All news in category "Vendor and Hyperscaler Watch"

AWS Data Exports Adopt FOCUS 1.2 Schema for Cost Management

🔔 AWS announced general availability of AWS Data Exports supporting the FOCUS 1.2 schema, enabling customers to export standardized cost and usage data to Amazon S3. The release preserves the four-cost-column structure (ListCost, ContractedCost, BilledCost, EffectiveCost) from FOCUS 1.0 while adding fields for broader enterprise use cases. Key capabilities include invoice reconciliation, capacity reservation tracking to find unused reservations, and virtual currency support for multi-cloud and SaaS cost scenarios. The export is available in US East (N. Virginia) and covers all AWS Regions except AWS GovCloud (US) and AWS China Regions.

AWS Directory Service Adds PrivateLink VPC Connectivity

🔒 AWS Directory Service now supports AWS PrivateLink, enabling you to route all Directory Service API and Directory Service Data API traffic through private VPC endpoints. This removes the need for internet gateways or NAT devices and reduces latency by creating requester-managed ENIs in enabled subnets. The feature covers directory management and user operations and is available in all Regions where AWS Directory Service is supported.

AWS Cost Anomaly Detection Adds Managed Monitors for Tags

📈 AWS Cost Anomaly Detection now supports managed monitors that can track all linked accounts, cost allocation tags, or cost categories with a single configuration. Previously limited to AWS service scopes, the new capability automatically separates monitoring for each tag or account value and adapts as organizational tags or accounts change. The feature is available today in all commercial AWS Regions at no additional charge.

AWS Lambda Introduces Tenant Isolation Mode for Multi-Tenant

🔒 AWS announced a new tenant isolation mode for AWS Lambda, enabling customers to isolate request processing per tenant or end-user invoking the same function. By providing a unique tenant identifier on invocation, Lambda routes requests to execution environments dedicated to that tenant and ensures those environments are never used for other tenants. This simplifies building multi-tenant SaaS workloads and reduces the need for custom per-tenant function routing.

Amazon API Gateway Enables Progressive Response Streaming

⚡ Amazon API Gateway now progressively streams response payloads to clients as data becomes available, removing the need to buffer complete responses before transmission. The capability works with streaming-capable backends including Lambda functions, HTTP proxy integrations, and private integrations. Benefits include improved time-to-first-byte, integration timeouts extended to 15 minutes, and support for payloads larger than 10 MB. Generative AI and media-serving applications will particularly benefit, and the feature is available across all AWS Regions including GovCloud.

AWS Cost Explorer: 18-Month Forecasts and Explainable AI

📈 AWS Cost Explorer now extends forecasting to 18 months and uses upgraded machine learning that can analyze up to 36 months of historical data (previously 6 months) to surface seasonal patterns and long-term growth trends. Two of these improvements are generally available, while AI-powered, explainable forecasts are offered in public preview in the console. The 18-month horizon is also exposed via the GetCostForecast API, enabling finance and engineering teams to improve annual budgeting, surface optimization opportunities, and present forecasts with greater stakeholder confidence.

Amazon SageMaker Catalog Enforces Glossary Metadata

📌 Amazon SageMaker Catalog now enforces glossary-term metadata during asset publishing. Administrators can require data producers to tag assets with approved business vocabulary from organizational glossaries, and enforcement rules will block publication if required terms are missing. This standardizes metadata, aligns technical schemas with business language, and improves discoverability and governance. Available in all regions where Amazon SageMaker Catalog operates; policies can be managed via the console, CLI, or SDKs.

Amazon Route 53 Adds AWS PrivateLink for API Access

🔒 Amazon Route 53 now supports AWS PrivateLink for the route53.amazonaws.com API, enabling private, regional connectivity from VPCs to the Route 53 API without traversing the public internet. This allows workloads to manage hosted zones, records, and health checks over the AWS backbone and simplifies networking by removing the need for complex private connectivity. Support is global except in AWS GovCloud and China, and cross-region interface VPC endpoints enable native multi-region access.

Amazon S3 Adds Post-Quantum TLS Key Exchange Support

🔐 Amazon S3 now supports post-quantum TLS key exchange on regional S3, S3 Tables, and S3 Express One Zone endpoints using the NIST-standardized Module Lattice-Based Key Encapsulation Mechanism (ML-KEM). PQ-TLS key exchange is available at no additional cost across all AWS regions and will be negotiated automatically when clients are configured for ML-KEM. Combined with server-side AES-256 encryption by default, S3 offers quantum-resistant protection for data both in transit and at rest.

AWS Network Load Balancer Adds Weighted Target Groups

🚀 AWS Network Load Balancer now supports weighted target groups, letting you distribute traffic across multiple target groups with configurable weights from 0 to 999. This enables progressive deployment strategies such as Blue-Green and Canary deployments, application migration, and A/B testing while supporting instance, IP address, and ALB targets. The capability is available across AWS commercial and GovCloud regions at no additional charge; standard NLB Capacity Unit (LCU) pricing applies.

