All news in category "Vendor and Hyperscaler Watch"

AWS IAM Adds Outbound Identity Federation with JWTs

🔐 AWS Identity and Access Management (IAM) now supports outbound identity federation, enabling customers to exchange AWS credentials for short‑lived, cryptographically signed JSON Web Tokens (JWTs) to authenticate workloads with third‑party clouds, SaaS providers, and self‑hosted applications. Tokens include workload context so external services can enforce fine‑grained access control. Administrators can restrict who can generate tokens and configure token properties such as lifetime, audience, and signing algorithm via IAM policies, and audit issuance and usage through CloudTrail. The capability is available in all AWS commercial Regions, AWS GovCloud (US) Regions, and China Regions.

AWS Channel Partner Billing Transfer for Reselling Services

🧾 AWS Channel Partners in the Solution Provider and Distribution programs can now resell AWS services using Billing Transfer. This capability allows partners to assume financial responsibility for customer AWS Organizations while customers retain full control of their management accounts. Partners centrally manage billing and payments, receive eligible program benefits on partner-delivered bills, and can use new Partner Central APIs for channel reporting and incentive qualification.

AWS Get Invoice PDF API Generally Available in US East

📄 AWS has made the Get Invoice PDF API generally available, enabling customers to programmatically download invoice PDF artifacts via SDK or API calls. Callers submit an AWS Invoice ID and receive pre-signed Amazon S3 URLs for immediate download of invoice and supplemental PDF documents. For bulk retrieval, customers can call List Invoice Summaries to obtain Invoice IDs for a billing period and then invoke Get Invoice PDF for each artifact. The API is deployed in US East (N. Virginia) and is accessible to customers in commercial regions except China.

BigLake Metastore Adds Iceberg REST Catalog Support

🔔 Google Cloud announced general availability of BigLake metastore support for the Iceberg REST Catalog, offering a serverless, standards-based runtime metastore that enables interoperability across Iceberg-compatible engines (Spark, Trino) and BigQuery. The service provides credential vending, integrated governance via Dataplex Universal Catalog for lineage and data quality, and a UX console for creating and managing Iceberg catalogs. By removing the need to run custom metastore deployments, BigLake metastore aims to reduce operational overhead while preserving enterprise scale and security.

Amazon Inspector: Org-wide Management via AWS Organizations

🔒 Amazon Inspector can now be enabled, configured, and managed centrally across your AWS Organization using a new Inspector policy type in AWS Organizations. Administrators designate a delegated admin, enable the Inspector policies policy type, and create policies that specify scan types (Amazon EC2, ECR, Lambda standard, Code Scanning, Code Security) and Regions. Once attached to a root, OU, or account, the policy automatically enables Inspector for all covered accounts — including new accounts that join or move into covered OUs — ensuring consistent vulnerability scanning coverage and reducing operational overhead.

AWS NAT Gateway Adds Regional Availability Mode Across AZs

📢 Amazon Web Services (AWS) has introduced a regional availability mode for NAT Gateways, enabling a single NAT Gateway to automatically expand and contract across Availability Zones within your VPC. A regional NAT Gateway does not require a public subnet and removes the need to create or delete AZ-specific NATs or edit route tables when workloads shift. The feature supports Amazon-provided IPs and bring your own IP (BYOIP) and is available in all commercial AWS Regions except AWS GovCloud (US) and the China Regions.

Phil Venables on CISO 2.0 and Building CISO Factories

🔒 In this Cloud CISO Perspectives installment, Phil Venables explains how AI is reshaping the chief information security officer role and urges a shift from reactive “fire station” operations to a self-sustaining “flywheel.” He defines CISO 2.0 as business-first, technically empathetic, and focused on long-term strategic outcomes, and introduces CISO Factories—organizations that reliably develop great security leaders. Venables emphasizes clear strategy, stronger board engagement, and using procurement influence to drive safer supplier behavior.

Fortinet Adds AI-Driven Managed IPS Rules for AWS Cloud

🔒 Fortinet is an official launch partner for third-party rules on AWS Network Firewall, introducing Fortinet Managed IPS Rules powered by FortiGuard AI-Powered Security Services. The managed service uses AI/ML from FortiGuard Labs to automatically translate global threat telemetry into continuously updated IPS rules, removing manual tuning and improving detection timeliness. Deployment is fast via AWS Marketplace and integrates natively with AWS Network Firewall, helping teams scale protection across cloud workloads while supporting compliance objectives.

AWS launches RISP Group Sharing for org-level cost control

💼 AWS announced general availability of Reserved Instances and Savings Plans (RISP) Group Sharing, a Billing and Cost Management feature that gives organizations granular control over how commitments are distributed across accounts and business units. Administrators create groups using AWS Cost Categories and choose Prioritized or Restricted sharing to align savings or enforce isolation. The feature is available in all Regions except AWS GovCloud (US) and China and can be enabled from Billing preferences.

AWS Secrets Manager: Managed External Secrets Launch

🔐 AWS Secrets Manager introduces managed external secrets, a default-enabled feature that automates rotation for third-party SaaS credentials using provider-supported rotation strategies. The service removes the need to build and maintain rotation Lambda functions by enforcing a vendor-prescribed secret format and offering multiple rotation approaches. An onboarding guide enables any SaaS provider to join as a partner and publish prescriptive rotation guidance. At launch, the feature lists Salesforce, BigID, and Snowflake, and is available in all Regions where Secrets Manager operates.

