All news in category "Vendor and Hyperscaler Watch"

Amazon WorkSpaces Applications Adds IPv6 Support Widely

🌐 Amazon WorkSpaces Applications now supports IPv6 for WorkSpaces Applications domains and external endpoints, allowing users on IPv6-capable devices to connect (SAML authentication is not supported over IPv6). This reduces the need for address-translation appliances, helps meet IPv6 compliance, and simplifies VPC addressing. The feature is available at no additional cost in 16 AWS Regions and uses pay-as-you-go pricing; customers must use the latest client or web access.

EC2 Fleet Adds Encryption Attribute for ABIS Selection

🔐 Amazon EC2 Fleet now supports an encryption attribute for Attribute-Based Instance Type Selection (ABIS). You can set RequireEncryptionInTransit in InstanceRequirements to limit launches to instance types that support encryption-in-transit, addressing compliance with VPC Encryption Controls in enforced mode. The GetInstanceTypesFromInstanceRequirements (GITFIR) API previews eligible instance types. The feature is available in all AWS commercial and GovCloud (US) Regions. To start, set RequireEncryptionInTransit=true when calling CreateFleet or GITFIR.

AWS Control Tower v4.0: Direct Access to Managed Controls

🔧 AWS Control Tower v4.0 introduces a controls-focused experience that gives customers direct access to more than 750 AWS managed controls without requiring a full Control Tower deployment. Customers can review the Control Catalog and deploy selected controls into their existing AWS Organization within minutes while retaining their current account structure. The release also separates S3 buckets and SNS notifications for cleaner operations and improved cost attribution.

AWS Network Firewall adds flexible cost allocation

🔁 AWS Network Firewall now supports flexible cost allocation through AWS Transit Gateway native attachments, enabling automatic distribution of data processing charges across different AWS accounts. Administrators can create metering policies to apply inspection charges to application teams or business units instead of consolidating expenses in the firewall owner account. This preserves centralized security controls while automating chargeback based on actual usage. Flexible cost allocation is available in all AWS Commercial and Amazon China Regions where supported, with no additional fees beyond standard service pricing.

Amazon ECS Managed Instances Now in GovCloud Regions

🚀 Amazon ECS Managed Instances is now available in the AWS GovCloud (US-East) and GovCloud (US-West) Regions, bringing a fully managed EC2 compute option to government-focused accounts. Managed Instances dynamically scales and optimizes EC2 capacity, supports task-level requirements (vCPU, memory, CPU architecture), and lets you select instance families including GPU, network-optimized, and burstable types. AWS initiates security patching every 14 days; management fees apply in addition to EC2 costs.

AWS Glue adds DynamoDB connector with Spark DataFrame

🚀 AWS Glue now includes a new Amazon DynamoDB connector that natively supports Apache Spark DataFrames. This enables developers to reuse existing Spark DataFrame code across AWS Glue, Amazon EMR, and other Spark environments with minimal modification, replacing prior reliance on Glue-specific DynamicFrame objects. The connector exposes the full range of DataFrame operations and current Spark performance optimizations and is available in all AWS Commercial Regions where Glue runs.

Amazon Lightsail launches Nginx blueprint with IMDSv2

🚀 Amazon Lightsail now offers a new Nginx blueprint that includes IMDSv2 enforced by default and supports IPv6-only instances. With a few clicks you can provision a Lightsail VPS of your chosen size with Nginx preinstalled, using Lightsail instance bundles that combine OS, storage, and monthly data transfer. This blueprint is available in all AWS Regions where Lightsail runs; consult Lightsail documentation for supported blueprints and pricing details.

Amazon Connect Adds Multi-Skill Agent Scheduling Support

📞 Amazon Connect now supports multi-skill agent scheduling to optimize workforce allocation across departments, languages, and customer tiers. Using forecast-driven, skill-based matching, administrators can schedule agents who hold multiple specialties and reserve multi-skilled staff for high-value interactions when demand peaks. This capability is available in all AWS Regions where agent scheduling is offered and aims to raise utilization while reducing staffing gaps.

AWS Announces Amazon ECS Express Mode for Fast Deploys

🚀 Amazon Web Services today introduced Amazon ECS Express Mode, a managed deployment option that helps developers rapidly launch containerized web applications and APIs with minimal configuration. Every Express Mode service is assigned an AWS‑provided domain and supports public or private HTTPS, autoscaling, and ALB-based traffic distribution. The feature can consolidate up to 25 Express Mode services behind a single Application Load Balancer while preserving isolation through intelligent rule-based routing. All provisioned resources remain in your AWS account and are fully accessible; Express Mode is available now in all AWS Regions at no additional service charge — you pay only for the underlying AWS resources used.

AWS Landing Zone Accelerator: Universal Configuration

🔒 AWS has released the Landing Zone Accelerator on AWS sample security baseline called the Universal Configuration, designed to deploy a secure, multi-account environment rapidly. It encodes AWS Well‑Architected security best practices and automates hundreds of controls to accelerate compliance for regulated workloads. The release is paired with the LZA Compliance Workbook on AWS Artifact, which maps technical controls to frameworks such as NIST, ISO, HIPAA, and CMMC.

