All news with #aws tag

AWS Service Reference adds SDK operation-to-action mapping

🔐 AWS has expanded its Service Reference Information to map SDK operations to the specific IAM action(s) required to call them. This enables teams to answer questions such as “Which permission is needed for this API operation?” and to retrieve authoritative answers programmatically. You can integrate the data into policy management and automation pipelines to reduce manual effort and keep policies aligned with service updates. The capability is provided at no additional cost.

Identity Failures Now Top Source of Cloud Risk in 2025

🔒 ReliaQuest's Q3 2025 telemetry found identity-related weaknesses were responsible for 44% of true‑positive cloud alerts, including excessive permissions, misconfigured roles and credential abuse. The report warns credentials and cloud keys often appear on crime markets — sometimes for as little as $2 — while 99% of cloud identities are reportedly over‑privileged, enabling stealthy access. It also highlights how rapid DevOps deployments can replicate legacy vulnerabilities and urges adoption of short‑lived credentials, strict least‑privilege controls and CI/CD security automation.

AWS Config Adds 42 New Managed Rules for Governance

🔔 AWS Config has launched 42 new managed rules to help organizations govern security, cost, durability, and operational best practices across AWS environments. You can now search, discover, enable, and manage these rules directly from AWS Config, and apply them account-wide or across an organization, including via Conformance Packs. New checks cover services such as Amazon EKS Fargate, EC2 Network Insights, AWS Glue ML transforms, Amazon Cognito, Lightsail, Amplify, Lambda, RDS, Route53 Resolver, Kinesis Video, and more.

Amazon Bedrock AgentCore Runtime Adds Code Upload Options

🧰 Amazon Bedrock AgentCore Runtime now supports two deployment methods: direct code-zip upload and container-based deployment. Developers can use drag-and-drop code-zip uploads for rapid prototyping or opt for container images when they need custom runtime configurations and dependencies. The serverless, model-agnostic runtime is designed to scale for production while maintaining enterprise security. This capability is available across nine AWS Regions with consumption-based pricing and no upfront costs.

Amazon Connect adds email address aliasing for branding

📧 Amazon Connect now lets organizations configure aliases for email addresses so customers continue to see trusted sender identities when messages are sent or received. For example, forwarding a public-facing address like support@company.com into Amazon Connect Email can preserve the visible sender as support@company.com. The capability is available in multiple AWS regions to simplify email management and maintain a consistent brand experience.

AWS Config Conformance Packs Expand to Five Regions

📣 AWS Config conformance packs and organization-level management are now available in additional Regions: Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Taipei), and Mexico (Central). Conformance packs let you package managed or custom AWS Config rules into reusable bundles for security, operational, or cost-optimization governance and to monitor compliance scores. You can deploy packs via the AWS Config console, AWS CLI, or AWS CloudFormation. Note that pricing is charged per conformance pack evaluation per account and Region.

Amazon RDS for Oracle adds R7i memory-optimized instances

🧠 Amazon RDS for Oracle now offers R7i memory-optimized preconfigured instances powered by custom 4th Gen Intel Xeon Scalable processors, the AWS Nitro System, and DDR5 memory. These instances provide up to a 64:1 memory-to-vCPU ratio and higher storage I/O per vCPU, enabling many Oracle workloads to reduce vCPU counts without performance loss. Available under BYOL for Oracle Database Enterprise Edition and Standard Edition 2, R7i can lower Oracle licensing and support costs while meeting high-performance requirements.

AWS and SANS Whitepaper: AI for Security Guidance Overview

🔒 AWS and SANS released a whitepaper, AI for Security and Security for AI, that examines how organizations can use generative AI safely and defend against AI-powered threats. The paper examines three lenses: securing generative AI applications, using generative AI to improve cloud security posture, and protecting against AI-enabled attacks. It offers practical action items, architecture guidance, and recommendations for responsible AI and human oversight.

CloudWatch Synthetics Adds Multi-Browser Support in GovCloud

🔍 Amazon CloudWatch Synthetics now supports running the same canary scripts across Chrome and Firefox in AWS GovCloud (US‑East, US‑West). You can use Playwright‑based or Puppeteer‑based canaries to collect browser-specific performance metrics, success rates, and visual monitoring results while retaining aggregate health views. This helps teams detect and remediate browser compatibility issues faster.

Amazon Cognito simplifies Machine-to-Machine pricing

🔔 AWS has simplified pricing for Amazon Cognito machine-to-machine (M2M) authentication by removing the M2M app client price dimension. Customers will now be charged only for successful M2M token requests per month instead of both registered app clients and token requests. The change is effective immediately across all supported Cognito regions and is automatic, requiring no customer action. This reduces the cost to build and scale M2M integrations.

CloudWatch Agent Adds NVMe Local Volume Performance Metrics

📈 The Amazon CloudWatch agent can now collect detailed performance metrics for NVMe local volumes attached to EC2 instances, including queue depths, I/O sizes, and device utilization. These metrics mirror the detailed statistics available for EBS volumes, enabling a consistent monitoring experience across storage types. You can create CloudWatch dashboards, set alarms, and analyze trends for NVMe-based instance store volumes, and the capability is available for all local NVMe volumes on Nitro-based EC2 instances in AWS Commercial and AWS GovCloud (US) Regions.

