All news with #aws s3 tag

Amazon Redshift Serverless Available in Milan, Cape Town

🚀 Amazon Redshift Serverless is now generally available in the AWS Europe (Milan) and Africa (Cape Town) regions. With Redshift Serverless, users—data analysts, developers, and data scientists—can run analytics without provisioning or managing clusters, benefiting from automatic provisioning, intelligent scaling, and per-second compute billing. You can query data via Query Editor V2 or existing BI tools, load data from Amazon S3 (including Apache Parquet), use Redshift data shares, restore provisioned snapshots, and take advantage of unified billing for queries across these sources.

Managed Tiered Checkpointing for Amazon SageMaker HyperPod

⚡ Amazon Web Services has announced general availability of managed tiered checkpointing for Amazon SageMaker HyperPod, a hybrid checkpointing capability that caches frequent checkpoints in CPU memory and periodically persists them to Amazon S3 for durability. The approach reduces model recovery time and minimizes training progress loss on large-scale clusters. It integrates with PyTorch Distributed Checkpoint (DCP) and is enabled via a CreateCluster/UpdateCluster API parameter; customers can use the sagemaker-checkpointing Python library to adopt it with minimal code changes. Currently available for HyperPod clusters using the EKS orchestrator.

Four-Step EASM Framework to Reduce External Cyber Risk

🔍 External Attack Surface Management (EASM) requires a continuous, automated approach to discover internet-facing assets, detect vulnerabilities and prioritize remediation. The article outlines a practical four-step process — identify and classify assets, risk detection, risk assessment, and prioritization and remediation — to reduce external cyber risk. A real-world Jenkins misconfiguration illustrates how shadow IT and configuration changes can expose sensitive data, and why centralized, recurrent EASM platforms that integrate with existing workflows and provide actionable guidance are essential. Effective defense combines fast MTTD from tools with responsive teams to achieve timely MTTR.

AWS Transform Adds Detached Storage Assessment and TCO

🔍 AWS has expanded AWS Transform assessment to analyze on‑premises detached storage infrastructures, including SAN, NAS, file servers, object stores and virtual environments. The new capability maps existing storage to AWS targets such as Amazon S3, Amazon EBS and Amazon FSx, and delivers a comparative Total Cost of Ownership (TCO) analysis. It also provides performance and cost optimization recommendations for compute and storage workloads, noting storage can represent up to 45% of migration opportunities. The assessment is available in US East (N. Virginia) and Europe (Frankfurt).

AWS Deadline Cloud automates job output downloads at scale

🔁 The AWS Deadline Cloud client now includes a command to automatically download outputs for completed jobs from a specified queue. The command detects output files that Deadline Cloud has stored in Amazon S3 and restores them to the local paths defined during job creation. It can be scheduled with cron or Task Scheduler to run periodically, enabling unattended retrieval for final review and delivery.

Amazon SageMaker Lakehouse Adds Tag-Based Access Control

🏷️ Amazon SageMaker lakehouse now supports tag-based access control (TBAC) across federated catalogs, extending capability beyond the default AWS Glue Data Catalog to Amazon S3 Tables, Amazon Redshift, and federated sources such as DynamoDB, PostgreSQL, and SQL Server. TBAC lets administrators group resources with tags, grant access based on those tags, and rely on tag inheritance so new tables automatically receive fine-grained controls. Administrators can create and apply tags via the AWS Lake Formation console and grant tag-based permissions to principals; tagged resources are then usable through Amazon Athena, Amazon Redshift, Amazon EMR, and SageMaker Unified Studio. The feature is available in all commercial AWS Regions via the Console, AWS CLI, and SDKs, with supporting Lake Formation Tags documentation and a blog post.

AWS Adds VPC Endpoint Organization-Based Policy Keys

🔐 AWS introduced three new global IAM condition keys—aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID—to simplify network-origin access controls across multiple accounts and OUs. These keys let administrators restrict resource access based on the account, organizational unit path, or organization that owns the VPC endpoint used for a request, reducing the need to enumerate VPC or VPC endpoint IDs. Example use cases include S3 bucket policies and centrally applied RCPs or SCPs to enforce corporate network perimeters and intra-organization segmentation; adoption depends on service support and testing prior to production rollout.

Amazon EBS Adds Snapshot Copy Support for Local Zones

🔁 Amazon Elastic Block Store (EBS) now supports snapshot copy for AWS Local Zones, enabling point-in-time local snapshots to be copied to the parent Region or another Local Zone. The feature is generally available and accessible via the AWS Console, CLI, and SDKs. This capability helps customers meet disaster recovery, data migration, and compliance requirements by storing snapshots in Amazon S3 within the chosen Region or Local Zone.

Amazon S3 Adds CloudFormation and CDK Support for Tables

🛠️ AWS now supports creating Amazon S3 Tables and namespaces with AWS CloudFormation and the AWS CDK, extending existing support for table buckets. This enables developers and teams to provision, update, and manage S3 Tables resources using infrastructure-as-code workflows, improving repeatability and version control across multiple AWS accounts. The CloudFormation and CDK integrations are available in all Regions where S3 Tables are offered, and AWS points users to the CloudFormation, CDK, and S3 Tables documentation to get started.

AWS Transfer Family Adds Terraform SFTP Connector Support

🚀 The AWS Transfer Family Terraform module now supports provisioning SFTP connectors to transfer files between Amazon S3 and remote SFTP servers. Announced 2025-08-27, the addition builds on existing Terraform support for SFTP server endpoints and enables programmatic provisioning of connectors, dependencies, and customizations in a single IaC deployment. The module includes end-to-end examples to automate transfers on schedules or event triggers, reducing manual configuration and improving repeatability, security, and scale.

