All news with #aws s3 tag

🔁 Amazon S3 Tables now support automatic replication of Apache Iceberg tables across AWS Regions and accounts, duplicating full table structure, snapshots, and metadata to destination buckets. The feature creates read-only replica tables, backfills them to the source's latest state, and continuously monitors for updates while allowing independent snapshot retention and encryption settings per replica. Replicas are queryable with Amazon SageMaker Unified Studio or any Iceberg-compatible engine such as Amazon Athena, Amazon Redshift, Apache Spark, and DuckDB. This capability is available in all Regions where S3 Tables are supported.

📦 Amazon S3 now supports individual objects up to 50 TB, a 10× increase over the previous 5 TB limit. The change applies across all S3 storage classes and AWS Regions, enabling single-file storage of very large assets such as high-resolution video, seismic datasets, and AI training corpora. Use the AWS Common Runtime (CRT) and S3 Transfer Manager in the AWS SDK to optimize uploads and downloads; standard S3 features like S3 Lifecycle and S3 Replication continue to operate on these large objects.

🚀 Amazon S3 Vectors is now generally available, delivering native, purpose-built vector storage and query capabilities in cloud object storage. It supports up to two billion vectors per index, 10,000 indexes per vector bucket, and offers up to 90% lower costs to upload, store, and query vectors. S3 Vectors integrates with Amazon Bedrock, SageMaker Unified Studio, and OpenSearch Service, supports SSE-S3 and optional SSE-KMS encryption with per-index keys, and provides tagging for ABAC and cost allocation.

⚡Amazon S3 Batch Operations now finishes jobs up to 10x faster and supports jobs that include up to 20 billion objects, accelerating large-scale storage tasks. S3 pre-processes objects, runs operations, and generates completion reports with no extra configuration or cost. Typical uses include copying between buckets, tagging for lifecycle policies, and computing checksums. The upgrade is available in all AWS Regions except China and GovCloud (US).

🗃️ Amazon S3 Tables now support the Intelligent-Tiering storage class to automatically optimize table storage costs based on access patterns, without impacting performance or adding operational overhead. Data not accessed for 30 days moves to the Infrequent Access tier (≈40% lower cost), and after 90 days moves to Archive Instant Access (≈68% lower cost), enabling up to 80% storage savings. Automated table maintenance (compaction, snapshot expiration, unreferenced file removal) does not trigger tiering, and you can select Intelligent-Tiering per table or set it as the default for new tables in a table bucket across all regions where S3 Tables are available.

🔒 Amazon S3 Block Public Access now supports organization-level enforcement via AWS Organizations, enabling centralized standardization of public-access settings across member accounts. When attached at a root or OU the single policy configuration propagates to existing and new accounts, or it can be targeted to specific accounts for granular control. Policy attachment and enforcement are auditable through AWS CloudTrail, and the feature is available in the console and via CLI/SDK in supported regions at no additional charge.

🔍 Amazon S3 Metadata is expanding to twenty-two additional AWS Regions, bringing automated, queryable object and custom metadata closer to more customers. The feature automatically populates metadata for both new and existing objects in near real-time and supports system-defined details (size, source) and user-defined tags such as product SKUs or transaction IDs. This expansion makes S3 Metadata generally available in 28 Regions and enables faster data discovery, curation, and analytics inside existing S3 workflows.

🔐 A Trend Micro report warns that ransomware groups are shifting from on-premises targets to cloud object storage, particularly AWS S3, by abusing integrated encryption and key management. Attackers probe configurations from AWS-managed KMS keys to customer-provided and external key stores to encrypt or irreversibly lock data. The report urges hardening S3 settings, enforcing least privilege, enabling versioning and Object Lock, and isolating backups.

🔐 A Trend Micro analysis warns ransomware actors are increasingly targeting cloud storage by abusing AWS-native encryption and key management to render S3 data unrecoverable. Attackers probe buckets with disabled versioning or Object Lock, exploit wide write permissions, and weaponize SSE-KMS, SSE-C, BYOK and XKS to seize control of keys. Researchers recommend least-privilege IAM, enable versioning/Object Lock, isolate backups, and continuously monitor audit logs. An "assume breach" posture and short-lived credentials are urged to limit impact.

🔒 AWS Transfer Family web apps now support Virtual Private Cloud (VPC) endpoints, enabling private, in‑VPC access to your browser-based S3 file interface at no additional charge. Workforce users can connect through a VPC, AWS Direct Connect, or VPN so that file traffic remains inside your network boundary. Administrators can enforce controls with security groups and subnet-level NACLs, retaining full visibility and control over transfers. Configure and manage endpoints via the Transfer Family console, AWS CLI, or SDK.