AWS Config Adds 52 New Resource Types Across Key Services

🔔 AWS Config now supports 52 additional AWS resource types across services including Amazon EC2, Amazon Bedrock, and Amazon SageMaker. With recording for all resource types enabled, AWS Config will automatically begin tracking these additions and they are available to Config rules and aggregators. You can monitor the new types in all Regions where supported, expanding discovery, assessment, audit, and remediation coverage.

Mountpoint S3 CSI Driver Adds Observability Metrics

📈 You can now monitor Mountpoint operations in observability tools such as Amazon CloudWatch, Prometheus, and Grafana. Mountpoint emits near real-time metrics (request count, request latency, and error types) over the OpenTelemetry Protocol (OTLP), so you can use the CloudWatch agent or an OpenTelemetry collector to publish metrics and build dashboards. Configure Mountpoint at mount time to stream per-EC2-instance metrics for proactive monitoring and faster troubleshooting.

Amazon Kinesis Data Streams: On-demand Advantage Launch

🚀 Amazon Kinesis Data Streams introduces On‑demand Advantage, letting customers warm on‑demand streams to absorb instant throughput spikes up to 10 GB or 10 million events per second without over‑provisioning. The mode removes the fixed per‑stream charge and offers a simpler usage pricing model with data ingest at $0.032/GB and retrieval at $0.016/GB in US East (N. Virginia). Extended retention costs fall by 77%, and Enhanced fan‑out retrievals are priced the same as shared throughput, making high fan‑out scenarios more economical. On‑demand Advantage requires a minimum billed aggregate of 25 MB/s for both ingest and retrieval at the discounted rates and is available in all AWS regions, including GovCloud (US) and China.

Amazon Route 53 Resolver Adds AWS PrivateLink Support

🔒 Amazon Route 53 Resolver now supports AWS PrivateLink, allowing customers to access and manage Resolver and its associated features privately over the Amazon network rather than the public internet. This private access covers Resolver endpoints, Route 53 Resolver DNS Firewall, Resolver Query Logging, and Resolver for AWS Outposts, with create, delete, edit and list operations handled via PrivateLink. Route 53 Resolver continues to respond recursively for public records, VPC-specific DNS names, and private hosted zones and remains available by default in all VPCs. The capability can be used in regions where Resolver and its features are offered, including AWS GovCloud (US) Regions.

Amazon GameLift Streams Adds AWS Health Lifecycle Alerts

🔔 Amazon GameLift Streams is integrated with AWS Health to send automated lifecycle notifications about aging stream groups. Accounts receive reminders on days 45 and 150 warning that adding new applications will be restricted after day 180, with a final re-creation reminder on day 335 before expiration at day 365. The feature is available in all AWS Regions at no additional cost, and expiration details are visible in the console or via the GetStreamGroup ExpiresAt field.

Amazon Route 53 Resolver Adds AWS PrivateLink Support

🔒 Amazon Route 53 Resolver now supports AWS PrivateLink, enabling private management and access to Resolver and its features without traversing the public internet. Customers can use PrivateLink to reach Resolver endpoints, Route 53 Resolver DNS Firewall, Resolver Query Logging, and Resolver for AWS Outposts over the Amazon network. All operations — create, delete, edit, list — are supported via the private connection in supported regions, including AWS GovCloud.

AWS PrivateLink Adds Native Cross-Region Service Access

🚀 AWS PrivateLink now supports native cross-region connectivity for select AWS services. With this change, Interface VPC endpoints can privately access Amazon S3, Route 53, ECR and other supported services hosted in different Regions of the same AWS partition without cross-region peering or internet exposure. Endpoints present a private IP in your VPC, simplifying secure inter-region connectivity and helping meet data residency requirements. Refer to AWS PrivateLink pricing and documentation for the full list of supported services and Regions.

Amazon DynamoDB Accelerator (DAX) Adds AWS PrivateLink

🔒 Amazon DynamoDB Accelerator (DAX) now supports AWS PrivateLink, allowing cluster management APIs such as CreateCluster, DescribeClusters, and DeleteCluster to be accessed over private IP addresses inside your VPC. Data-plane operations like GetItem and Query were already handled privately within the VPC; this update moves management-plane traffic off the public regional endpoint. The feature is available in all Regions where DAX runs and incurs additional AWS PrivateLink charges.

Amazon Aurora DSQL Adds FIPS 140-3 Compliant Endpoints

🔐 Amazon Web Services announced that Aurora DSQL now supports FIPS 140-3 compliant endpoints, enabling customers to meet federal cryptography requirements when sending requests over public or VPC endpoints. The capability is available beginning Oct 31, 2025, in US East (N. Virginia), US East (Ohio), and US West (Oregon). This update lets organizations contracting with the U.S. federal government use Aurora DSQL for workloads that require a FIPS-validated cryptographic module.