ignite Registration Opens
- San Francisco, Moscone Center
- November 18–21, 2025
- Need to convince your manager to pay for you to go? Find that letter here.
02:45 Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1
- Some issues over at Cloudflare recently…
- Fina CA issued 12 unauthorized TLS certificates for Cloudflare’s 1.1.1.1 DNS resolver IP address between February 2024 and August 2025, violating domain control validation requirements and potentially allowing man-in-the-middle attacks on DNS-over-TLS and DNS-over-HTTPS connections.
- The incident highlights vulnerabilities in the Certificate Authority trust model where any trusted CA can issue certificates for any domain or IP without proper validation, though exploitation would require the attacker to have the private key, intercept traffic, and target clients that trust Fina CA (primarily Microsoft systems).
- Cloudflare failed to detect these certificates for months despite operating its own Certificate Transparency monitoring service because its system wasn’t configured to alert on IP address certificates rather than domain names, exposing gaps in its internal security monitoring.
- The certificates have been
Chapters
- (00:00:00) - The Cloud Pod: Trying to Understand Azure tiers
- (00:01:04) - Two Up! Finops Weekly Summit and Ignite
- (00:02:56) - Cloudflare: Certificate Transparency is Critical Infrastructure
- (00:06:08) - AI is How ML Makes Money
- (00:08:44) - Visual Studio: August Update to Copilot
- (00:11:16) - Amazon.com: Regions and Zones in AWS Global View
- (00:14:19) - CloudWatch Metrics Insights: Extended to 3 Hours
- (00:16:19) - CloudWatch: Single Monitoring Alarms for Dynamic Resource Fleets
- (00:17:32) - AWS User Notifications now support centralized notification management across multi-
- (00:19:46) - ECS: Monitoring AMI usage with Cloud Shell
- (00:23:39) - AWS Terraform: Five Year Old Code
- (00:25:14) - AWS IAM: Network Parameter Controls for VPCs
- (00:27:56) - AWS WAF now provides 500 MB of free CloudWatch log
- (00:31:00) - WASP Config: Resource Tag Tracking for IAM Policies
- (00:33:01) - GCP: DNS64 and NAT64 for IPv6
- (00:34:28) - BigQuery Data Storage: Soft Failover
- (00:35:58) - Google Expands Cloud CUDs to Include HANA, Cloud
- (00:39:04) - Google Cloud Launches Society Operations Center Workshop
- (00:40:13) - Google Data Proc now supports multi-tenant cluster
- (00:41:37) - Google's Official Rust SDK
- (00:43:22) - Microsoft Azure: Upgrade to Gen2 with Trustful Launch enabled
- (00:45:34) - Azure API Management: New Features and Native Auto-Scaling
- (00:46:37) - Microsoft Launches GPT Real Time on Azure AI Foundry
- (00:50:47) - Azure AI Foundry
- (00:53:23) - Week in Cloud: September 7, 2018