All news with #aws tag

🔍 AWS Transform now includes enhanced migration assessment capabilities that support what-if scenarios, customizable assumptions, flexible file formats, and expanded TCO assessment features. These updates enable rapid building of migration business cases and faster decision-making. The tool accepts inputs from RVTools, CMDBs, AWS discovery exports, and many third-party discovery tools. New analysis options cover EC2, FSx, S3, SQL Server on EC2, virtual desktops, and additional Cloud Value Framework pillars.

🔐 AWS Security Agent now generates verification scripts for penetration test findings to help teams reproduce and validate discovered vulnerabilities. The tool creates ready-to-run scripts for each confirmed finding that include setup instructions, documented environment variables, and redacted sensitive values. Teams download the script, configure variables, and execute it against targets to streamline triage and speed remediation. Verification scripts are available in all Regions where AWS Security Agent is supported.

🔄 Amazon WorkSpaces now supports WorkSpace Migration for all Linux operating systems offered by the service, enabling seamless migration between Linux OS versions and distributions. The feature automatically transfers user data from a Linux WorkSpace’s home directory to the new WorkSpace, removing the need for manual data copying. Supported in AWS commercial and AWS GovCloud (US) Regions where WorkSpaces Personal is available, the capability helps streamline OS upgrades and migrations without disrupting end users.

🚀 Amazon Keyspaces (for Apache Cassandra) is now available in the Asia Pacific (Malaysia) and Asia Pacific (Thailand) Regions, enabling customers to build Cassandra-compatible applications with lower latency and keep data within the Region to meet residency requirements. The managed, serverless service offers virtually unlimited throughput and storage while customers pay only for used resources. These Regions provide the same features as other AWS Regions, including point-in-time recovery, Multi-Region replication, CDC streams, and IPv6 support, reducing operational overhead of running Cassandra clusters.

🔒 AWS Clean Rooms now supports mutable, fine-grained payment configurations that let collaboration members flexibly assign payment responsibilities. Customers can designate which partners are authorized to pay for specific cost types—such as SQL queries, PySpark jobs, ML training and inference, and synthetic data generation—after a collaboration is created. Authorized payers can be added or removed via change requests that require member approval; SQL and PySpark analyses may have multiple payers and one can be chosen at submission.

🔍 Amazon CloudWatch Logs Insights query language gains 13 new commands and functions to enhance log querying, transformation, and analysis. New features include string and numeric functions like round, startswith, endswith, case, regex_replace, and haversine, encoding/decoding functions such as urlencode, urldecode, base64encode, base64decode, and parse/analysis commands like parse logfmt, expand, and relevantfields. These additions enable prefix filtering, inline Base64 decoding, logfmt parsing, JSON array expansion, geographic distance calculation, and automatic surfacing of relevant fields across high-cardinality groups.

🔒 AWS has completed the S&P Global Know Your Third Party (KY3P) assessment to validate its security posture and help customers reduce supplier due diligence. The KY3P assessment is evidence-based and evaluates operation of controls across privacy, network, access, and physical security domains. Results can be mapped to frameworks such as NIST CSF v2, PCI DSS 4.0, and ISO 27001:2022 to provide customers with standardized risk data and improved visibility into supply chain risks.

🔧 Amazon SageMaker Unified Studio now automatically creates Glue connections across subnets to enable job retries when a primary subnet becomes unavailable. Administrators define a domain VPC with multiple private subnets and the system provisions connectors for new projects so retries can run on alternate subnets without manual intervention. This reduces unplanned data-pipeline downtime and helps meet SLAs across AWS Regions where SageMaker Unified Studio is available.

🧩 Amazon SageMaker Inference now supports OpenAI-compatible APIs, enabling existing tools and frameworks like the OpenAI SDK, LangChain, and Strands Agents to connect directly to SageMaker endpoints. Switching requires only changing an endpoint URL, with no custom integration code or SDK wrappers. You can continue using your current authentication approach while choosing GPU instances, keeping data in your VPC, running open source or fine-tuned models, and leveraging auto-scaling policies. This capability is available today across multiple AWS regions with AWS credentials and automatic token refresh for production use.

🔒 AWS Managed Microsoft AD now supports CRUD operations on users and groups through the Directory Service Data APIs, accessible via the AWS CLI, APIs, and Management Console. This enables automation of identity lifecycle management and tighter security controls by integrating with services like Amazon GuardDuty, AWS Step Functions, and Amazon EventBridge. The blog demonstrates a practical workflow that detects unusual AD user behavior and triggers automated remediation such as disabling accounts and notifying stakeholders.

