All news with #aws lambda tag

CloudWatch Application Signals Now in AWS GovCloud

🔒 CloudWatch Application Signals is now available in AWS GovCloud (US-East) and AWS GovCloud (US-West), extending automated application observability to government and regulated workloads. The service automatically collects telemetry from Amazon EC2, Amazon ECS, Amazon EKS and AWS Lambda to provide real-time health, dependency visualization and anomaly detection. By eliminating manual instrumentation, it helps teams meet compliance and monitoring requirements while improving incident detection and resolution. For pricing and setup, consult the CloudWatch pricing page and Application Signals documentation.

AWS Serverless MCP Server Adds ESM Tools for Lambda

🔧 The AWS Serverless Model Context Protocol (MCP) Server now includes specialized tools to configure and manage AWS Lambda event source mappings (ESM), combining AI assistance with ESM expertise. The new toolset—comprising the ESM guidance tool, the ESM optimization tool, and an ESM Kafka troubleshooting tool—translates high-level throughput, latency, and reliability requirements into concrete ESM configurations and generates optimized AWS SAM templates. It also validates VPC network topology for VPC-based event sources and diagnoses common ESM issues to streamline setup, tuning, and troubleshooting workflows.

Amazon Kinesis Data Streams: Record Size Raised to 10MiB

📣 Amazon Web Services has increased the maximum record size for Kinesis Data Streams from 1MiB to 10MiB and doubled the maximum PutRecords request size to 10MiB. You can update a stream's maximum record size to 10MiB via the AWS Management Console or the UpdateMaxRecordSize API using the AWS SDK or CLI, and continue using existing Kinesis APIs to publish and consume larger records. AWS Lambda now supports Kinesis payloads up to 6MiB; there are no additional charges beyond standard Kinesis fees. The feature is available in supported regions and AWS provides documentation describing region coverage and downstream handling guidance.

AWS Lambda ups asynchronous payload limit to 1 MB today

🚀 AWS has increased the maximum payload size for AWS Lambda asynchronous invocations from 256 KB to 1 MB. This change lets customers deliver richer, complex events—such as LLM prompts, telemetry batches, or detailed JSON outputs—without splitting, compressing, or externalizing data. The increase is generally available in all AWS Commercial and AWS GovCloud (US) Regions and can be used via the Lambda invoke API. Billing counts 1 request for the first 256 KB and an additional request per 64 KB chunk beyond that up to 1 MB.

AWS Lambda Code Signing Now Available in GovCloud Regions

🔐 AWS Lambda now supports code signing in AWS GovCloud (US-West and US-East) through the managed AWS Signer service. Lambda validates signatures at deployment to ensure code has not been altered and that it originates from trusted signers. Administrators can create Signing Profiles, bind allowed profiles to functions, and configure whether failed signature checks produce warnings or reject deployments. Access and permissions are controlled via IAM, and there is no additional charge to use this capability.

Defense-in-Depth: Building an AWS Control Framework

🔒 This post outlines a practical, layered approach to reduce risk in AWS by moving beyond detective-only controls to a comprehensive defense‑in‑depth control framework. It recommends combining preventative, proactive, detective, and responsive controls across the resource lifecycle and illustrates how AWS services such as AWS Control Tower, AWS Organizations, Security Hub, and AWS Config enable that strategy. The guidance covers concrete patterns—from SCPs, RCPs and policy‑as‑code in CI/CD to automated remediation via Lambda and Systems Manager—to scale governance, reduce findings, and shorten remediation time.

Automating Security Hub Exceptions with Business Context

🔒 This post describes an automated approach to validate and document exceptions to AWS Security Hub findings, enabling security teams to enforce governance while developers request and implement compensating controls. The solution leverages EventBridge, SQS, Lambda, and DynamoDB to validate controls, collect evidence, and maintain an immutable audit trail. It preserves segregation of duties, supports multiple validation types, and includes deployment scripts and CloudFormation templates. The authors emphasize the reference architecture is a starting point and must be reviewed and adapted before production use.

AWS Lambda: Cross-Account Container Images in GovCloud

🚀 AWS Lambda now supports creating or updating functions using container images stored in an Amazon ECR repository in a different AWS account within GovCloud Regions. This removes the previous need to copy images into a local ECR repo and streamlines centralized image management and CI/CD workflows. Administrators must grant the Lambda resource and the Lambda service principal the necessary cross-account permissions.

Automating OIDC Client Secret Rotation for ALB on AWS

🔁 This AWS blog demonstrates how to automate OIDC client secret rotation for Application Load Balancer authentication using AWS Secrets Manager, AWS Lambda, and Amazon EventBridge. The solution securely stores IdP credentials (Auth0 in the example), schedules a Lambda handler to fetch and compare tokens, and updates Secrets Manager and ALB listener rules when changes occur. It reduces manual effort, limits plaintext credential exposure, and adds monitoring via CloudWatch alarms.

Amazon GuardDuty Protection Plans and Threat Detection

🔐 Amazon GuardDuty centralizes continuous threat detection across AWS using AI/ML and integrated threat intelligence. It offers optional protection plans—S3, EKS, Runtime Monitoring, Malware Protection for EC2 and S3, RDS, and Lambda—that extend detections to service-specific telemetry and runtime behaviors. Built-in Extended Threat Detection correlates signals into high-confidence attack sequences and maps findings to MITRE ATT&CK, providing prioritized remediation guidance.

Secure File Sharing on AWS: Security and Cost Options

🔐 This post by Swapnil Singh (updated July 28, 2025) compares AWS file-sharing options and explains security and cost trade-offs to help architects choose the right approach. Part 1 focuses on AWS Transfer Family, Transfer Family web apps, S3 pre-signed URLs, and a serverless pre-signed URL pattern (API Gateway + Lambda), outlining strengths, limitations, and pricing considerations. It emphasizes requirements gathering—access patterns, protocols, security, operations, and business constraints—and presents a decision matrix and high-level guidance for selecting a solution.