All news in category "Vendor and Hyperscaler Watch"

AWS Landing Zone Accelerator: Universal Configuration

🔒 AWS has released the Landing Zone Accelerator on AWS sample security baseline called the Universal Configuration, designed to deploy a secure, multi-account environment rapidly. It encodes AWS Well‑Architected security best practices and automates hundreds of controls to accelerate compliance for regulated workloads. The release is paired with the LZA Compliance Workbook on AWS Artifact, which maps technical controls to frameworks such as NIST, ISO, HIPAA, and CMMC.

Amazon Connect Adds Persistent Agent Connection Feature

📞 Amazon Connect now supports a persistent agent connection that keeps an open channel between agents and the service after a call ends. Administrators can enable the feature per agent profile to reduce customer connect time and help meet telemarketing compliance such as the U.S. Telephone Consumer Protection Act (TCPA) for outbound campaigns. The capability is available in all Amazon Connect regions and carries no additional charge beyond standard Amazon Connect usage and telephony fees.

Transfer Data Across AWS Partitions with Roles Anywhere

🔐 AWS outlines replacing cross-partition IAM user keys with IAM Roles Anywhere to securely transfer data between AWS partitions. The post explains partition isolation (Commercial, GovCloud, China), why long-lived access keys are discouraged, and how IAM Roles Anywhere uses X.509 certificates and temporary credentials. It also covers using an external CA or AWS Private CA to issue and manage certificates for workloads.

AWS Tag Policies: Validate and Enforce Required Tags

🔒 AWS Organizations Tag Policies introduces Reporting for Required Tags, a validation check that ensures IaC deployments include mandatory tags. You define a tag policy specifying required keys and enable validation for CloudFormation, Terraform, or Pulumi workflows. Validation is implemented by activating the AWS::TagPolicies::TaggingComplianceValidator Hook in CloudFormation, adding plan-time checks in Terraform, or enabling the aws-organizations-tag-policies policy pack in Pulumi. The feature is available via the AWS Management Console, AWS CLI, and AWS SDK in supported Regions.

AWS DMS Schema Conversion Adds SAP ASE to PostgreSQL

🤖 AWS Database Migration Service (DMS) Schema Conversion now supports conversions from SAP Adaptive Server Enterprise (ASE) to both Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL. The integrated generative AI capability helps automatically translate complex database code such as stored procedures, functions, triggers, cursors, and other ASE-specific constructs that traditionally require manual conversion. Schema Conversion also provides detailed assessment reports to help migration teams plan, estimate effort, and reduce risk when executing migrations to PostgreSQL-compatible managed databases on AWS.

Mozilla Ends Partnership with Onerep After Investigation

🛡️ Mozilla announced it will end its partnership with Onerep and discontinue Monitor Plus on Dec. 17, 2025. Current subscribers will retain access through the wind-down period and receive prorated refunds for any unused portion of their subscriptions. Mozilla said it will continue to offer its free Monitor breach service integrated with Firefox’s credential manager and is focusing on integrating more privacy and security features, including its VPN. The company cited high vendor standards and the realities of the data broker ecosystem as reasons for ending the collaboration after reporting revealed Onerep’s founder maintained ties to other people-search services.

Amazon RDS Adds Multi-AZ for SQL Server Web Edition

🔔 Amazon RDS for SQL Server Web Edition now supports Multi‑AZ deployments, providing web‑focused workloads with built‑in high availability and automated failover to a standby replica in a separate Availability Zone. Customers enable the feature by selecting the Multi‑AZ option when configuring their RDS instance; RDS synchronously replicates data and handles failover automatically. This removes the need to move to more expensive SQL Server editions for HA—check pricing and regional availability in the RDS documentation.

Amazon OpenSearch Serverless Adds PrivateLink for Management

🔒 Amazon OpenSearch Serverless now supports AWS PrivateLink for management console access, enabling private connectivity between your VPC and OpenSearch Serverless without traversing the public internet. This allows administrators to create, manage, and configure serverless resources via a private interface endpoint, reducing reliance on public IPs and firewall-only controls. Data ingestion and query operations continue to require OpenSearch Serverless VPC endpoint configuration. PrivateLink is available in regions where the service is offered and will incur additional VPC endpoint charges.

AWS Recycle Bin Extends Support to EBS Volumes Now

♻️ Recycle Bin for Amazon EBS now supports EBS Volumes, allowing you to recover accidentally deleted volumes directly rather than restoring from snapshots. You can create retention rules to protect all volumes or target specific volumes with tags; recovered volumes retain tags, permissions, and encryption and are immediately available at full performance. Volumes in Recycle Bin are billed at standard EBS Volume rates and the capability is available via CLI, SDKs, and the AWS Console across commercial, China, and AWS GovCloud (US) Regions.

Updating CRLs Privately with AWS Private CA and VPC Delivery

🔒 This AWS Security post explains two approaches to make certificate revocation lists (CRLs) available only to internal systems without exposing the S3 CRL bucket to the public internet. The first approach relocates CRLs by using a custom CDP CNAME and an EventBridge‑triggered Lambda that copies generated CRLs from the ACM Private CA S3 bucket to an internal store, with SNS notifications and example Python code. The second approach confines CRL retrieval inside AWS by using a VPC Gateway S3 endpoint, tightly scoped S3 bucket policies, and private Route 53 DNS so CRLs are resolvable and retrievable only from within the VPC.

