< ciso
brief />
Tag Banner

All news with #aws tag

2288 articles

AWS adds OAuth support for MCP Server access

πŸ” AWS Sign-In now supports OAuth for connecting agents to the AWS MCP Server, enabling browser-based and headless authentication that leverages existing IAM, IAM Identity Center, and federated sign-in methods. The update includes dynamic client registration, token introspection and revocation, new CloudTrail elements, global condition keys, and a headless OAuth API. Agents discover OAuth endpoints, register via DCR, and use authorization code or client credentials flows to obtain short-lived tokens. Administrators can govern OAuth access using standard IAM policies plus OAuth-specific condition keys and monitor activity via CloudTrail.
read more β†’

OAuth support for the AWS MCP Server released

πŸ” You can now connect AI agents directly to the AWS MCP Server using AWS Sign-In and industry-standard OAuth. Agents may authenticate without extra software and reuse existing AWS identities, sign-in methods, IAM permissions, and governance controls. Developers can authorize agents interactively via a browser or programmatically with headless flows, while administrators govern access with IAM policies and new OAuth features.
read more β†’

GhostApproval flaw exposes AI coding assistants' risks

πŸ›‘οΈ A Wiz report details "GhostApproval," a vulnerability pattern in six AI coding assistants that lets malicious repos use symlinks to escape sandboxes and trick human approvers into authorizing writes outside the workspace. Vendors including AWS, Cursor and Google patched quickly; others acknowledged or had already fixed the issue. Analysts warn this reflects a category-wide design problem where human-in-the-loop prompts can be misleading and enterprises must treat these tools as privileged software and enforce stronger controls.
read more β†’

Timestream for InfluxDB emits events to EventBridge

πŸ”” Amazon Timestream for InfluxDB now publishes lifecycle events to Amazon EventBridge for instance and cluster state changes, including creation, deletion, scaling, parameter updates, maintenance, and reboots. Events cover both successes and failures and are sent to the default event bus with source aws.timestream-influxdb. This enables programmatic automation, alerting, and audit/event routing to targets like AWS Lambda, Step Functions, SQS, SNS, and cross-account buses.
read more β†’

AWS Client VPN adds four more regions globally

πŸ”’ AWS Client VPN is now available in Canada West (Calgary), Mexico (Central), New Zealand, and Taipei. The fully managed service lets remote workers securely connect to AWS and on-premises resources without hardware VPN appliances. It uses a pay-as-you-go model and provides centralized management and monitoring through a single console. Customers can consult AWS product, documentation, and pricing pages for details.
read more β†’

SageMaker HyperPod adds Slurm deep health checks

πŸ” Amazon SageMaker HyperPod now supports deep health checks for Slurm clusters created with continuous provisioning, enabling proactive verification of GPU accelerator health on running instances. Continuous provisioning allows asynchronous scaling of instance groups without all-or-nothing failures, and deep health checks validate hardware as nodes come online. Results and progress are visible via the SageMaker console and APIs, and failing instances are isolated and recovered automatically.
read more β†’

Amazon MSK Replicator adds Standard broker support

πŸ” Amazon MSK Replicator now supports replication from external Apache Kafka clusters to Amazon MSK Standard brokers. This expands prior capability that targeted MSK Express brokers and enables migration, disaster recovery, and hybrid or multi-cloud data distribution. The feature supports SASL/SCRAM and mutual TLS (mTLS) for authenticating to external clusters and is available in all Regions where MSK Replicator is offered. It preserves topic names, prevents replication loops, and syncs consumer group offsets bidirectionally.
read more β†’

AWS Config adds 191 new managed rules

πŸ›‘οΈ AWS Config has expanded its set of managed rules with 191 additional checks covering services such as Amazon Bedrock, SageMaker, ECS, EKS, RDS, Redshift, S3, and CloudTrail. The new rules evaluate encryption, logging, public access, network security, data protection, and operational best practices. You can deploy rules individually or as part of a conformance pack in supported AWS Regions.
read more β†’

AWS Builder Center adds free time-limited sandboxes

🧩 AWS Builder Center now offers free, time-limited sandbox environments that builders can request directly from eligible workshops. These sandboxes remove the need for a personal AWS account, credit card, or worry about unexpected charges, allowing safe deployment of resources and experimentation in a pre-provisioned AWS account. Each sandbox grants 8 hours of access from activation, auto-cleans afterward, and most are ready within 15 minutes. Builders may request one sandbox per week (resets Sunday), and availability will expand to more workshops over time.
read more β†’

SageMaker Studio Workflows Adds 19 New Operators

πŸ”” Amazon SageMaker Unified Studio Workflows now includes 19 new operators for Amazon Bedrock, Amazon S3 Tables, S3 Vectors, AWS Glue Data Catalog, and Amazon MWAA Serverless. These operators let users add tasks via the visual workflow creator to orchestrate services without writing custom integration code. The capabilities include managing Bedrock guardrails, provisioning and deleting S3 Tables and S3 Vectors, managing Glue Data Catalog assets, and triggering MWAA Serverless runs. This feature is available in all Regions where SageMaker Unified Studio is offered.
read more β†’

Amazon Redshift RG instances on trailing track

πŸš€ Amazon Redshift now supports Graviton-based RG instances on the trailing track (P201) as of July 7, 2026. Customers can choose rg.4xlarge and rg.xlarge instance types for production workloads prioritizing stability, using the AWS Management Console, AWS CLI, or AWS SDKs. RG instances deliver up to 2.4x faster query performance than RA3 at 30% lower price per vCPU. Provision a new cluster or resize an existing cluster to migrate to RG on the trailing track.
read more β†’

