All news in category "Vendor and Hyperscaler Watch"

Amazon S3 Adds Attribute-Based Access Control (ABAC)

🏷️ Amazon S3 now supports attribute-based access control (ABAC) for general purpose buckets, allowing organizations to use bucket tags to automatically manage permissions. Instead of constantly editing IAM or bucket policies, administrators can create policies that reference bucket tags and grant access by adding or modifying tags. Enable ABAC with the S3 PutBucketAbac API and manage tags via TagResource/UntagResource; you can also require tags at bucket creation to enforce standards. The feature is available in all AWS Regions at no additional cost via the Console, REST API, CLI, SDK, and CloudFormation.

AWS EC2 High Memory U7i Instances Expand Regions and Sizes

🚀 Amazon Web Services has expanded availability of its EC2 High Memory U7i instances: the u7in-16tb.224xlarge (16TiB) is now in AWS Europe (Ireland); u7i-12tb.224xlarge (12TiB) is available in Asia Pacific (Hyderabad); and u7i-8tb.112xlarge (8TiB) is available in Asia Pacific (Mumbai) and AWS GovCloud (US-West). Powered by custom 4th-gen Intel Xeon Scalable processors (Sapphire Rapids) and DDR5 memory, these instances provide high vCPU counts (up to 896), ENA Express support, up to 100Gbps EBS performance and up to 200Gbps networking on the 16TiB size, making them suited for mission-critical in-memory databases like SAP HANA, Oracle, and SQL Server.

Amazon Redshift Serverless Lowers Minimum to 4 RPUs

🚀 Amazon Redshift Serverless now offers a lower base capacity of 4 RPUs, reducing the prior minimum from 8 RPUs and enabling entry-level analytics at roughly $1.50 per hour. Each RPU provides 16 GB of memory, so the 4‑RPU configuration supplies up to 64 GB of memory and supports up to 32 TB of Redshift managed storage with limits such as 100 columns per table. The configuration is available in multiple Asia Pacific, European, Middle East, African and Mexico regions and is suited for both development and lightweight production workloads. You continue to pay per-second for active RPU-hours, helping lower cost for sporadic or small-scale analytics.

SageMaker Studio: Long‑Running Sessions with Corporate IDs

⏳ Amazon SageMaker Unified Studio now supports long-running background sessions using corporate identities via AWS IAM Identity Center's trusted identity propagation (TIP). Users can launch interactive notebooks and data processing on SageMaker, Amazon EMR, and AWS Glue that persist when they log off or experience network or credential interruptions. Sessions retain corporate permissions and can run up to 90 days (default 7 days), reducing the need for continuous monitoring and improving productivity for multi-hour or multi-day workloads.

Amazon EC2 Adds AMI Ancestry for Complete Lineage Visibility

🔍 Amazon EC2 now publishes AMI ancestry, enabling you to trace an AMI’s full lineage from its immediate parent back to the root across regions. This built‑in visibility replaces manual tagging and cross‑region record‑keeping, simplifying compliance audits and incident response. AMI ancestry is accessible via the AWS CLI, SDKs, and Console at no additional cost. It helps quickly identify all derived AMIs when a vulnerability is discovered in an ancestor, improving remediation speed and reducing operational risk.

EC2 Auto Scaling adds instance lifecycle retention policy

🛡️ EC2 Auto Scaling introduces an instance lifecycle policy that lets you retain instances when lifecycle hooks fail or time out, enabling manual intervention for graceful shutdowns. Previously, the default continue or abandon outcomes both resulted in instance termination after a timeout; the new policy adds configurable retention triggers to keep instances in a retained state. This is particularly helpful for stateful applications that need to save local data, close database connections, deregister from discovery, or remove sensitive credentials before termination. The feature is available in US East (N. Virginia), US West (Oregon), Europe (Ireland), and Asia Pacific (Singapore).

