All news with #aws s3 tag

S3 Storage Lens: performance metrics and prefix analytics

📊 S3 Storage Lens now provides three new capabilities: application performance metrics, expanded prefix analytics across billions of prefixes, and direct export of metrics to managed S3 Tables. The performance metrics include access pattern, request origin, and object access count metrics to surface inefficient requests, cross‑Region access, and hot object reads. Enable these features in your advanced dashboard to make metrics queryable via AWS analytics services.

Amazon S3 Vectors GA: Scalable, Cost‑Optimized Vector Store

🚀 Amazon S3 Vectors is now generally available, delivering native, purpose-built vector storage and query capabilities in cloud object storage. It supports up to two billion vectors per index, 10,000 indexes per vector bucket, and offers up to 90% lower costs to upload, store, and query vectors. S3 Vectors integrates with Amazon Bedrock, SageMaker Unified Studio, and OpenSearch Service, supports SSE-S3 and optional SSE-KMS encryption with per-index keys, and provides tagging for ABAC and cost allocation.

Amazon S3 Batch Operations: Up to 10x Faster at Scale

⚡Amazon S3 Batch Operations now finishes jobs up to 10x faster and supports jobs that include up to 20 billion objects, accelerating large-scale storage tasks. S3 pre-processes objects, runs operations, and generates completion reports with no extra configuration or cost. Typical uses include copying between buckets, tagging for lifecycle policies, and computing checksums. The upgrade is available in all AWS Regions except China and GovCloud (US).

Amazon CloudWatch Unified Data Management and Analytics

🔎 Amazon CloudWatch now provides unified data management and analytics to consolidate operational, security, and compliance data across AWS and third-party sources. The launch enables organization-wide ingestion from AWS sources such as AWS CloudTrail, Amazon VPC, and Amazon WAF, plus managed collectors for CrowdStrike, Okta, and Palo Alto Networks. Customers can use pipelines to transform and enrich logs to standard formats like OCSF and define facets for faster insights. Data can be stored in managed Amazon S3 Tables at no additional storage charge and queried natively or with any Apache Iceberg-compatible analytics tool.

Amazon S3 Tables: Automatic Cross-Region Iceberg Replication

🔁 Amazon S3 Tables now support automatic replication of Apache Iceberg tables across AWS Regions and accounts, duplicating full table structure, snapshots, and metadata to destination buckets. The feature creates read-only replica tables, backfills them to the source's latest state, and continuously monitors for updates while allowing independent snapshot retention and encryption settings per replica. Replicas are queryable with Amazon SageMaker Unified Studio or any Iceberg-compatible engine such as Amazon Athena, Amazon Redshift, Apache Spark, and DuckDB. This capability is available in all Regions where S3 Tables are supported.

S3 Tables Gain Intelligent-Tiering Storage Class Now

🗃️ Amazon S3 Tables now support the Intelligent-Tiering storage class to automatically optimize table storage costs based on access patterns, without impacting performance or adding operational overhead. Data not accessed for 30 days moves to the Infrequent Access tier (≈40% lower cost), and after 90 days moves to Archive Instant Access (≈68% lower cost), enabling up to 80% storage savings. Automated table maintenance (compaction, snapshot expiration, unreferenced file removal) does not trigger tiering, and you can select Intelligent-Tiering per table or set it as the default for new tables in a table bucket across all regions where S3 Tables are available.

AWS previews MCP Server for AI agents across AWS ecosystem

🔧 The AWS MCP Server is now in preview and offers a managed remote Model Context Protocol (MCP) interface that consolidates the prior AWS API MCP and AWS Knowledge servers into a single endpoint. It enables AI agents and AI-native IDEs to access AWS documentation, generate and execute calls to over 15,000 APIs, and follow pre-built Agent SOPs to perform multi-step tasks. Authentication and authorization use AWS IAM, and audit logging is provided via CloudTrail; the service is available at no additional cost in US East (N. Virginia), with customers paying only for resources and data transfer.

AWS Private CA Adds Partitioned CRLs for Scale, Compliance

🔒 AWS Private Certificate Authority now supports partitioned Certificate Revocation Lists (CRLs) to scale revocation handling up to 100 million certificates per CA. Partitioning breaks revocation data into ~1 MB CRL partitions and binds certificates to partitions using a critical Issuer Distribution Point (IDP) extension, allowing validators to match CDP and IDP URIs for accurate checks. The feature is backward compatible, RFC5280-compliant, configurable in the console (including S3 setup), and carries no charge beyond AWS Private CA and Amazon S3 usage.

AWS Glue: Catalog Federation for Remote Iceberg Catalogs

🔗 AWS announces general availability of AWS Glue catalog federation for remote Apache Iceberg catalogs. The feature enables analytics engines to query Iceberg tables stored in Amazon S3 and cataloged remotely without moving or copying data, with real-time metadata synchronization to the AWS Glue Data Catalog. It leverages AWS Lake Formation for fine-grained access controls and supports the Iceberg REST specifications; federation is available in the Lake Formation console and via SDKs/APIs.

Ransomware Targets AWS S3 via Cloud Key Abuse Tactics

🔐 A Trend Micro report warns that ransomware groups are shifting from on-premises targets to cloud object storage, particularly AWS S3, by abusing integrated encryption and key management. Attackers probe configurations from AWS-managed KMS keys to customer-provided and external key stores to encrypt or irreversibly lock data. The report urges hardening S3 settings, enforcing least privilege, enabling versioning and Object Lock, and isolating backups.

