All news with #aws tag

AWS Landing Zone Accelerator: Universal Configuration

🔒 AWS has released the Landing Zone Accelerator on AWS sample security baseline called the Universal Configuration, designed to deploy a secure, multi-account environment rapidly. It encodes AWS Well‑Architected security best practices and automates hundreds of controls to accelerate compliance for regulated workloads. The release is paired with the LZA Compliance Workbook on AWS Artifact, which maps technical controls to frameworks such as NIST, ISO, HIPAA, and CMMC.

Amazon Connect Adds Persistent Agent Connection Feature

📞 Amazon Connect now supports a persistent agent connection that keeps an open channel between agents and the service after a call ends. Administrators can enable the feature per agent profile to reduce customer connect time and help meet telemarketing compliance such as the U.S. Telephone Consumer Protection Act (TCPA) for outbound campaigns. The capability is available in all Amazon Connect regions and carries no additional charge beyond standard Amazon Connect usage and telephony fees.

Transfer Data Across AWS Partitions with Roles Anywhere

🔐 AWS outlines replacing cross-partition IAM user keys with IAM Roles Anywhere to securely transfer data between AWS partitions. The post explains partition isolation (Commercial, GovCloud, China), why long-lived access keys are discouraged, and how IAM Roles Anywhere uses X.509 certificates and temporary credentials. It also covers using an external CA or AWS Private CA to issue and manage certificates for workloads.

AWS Tag Policies: Validate and Enforce Required Tags

🔒 AWS Organizations Tag Policies introduces Reporting for Required Tags, a validation check that ensures IaC deployments include mandatory tags. You define a tag policy specifying required keys and enable validation for CloudFormation, Terraform, or Pulumi workflows. Validation is implemented by activating the AWS::TagPolicies::TaggingComplianceValidator Hook in CloudFormation, adding plan-time checks in Terraform, or enabling the aws-organizations-tag-policies policy pack in Pulumi. The feature is available via the AWS Management Console, AWS CLI, and AWS SDK in supported Regions.

AWS DMS Schema Conversion Adds SAP ASE to PostgreSQL

🤖 AWS Database Migration Service (DMS) Schema Conversion now supports conversions from SAP Adaptive Server Enterprise (ASE) to both Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL. The integrated generative AI capability helps automatically translate complex database code such as stored procedures, functions, triggers, cursors, and other ASE-specific constructs that traditionally require manual conversion. Schema Conversion also provides detailed assessment reports to help migration teams plan, estimate effort, and reduce risk when executing migrations to PostgreSQL-compatible managed databases on AWS.

Amazon OpenSearch Serverless Adds PrivateLink for Management

🔒 Amazon OpenSearch Serverless now supports AWS PrivateLink for management console access, enabling private connectivity between your VPC and OpenSearch Serverless without traversing the public internet. This allows administrators to create, manage, and configure serverless resources via a private interface endpoint, reducing reliance on public IPs and firewall-only controls. Data ingestion and query operations continue to require OpenSearch Serverless VPC endpoint configuration. PrivateLink is available in regions where the service is offered and will incur additional VPC endpoint charges.

AWS Recycle Bin Extends Support to EBS Volumes Now

♻️ Recycle Bin for Amazon EBS now supports EBS Volumes, allowing you to recover accidentally deleted volumes directly rather than restoring from snapshots. You can create retention rules to protect all volumes or target specific volumes with tags; recovered volumes retain tags, permissions, and encryption and are immediately available at full performance. Volumes in Recycle Bin are billed at standard EBS Volume rates and the capability is available via CLI, SDKs, and the AWS Console across commercial, China, and AWS GovCloud (US) Regions.

Amazon RDS Adds Multi-AZ for SQL Server Web Edition

🔔 Amazon RDS for SQL Server Web Edition now supports Multi‑AZ deployments, providing web‑focused workloads with built‑in high availability and automated failover to a standby replica in a separate Availability Zone. Customers enable the feature by selecting the Multi‑AZ option when configuring their RDS instance; RDS synchronously replicates data and handles failover automatically. This removes the need to move to more expensive SQL Server editions for HA—check pricing and regional availability in the RDS documentation.

Updating CRLs Privately with AWS Private CA and VPC Delivery

🔒 This AWS Security post explains two approaches to make certificate revocation lists (CRLs) available only to internal systems without exposing the S3 CRL bucket to the public internet. The first approach relocates CRLs by using a custom CDP CNAME and an EventBridge‑triggered Lambda that copies generated CRLs from the ACM Private CA S3 bucket to an internal store, with SNS notifications and example Python code. The second approach confines CRL retrieval inside AWS by using a VPC Gateway S3 endpoint, tightly scoped S3 bucket policies, and private Route 53 DNS so CRLs are resolvable and retrievable only from within the VPC.

AWS Cloud WAN Routing Policy for Traffic Control, Flexibility

🌐 AWS has announced the general availability of AWS Cloud WAN Routing Policy, delivering fine-grained controls to optimize route management and traffic behavior across global wide-area networks. The feature supports route filtering, summarization, and advanced BGP attribute configuration to limit unnecessary route propagation, prevent asymmetric or sub‑optimal paths, and contain reachability blast radius. It also exposes enhanced routing database visibility for faster troubleshooting in complex multi‑path hybrid environments. Routing Policy is available in all Regions where Cloud WAN is offered and can be enabled via the Management Console, CLI, or SDK at no additional charge.