EC2 Auto Scaling adds ReplaceRootVolume for live root swaps

🔁 Amazon EC2 Auto Scaling introduces the ReplaceRootVolume strategy for instance refresh, allowing replacement of an instance's root Amazon EBS volume without stopping or terminating the instance. The feature preserves attachments and metadata (network interfaces, elastic IPs) and reduces operational complexity for OS-level updates, patching, and recovery from corrupted root volumes. It is particularly valuable for specialized instance types such as Mac and GPU instances and for stateful applications where data and attachments must be preserved. ReplaceRootVolume is available in select regions at no additional cost beyond standard EC2 and EBS usage.

AWS CloudTrail Insights Adds Data-Event Anomaly Detection

🔍 AWS CloudTrail Insights now analyzes data events as well as management events, automatically detecting anomalies in data access patterns such as unexpected surges in S3 delete calls or increased Lambda error rates. When unusual activity is found, CloudTrail generates an Insights event that includes the relevant data events and can trigger alerts for rapid investigation. The capability is available in all regions where CloudTrail is offered; additional charges apply for data-event Insights.

Amazon QuickSight Adds Advanced Dashboard Theme Controls

🎨 Amazon QuickSight now provides expanded dashboard theming to help organizations maintain consistent brand identity across analytics dashboards and embedded experiences. Authors can customize interactive sheet backgrounds with gradients and angles, implement sophisticated card styling with configurable borders and opacity, and control typography for titles and subtitles at the theme level. These theme-level controls help ensure visual consistency across departments and enable embedded dashboards to match host application styling so analytics appear native. The enhancements address enterprise needs for professional, brand-aligned presentation and are available in all supported QuickSight regions.

AWS Site-to-Site VPN Adds BGP Logging for Tunnels Now

🔍 AWS Site-to-Site VPN now publishes Border Gateway Protocol (BGP) logs from VPN tunnels to Amazon CloudWatch, providing deeper visibility into routing and session behavior. Previously, customers only had access to IKE/IPSec tunnel activity logs; the new BGP logs show session status, transitions, routing updates, and detailed error states. With both tunnel and BGP logs in CloudWatch, teams can correlate events, speed troubleshooting, and identify configuration mismatches between AWS endpoints and customer gateways across commercial Regions and AWS GovCloud (US).

Amazon EC2 C7i Instances Now in Melbourne Region, Australia

🚀 Amazon EC2 C7i instances are now available in the Asia Pacific (Melbourne) Region, powered by custom 4th Gen Intel Xeon Scalable processors (Sapphire Rapids) exclusive to AWS. They deliver up to 15% better performance over comparable Intel-based offerings and up to 15% better price-performance versus C6i. C7i offers larger sizes up to 48xlarge, two bare-metal sizes (metal-24xl, metal-48xl) with built-in Intel accelerators and supports AMX and up to 128 EBS volumes to scale data-intensive workloads.

Amazon Braket Adds AQT IBEX Q1 Trapped-Ion QPU in Europe

🔬 Amazon Braket now offers access to IBEX Q1, a 12-qubit trapped-ion QPU from Alpine Quantum Technologies (AQT) featuring full all-to-all connectivity that eliminates the need for intermediate SWAP gates. The device is available on-demand and via Hybrid Jobs, and customers can reserve dedicated capacity through Braket Direct with hourly pricing and no upfront commitments. IBEX Q1 runs in the Europe (Stockholm) Region with launch access Tuesdays and Wednesdays 09:00–16:00 UTC. Accredited researchers may apply for AWS Cloud Credits for Research to support experiments.

Amazon SageMaker Studio Integrates EMR on EKS with SSO

🔒 Amazon SageMaker Unified Studio now supports EMR on EKS as a compute option for interactive Apache Spark sessions, bringing containerized, large-scale distributed compute with automatic scaling and cost optimizations directly into the Studio environment. The feature adds trusted identity propagation through AWS Identity Center, enabling single sign-on and end-to-end data access traceability for interactive analytics. Data practitioners can use corporate credentials to access Glue Data Catalog resources from SageMaker JupyterLab while administrators retain fine-grained access controls and audit trails. This capability is available in all existing SageMaker Unified Studio regions.