Amazon GuardDuty Malware Protection for AWS Backup

🔒 Amazon announced GuardDuty Malware Protection for AWS Backup, extending malware detection to backups of Amazon EC2 instances, Amazon EBS volumes, and Amazon S3 objects. The capability automatically scans new backups, supports on-demand scans of existing backups, and can identify the last known clean backup to reduce recovery impact. It offers incremental scanning to analyze only changed data between backups, lowering costs versus full rescans, and can be enabled even if GuardDuty foundational data sources are not active. The feature is available in supported Regions and accessible via the AWS Backup console, API, or CLI.

AWS S3 bucket-level setting to standardize encryption

🔒 Amazon S3 now provides a bucket-level default encryption configuration to enforce SSE-S3 or SSE-KMS for all write requests, allowing organizations to standardize server-side encryption types across buckets. The PutBucketEncryption API update lets you disable SSE-C on specific buckets or in CloudFormation templates. This capability is available in all AWS Regions and configurable via Console, SDK, API, or CLI. It helps simplify compliance and reduce misconfiguration risk.

Amazon CloudWatch RUM Adds Mobile Support for iOS, Android

📱 Amazon CloudWatch RUM now supports iOS and Android apps, extending real user monitoring beyond web applications. Using the OpenTelemetry (OTEL) standard, it captures mobile spans such as application startup time, screen load time, and backend network calls, and records events including crashes and ANRs/AppHangs. Developers and SREs can perform impact analysis for errors or crashes, drill into correlated telemetry, and filter by location, device type, OS, and app version. Mobile telemetry integrates with application metrics, traces, logs, web RUM, and synthetic monitoring in CloudWatch Application Signals, and is available in all AWS Commercial Regions where web monitoring is provided.

AWS CloudTrail Data Event Aggregation for Monitoring

🔍 AWS announced aggregated CloudTrail data events to help teams monitor high-volume API activity without processing every individual event. Aggregations consolidate data events into 5-minute summaries that surface trends such as access frequency, error rates, and top actions while preserving access to detailed events when required. You can enable aggregation via the console or CLI and choose from pre-built templates for API activity, resource access, and user activity. Aggregations are billed based on the number of data events analyzed and are available in all commercial Regions.

Enhanced Cost Management in Amazon Q Developer Chat

💡 Amazon Q Developer now includes enhanced cost management features that let users analyze costs across broader Cloud Financial Management domains with advanced analytics. Users can ask open-ended questions about historical and forecasted costs, optimization recommendations, commitment utilization, anomalies, budgets, free tier usage, and product attributes. Q explores data, forms hypotheses, performs calculations, and shows the API calls and console links used for transparency.

AWS IAM Temporary Delegation for Partner Product Integration

🔐 AWS Identity and Access Management (IAM) introduces temporary delegation, enabling time-limited, delegated access to Amazon and AWS Partner products for tasks like initial deployments, ad-hoc maintenance, and feature upgrades. The capability eliminates the need for persistent IAM roles, improves auditability, and reduces setup and operational burden. It is available in all AWS commercial Regions and is being adopted by partners such as Archera, Aviatrix, Databricks, HashiCorp, Qumulo, Rapid7 and others.

AWS Elemental MediaConnect Router Now Generally Available

📺 AWS has announced the general availability of Elemental MediaConnect Router, a managed capability that dynamically routes live video between sources and destinations across the AWS network. The service reduces transport latency and improves packet delivery reliability compared with standard transport methods, and supports routing across regions as well as between private and public endpoints. It is accessible via the MediaConnect console, API, or AWS CDK, works alongside existing MediaConnect flows, and integrates with the broader AWS Elemental media services to simplify live-video operations and reduce unused capacity and reconfiguration overhead.

AWS API Gateway Portals: Managed Developer Portals

🔧 Amazon API Gateway now offers Portals, a fully managed, AWS-native developer portal for discovering, documenting, governing, and monetizing REST APIs across accounts. Portals automatically discover existing APIs, generate documentation with a "Try It" experience, and support custom content, branding, access controls, and analytics via CloudWatch RUM. This reduces onboarding time and keeps API configurations within AWS boundaries to reduce third-party security risks.

AWS launches EC2 M7i instances in Europe (Zurich) region

🚀 Amazon Web Services has launched Amazon EC2 M7i instances in the Europe (Zurich) region, powered by custom 4th Gen Intel Xeon Scalable processors (Sapphire Rapids) available only on AWS. M7i delivers up to 15% better performance over comparable x86-based Intel processors and up to 15% improved price-performance versus M6i. Instances scale to 48xlarge and include two bare-metal sizes with built-in Intel accelerators that offload data operations and optimize CPU-bound workloads.

AWS enables console sign-in credentials for CLI and SDK

🔐 AWS now permits developers to use their existing AWS Management Console sign-in credentials for programmatic access via the AWS CLI, AWS Tools for PowerShell, and AWS SDKs after a brief browser-based authentication flow. The aws login command in AWS CLI v2.32.0 and later obtains automatically rotated, short-lived credentials to reduce reliance on long-term access keys. This capability is available in all commercial AWS regions and aims to streamline local development setup while improving security posture.