Android Quick Share Interoperability with AirDrop Security

🔒 Google announced cross-platform file sharing between Android and iOS by making Quick Share interoperable with AirDrop, beginning with the Pixel 10 Family. The company emphasizes a "secure by design" approach that included threat modeling, internal security and privacy reviews, and in-house penetration testing. The interoperability layer is implemented in Rust to reduce memory-safety risks in parsing wireless data, and transfers are direct peer‑to‑peer without routing content through servers. Google also engaged third‑party testers and experts who validated the implementation and found no information leakage.

BigQuery Agent Analytics: Stream and Analyze Agent Data

📊 Google introduces BigQuery Agent Analytics, an ADK plugin that streams agent interaction events into BigQuery to capture, analyze, and visualize performance, usage, and cost. The plugin provides a predefined schema and uses the BigQuery Storage Write API for low-latency, high-throughput streaming of requests, responses, and tool calls. Developers can filter and preprocess events (for example, redaction) and build dashboards in Looker Studio or Grafana while leveraging vector search and generative AI functions for deeper analysis.

Nano Banana Pro: Gemini 3 Pro Image for Enterprise Use

🎨 Google is unveiling Nano Banana Pro (Gemini 3 Pro Image), a high-fidelity image generation and editing model available today in Vertex AI and Google Workspace, with a rollout to Gemini Enterprise coming soon. The model supports multi-language text rendering and on-image translation, connects to Google Search for context-aware outputs, and accepts up to 14 reference images and 4K inputs for production-grade assets. Built-in SynthID watermarking and planned copyright indemnification address commercial use and responsible deployment.

AWS Cloud WAN Routing Policy for Traffic Control, Flexibility

🌐 AWS has announced the general availability of AWS Cloud WAN Routing Policy, delivering fine-grained controls to optimize route management and traffic behavior across global wide-area networks. The feature supports route filtering, summarization, and advanced BGP attribute configuration to limit unnecessary route propagation, prevent asymmetric or sub‑optimal paths, and contain reachability blast radius. It also exposes enhanced routing database visibility for faster troubleshooting in complex multi‑path hybrid environments. Routing Policy is available in all Regions where Cloud WAN is offered and can be enabled via the Management Console, CLI, or SDK at no additional charge.

BigQuery Data Transfer Service Enhancements and Compliance

🔔 The BigQuery Data Transfer Service expands its connector ecosystem with new GA integrations (Oracle, Salesforce, ServiceNow, SFMC, Facebook Ads, and GA4) and preview connectors like Stripe, PayPal, Snowflake, and Hive. Platform improvements include event-driven transfers, incremental ingestion, GAQL-based custom Google Ads reports, and enhanced Oracle scale. Security and compliance gains—EU Data Boundary GA, FedRAMP High, CJIS, access transparency, regional endpoints, and key usage tracking—support regulated workloads. A new consumption-based pricing model applies to third-party connectors once they reach GA.

Amazon Braket Adds Per-Device Spending Limits for QPUs

🔒 Amazon Braket now lets customers set per-device spending limits for quantum processing units (QPUs), enabling tighter cost controls and automated validation of task submissions. Tasks that would exceed remaining budgets are rejected at submission, and limits apply only to on-demand QPU tasks—not to simulators, notebook instances, hybrid jobs, or Braket Direct reservation tasks. Available now in all supported AWS Regions at no additional charge, limits can be updated or deleted any time; researchers may also apply for AWS Cloud Credits for Research to offset experiments.

Amazon EC2 macOS Tahoe Now Available on Mac Instances

🖥️ Amazon Web Services now publishes Apple macOS Tahoe (v26) as Amazon Machine Images (AMIs) for EC2 Mac instances, enabling developers to build and test with Xcode 26 and the latest Apple platform SDKs. These AMIs run on Apple silicon EC2 Mac instances and are backed by Amazon Elastic Block Store (EBS) for stable, high-performance storage. Images include the AWS CLI, Command Line Tools for Xcode, Amazon SSM Agent, and Homebrew with the AWS Homebrew Tap. macOS Tahoe AMIs are available in all AWS regions that offer Apple silicon Mac instances and can be launched via the Console, CLI, or API.

Amazon MSK Serverless Now Available in São Paulo Region

🚀 Amazon Web Services has made Amazon MSK Serverless generally available in the South America (São Paulo) region, enabling customers to connect Apache Kafka applications without managing cluster capacity. MSK Serverless automatically provisions and scales compute and storage resources on demand, letting teams run Kafka with reduced operational overhead. This expansion aligns São Paulo with AWS's global GA regions.

Amazon MQ Adds RabbitMQ 4.2 with AMQP 1.0 Support Now

🚀 Amazon MQ now supports RabbitMQ 4.2, bringing native AMQP 1.0 support, a Raft-based metadata store (Khepri), local shovels, and message priorities for quorum queues. The release also includes throughput and memory management improvements and a range of bug fixes. Brokers can be created on m7g instance types via the Console, CLI, or SDKs, with automatic patch-version management and configurable resource limits. Note that mirroring of classic queues is no longer supported; quorum queues remain the sole replicated, durable queue type.

AWS Glue Adds Zero-ETL Support for More SAP Entities

🔄 AWS Glue now provides full snapshot and incremental zero-ETL ingestion for additional SAP entities. The update adds snapshot ingestion for entities without deletion tracking and timestamp-based incremental loads for non-ODP systems, extending existing ODP support. Organizations can ingest SAP data directly into Amazon Redshift or the lakehouse architecture used by Amazon SageMaker, reducing engineering effort and operational complexity. This feature is available in all Regions where AWS Glue zero-ETL is offered.