< ciso
brief />
Tag Banner

All news with #aws eks tag

54 articles

AWS Neuron 2.31.0 adds NKI 0.5.0 and UltraServer

๐Ÿš€ AWS released Neuron 2.31.0, introducing NKI 0.5.0 with MX FP8 scale dtype, tensor indirection for indexed access patterns, and zero-cost NkiTensor view APIs. The release also brings the Neuron UltraServer Operator for Amazon EKS in public beta to automate UltraServer discovery and workload claims for Trainium UltraServer workloads. The Neuron Compiler now uses a redesigned codegen backend enabled by default on Trn2 and Trn3 for improved performance, while Runtime and Explorer add usability and debugging improvements.
read more โ†’

AWS reduces EKS Auto Mode GPU management fees

๐Ÿ”” Amazon EKS Auto Mode now reduces management fees for GPU and accelerated instance types, effective July 1, 2026. G-series Auto Mode fees drop 35%, while P-series and AWS Trainium fees drop 60%, applied automatically to existing clusters. EKS Auto Mode includes accelerator-focused features like parallel image pulling and accelerator-aware node repair to speed startup and improve reliability for ML and rendering workloads. The pricing change applies in all Regions where EKS Auto Mode is available and mirrors identical reductions for ECS Managed Instances.
read more โ†’

SageMaker HyperPod adds AMI versioning and auto-patch

๐Ÿ› ๏ธ Amazon SageMaker HyperPod now reports AMI versions across clusters and can automatically apply backward-compatible security patches without disrupting workloads. Administrators can view AMI semantic versions (major.minor.patch), detect drift, and roll back to prior versions โ€” preserving NVIDIA drivers, CUDA, and other bundled software โ€” via the UpdateClusterSoftware API. Auto-patching is opt-in per instance group, applies only when nodes are idle, and avoids major/minor upgrades; it can be enabled through CreateCluster or UpdateCluster APIs. A new AMI support policy defines patch support timelines; both features are available for EKS-orchestrated HyperPod clusters in supported Regions.
read more โ†’

GuardDuty Runtime adds sensitive file modification detection

๐Ÿ›ก๏ธ Amazon GuardDuty Runtime Monitoring now includes three new threat detections to alert teams when sensitive files are modified on Amazon EC2 instances and container workloads on Amazon EKS and Amazon ECS. These findings monitor critical system files such as configuration files, authentication settings, and system logs to surface post-compromise activity. The detections map to MITRE ATT&CKยฎ tactics and provide remediation guidance while using correlation analysis to reduce false positives. The capability is available to customers with GuardDuty Runtime Monitoring enabled, with a 30-day trial for new users.
read more โ†’

Amazon EKS adds Kubernetes version rollback support

๐Ÿ”ง Amazon Elastic Kubernetes Service (Amazon EKS) now supports Kubernetes minor version rollback, letting you revert to the prior minor version within 7 days if an upgrade causes issues. You can start a rollback via the Amazon EKS console, AWS CLI, or AWS SDKs, and EKS evaluates cluster rollback readiness with automated checks for API compatibility, version skew, add-on compatibility, and cluster health. For clusters using EKS Auto Mode, worker nodes are automatically managed during rollback to respect configured disruption controls, and the feature is available at no additional cost in all AWS Regions where EKS is offered.
read more โ†’

AWS Workload Credentials Provider: Role Chaining and Prefetch

๐Ÿ”’ This post explains how to use two enhancements to the AWS Workload Credentials Provider: role chaining for cross-account secret retrieval and prefetching to reduce cold-start latency. It covers configuration, required IAM permissions, SSRF token usage, and how to build and deploy the Rust-based provider across EC2, ECS, EKS, and Lambda. Examples show curl and Python calls, TOML configuration for max roles, and prefetch settings for individual secrets or tag-based discovery.
read more โ†’

June 2026 Threat Technique Catalog Update for AWS

๐Ÿ›ก๏ธ The AWS CIRT updated the Threat Technique Catalog for June 2026, adding five new entries focused on container security, organization-level trust, and compute hijacking. The update documents EKS workload modification, exploitation of public-facing Kubernetes services, sts:AssumeRoot abuse across AWS Organizations, compute hijacking in clusters, and account invitations into attacker-controlled organizations. It also refreshes three existing entries with expanded detection and mitigation guidance.
read more โ†’