Amazon Connect Adds Persistent Agent Connection Feature

📞 Amazon Connect now supports a persistent agent connection that keeps an open channel between agents and the service after a call ends. Administrators can enable the feature per agent profile to reduce customer connect time and help meet telemarketing compliance such as the U.S. Telephone Consumer Protection Act (TCPA) for outbound campaigns. The capability is available in all Amazon Connect regions and carries no additional charge beyond standard Amazon Connect usage and telephony fees.

Transfer Data Across AWS Partitions with Roles Anywhere

🔐 AWS outlines replacing cross-partition IAM user keys with IAM Roles Anywhere to securely transfer data between AWS partitions. The post explains partition isolation (Commercial, GovCloud, China), why long-lived access keys are discouraged, and how IAM Roles Anywhere uses X.509 certificates and temporary credentials. It also covers using an external CA or AWS Private CA to issue and manage certificates for workloads.

AWS Tag Policies: Validate and Enforce Required Tags

🔒 AWS Organizations Tag Policies introduces Reporting for Required Tags, a validation check that ensures IaC deployments include mandatory tags. You define a tag policy specifying required keys and enable validation for CloudFormation, Terraform, or Pulumi workflows. Validation is implemented by activating the AWS::TagPolicies::TaggingComplianceValidator Hook in CloudFormation, adding plan-time checks in Terraform, or enabling the aws-organizations-tag-policies policy pack in Pulumi. The feature is available via the AWS Management Console, AWS CLI, and AWS SDK in supported Regions.

AWS DMS Schema Conversion Adds SAP ASE to PostgreSQL

🤖 AWS Database Migration Service (DMS) Schema Conversion now supports conversions from SAP Adaptive Server Enterprise (ASE) to both Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL. The integrated generative AI capability helps automatically translate complex database code such as stored procedures, functions, triggers, cursors, and other ASE-specific constructs that traditionally require manual conversion. Schema Conversion also provides detailed assessment reports to help migration teams plan, estimate effort, and reduce risk when executing migrations to PostgreSQL-compatible managed databases on AWS.

Mozilla Ends Partnership with Onerep After Investigation

🛡️ Mozilla announced it will end its partnership with Onerep and discontinue Monitor Plus on Dec. 17, 2025. Current subscribers will retain access through the wind-down period and receive prorated refunds for any unused portion of their subscriptions. Mozilla said it will continue to offer its free Monitor breach service integrated with Firefox’s credential manager and is focusing on integrating more privacy and security features, including its VPN. The company cited high vendor standards and the realities of the data broker ecosystem as reasons for ending the collaboration after reporting revealed Onerep’s founder maintained ties to other people-search services.

AWS Recycle Bin Extends Support to EBS Volumes Now

♻️ Recycle Bin for Amazon EBS now supports EBS Volumes, allowing you to recover accidentally deleted volumes directly rather than restoring from snapshots. You can create retention rules to protect all volumes or target specific volumes with tags; recovered volumes retain tags, permissions, and encryption and are immediately available at full performance. Volumes in Recycle Bin are billed at standard EBS Volume rates and the capability is available via CLI, SDKs, and the AWS Console across commercial, China, and AWS GovCloud (US) Regions.

Amazon OpenSearch Serverless Adds PrivateLink for Management

🔒 Amazon OpenSearch Serverless now supports AWS PrivateLink for management console access, enabling private connectivity between your VPC and OpenSearch Serverless without traversing the public internet. This allows administrators to create, manage, and configure serverless resources via a private interface endpoint, reducing reliance on public IPs and firewall-only controls. Data ingestion and query operations continue to require OpenSearch Serverless VPC endpoint configuration. PrivateLink is available in regions where the service is offered and will incur additional VPC endpoint charges.

Amazon RDS Adds Multi-AZ for SQL Server Web Edition

🔔 Amazon RDS for SQL Server Web Edition now supports Multi‑AZ deployments, providing web‑focused workloads with built‑in high availability and automated failover to a standby replica in a separate Availability Zone. Customers enable the feature by selecting the Multi‑AZ option when configuring their RDS instance; RDS synchronously replicates data and handles failover automatically. This removes the need to move to more expensive SQL Server editions for HA—check pricing and regional availability in the RDS documentation.

Updating CRLs Privately with AWS Private CA and VPC Delivery

🔒 This AWS Security post explains two approaches to make certificate revocation lists (CRLs) available only to internal systems without exposing the S3 CRL bucket to the public internet. The first approach relocates CRLs by using a custom CDP CNAME and an EventBridge‑triggered Lambda that copies generated CRLs from the ACM Private CA S3 bucket to an internal store, with SNS notifications and example Python code. The second approach confines CRL retrieval inside AWS by using a VPC Gateway S3 endpoint, tightly scoped S3 bucket policies, and private Route 53 DNS so CRLs are resolvable and retrievable only from within the VPC.

Android Quick Share Interoperability with AirDrop Security

🔒 Google announced cross-platform file sharing between Android and iOS by making Quick Share interoperable with AirDrop, beginning with the Pixel 10 Family. The company emphasizes a "secure by design" approach that included threat modeling, internal security and privacy reviews, and in-house penetration testing. The interoperability layer is implemented in Rust to reduce memory-safety risks in parsing wireless data, and transfers are direct peer‑to‑peer without routing content through servers. Google also engaged third‑party testers and experts who validated the implementation and found no information leakage.