Amazon Aurora DSQL CDC Now Generally Available

πŸ”” Amazon Aurora DSQL change data capture (CDC) is now generally available, enabling real-time streaming of database changes to Amazon Kinesis Data Streams for event-driven architectures and data integration workflows. Aurora DSQL CDC captures insert, update, and delete operations as change events and delivers them to Kinesis Data Streams with no infrastructure to manage. Use CDC to synchronize microservices, trigger AWS Lambda, or route changes to Amazon S3, Amazon Redshift, and Amazon OpenSearch Service via Amazon Data Firehose. CDC streaming is available in all Regions where Aurora DSQL is offered and is designed to have zero impact on database workload performance.
read more β†’

Amazon Connect adds forecasting for Tasks and Emails

πŸ“’ Amazon Connect Customer now supports forecasting, capacity planning, and scheduling for Tasks and Emails, enabling unified workforce optimization across Voice, Chat, Tasks, and Email workloads. The service accounts for each channel's unique characteristicsβ€”such as concurrent handling, varying work durations, and specific service levelsβ€”so forecasts and schedules reflect real operations. Organizations can generate unified forecasts and create schedules that allocate agents efficiently across channels, ensuring consistent service levels.
read more β†’

AI-Accelerated Cloud Attack Exploits Management Gaps

πŸ”Ž A Sygnia report details how a lone threat actor leveraged AI to complete in 72 hours what would normally take weeks, using established cloud attack techniques rather than novel exploits. The attacker obtained an AWS access key via an internet-facing app and used agentic AI workflows to search for secrets, establish persistence, exfiltrate RDS data, and perform impact actions. The report highlights gaps in secrets management, identity governance, deployment workflows and visibility, and provides containment recommendations for defenders.
read more β†’

Amazon GameLift Streams adds secure admin shell

πŸ”’ Amazon GameLift Streams introduces Stream Session Admin Shell, a secure terminal connection for live stream sessions that enables real-time troubleshooting. You can inspect logs, query processes, check GPU utilization, and examine application state without managing SSH keys, open ports, or infrastructure credentials. The feature uses the CreateStreamSessionAdminShell API and the SSM Session Manager plugin, supports Linux, Proton, and Windows Server 2022 runtimes, and automatically closes when the session ends. It is available at no additional cost in all supported AWS Regions.
read more β†’

Amazon S3 Vectors Now Available in GovCloud

πŸ”” Amazon S3 Vectors is now available in AWS GovCloud (US-East) and AWS GovCloud (US-West). The service offers purpose-built vector storage for AI agents, inference, Retrieval Augmented Generation (RAG), and semantic search at billion-vector scale. S3 Vectors provides the elasticity, durability, and availability of Amazon S3 with dedicated APIs to store, access, and query vectors without provisioning infrastructure. Check AWS Regions and endpoints for the full availability list.
read more β†’

AWS cuts ECS Managed Instances GPU management fees

πŸ”” Amazon Elastic Container Service (Amazon ECS) Managed Instances now charges lower management fees for GPU and accelerated instance types. Effective July 1, 2026, G-series fees are reduced by 35% and P-series and AWS Trainium fees by 60%, applied automatically with no customer action required. ECS Managed Instances continues to provision, configure, and operate optimal EC2 instances while offering GPU-specific metrics in Amazon CloudWatch Container Insights and automatic GPU health monitoring.
read more β†’

Amazon EMR Serverless adds larger worker sizes

πŸš€ Amazon EMR Serverless now supports larger worker configurations of up to 32 vCPUs and 244 GB of memory, enabling more compute- and memory-intensive workloads. Previously, the largest worker offered was 16 vCPUs with up to 120 GB of memory. Larger workers improve runtime performance and cost profiles by reducing inefficient shuffle transfers, lowering out-of-memory risks for skewed jobs, and allowing more data to be cached in memory. These workers are available in all AWS Regions where EMR Serverless is offered.
read more β†’

Amazon Redshift RG instances arrive in AWS GovCloud

πŸš€ Amazon Redshift RG instances, powered by AWS Graviton processors, are now available in AWS GovCloud (US-West) and (US-East). RG instances deliver up to 2.4x better performance than prior RA3 instances and offer ~30% lower price per vCPU while running Redshift’s vectorized data lake query engine for Apache Iceberg and Parquet. Available sizes are rg.xlarge and rg.4xlarge, and RA3 clusters can upgrade via Snapshot & Restore, Elastic Resize, or Classic Resize. Flexible pricing includes On-Demand and 1-/3-year Reserved Instances with multiple payment options.
read more β†’

Amazon RDS adds support for Oracle Database 26ai

πŸš€ Amazon RDS for Oracle now supports Oracle Database 26ai, Oracle's Long Term Support release, with integration to Amazon Bedrock providing access to foundation models such as Anthropic Claude, Amazon Nova, and Meta Llama. Oracle Database 26ai enables Select AI for generating and running SQL from natural language prompts and supports in-database RAG via Oracle AI Vector Search, avoiding the need for a separate vector store. The release also offers JSON Relational Duality Views and SQL Property Graphs and is available in Enterprise Edition across commercial and GovCloud regions.
read more β†’