All news in category "Vendor and Hyperscaler Watch"

CloudWatch Database Insights: Cross-Account, Cross-Region

🔍 Amazon CloudWatch Database Insights now supports cross-account and cross-region monitoring, enabling teams to observe and manage database fleets across multiple AWS accounts and regions from a single console. The feature centralizes performance metrics and troubleshooting workflows so teams can correlate incidents across distributed environments. It is intended to reduce operational overhead and improve mean time to resolution by enforcing consistent monitoring standards.

AWS Compute Optimizer Adds Automation Rules for EBS

🛠 AWS Compute Optimizer introduces automation rules to optimize Amazon Elastic Block Store (EBS) volumes at scale. The feature can automatically clean up unattached volumes and upgrade volumes to the latest-generation types on a recurring schedule, using filters such as AWS Region and Resource Tags. A new dashboard summarizes automation events, shows step history and estimated savings, and supports action reversal.

AWS VPC Encryption Controls: Audit and Enforce AES-256

🔒 AWS launched VPC Encryption Controls to simplify auditing and enforcement of encryption in transit within and across Amazon Virtual Private Clouds. You can enable it on existing VPCs to monitor encryption status of traffic flows, identify resources that permit plaintext, and generate audit logs for compliance. The feature can also transparently enable hardware-based AES-256 encryption on traffic between supported resources such as AWS Fargate, Network Load Balancers and Application Load Balancers.

Amazon ECR Adds Managed Container Image Signing Capability

🔐 Amazon ECR now offers managed container image signing to simplify and standardize container provenance. Using a few clicks in the ECR Console or a single API call, you create a signing rule that references an AWS Signer signing profile (signature validity, target repositories), and ECR automatically signs images when they are pushed using the pusher's identity. AWS Signer handles key and certificate lifecycle, and all signing operations are logged to CloudTrail. The feature is available in all Regions where AWS Signer is offered.

AWS Organizations adds upgrade rollout policy for RDS

🔔 AWS Organizations now supports an upgrade rollout policy for Amazon Aurora and Amazon RDS, enabling staggered automatic minor version upgrades across accounts and resources. Administrators can define simple sequences (first, second, last) via account-level policies or resource tags so upgrades begin in development and progress to production only after validation. AWS Health notifications between phases, built-in validation periods, and the ability to pause progression provide control and observability. The feature is available in all commercial Regions and AWS GovCloud (US); RDS for Oracle support applies to engine versions released after January 2026.

AWS preview: Fully managed MCP servers for EKS and ECS

🔔 Amazon EKS and ECS now offer fully managed MCP servers in preview, providing a cloud-hosted Model Context Protocol endpoint to enrich AI-powered development and operations. These servers remove local installation and maintenance, and deliver enterprise features such as automatic updates and patching, centralized security via AWS IAM, and audit logging through AWS CloudTrail. Developers can connect AI coding assistants like Kiro CLI, Cursor, or Cline for context-aware code generation and debugging, while operators gain access to a knowledge base of best practices and troubleshooting guidance.

Amazon EKS add-on: AWS Secrets Store CSI Driver Provider

🔐 AWS has announced general availability of the Amazon EKS add-on for the AWS Secrets Store CSI Driver provider, enabling clusters to mount secrets from AWS Secrets Manager and parameters from AWS Systems Manager Parameter Store as files on Kubernetes workloads. The add-on installs and manages the AWS provider component and supports automated setup and lifecycle management for new and existing Amazon EKS clusters. It is available in all AWS commercial and AWS GovCloud (US) Regions.

Amazon EKS Provisioned Control Plane for High Performance

🚀 Amazon EKS introduced Provisioned Control Plane, letting customers select pre-defined control plane capacity tiers for new or existing clusters via APIs, the AWS Console, or infrastructure-as-code. The feature pre-provisions capacity to deliver predictable, low-latency control plane performance during traffic spikes and unpredictable bursts. It unlocks higher cluster scalability for ultra-scale workloads such as AI training, high-performance computing, and large data processing, and helps align development, staging, production, and disaster recovery behavior.

AWS Control Tower Adds 279 AWS Config Rules and Frameworks

🔒AWS Control Tower now supports 279 additional managed AWS Config rules and seven new compliance frameworks in the Control Catalog. You can search, discover, enable, and manage these rules directly from the AWS Control Tower console or via the ListControls, GetControl, and EnableControl APIs. The ListControlMappings API has been enhanced to show relationships between controls — complementary, alternative, or mutually exclusive — helping map detection (Config rules) to prevention (Service Control Policies). These features are available in Regions where Control Tower is offered, including AWS GovCloud (US).

Google Adds AirDrop Compatibility to Quick Share on Pixel 10

📡 Google updated Quick Share to interoperate with Apple's AirDrop, enabling direct file transfers between Pixel 10 devices and iPhone, iPad, and macOS. Transfers require the Apple device to be discoverable to Everyone for 10 minutes, while Android users must set Quick Share visibility to Everyone or use Receive mode. Google said the implementation is built in memory-safe Rust, avoids routing data through servers, and was independently assessed and hardened after a low-severity information-disclosure issue was fixed.