Amazon EKS Adds Enhanced Container Network Observability

🔍 Amazon EKS now delivers enhanced container network observability with granular, network-related metrics and integrated console visualizations to help teams monitor and troubleshoot Kubernetes networking on AWS. Powered by Amazon CloudWatch Network Flow Monitor, the capabilities reveal cross-AZ flows, top-talkers, retransmissions, and retransmission timeouts for faster root cause analysis. Teams can ingest metrics into their preferred observability stacks and use the console views to eliminate blind spots during incidents. These features are available in all commercial Regions where CloudWatch Network Flow Monitor is offered.

AWS Introduces E-Invoice Delivery for Ariba, Coupa

📥 AWS announced general availability of its new E-Invoice delivery capability that lets customers connect their SAP Ariba and Coupa procurement portals to AWS to retrieve purchase orders and deliver PO-matched invoices back on the same day. Customers can onboard via the AWS Billing and Cost Management console and track invoice delivery status in both systems. The feature is available in all AWS Regions except GovCloud (US) and the China regions. This streamlines invoice processing and reduces manual reconciliation.

Amazon Bedrock Guardrails Expand Code-Related Protections

🔒 Amazon Web Services expanded Amazon Bedrock Guardrails to cover code-related use cases, enabling detection and prevention of harmful content embedded in code. The update applies content filters, denied topics, and sensitive information filters to code elements such as comments, variable and function names, and string literals. The enhancements also include prompt leakage detection in the standard tier and are available in all supported AWS Regions via the console and APIs.

AWS Cost Optimization Hub Adds Cost Efficiency Metric

📈 AWS has introduced a Cost Efficiency metric in the AWS Cost Optimization Hub to help organizations measure the percentage of cloud spend that can be optimized. The metric divides aggregated estimated monthly savings from rightsizing, idle, and commitment recommendations by optimizable spend and refreshes daily. It surfaces trend data so teams can benchmark performance, set cost-savings goals, and observe improvements or regressions as resources are changed. Cost Efficiency is available in all Regions where the hub is supported and setup guidance is provided in the user guide and accompanying blog.

AWS Network Firewall Adds Managed Rules from AWS Partners

🔒 AWS Network Firewall now supports managed rule groups from AWS Partners, enabling customers to deploy partner-maintained, automatically updated security rules directly into firewall policies. You can subscribe and deploy these pre-configured rule groups via the AWS Network Firewall console or through AWS Marketplace, with consolidated billing and potential long-term pricing benefits. Available sellers include Check Point, Fortinet, Infoblox, Lumen, Rapid7, ThreatSTOP, and Trend Micro in all AWS commercial regions where the services are offered.

AWS CloudFormation Language Server Brings IDE Intelligence

🛠️ The new AWS CloudFormation Language Server brings context-aware authoring, validation, and drift-aware deployment views into supported IDEs through the AWS Toolkit. It provides auto-complete, schema validation, policy checks via CloudFormation Guard, and deployment validation directly within the editor. The Language Server flags invalid resource properties, missing IAM permission requirements, and configuration drift so developers can detect syntax, permission, and configuration issues before deployment and move safely from design to production.

AWS Site-to-Site VPN: New VPN Concentrator for Multi-site

🔒 AWS Site-to-Site VPN introduces VPN Concentrator, a managed feature that simplifies multi-site connectivity for distributed enterprises. It enables customers to aggregate up to 100 low-bandwidth remote sites (recommended for deployments of 25+ sites, each under 100 Mbps) behind a single attachment to AWS Transit Gateway. The concentrator reduces operational overhead, improves bandwidth utilization, and lowers per-site VPN costs.

Amazon DynamoDB Adds Multi-Attribute Composite Keys to GSIs

🆕 Amazon DynamoDB now supports composite primary keys composed of up to eight attributes in global secondary indexes. Partition and sort keys can each include up to four attributes, removing the need to create synthetic concatenated keys and perform backfills. Multi-attribute keys improve data distribution and uniqueness while enabling left-to-right filtering on sort key attributes. The capability is available at no extra cost across all AWS Regions and can be created via the Console, CLI, SDKs, or API.

Amazon ECS Managed Instances: Configurable Scale-In Delay

🚀 Amazon ECS Managed Instances now lets you configure a scale-in delay so you can better align instance terminations with workload patterns and business requirements. You can set the scaleInAfter parameter to any value up to 60 minutes, or set it to -1 to disable automatic infrastructure optimization and allow instances to remain until they are patched after 14 days. Configure scaleInAfter when creating or updating an ECS Managed Instances capacity provider via the ECS API, console, SDKs, CDK, or CloudFormation. This capability is available in all commercial AWS Regions and helps teams balance cost optimization against availability.

AWS PrivateLink Adds Cross-Region Connectivity for Services

🔒 AWS now enables native cross-region connectivity for AWS PrivateLink, allowing Interface VPC endpoints to reach supported AWS services hosted in other Regions within the same partition. Service consumers can access S3, Route 53, ECR and more via private IPs in their VPCs without cross-region peering or traversing the public internet. This simplifies global private networking and supports data residency and security requirements.