🏷️ Amazon S3 now supports attribute-based access control (ABAC) for general purpose buckets, allowing organizations to use bucket tags to automatically manage permissions. Instead of constantly editing IAM or bucket policies, administrators can create policies that reference bucket tags and grant access by adding or modifying tags. Enable ABAC with the S3 PutBucketAbac API and manage tags via TagResource/UntagResource; you can also require tags at bucket creation to enforce standards. The feature is available in all AWS Regions at no additional cost via the Console, REST API, CLI, SDK, and CloudFormation.

🔒 AWS now enables native cross-region connectivity for AWS PrivateLink, allowing Interface VPC endpoints to reach supported AWS services hosted in other Regions within the same partition. Service consumers can access S3, Route 53, ECR and more via private IPs in their VPCs without cross-region peering or traversing the public internet. This simplifies global private networking and supports data residency and security requirements.

🔒 Amazon S3 now provides a bucket-level default encryption configuration to enforce SSE-S3 or SSE-KMS for all write requests, allowing organizations to standardize server-side encryption types across buckets. The PutBucketEncryption API update lets you disable SSE-C on specific buckets or in CloudFormation templates. This capability is available in all AWS Regions and configurable via Console, SDK, API, or CLI. It helps simplify compliance and reduce misconfiguration risk.

🛡️ AWS has updated the Transfer Family Terraform module to support automated malware scanning workflows for files transferred to S3. The module provisions GuardDuty S3 Protection–based scan pipelines, dynamic routing based on results, and threat notifications in a single deployment. It preserves folder structure, allows granular S3 prefix targeting, and helps ensure only verified clean files reach applications and data lakes.

📂 Amazon SageMaker Catalog now supports read and write access to Amazon S3 general purpose buckets, enabling data scientists and analysts to discover, process, and share unstructured data alongside structured datasets. Data publishers can grant read-only or read/write permissions when approving subscriptions or sharing S3 data, allowing processed outputs to be written back to the original bucket or folder. This feature is available in all Regions that support SageMaker Unified Studio and can be accessed via the studio UI, the Amazon DataZone API, SDK, or AWS CLI.

📊 Amazon CloudWatch metrics are now available for S3 Tables, providing visibility into storage, maintenance, and request activity. Metrics include daily storage and object counts, compaction bytes/objects processed, and minute‑level request measurements for operations, data transfer, errors, and latency. You can access these metrics via the CloudWatch console, AWS CLI, or CloudWatch API at the bucket, namespace, and individual table level; they are available in all Regions where S3 Tables is offered.

🔧 Mountpoint for Amazon S3 is now included in Amazon Linux 2023, making it straightforward to install, update, and mount S3 buckets with a single command. Previously, users downloaded the Mountpoint package from GitHub, resolved dependencies, and managed updates manually; inclusion in AL2023 streamlines that workflow. The open source project is backed by AWS and offers 24/7 AWS cloud support for Business and Enterprise Support customers—consult the repository and documentation to get started.

🌐 Amazon now supports Internet Protocol version 6 (IPv6) addresses for S3 Express One Zone gateway VPC endpoints, enabling access over IPv6 or DualStack without additional translation infrastructure. This applies in all Regions where the storage class exists at no extra cost. You can enable IPv6 for new or existing endpoints via Console, CLI, SDK, or CloudFormation. See the S3 User Guide to get started.

🌐 Amazon Web Services now supports IPv6 addresses for AWS PrivateLink Gateway and Interface VPC endpoints for Amazon S3. To enable IPv6 connectivity on new or existing S3 endpoints, set the IP address type to IPv6 or Dualstack; S3 will update route tables for gateway endpoints and provision ENIs with IPv6 for interface endpoints. IPv6 for S3 VPC endpoints is available in all AWS Commercial Regions and AWS GovCloud (US) Regions at no additional cost, and can be configured via the Console, CLI, SDK, or CloudFormation.

🔖Amazon S3 now supports tags on S3 Tables to enable attribute-based access control (ABAC) and cost allocation. Tags can be applied to table buckets and individual tables, letting you manage permissions for users and roles without frequent IAM or resource-policy updates. Tagging is available in all Regions where S3 Tables is offered and can be used via the Console, SDK, API, or CLI. Use tags to simplify governance and track costs.