All news in category "Vendor and Hyperscaler Watch"

Cloudflare Outage Highlights Risks of Single-Vendor Reliance

🔍 An intermittent outage at Cloudflare on Nov. 18 briefly disrupted many major websites and forced some customers to pivot DNS and routing to preserve availability. Those provisional workarounds may have exposed origin infrastructure by bypassing edge protections such as WAFs and bot management. Security teams should review OWASP-related logs, emergency DNS changes, and any ad hoc services or devices introduced during the outage. The incident underscores single-vendor risk and the need for formal fallback plans.

AWS Network Load Balancer Adds Weighted Target Groups

🚀 AWS Network Load Balancer now supports weighted target groups, letting you distribute traffic across multiple target groups with configurable weights from 0 to 999. This enables progressive deployment strategies such as Blue-Green and Canary deployments, application migration, and A/B testing while supporting instance, IP address, and ALB targets. The capability is available across AWS commercial and GovCloud regions at no additional charge; standard NLB Capacity Unit (LCU) pricing applies.

AWS Data Exports Adopt FOCUS 1.2 Schema for Cost Management

🔔 AWS announced general availability of AWS Data Exports supporting the FOCUS 1.2 schema, enabling customers to export standardized cost and usage data to Amazon S3. The release preserves the four-cost-column structure (ListCost, ContractedCost, BilledCost, EffectiveCost) from FOCUS 1.0 while adding fields for broader enterprise use cases. Key capabilities include invoice reconciliation, capacity reservation tracking to find unused reservations, and virtual currency support for multi-cloud and SaaS cost scenarios. The export is available in US East (N. Virginia) and covers all AWS Regions except AWS GovCloud (US) and AWS China Regions.

AWS enables console sign-in credentials for CLI and SDK

🔐 AWS now permits developers to use their existing AWS Management Console sign-in credentials for programmatic access via the AWS CLI, AWS Tools for PowerShell, and AWS SDKs after a brief browser-based authentication flow. The aws login command in AWS CLI v2.32.0 and later obtains automatically rotated, short-lived credentials to reduce reliance on long-term access keys. This capability is available in all commercial AWS regions and aims to streamline local development setup while improving security posture.

Amazon OpenSearch Service Adds Cluster Insights Dashboard

🔍 Amazon OpenSearch Service now includes Cluster Insights, a unified monitoring dashboard that consolidates logs and metrics to give operators comprehensive operational visibility across nodes, indices, and shards. The feature automates correlation of critical data, highlights performance metrics and top‑N query analysis, and surfaces targeted remediation steps to speed troubleshooting. Built into the OpenSearch UI, Cluster Insights retains monitoring resilience during cluster unavailability and provides account‑level summaries for managing multiple deployments. It is available at no additional cost for OpenSearch 2.17 or later in regions where the OpenSearch UI is offered.

Amazon MSK Console and Public APIs for Kafka Topics

🔍 Amazon Managed Streaming for Apache Kafka (Amazon MSK) now exposes topic listings and detailed topic views directly in the MSK console and via three new public APIs. You can browse and search topics within a cluster, quickly review replication settings and partition counts, and drill into per-topic configuration and partition-level metrics without installing Kafka admin clients. The new ListTopics, DescribeTopic, and DescribeTopicPartitions APIs are available through the AWS CLI and SDKs; these features require MSK Provisioned clusters running Kafka 3.6+ and appropriate IAM permissions.

Amazon FSx Adds File Server Resource Manager Support

🗂️ Amazon FSx for Windows File Server now supports File Server Resource Manager (FSRM), enabling file classification, file screening, folder-level quotas, and storage reporting for managed Windows file systems. FSRM events can be published to Amazon CloudWatch Logs or streamed to Amazon Kinesis Data Firehose and used to trigger AWS Lambda for automated responses and workflows. The capability is available today at no additional cost for new file systems across all Regions where FSx is offered; existing file systems will gain support during a scheduled maintenance window.

AWS IAM Adds aws:SourceVpcArn for Region Controls Support

🔒 AWS Identity and Access Management (IAM) introduces the global condition key aws:SourceVpcArn, which returns the ARN of the VPC where a VPC endpoint is attached. Administrators can apply this key in IAM policies to enforce region-based controls for resources accessed via AWS PrivateLink, restricting access to VPC endpoints in specified regions. The new condition key helps meet data residency and compliance requirements and is available in all commercial AWS Regions.

Amazon CloudWatch RUM Adds Mobile Support for iOS, Android

📱 Amazon CloudWatch RUM now supports iOS and Android apps, extending real user monitoring beyond web applications. Using the OpenTelemetry (OTEL) standard, it captures mobile spans such as application startup time, screen load time, and backend network calls, and records events including crashes and ANRs/AppHangs. Developers and SREs can perform impact analysis for errors or crashes, drill into correlated telemetry, and filter by location, device type, OS, and app version. Mobile telemetry integrates with application metrics, traces, logs, web RUM, and synthetic monitoring in CloudWatch Application Signals, and is available in all AWS Commercial Regions where web monitoring is provided.