Amazon SageMaker One-Click Onboarding for Existing Data

✨ Amazon SageMaker now offers one-click onboarding of existing AWS datasets into Amazon SageMaker Unified Studio, letting customers begin data work in minutes while retaining their current IAM roles and permissions. The feature provisions a pre-configured serverless notebook with a built-in AI agent that supports SQL, Python, Spark, and natural language. Users can start from SageMaker, Amazon Athena, Amazon Redshift, or Amazon S3 Tables consoles and the setup imports permissions from AWS Glue Data Catalog, Lake Formation, and S3 to accelerate first use.

Ransomware Shifts Focus to AWS S3 Buckets and Keys

🔐 A Trend Micro analysis warns ransomware actors are increasingly targeting cloud storage by abusing AWS-native encryption and key management to render S3 data unrecoverable. Attackers probe buckets with disabled versioning or Object Lock, exploit wide write permissions, and weaponize SSE-KMS, SSE-C, BYOK and XKS to seize control of keys. Researchers recommend least-privilege IAM, enable versioning/Object Lock, isolate backups, and continuously monitor audit logs. An "assume breach" posture and short-lived credentials are urged to limit impact.

AWS ALB Adds Health Check Logs to S3 for Troubleshooting

🛡️ AWS Application Load Balancers (ALB) now support Health Check Logs that deliver detailed target health check entries to a designated Amazon S3 bucket every five minutes. The optional feature records timestamps, target identifiers, per-target health status, and precise failure reasons to accelerate troubleshooting. You can enable it via the AWS Management Console, AWS CLI, or SDK. Available in all AWS Commercial Regions, AWS GovCloud (US), and AWS China Regions, logs incur no additional fees beyond standard S3 storage and can reduce mean time to resolution for target health investigations.

AWS Glue zero-ETL now supports CloudFormation & CDK

🚀 AWS Glue zero-ETL integrations now support AWS CloudFormation and the AWS Cloud Development Kit (CDK), enabling creation and management of zero-ETL integrations using infrastructure as code. This lets teams ingest data from DynamoDB and enterprise SaaS sources (Salesforce, ServiceNow, SAP, Zendesk) into Amazon Redshift, S3, and S3 Tables. CloudFormation and CDK support makes it easier to deploy, update, and version-control zero-ETL configurations consistently across multiple AWS accounts.

AWS Transfer Family Web Apps Support VPC Endpoints

🔒 AWS Transfer Family web apps now support Virtual Private Cloud (VPC) endpoints, enabling private, in‑VPC access to your browser-based S3 file interface at no additional charge. Workforce users can connect through a VPC, AWS Direct Connect, or VPN so that file traffic remains inside your network boundary. Administrators can enforce controls with security groups and subnet-level NACLs, retaining full visibility and control over transfers. Configure and manage endpoints via the Transfer Family console, AWS CLI, or SDK.

Transfer Data Across AWS Partitions with Roles Anywhere

🔐 AWS outlines replacing cross-partition IAM user keys with IAM Roles Anywhere to securely transfer data between AWS partitions. The post explains partition isolation (Commercial, GovCloud, China), why long-lived access keys are discouraged, and how IAM Roles Anywhere uses X.509 certificates and temporary credentials. It also covers using an external CA or AWS Private CA to issue and manage certificates for workloads.

Updating CRLs Privately with AWS Private CA and VPC Delivery

🔒 This AWS Security post explains two approaches to make certificate revocation lists (CRLs) available only to internal systems without exposing the S3 CRL bucket to the public internet. The first approach relocates CRLs by using a custom CDP CNAME and an EventBridge‑triggered Lambda that copies generated CRLs from the ACM Private CA S3 bucket to an internal store, with SNS notifications and example Python code. The second approach confines CRL retrieval inside AWS by using a VPC Gateway S3 endpoint, tightly scoped S3 bucket policies, and private Route 53 DNS so CRLs are resolvable and retrievable only from within the VPC.

AWS CloudTrail Insights Adds Data-Event Anomaly Detection

🔍 AWS CloudTrail Insights now analyzes data events as well as management events, automatically detecting anomalies in data access patterns such as unexpected surges in S3 delete calls or increased Lambda error rates. When unusual activity is found, CloudTrail generates an Insights event that includes the relevant data events and can trigger alerts for rapid investigation. The capability is available in all regions where CloudTrail is offered; additional charges apply for data-event Insights.

CrowdStrike Extends DSPM to Runtime for Cloud Data

🔒 CrowdStrike Falcon Data Protection for Cloud is now generally available, extending traditional DSPM into runtime to provide continuous visibility and protection for sensitive data in motion. Leveraging eBPF-powered monitoring, it detects unauthorized or risky data transfers across APIs, SaaS, containers, databases, and cloud storage without proxies or added infrastructure. The solution combines unified classification with integrated investigation and automated response, plus SIEM streaming and a lightweight Linux sensor for rapid deployment.

AWS PrivateLink Adds Cross-Region Connectivity for Services

🔒 AWS now enables native cross-region connectivity for AWS PrivateLink, allowing Interface VPC endpoints to reach supported AWS services hosted in other Regions within the same partition. Service consumers can access S3, Route 53, ECR and more via private IPs in their VPCs without cross-region peering or traversing the public internet. This simplifies global private networking and supports data residency and security requirements.