All news with #aws tag

Amazon Aurora adds PostgreSQL minor versions and DDM

🔒 Amazon Aurora PostgreSQL-Compatible Edition now supports minor PostgreSQL releases 17.6, 16.10, 15.14, 14.19, and 13.22. The update introduces Dynamic Data Masking (DDM) for versions 16.10 and 17.6, masking column values at query time via role-based policies without changing stored data. It also adds a shared plan cache and delivers improved performance, faster RTO, and better Global Database switchover behavior. These versions are available in all commercial AWS Regions and AWS GovCloud (US); you can create new clusters or upgrade existing databases through the RDS console.

Years of JSONFormatter and CodeBeautify Credentials Leak

🔒 New research from watchTowr Labs found over 80,000 files saved to online code-formatting tools, exposing thousands of passwords, API keys, repository tokens and other sensitive credentials across government, telecoms, finance, healthcare and critical infrastructure. The datasets comprise five years of JSONFormatter content and one year of CodeBeautify content (about 5GB), and both services used predictable, shareable URLs and a Recent Links page that made mass crawling trivial. Researchers uploaded decoy AWS keys that were abused within 48 hours, and both sites have temporarily disabled save functionality while implementing enhanced content-prevention measures.

AWS Glue: Zero-ETL Replication for Self-Managed Databases

🔁AWS Glue now supports zero-ETL for self-managed database sources, enabling no-code replication from Oracle, SQL Server, MySQL, and PostgreSQL hosted on-premises or on EC2 to Amazon Redshift. The feature auto-creates ongoing integrations to simplify setup, reduce operational overhead, and eliminate much of the engineering work previously required to build ingestion pipelines. It is available in multiple AWS Regions and aims to save teams weeks of engineering effort.

AWS Lambda Adds Node.js 24 Runtime and Container Base

🆕 AWS Lambda now supports creating serverless applications with Node.js 24, available as both a managed runtime and a container base image. AWS will automatically apply updates to the managed runtime and base image as they become available, and the runtime is offered in all Regions including GovCloud (US) and China. The release emphasizes modern async/await handlers and removes callback-based handlers; Lambda@Edge and Powertools for AWS Lambda (TypeScript) are also supported, and standard AWS deployment tools (Console, CLI, SAM, CDK, CloudFormation) can be used to deploy Node.js 24 functions.

Code formatters left 80,000+ secrets exposed publicly

🔓 Researchers at external attack surface management firm watchTowr discovered more than 80,000 JSON snippets saved via JSONFormatter and CodeBeautify's unprotected Recent Links feature, exposing credentials, private keys, tokens, and configuration files. The platforms generated predictable, shareable URLs when users saved snippets and stored them without access controls, allowing anyone to scrape content via the services' APIs. Leaked material spans government, finance, healthcare, telecoms, and other sensitive sectors. watchTowr's Canarytoken test showed attackers accessed planted fake AWS keys after links had expired, indicating active scanning.

Code-formatters leak credentials from major organizations

🔓 Researchers discovered that the code-formatting services JSONFormatter and CodeBeautify exposed more than 80,000 user-saved JSON pastes totaling over 5GB via an unprotected Recent Links feature. The listings and predictable URLs allowed simple crawlers to enumerate and retrieve sensitive data including credentials, API keys, private keys, and PII. The findings show active scraping and confirmed access attempts after uploads expired.

Fluent Bit Bugs Could Enable Complete Cloud Takeover

⚠️ Fluent Bit, a widely deployed log-processing agent used across containers, Kubernetes DaemonSets, and major cloud platforms, contains multiple critical vulnerabilities that can enable authentication bypass, arbitrary file writes, and full agent takeover. Oligo Security, in cooperation with AWS, disclosed five severe flaws impacting in_forward authentication and the tag-handling logic, plus path traversal and buffer-overflow defects. The project has released patches in v4.1.1 and v4.0.12; operators should update and validate configurations immediately to prevent log tampering, telemetry rerouting, and potential remote code execution.

AWS Glue Data Quality Adds Preprocessing Queries Support

🛠️ AWS announces general availability of AWS Glue Data Quality preprocessing queries, enabling transformations before running data quality checks through the Glue Data Catalog APIs. The feature lets you create derived columns, filter datasets, perform calculations, and validate column relationships as part of the quality evaluation. This capability removes separate preprocessing steps, streamlines workflows, and tailors recommendations and rules to specific data subsets across commercial AWS Regions.

AWS Glue Data Quality Adds Rule Labeling for Reporting

🔖 AWS has made AWS Glue Data Quality rule labeling generally available, allowing teams to attach custom key-value labels to data quality rules for better organization and targeted reporting. Labels can represent business context, team ownership, compliance tags, or priority and can be authored in DQDL. Queryable in rule outcomes, row-level results, and APIs, labels enable focused reports and streamlined remediation workflows across all commercial AWS Regions where the service is available.

Amazon Quick Suite: Scheduling for Quick Flows Automation

🕒 Amazon Quick Flows now supports scheduled execution, allowing teams to automate repetitive workflows at specified times or custom intervals. You can configure flows to run daily, weekly, monthly, or on custom schedules and schedule any flow you can access—whether you created it or it was shared with you. Scheduling is set via the Quick Flows scheduling icon and is available now in IAD, PDX, and DUB. There are no additional charges beyond standard Quick Flows usage, and common use cases include recurring report generation, summarizing open items in external services, and producing daily meeting briefings.