Amazon CloudFront Adds TLS 1.3 Support for Origins

🔒 Amazon CloudFront now supports TLS 1.3 for connections to origins, automatically enabled across custom origins, Amazon S3, and Application Load Balancers with no configuration changes required. The upgrade provides stronger encryption and reduced handshake latency, delivering up to 30% faster connection establishment when an origin supports TLS 1.3. CloudFront will negotiate TLS 1.3 where supported while maintaining backward compatibility with older TLS versions. This support is available at no additional charge in all CloudFront edge locations and benefits sensitive workloads such as financial services, healthcare, and e-commerce.

AWS Step Functions Adds Local TestState API for Workflows

🔧 AWS Step Functions' TestState API now supports local unit testing of complete workflows, including advanced constructs like Map and Parallel states, without deploying state machines to AWS. Developers can mock AWS service integrations and opt into API contract validation so mocked responses align with actual service outputs, improving test fidelity. TestState calls integrate with frameworks such as Jest and pytest and can be used in CI/CD pipelines; the feature is available via the AWS SDK and CLI in all Regions where Step Functions is offered.

CrowdStrike Extends DSPM to Runtime for Cloud Data

🔒 CrowdStrike Falcon Data Protection for Cloud is now generally available, extending traditional DSPM into runtime to provide continuous visibility and protection for sensitive data in motion. Leveraging eBPF-powered monitoring, it detects unauthorized or risky data transfers across APIs, SaaS, containers, databases, and cloud storage without proxies or added infrastructure. The solution combines unified classification with integrated investigation and automated response, plus SIEM streaming and a lightweight Linux sensor for rapid deployment.

AWS PCS Adds Slurm REST API for Programmatic Job Control

🔁 The AWS Parallel Computing Service (AWS PCS) now supports the Slurm REST API, enabling programmatic job submission, resource management, and cluster monitoring over HTTP. This removes reliance on CLI-only workflows and lets teams integrate HPC operations into web portals, CI/CD pipelines, and data processing frameworks. The feature is available in all AWS Regions with AWS PCS and has no additional charge.

Attack Surface Management: 12 Tools to Harden Perimeter

🔒 Regular network scans are no longer sufficient to secure modern environments. This article reviews a dozen Attack Surface Management solutions—covering both CAASM and EASM approaches—that automate asset discovery, continuous monitoring, and risk prioritization. Vendors highlighted include Axonius, CrowdStrike, Microsoft Defender, Palo Alto Xpanse, and others that integrate with existing SOC tooling and often leverage agentic AI to assist detection and remediation. It concludes with seven practical questions to evaluate ASM needs, automation, remediation paths, and pricing models.

AWS introduces aws login for secure developer access

🔐 The new aws login CLI command lets developers obtain temporary programmatic credentials using the same sign-in method as the AWS Management Console, eliminating the need to create and manage long-term access keys. The command opens a browser-based OAuth2 flow and supports root/IAM user sign-in as well as federated identity providers. Issued credentials auto-rotate every 15 minutes and remain valid up to the IAM session duration (maximum 12 hours). Aws login integrates with profiles, remote development workflows, AWS SDKs, AWS Tools for PowerShell, and legacy SDKs via credential_process.

AWS Designated Critical Third-Party Provider under DORA

🔐 Amazon Web Services has been designated a critical third-party provider (CTPP) by the European Supervisory Authorities under the EU’s DORA regulation, which took effect in January 2025. The designation establishes a formal oversight relationship between AWS and the ESAs and signals heightened regulatory engagement for financial services customers operating in the EU. AWS says it will continue investing in compliance, operational resilience, risk management, and transparency, and will support customers with documentation, whitepapers, and a dedicated security and compliance team to help meet DORA obligations.