CloudWatch OTel Container Insights for Amazon EKS

๐Ÿš€ Amazon CloudWatch now offers OTel Container Insights for Amazon EKS, collecting infrastructure metrics at 30-second granularity using open-source receivers like cAdvisor, Kube State Metrics, and NVIDIA DCGM. Each metric includes OpenTelemetry semantic conventions and Kubernetes labels to simplify correlation across nodes, pods, and workloads with a single PromQL query. Pre-built dashboards provide immediate visibility into cluster health, node performance, and pod-level resource usage, and the CloudWatch PromQL endpoint enables direct connection of existing Prometheus and Grafana dashboards. Enable the feature from the EKS console, the CloudWatch Observability add-on (v6.2.0+), Helm, or CloudFormation; it is available in all commercial AWS Regions except UAE, Bahrain, and Israel (Tel Aviv).
read more โ†’

Amazon EKS adds customer-routed control plane egress

๐Ÿ” Amazon EKS now supports customer-routed control plane egress, allowing outbound Kubernetes API server traffic to traverse your Amazon VPC. This includes admission webhook callbacks, OpenID Connect (OIDC) provider lookups, and aggregate API server requests. By routing through your VPC you can manage routing, security groups, and egress paths to meet data perimeter and compliance needs. Enable the feature by setting controlPlaneEgressMode to CUSTOMER_ROUTED and enforce it org-wide with the eks:controlPlaneEgressMode IAM condition key.
read more โ†’

EKS local clusters now support EC2 instance store on Outposts

๐Ÿ†• AWS now supports Amazon EKS local clusters on first- and second-generation AWS Outposts racks that boot Amazon EC2 instances from EC2 instance store. This extends Outpostsโ€™ static stability benefits to EKS local clusters, keeping the entire Kubernetes control plane on the Outpost to meet data residency needs and reduce impact from temporary network disconnects. The updated architecture brings greater operational parity with cloud EKS, includes managed control plane responsibilities, and adds support for EKS add-ons and modern auth mechanisms.
read more โ†’

CloudWatch Application Signals adds health-ranked insights

๐Ÿ› ๏ธ Amazon CloudWatch Application Signals now ranks service health on the application map and adds new infrastructure, logs, and traces tabs on the service overview page, enabling operators to triage unhealthy services and inspect compute, log snippets, and trace details in one place. These features surface runtime indicators for Amazon EKS, Amazon ECS, AWS Lambda, and Amazon EC2, and provide curated metrics with deep links to relevant monitoring tools to speed root-cause analysis. The capabilities are available in all Regions that support Application Signals.
read more โ†’

AWS Backup for Amazon EKS in Germany Region

๐Ÿ”’ AWS Backup now supports Amazon EKS in the AWS European Sovereign Cloud (Germany) Region, providing fully managed, policy-driven data protection and recovery for EKS clusters. The service includes automated scheduling, retention management, immutable vaults, and cross-Region and cross-account copies. Customers can protect entire clusters, namespaces, or individual persistent volumes without agents, replacing custom scripts or third-party tools.
read more โ†’

Amazon EKS Capabilities add CloudWatch Vended Logs

๐ŸŸฃ Amazon EKS Capabilities can now be configured as log delivery sources using Amazon CloudWatch Vended Logs to capture logs from managed controllers such as Argo CD, AWS Controllers for Kubernetes (ACK), and kro. Customers can enable delivery via CloudWatch APIs or the AWS Console and send logs to CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose. The feature is available in all Regions that support EKS Capabilities and incurs standard CloudWatch Vended Logs pricing with no additional EKS charge.
read more โ†’

