All news with #aws s3 tag

Amazon S3 Adds Post-Quantum TLS Key Exchange Support

🔐 Amazon S3 now supports post-quantum TLS key exchange on regional S3, S3 Tables, and S3 Express One Zone endpoints using the NIST-standardized Module Lattice-Based Key Encapsulation Mechanism (ML-KEM). PQ-TLS key exchange is available at no additional cost across all AWS regions and will be negotiated automatically when clients are configured for ML-KEM. Combined with server-side AES-256 encryption by default, S3 offers quantum-resistant protection for data both in transit and at rest.

AWS Data Exports Adopt FOCUS 1.2 Schema for Cost Management

🔔 AWS announced general availability of AWS Data Exports supporting the FOCUS 1.2 schema, enabling customers to export standardized cost and usage data to Amazon S3. The release preserves the four-cost-column structure (ListCost, ContractedCost, BilledCost, EffectiveCost) from FOCUS 1.0 while adding fields for broader enterprise use cases. Key capabilities include invoice reconciliation, capacity reservation tracking to find unused reservations, and virtual currency support for multi-cloud and SaaS cost scenarios. The export is available in US East (N. Virginia) and covers all AWS Regions except AWS GovCloud (US) and AWS China Regions.

AWS S3 bucket-level setting to standardize encryption

🔒 Amazon S3 now provides a bucket-level default encryption configuration to enforce SSE-S3 or SSE-KMS for all write requests, allowing organizations to standardize server-side encryption types across buckets. The PutBucketEncryption API update lets you disable SSE-C on specific buckets or in CloudFormation templates. This capability is available in all AWS Regions and configurable via Console, SDK, API, or CLI. It helps simplify compliance and reduce misconfiguration risk.

OpenSearch Serverless: CloudTrail data-plane audit logging

🔒 Amazon has added detailed audit logging for OpenSearch Serverless data-plane requests through AWS CloudTrail. Customers can now record and retain user actions on collections — including authorization attempts, index changes, and search queries — to support compliance and incident investigations. Logs can be filtered with read-only or write-only options or captured using advanced event selectors for granular control. Data events are delivered to Amazon S3 and can be forwarded to Amazon CloudWatch Events for real-time monitoring and response.

Automating Session Manager Preferences with CloudFormation

🔐 This post explains how to centrally manage AWS Systems Manager Session Manager preferences across multiple accounts and Regions using CloudFormation StackSets and an AWS Lambda function. The solution automates updates to the SSM-SessionManagerRunShell document, provisions optional logging destinations (Amazon S3 or CloudWatch Logs), and can create KMS keys for session and log encryption. It aims to reduce manual configuration errors and ensure consistent security and compliance at scale.

AWS Transfer Family Terraform Module Adds Malware Scanning

🛡️ AWS has updated the Transfer Family Terraform module to support automated malware scanning workflows for files transferred to S3. The module provisions GuardDuty S3 Protection–based scan pipelines, dynamic routing based on results, and threat notifications in a single deployment. It preserves folder structure, allows granular S3 prefix targeting, and helps ensure only verified clean files reach applications and data lakes.

AWS offers flat-rate CloudFront plans with built-in security

🔒 AWS is introducing flat-rate pricing plans for CloudFront that bundle global CDN delivery with built-in security (WAF, DDoS protection), Route 53 DNS, CloudWatch Logs ingestion, serverless edge compute, and monthly S3 storage credits. Plans eliminate overage charges so traffic spikes or attacks won’t trigger surprise fees. Tiers include Free, Pro ($15), Business ($200) and Premium ($1,000), and pay-as-you-go remains an option.

AWS Backup releases low-cost warm storage for S3 backups

🚀 AWS Backup introduces a low-cost warm storage tier for Amazon S3 backups that can cut storage costs by up to 30%. After S3 backup data resides in a vault for 60 days (configurable to a longer period), you can automatically move it to the new tier while preserving the same performance and features, including ransomware protection, recovery, and auditing. Automatic tiering can be enabled at the account, vault, or bucket level and is available in all Regions where AWS Backup for S3 is offered; a one-time transition fee applies.

Amazon SageMaker Catalog Adds S3 Read/Write Access

📂 Amazon SageMaker Catalog now supports read and write access to Amazon S3 general purpose buckets, enabling data scientists and analysts to discover, process, and share unstructured data alongside structured datasets. Data publishers can grant read-only or read/write permissions when approving subscriptions or sharing S3 data, allowing processed outputs to be written back to the original bucket or folder. This feature is available in all Regions that support SageMaker Unified Studio and can be accessed via the studio UI, the Amazon DataZone API, SDK, or AWS CLI.

Amazon CloudWatch Adds Network Load Balancer Access Logs

🔍 Amazon CloudWatch Logs now ingests Network Load Balancer (NLB) access logs as vended logs, enabling direct analysis within CloudWatch. You can run CloudWatch Logs Insights queries, create metric filters, and use Live Tail for real‑time traffic review to accelerate troubleshooting. NLB access logs are configurable from the NLB integrations tab, AWS CLI, or SDKs, and can also be delivered to Amazon Data Firehose or S3 with optional Apache Parquet conversion. Delivery to CloudWatch and Firehose is billed as vended logs; S3 delivery is free while Parquet conversion carries a per‑GB charge.