Amazon Bedrock Adds Support for OpenAI GPT OSS Models

🚀 Amazon Bedrock now supports importing custom weights for gpt-oss-120b and gpt-oss-20b, allowing customers to bring tuned OpenAI GPT OSS models into a fully managed, serverless environment. This capability eliminates the need to manage infrastructure or model serving while enabling deployment of text-to-text models for reasoning, agentic, and developer tasks. gpt-oss-120b is optimized for production and high-reasoning use cases; gpt-oss-20b targets lower-latency or specialized scenarios. The feature is generally available in US‑East (N. Virginia).

Amazon Connect: Instance-to-Instance Calls via AWS Backbone

📞 Amazon Connect now routes calls between instances in the same AWS account over the AWS global backbone, avoiding the Public Switched Telephony Network when both numbers are provisioned or ported into Amazon Connect. Calls between instances, whether within a region or across regions, gain improved audio quality, simplified billing, and preserved call context for transfers. This capability is available in all commercial regions where Amazon Connect is offered except Africa (Cape Town).

Amazon S3 Adds Post-Quantum TLS Key Exchange Support

🔐 Amazon S3 now supports post-quantum TLS key exchange on regional S3, S3 Tables, and S3 Express One Zone endpoints using the NIST-standardized Module Lattice-Based Key Encapsulation Mechanism (ML-KEM). PQ-TLS key exchange is available at no additional cost across all AWS regions and will be negotiated automatically when clients are configured for ML-KEM. Combined with server-side AES-256 encryption by default, S3 offers quantum-resistant protection for data both in transit and at rest.

AWS launches Billing Transfer for multi-organization billing

🔁 AWS introduces Billing Transfer, enabling a single management account to centrally collect invoices, process payments, and run detailed cost analysis across multiple AWS Organizations while preserving each management account’s security autonomy. The feature integrates with AWS Billing Conductor to protect proprietary pricing and support advanced cost allocation strategies. AWS offers a free trial through May 31, 2026; starting June 1, 2026 organizations using a Customer managed pricing plan will incur a $50 per-organization fee. Billing Transfer is available in all public AWS Regions except GovCloud and China (Beijing, Ningxia).

Amazon API Gateway Adds Enhanced TLS Security Policies

🔐 Amazon API Gateway now supports enhanced TLS security policies for REST APIs and custom domain names, giving customers more granular control over encryption, cipher selection, and endpoint access. Policy options include TLS 1.3-only, Perfect Forward Secrecy, FIPS-compliant cipher suites, and Post Quantum Cryptography choices. The update, available in many AWS commercial Regions, aims to simplify compliance with stricter regulations and strengthen cryptographic posture.

Amazon GuardDuty Malware Protection for AWS Backup

🔒 Amazon announced GuardDuty Malware Protection for AWS Backup, extending malware detection to backups of Amazon EC2 instances, Amazon EBS volumes, and Amazon S3 objects. The capability automatically scans new backups, supports on-demand scans of existing backups, and can identify the last known clean backup to reduce recovery impact. It offers incremental scanning to analyze only changed data between backups, lowering costs versus full rescans, and can be enabled even if GuardDuty foundational data sources are not active. The feature is available in supported Regions and accessible via the AWS Backup console, API, or CLI.

AWS API Gateway Portals: Managed Developer Portals

🔧 Amazon API Gateway now offers Portals, a fully managed, AWS-native developer portal for discovering, documenting, governing, and monetizing REST APIs across accounts. Portals automatically discover existing APIs, generate documentation with a "Try It" experience, and support custom content, branding, access controls, and analytics via CloudWatch RUM. This reduces onboarding time and keeps API configurations within AWS boundaries to reduce third-party security risks.

AWS CloudTrail Data Event Aggregation for Monitoring

🔍 AWS announced aggregated CloudTrail data events to help teams monitor high-volume API activity without processing every individual event. Aggregations consolidate data events into 5-minute summaries that surface trends such as access frequency, error rates, and top actions while preserving access to detailed events when required. You can enable aggregation via the console or CLI and choose from pre-built templates for API activity, resource access, and user activity. Aggregations are billed based on the number of data events analyzed and are available in all commercial Regions.

Amazon SageMaker Catalog Enforces Glossary Metadata

📌 Amazon SageMaker Catalog now enforces glossary-term metadata during asset publishing. Administrators can require data producers to tag assets with approved business vocabulary from organizational glossaries, and enforcement rules will block publication if required terms are missing. This standardizes metadata, aligns technical schemas with business language, and improves discoverability and governance. Available in all regions where Amazon SageMaker Catalog operates; policies can be managed via the console, CLI, or SDKs.

AWS Cost Explorer: 18-Month Forecasts and Explainable AI

📈 AWS Cost Explorer now extends forecasting to 18 months and uses upgraded machine learning that can analyze up to 36 months of historical data (previously 6 months) to surface seasonal patterns and long-term growth trends. Two of these improvements are generally available, while AI-powered, explainable forecasts are offered in public preview in the console. The 18-month horizon is also exposed via the GetCostForecast API, enabling finance and engineering teams to improve annual budgeting, surface optimization opportunities, and present forecasts with greater stakeholder confidence.

AWS Lambda Introduces Tenant Isolation Mode for Multi-Tenant

🔒 AWS announced a new tenant isolation mode for AWS Lambda, enabling customers to isolate request processing per tenant or end-user invoking the same function. By providing a unique tenant identifier on invocation, Lambda routes requests to execution environments dedicated to that tenant and ensures those environments are never used for other tenants. This simplifies building multi-tenant SaaS workloads and reduces the need for custom per-tenant function routing.