Amazon SageMaker Unified Studio adds S3 file sharing option

📂 Amazon SageMaker Unified Studio now offers a simplified S3-based file storage option for project collaboration. Customers can choose between Git integrations (GitHub, GitLab, Bitbucket Cloud) or Amazon S3 buckets, with S3 set as the default while Git remains fully supported. The S3 option gives a consistent view of files across Studio tools, uses a last-write-wins model, and supports basic versioning when administrators enable it.

Amazon S3 adds compute checksum to verify datasets

🔒 Amazon Web Services has added a compute checksum operation to S3 Batch Operations, enabling large-scale verification of stored datasets without restoring or downloading objects. You can submit a manifest or target a bucket with prefix/suffix filters, select algorithms such as SHA-256, MD5, CRC32C and others, and receive a detailed integrity report when the job completes. This capability complements S3's built-in validation and simplifies compliance, preservation, and accuracy checks across all storage classes and object sizes.

Amazon S3 Express One Zone adds FIS resilience testing

🛠 AWS now supports resilience testing for S3 Express One Zone using AWS Fault Injection Service (FIS), enabling simulated network disruptions that cause data plane requests to timeout for directory buckets. The FIS network disruption action is included in the AZ Availability: Power Interruption scenario and is available in all Regions where the storage class is offered. You can run experiments via the AWS Management Console, AWS CLI, or the FIS API to validate monitoring, recovery procedures, and improve application resilience; consult FIS pricing for cost details.

Amazon Athena Adds CTAS Support for S3 Tables and Iceberg

🆕 Amazon Athena now supports CREATE TABLE AS SELECT (CTAS) statements targeting S3 Tables, enabling creation and population of a managed S3 Table from a single SQL query. The capability supports source data in Parquet, CSV, JSON and lake formats such as Apache Iceberg, Hudi, and Delta Lake. CTAS lets you partition data on the fly and the resulting tables can be queried, JOINed, and updated in Athena. This feature is available in AWS Regions where both Athena and S3 Tables are supported.

Malware Analysis on AWS: Building Secure Isolated Sandboxes

🔒 This AWS blog explains how security teams can run malware analysis in the cloud while complying with AWS policies and minimizing risk. It recommends an architecture that uses an isolated VPC with no internet egress, ephemeral EC2 detonation hosts accessed via AWS Systems Manager Session Manager, and secure S3 storage via VPC gateway endpoints with encryption. The post emphasizes strong IAM and SCP guardrails, immutable hosts, automated teardown, centralized logging, and monitoring with CloudTrail and GuardDuty to maintain visibility and lifecycle control.

Secure File Sharing in AWS: Security and Cost Guide

🔒 This second part of the guide examines three AWS file‑sharing mechanisms — CloudFront signed URLs, an Amazon VPC endpoint service backed by a custom application, and S3 Access Points — contrasting their security, cost, protocol, and operational trade‑offs. It highlights CloudFront’s edge caching and WAF/Shield integration for low‑latency public delivery, PrivateLink for fully private TCP connectivity, and Access Points for scalable IAM‑based S3 access control. The post emphasizes choosing or combining solutions based on access patterns, compliance, and budget.

Public Exposure of Tetrad Consumer Data Sets in S3

🔓 UpGuard Research discovered a publicly accessible Amazon S3 bucket containing detailed consumer data attributed to Tetrad, including files derived from Experian Mosaic, Claritas/PRIZM, and client-supplied datasets covering over 120 million U.S. household records. The exposure included full names, addresses, gender, Mosaic codes, and retailer account and purchase information. UpGuard notified Tetrad in early February and, after repeated contact, the company removed public access and secured the bucket. The dataset's breadth raises significant privacy and targeted-risk concerns for individuals and communities.

Exposed NGA Data Linked to Booz Allen S3 Misconfiguration

🛡️ UpGuard analyst Chris Vickery discovered a publicly exposed S3 file repository containing credentials and SSH keys tied to systems used by US geospatial intelligence contractors. The plaintext data included access tokens and administrative credentials that could enable entry to systems handling Top Secret-level data. NGA secured the bucket rapidly after notification; Booz Allen Hamilton responded later. UpGuard preserved the dataset at government request.

GoDaddy AWS Configuration Data Exposed in Public S3

🔓 The UpGuard Cyber Risk Team discovered a publicly accessible Amazon S3 bucket that contained detailed configuration spreadsheets appearing to describe GoDaddy infrastructure running in the AWS cloud. The files included over 24,000 hostnames and 41 configuration fields per system, plus modeled financials and apparent AWS discounting—information useful for targeted attacks or competitive intelligence. GoDaddy closed the exposure after notification; no credentials were found, but the incident highlights the severe consequences of cloud misconfiguration at scale.

Misconfigured NICE Systems S3 Exposed Verizon Customer Data

🔒 A misconfigured Amazon S3 repository administered by NICE Systems exposed names, addresses, account details and PINs tied to Verizon customers; UpGuard estimated up to 14 million affected while Verizon disputed a 6 million figure. The publicly accessible bucket contained daily voice-log files and large text archives with unmasked fields such as PIN and CustCode, alongside call analytics metadata. UpGuard notified Verizon in June 2017 and remediation followed, but the incident underscores the severity of third-party cloud misconfigurations and vendor-managed data risk.