Why IT Admins Choose Samsung Galaxy and Knox Suite

🔒 Samsung Galaxy devices with Knox Suite combine hardware-rooted protections and centralized management to help IT secure corporate data without slowing users. Built-in at manufacture, Knox delivers multi-layered defenses—secure boot, trusted execution environments, and integrated malware protections—while fitting into existing EMM workflows. Native Zero Trust support, ZTNA and near-real-time telemetry from Knox Asset Intelligence feed SIEMs so mobile threats are visible alongside other alerts.

Amazon SageMaker notebooks with built-in AI agent experience

🤖 Amazon SageMaker introduces a serverless notebook experience that consolidates SQL, Python, and natural-language workflows into a single interactive workspace for analytics and ML. The environment is backed by Amazon Athena for Apache Spark to scale from interactive queries to petabyte-scale processing without pre-provisioned infrastructure. A built-in AI agent generates code and SQL from natural-language prompts to accelerate development, and the feature is available via SageMaker Unified Studio's one-click onboarding in multiple AWS Regions.

Amazon RDS for SQL Server Adds Resource Governor Support

🔧 Amazon RDS for SQL Server now supports resource governor, enabling customers to manage CPU, memory, and I/O allocation across workloads on Enterprise Edition instances. RDS exposes stored procedures for configuring resource pools, workload groups, and classifier functions so administrators can isolate resource‑intensive queries and maintain predictable performance. This feature is available in all AWS Regions where RDS for SQL Server is offered.

EC2 Fleet Adds Encryption Attribute for ABIS Selection

🔐 Amazon EC2 Fleet now supports an encryption attribute for Attribute-Based Instance Type Selection (ABIS). You can set RequireEncryptionInTransit in InstanceRequirements to limit launches to instance types that support encryption-in-transit, addressing compliance with VPC Encryption Controls in enforced mode. The GetInstanceTypesFromInstanceRequirements (GITFIR) API previews eligible instance types. The feature is available in all AWS commercial and GovCloud (US) Regions. To start, set RequireEncryptionInTransit=true when calling CreateFleet or GITFIR.

AWS Transfer Family Web Apps Support VPC Endpoints

🔒 AWS Transfer Family web apps now support Virtual Private Cloud (VPC) endpoints, enabling private, in‑VPC access to your browser-based S3 file interface at no additional charge. Workforce users can connect through a VPC, AWS Direct Connect, or VPN so that file traffic remains inside your network boundary. Administrators can enforce controls with security groups and subnet-level NACLs, retaining full visibility and control over transfers. Configure and manage endpoints via the Transfer Family console, AWS CLI, or SDK.

Amazon ECS and EKS Add AI-Powered Troubleshooting in Console

🔍 The AWS Management Console now integrates Amazon Q Developer AI-assisted troubleshooting directly into Amazon ECS and Amazon EKS. Contextual 'Inspect with Amazon Q' controls appear alongside error and status messages to gather relevant logs and metrics, analyze root causes, and present one-click mitigation suggestions. The experience covers failed tasks, container health checks, deployment rollbacks, cluster and node health, and Kubernetes pod events, and is available in all AWS commercial regions.

CloudWatch Container Insights: Sub-Minute GPU Metrics

🔍 Amazon CloudWatch Container Insights now supports configurable sub-minute GPU sampling for Amazon EKS, enabling GPU metrics to be collected at a per-second sample rate and aggregated to CloudWatch once per minute. This enhancement gives teams finer visibility into short-lived AI/ML inference and GPU-intensive workloads, helping to optimize resource utilization, troubleshoot performance issues, and improve operational efficiency for containerized GPU applications. The feature is available in all AWS Commercial Regions and AWS GovCloud (US) Regions at no additional cost.

AWS Security Incident Response Introduces Metered Pricing

🔒 AWS Security Incident Response introduces a metered pricing model that charges per ingested security finding and includes a free tier for the first 10,000 findings per month. After the free tier, the per-finding rate is $0.000676 with tiered discounts at higher volumes. The consumption-based approach removes upfront commitments and minimum fees, enabling teams to scale response capability as needs evolve. Customers can monitor finding counts via Amazon CloudWatch at no extra cost, and the new pricing automatically applies in supported Regions starting November 21, 2025.

Oracle Database@AWS Integrates with AWS KMS for TDE

🔐 AWS announced integration between Oracle Database@AWS and AWS Key Management Service (KMS), enabling KMS to encrypt Oracle Transparent Data Encryption (TDE) master keys. The feature is available in all regions where Oracle Database@AWS runs and incurs only standard KMS charges—there is no additional Oracle Database@AWS fee. Customers gain centralized key control, CloudTrail auditing, and automatic key rotation for TDE keys.

ECR Dual-Stack Endpoints Gain AWS PrivateLink Support

🔒 Amazon Elastic Container Registry (ECR) now supports AWS PrivateLink for its dual-stack endpoints. This enables customers to standardize on IPv6 while continuing to accept IPv4 traffic, and to keep API and Docker/OCI request traffic confined to the Amazon network. By routing dual-stack endpoint traffic over PrivateLink, organizations can reduce exposure to the public internet and improve their security posture. The feature is generally available in all AWS commercial and GovCloud (US) regions at no additional cost.