Amazon EKS and EKS Distro add Kubernetes 1.36 support

๐Ÿ”” AWS now supports Kubernetes version 1.36 in Amazon EKS and Amazon EKS Distro. You can create new clusters or upgrade existing ones using the EKS console, eksctl, or infrastructure-as-code tools across all AWS Regions, including GovCloud. Key features in 1.36 include GA User Namespaces, Mutating Admission Policies for CEL, In-Place Pod-Level Vertical Scaling, and Resource Health Status reporting. EKS Distro images are available in ECR Public Gallery and GitHub, with documentation covering upgrade guidance and lifecycle policies.
read more โ†’

AWS Local Zone Now Available in Istanbul, Tรผrkiye Region

๐Ÿš€ AWS announces general availability of a new AWS Local Zone in Istanbul, Tรผrkiye, bringing compute, storage, networking, and select services closer to end users. The Local Zone supports Amazon EC2 (C7i, M7i, R7i), Amazon S3 One Zone-Infrequent Access, Amazon EBS (local snapshots and gp3/gp2/io1/sc1/st1), Amazon ECS, Amazon EKS, VPC, AWS Direct Connect, and Application Load Balancer. To enable, turn on the zone (eu-central-1-ist-1a) in the EC2 console or use the ModifyAvailabilityZoneGroup API to reduce latency and meet data residency needs.
read more โ†’

EKS Adds Karpenter Support for ARC Zonal Shift and Autoshift

๐Ÿ” Amazon EKS now supports Amazon Application Recovery Controller (ARC) zonal shift and zonal autoshift when using the open-source Karpenter for compute provisioning. ARC automates redirecting in-cluster network traffic away from an impaired AZ and can perform practice runs to validate cluster behavior. During a zonal shift, Karpenter stops provisioning in the impacted AZ, halts voluntary disruptions there, and avoids scheduling actions that depend on that zone. Enable support by setting ENABLE_ZONAL_SHIFT.
read more โ†’

AWS Transform Adds Automated Containerization for Migrations

๐Ÿ“ฆ AWS Transform now automates replatforming to containers during migrations, extending its agentic AI to generate Dockerfiles, build images, and publish to Amazon ECR. It supports repositories from GitHub, Bitbucket, GitLab, or .zip sources and builds deployment artifacts for Amazon ECS and Amazon EKS. Integrated security scanning and Terraform and Helm outputs simplify operations. Available in all Regions where AWS Transform is offered.
read more โ†’

AWS Backup speeds Amazon EKS cluster backups up to 10x

๐Ÿš€ AWS Backup now completes Amazon EKS cluster state backups up to 10x faster. This improvement reduces backup windows for clusters with large numbers of namespaces and Kubernetes resources from days to hours and is automatically enabled at no additional cost in supported Regions. AWS Backup is a policy-based, fully managed solution to centralize and automate protection across compute, storage, and databases.
read more โ†’

Amazon EKS adds one-click cluster access via CloudShell

โ˜๏ธ Amazon Elastic Kubernetes Service (EKS) now offers one-click cluster access from the AWS Management Console via AWS CloudShell, eliminating the need to install or configure kubectl, AWS CLI, or kubeconfig files locally. From the EKS console, selecting Connect launches a CloudShell session with kubectl pre-configured for the chosen cluster so you can run commands immediately. The feature supports clusters with both public and private API server endpoints and each session also includes the AWS CLI and standard CloudShell utilities for troubleshooting and management.
read more โ†’

Amazon EKS Hybrid Nodes gateway simplifies hybrid networking

๐Ÿ”— Amazon Elastic Kubernetes Service (EKS) introduces the Amazon EKS Hybrid Nodes gateway to automate networking between an EKS cluster VPC and Kubernetes Pods running on EKS Hybrid Nodes. The gateway removes the need to make onโ€‘premises pod networks routable and avoids extensive coordination with network teams by automatically maintaining VPC route tables as workloads scale. Deployed to Amazon EC2 instances via Helm, the gateway also enables control-plane-to-webhook, pod-to-pod, and AWS service connectivity (ALB, NLB, Amazon Managed Service for Prometheus). The codebase is open source and the feature is available in all Regions where EKS Hybrid Nodes is supported, excluding China Regions. AWS offers the gateway itself at no additional charge; customers pay for underlying EC2 and data transfer costs.
read more โ†’