🛈 Amazon Bedrock now supports request-level usage attribution on the InvokeModel and InvokeModelWithResponseStream APIs, enabling customers to tag individual model inference calls with attributes such as team, project, and environment. This capability extends existing attribution options like application inference profiles, IAM principal attribution, project-level tracking on bedrock-mantle, and workspace tracking for Anthropic Claude models. Customers can enable model invocation logging in their AWS Region and include metadata in requests to analyze usage in Bedrock model invocation logs. The feature is available in all AWS commercial Regions where Amazon Bedrock is offered.

🔒 Amazon explains how AgentCore Gateway enforces a centralized authorization layer between autonomous agents and external tools, treating the LLM as an untrusted actor. Policies are expressed in the open-source Cedar language for readability, bounded execution, and mathematical analyzability, enabling deterministic enforcement and formal verification during policy authoring and attachment. A neuro-symbolic workflow translates natural-language rules into Cedar, validates them with Cedar Analysis, and enforces decisions at runtime to constrain tool invocations and filter unavailable actions.

🔐 AWS Security Hub now brings identity risk into the same unified console where central security teams manage threats, exposures, and posture findings. It detects unused IAM permissions, roles, and credentials across an AWS organization and correlates those identity findings with exposure context. When enabled, Security Hub automatically creates a service‑linked IAM Access Analyzer in each member account and evaluates 90 days of actual access activity. It also offers on‑demand recommended least‑privilege policies and is included in Security Hub Essentials at no additional cost.

🚀 Amazon DocumentDB (with MongoDB compatibility) Serverless is now available on DocumentDB 8.0. This on-demand, auto-scaling configuration automatically adjusts capacity based on application demand and can deliver up to 90% cost savings versus provisioning for peak load. DocumentDB 8.0 also offers up to 7x improved query latency, up to 5x better compression, broader MongoDB API compatibility (6.0–8.0), enhanced vector search, and other new features.

🔒 AWS Security Hub Extended adds 21 curated partner solutions across nine security categories, including SentinelOne, CyberArk, Sublime, Varonis, LayerX, Native Security, and Zenity. The plan centralizes procurement, billing, and support with pay-as-you-go pricing, a single AWS bill, automatic Enterprise Discount Program eligibility, unified Level 1 support for Enterprise customers, and no long-term commitments. Findings from participating solutions are emitted in the OCSF schema and aggregated in AWS Security Hub to accelerate cross-domain detection and response.

🛠️ Amazon SageMaker Unified Studio now integrates data quality rule authoring and evaluation powered by AWS Glue Data Quality. Data engineers, analysts, and data scientists can define rules, run evaluations, and view results for both data at rest and data in transit. The feature supports catalog table checks and Visual ETL job evaluations to detect issues before they impact analytics or ML workloads.

🔒Security Hub Extended expands AWS Security Hub to include curated partner solutions in a single, unified console. Customers can discover, evaluate, and deploy vendor products with one click and pay-as-you-go pricing on their AWS bill, avoiding lengthy procurement and multi-year commitments. Integrated onboarding, OCSF-normalized findings, and AWS-native correlation surface combined attack paths and risk scoring. The offering launched in February 2026 with an expanding partner ecosystem.

🧩 ExtendDB v0.1 implements the DynamoDB API with pluggable storage backends, enabling developers to run DynamoDB-shaped workloads outside AWS-managed service. The reference backend uses PostgreSQL, and the architecture supports community-contributed adapters. Maintained by AWS under the Apache 2.0 license, ExtendDB targets local development, CI testing, on‑premises deployments, and disconnected edge sites. The project is open on GitHub for contributions.

🔧 AWS announced that AWS Transform now includes a modernization engine and broad file-format support to streamline network migrations. The engine analyzes and optimizes constructs across naming, sizing, security, and structure while surfacing conflicts with existing VPCs in target accounts, replacing days of manual review with instant guidance. Customers can upload network configuration files in any format for translation into AWS-compatible networks, review and edit mapped VPCs or subnets, and retain control before provisioning.

🚀 AWS announces general availability of a new AWS Local Zone in Istanbul, Türkiye, bringing compute, storage, networking, and select services closer to end users. The Local Zone supports Amazon EC2 (C7i, M7i, R7i), Amazon S3 One Zone-Infrequent Access, Amazon EBS (local snapshots and gp3/gp2/io1/sc1/st1), Amazon ECS, Amazon EKS, VPC, AWS Direct Connect, and Application Load Balancer. To enable, turn on the zone (eu-central-1-ist-1a) in the EC2 console or use the ModifyAvailabilityZoneGroup API to reduce latency and meet data residency needs.