Amazon S3 Tables Gain Amazon CloudWatch Metrics Now

📊 Amazon CloudWatch metrics are now available for S3 Tables, providing visibility into storage, maintenance, and request activity. Metrics include daily storage and object counts, compaction bytes/objects processed, and minute‑level request measurements for operations, data transfer, errors, and latency. You can access these metrics via the CloudWatch console, AWS CLI, or CloudWatch API at the bucket, namespace, and individual table level; they are available in all Regions where S3 Tables is offered.

Why Enterprises Still Struggle with Cloud Misconfigurations

🔒 Enterprises continue to struggle with cloud misconfigurations that expose sensitive data, according to recent industry reporting and a Qualys study. The report cites a 28% breach rate tied to cloud or SaaS services over the past year and high misconfiguration rates across AWS (45%), GCP (63%) and Azure (70%). Experts blame permissive provider defaults, shadow IT and rapid business-driven deployments, and recommend controls such as MFA everywhere, private networking, encryption, least-privilege and infrastructure-as-code.

Mountpoint S3 CSI Driver Adds Observability Metrics

📈 You can now monitor Mountpoint operations in observability tools such as Amazon CloudWatch, Prometheus, and Grafana. Mountpoint emits near real-time metrics (request count, request latency, and error types) over the OpenTelemetry Protocol (OTLP), so you can use the CloudWatch agent or an OpenTelemetry collector to publish metrics and build dashboards. Configure Mountpoint at mount time to stream per-EC2-instance metrics for proactive monitoring and faster troubleshooting.

AWS PrivateLink Adds Native Cross-Region Service Access

🚀 AWS PrivateLink now supports native cross-region connectivity for select AWS services. With this change, Interface VPC endpoints can privately access Amazon S3, Route 53, ECR and other supported services hosted in different Regions of the same AWS partition without cross-region peering or internet exposure. Endpoints present a private IP in your VPC, simplifying secure inter-region connectivity and helping meet data residency requirements. Refer to AWS PrivateLink pricing and documentation for the full list of supported services and Regions.

Azure Storage Mover: Cloud-to-Cloud S3 to Blob Migrations

🚀 Azure Storage Mover is now generally available for direct cloud-to-cloud migrations from AWS S3 to Azure Blob Storage. The fully managed service performs high-speed, server-to-server parallel transfers without requiring self-hosted agents, preserving file metadata and supporting incremental syncs to minimize downtime. Integrated automation via the Azure portal, CLI, and REST API removes the need for custom scripts or third-party tools, while RBAC, Azure Active Directory, Multicloud Arc connectivity, and encryption in transit address security and compliance. Customers who tested the preview moved petabytes of data and reported reduced infrastructure overhead and faster access to Azure analytics and AI capabilities.

Amazon Redshift Auto-Copy Expands to Four AWS Regions

📥 Amazon Redshift Auto-Copy is now available in Asia Pacific (Malaysia), Asia Pacific (Thailand), Mexico (Central), and Asia Pacific (Taipei). The feature lets you configure an integration to continuously detect and load new files from a specified Amazon S3 prefix into Redshift tables without requiring custom COPY pipelines or external tooling. Auto-Copy records previously loaded files to prevent duplicate ingestion and exposes job status and metrics via Redshift system tables for monitoring and troubleshooting.

Amazon S3 Generates CloudTrail Events for Table Maintenance

🔔Amazon S3 now emits AWS CloudTrail events for S3 Tables maintenance operations so you can track compaction and snapshot expiration. Maintenance activities are recorded as management events in CloudTrail, enabling auditing and monitoring of automatic optimization tasks. To monitor these events, create a trail and filter for eventType='AwsServiceEvents' and eventName='TablesMaintenanceEvent'. Events are available in all Regions where S3 Tables are offered.

Amazon Timestream Now Adds Managed InfluxDB 3 Support

🚀 Amazon Timestream now offers managed support for InfluxDB 3, enabling developers and DevOps teams to run InfluxDB 3 databases as a managed service. InfluxDB 3 introduces a new architecture built on Apache Arrow for in-memory processing, Apache DataFusion for query execution, and columnar Parquet storage with persistence to Amazon S3 to improve query performance and scale for high-cardinality workloads. The service is available in two editions—Core (open source, near real-time) and Enterprise (multi-node, HA, compaction for long-term storage)—with Enterprise supporting initial multi-node clusters up to three nodes. Available in all Regions where Timestream for InfluxDB is offered; see the console, documentation, and pricing to get started.

AWS Transfer Family SFTP Connectors Gain VPC Support

🔒 AWS Transfer Family SFTP connectors can now route connections through your Amazon VPC, enabling secure file transfers between Amazon S3 and remote SFTP servers whether privately or publicly hosted. Connectors can present VPC CIDR IP addresses for compatibility with IP allowlists and leverage NAT Gateway bandwidth for higher-throughput internet transfers. All traffic is routed through existing VPC networking and security controls, including Transit Gateway and centralized firewalls to help meet data security mandates.

SageMaker AI Projects Adds Custom ML Templates from S3

🛠️ Amazon Web Services announced that SageMaker AI Projects can now provision custom ML project templates stored in Amazon S3. Administrators can define and manage standardized end-to-end project templates in SageMaker AI Studio so data scientists can create projects that follow organizational patterns and automated workflows. The feature is available in all AWS Regions where SageMaker AI Projects is offered.