Amazon SageMaker Adds EAGLE for Faster Inference Throughput

⚡ Amazon SageMaker AI now supports EAGLE (Extrapolation Algorithm for Greater Language-model Efficiency) speculative decoding to boost large language model inference throughput by up to 2.5x. The capability enables models to predict and validate multiple tokens in parallel rather than one at a time, preserving output quality while reducing latency. SageMaker automatically selects between EAGLE 2 and EAGLE 3 depending on model architecture and provides built‑in optimization jobs using curated or customer datasets. Optimized models can be deployed through existing SageMaker inference workflows without infrastructure changes, and the feature is available in select AWS Regions.

OpenSearch Service Introduces Agentic Search for NLP Queries

🔎 Amazon Web Services has introduced Agentic Search for OpenSearch Service, an agent-driven layer that interprets natural-language intent, orchestrates search tools, and generates OpenSearch DSL queries while providing transparent summaries of its decision process. The built-in QueryPlanningTool uses LLMs to plan and emit DSL, removing the need for manual query syntax. Two agent types are available: conversational agents with memory and flow agents optimized for throughput. Administrators can configure agents via APIs or OpenSearch Dashboards, and Agentic Search is supported on OpenSearch Service version 3.3+ across AWS Commercial and GovCloud regions.

SageMaker AI Inference Adds Bidirectional Streaming

🎙️ Amazon SageMaker AI Inference now supports bidirectional streaming, enabling real-time speech-to-text transcription that returns partial transcripts while audio is still being captured. Using the new Bidirectional Stream API, clients open an HTTP/2 connection to the SageMaker AI runtime, which automatically creates a WebSocket to your model container so audio frames and interim transcripts flow continuously. Any container that implements a WebSocket handler per the SageMaker AI contract works out of the box, allowing real-time models such as Deepgram to run without modification. The feature eliminates weeks or months of custom streaming infrastructure work so teams can focus on model accuracy, latency tuning, and agent behavior.

AWS Service Quotas: Automatic Quota Management Launch

🚀 AWS announced general availability of automatic quota management in Service Quotas. The feature sends configurable notifications (email, SMS, Slack) via the Service Quotas console or API when usage approaches allocated limits and can automatically and safely adjust service quota values in response to observed consumption. This reduces operational overhead from tracking and requesting quota increases across accounts and Regions and helps prevent unexpected interruptions. The capability is available at no additional cost in all AWS commercial regions.

Amazon CloudFront Adds mutual TLS Authentication Now

🔒 Amazon CloudFront now supports mutual TLS (mTLS), enabling both server and client authentication with X.509 certificates at AWS edge locations. Customers can require trusted client certificates to access distributions, reducing unauthorized access to APIs and applications. Typical uses include secure B2B API integrations and IoT device authentication. mTLS is available at no additional cost and configurable via Console, CLI, SDK, CDK, and CloudFormation.

AWS IoT Core: Retrieve Thing Registry Data via Rules

🔧 AWS IoT Core now supports dynamic retrieval of thing registry data directly within IoT rules using the new get_registry_data() inline rule function. You can access device attributes, device type, and group membership to filter, enrich, and route messages — for example, routing lifecycle events or enriching gateway messages with sensor thresholds. The feature is available in all AWS regions where AWS IoT Core is present and can be used immediately via the IoT developer guide and API.

AWS OpenSearch Service adds PPL and natural language

🔍 Amazon OpenSearch Service now makes Piped Processing Language (PPL) and natural language the default experience in the OpenSearch UI Observability workspace. The release introduces 35+ new commands for deep analysis, faceted exploration, and natural-language querying, and integrates OpenTelemetry ingestion pipelines to simplify onboarding. Users can run enterprise-grade queries, correlate events, and move directly from query to visualization to reduce mean time to detect and resolve issues.

Fluent Bit Vulnerabilities Threaten Cloud and Kubernetes

⚠️ Researchers disclosed five vulnerabilities in Fluent Bit, the open-source telemetry agent, that can be chained to bypass authentication, write or overwrite files, execute code, corrupt logs, and cause denial-of-service conditions. CERT/CC noted many issues require network access, and fixes were released in Fluent Bit 4.1.1 and 4.0.12 with AWS participating in coordinated disclosure. Operators are urged to update immediately and apply mitigations such as avoiding dynamic tags, mounting configs read-only, and running the agent as a non-root user.

Amazon Quick Suite Embedded Chat Now Generally Available

💬 AWS announced general availability of Amazon Quick Suite Embedded Chat, a ready-made conversational AI you can embed into applications via one-click embedding or API-based iframes. The agent unifies structured data and unstructured knowledge in a single conversation so users can reference KPIs, pull file details, check customer feedback, and trigger actions without leaving the app. Connectors include SharePoint, websites, Slack, and Jira, and enterprises retain control over data access and action scopes. Embedded Chat is available in select Regions with no additional charge beyond existing Quick Suite pricing.

Amazon Connect flow modules: custom IO and versioning

🧩 Amazon Connect flow modules now support custom inputs, outputs and branching logic, plus advanced versioning and alias management. You can define flexible parameters for reusable modules—for example, an authentication module that accepts a phone number and PIN and returns customer name and authentication status with branches like authenticated or not authenticated. Immutable version snapshots and alias mapping let teams update module implementations while flows referencing an alias automatically use the new version, simplifying maintenance and reuse.