Kinesis Data Streams: 50 Enhanced Fan-Out Consumers

🚀 Amazon Kinesis Data Streams now supports up to 50 enhanced fan-out consumers for accounts using On-demand Advantage. The higher consumer limit enables many independent, low-latency, high-throughput applications—such as parallel analytics, machine learning pipelines, and compliance workflows—to attach to the same stream without creating extra streams or causing throughput contention. On-demand Advantage is an account-level setting that changes pricing and capabilities, offering data ingest at $0.032/GB and data retrieval and enhanced fan-out retrieval at $0.016/GB, making high fan-out workloads more cost effective. Existing RegisterStreamConsumer API calls continue to register enhanced fan-out consumers up to the 50-consumer limit.

AWS Offers Microsoft SQL Server 2025 License-Included AMIs

🚀 Amazon EC2 now provides License-Included (LI) AMIs for Microsoft SQL Server 2025, enabling fast deployment of the latest SQL Server release on Windows EC2 instances. These managed images are created and maintained by AWS and default to TLS 1.3 for improved security and performance. AMIs include preinstalled management tools such as AWS Tools for Windows PowerShell, AWS Systems Manager, and AWS CloudFormation, plus network and storage drivers. The images are available in all commercial AWS Regions and AWS GovCloud (US), simplifying provisioning and lifecycle management for enterprise workloads.

Amazon Braket Adds Per-Device Spending Limits for QPUs

🔒 Amazon Braket now lets customers set per-device spending limits for quantum processing units (QPUs), enabling tighter cost controls and automated validation of task submissions. Tasks that would exceed remaining budgets are rejected at submission, and limits apply only to on-demand QPU tasks—not to simulators, notebook instances, hybrid jobs, or Braket Direct reservation tasks. Available now in all supported AWS Regions at no additional charge, limits can be updated or deleted any time; researchers may also apply for AWS Cloud Credits for Research to offset experiments.

ALB Target Optimizer: Per-Target Concurrency Control

🔧 Application Load Balancer now includes Target Optimizer, which enforces a maximum number of concurrent requests per target to align load with processing capacity. You enable it by creating a target group with a target control port and running an AWS-provided agent on each target. The feature can be configured per target group and is available in AWS Commercial, GovCloud (US), and China Regions. Note that enabled target groups consume additional LCUs and may increase costs.

AWS Glue Adds Zero-ETL Support for More SAP Entities

🔄 AWS Glue now provides full snapshot and incremental zero-ETL ingestion for additional SAP entities. The update adds snapshot ingestion for entities without deletion tracking and timestamp-based incremental loads for non-ODP systems, extending existing ODP support. Organizations can ingest SAP data directly into Amazon Redshift or the lakehouse architecture used by Amazon SageMaker, reducing engineering effort and operational complexity. This feature is available in all Regions where AWS Glue zero-ETL is offered.

Amazon MSK Serverless Now Available in São Paulo Region

🚀 Amazon Web Services has made Amazon MSK Serverless generally available in the South America (São Paulo) region, enabling customers to connect Apache Kafka applications without managing cluster capacity. MSK Serverless automatically provisions and scales compute and storage resources on demand, letting teams run Kafka with reduced operational overhead. This expansion aligns São Paulo with AWS's global GA regions.

Amazon MQ Adds RabbitMQ 4.2 with AMQP 1.0 Support Now

🚀 Amazon MQ now supports RabbitMQ 4.2, bringing native AMQP 1.0 support, a Raft-based metadata store (Khepri), local shovels, and message priorities for quorum queues. The release also includes throughput and memory management improvements and a range of bug fixes. Brokers can be created on m7g instance types via the Console, CLI, or SDKs, with automatic patch-version management and configurable resource limits. Note that mirroring of classic queues is no longer supported; quorum queues remain the sole replicated, durable queue type.

Amazon EC2 macOS Tahoe Now Available on Mac Instances

🖥️ Amazon Web Services now publishes Apple macOS Tahoe (v26) as Amazon Machine Images (AMIs) for EC2 Mac instances, enabling developers to build and test with Xcode 26 and the latest Apple platform SDKs. These AMIs run on Apple silicon EC2 Mac instances and are backed by Amazon Elastic Block Store (EBS) for stable, high-performance storage. Images include the AWS CLI, Command Line Tools for Xcode, Amazon SSM Agent, and Homebrew with the AWS Homebrew Tap. macOS Tahoe AMIs are available in all AWS regions that offer Apple silicon Mac instances and can be launched via the Console, CLI, or API.

AWS Step Functions Adds Local TestState API for Workflows

🔧 AWS Step Functions' TestState API now supports local unit testing of complete workflows, including advanced constructs like Map and Parallel states, without deploying state machines to AWS. Developers can mock AWS service integrations and opt into API contract validation so mocked responses align with actual service outputs, improving test fidelity. TestState calls integrate with frameworks such as Jest and pytest and can be used in CI/CD pipelines; the feature is available via the AWS SDK and CLI in all Regions where Step Functions is offered.

Amazon SageMaker Studio Integrates EMR on EKS with SSO

🔒 Amazon SageMaker Unified Studio now supports EMR on EKS as a compute option for interactive Apache Spark sessions, bringing containerized, large-scale distributed compute with automatic scaling and cost optimizations directly into the Studio environment. The feature adds trusted identity propagation through AWS Identity Center, enabling single sign-on and end-to-end data access traceability for interactive analytics. Data practitioners can use corporate credentials to access Glue Data Catalog resources from SageMaker JupyterLab while administrators retain fine-grained access controls and audit trails. This capability is available in all existing SageMaker Unified Studio regions.