All news with #aws tag

CloudWatch Container Insights: Sub-Minute GPU Metrics

🔍 Amazon CloudWatch Container Insights now supports configurable sub-minute GPU sampling for Amazon EKS, enabling GPU metrics to be collected at a per-second sample rate and aggregated to CloudWatch once per minute. This enhancement gives teams finer visibility into short-lived AI/ML inference and GPU-intensive workloads, helping to optimize resource utilization, troubleshoot performance issues, and improve operational efficiency for containerized GPU applications. The feature is available in all AWS Commercial Regions and AWS GovCloud (US) Regions at no additional cost.

EC2 Fleet Adds Encryption Attribute for ABIS Selection

🔐 Amazon EC2 Fleet now supports an encryption attribute for Attribute-Based Instance Type Selection (ABIS). You can set RequireEncryptionInTransit in InstanceRequirements to limit launches to instance types that support encryption-in-transit, addressing compliance with VPC Encryption Controls in enforced mode. The GetInstanceTypesFromInstanceRequirements (GITFIR) API previews eligible instance types. The feature is available in all AWS commercial and GovCloud (US) Regions. To start, set RequireEncryptionInTransit=true when calling CreateFleet or GITFIR.

API Gateway Adds Private ALB Integration for REST APIs

🔗 Amazon API Gateway REST APIs now support private integration with Application Load Balancer (ALB), enabling direct inter‑VPC connectivity to internal ALBs. This removes the previously required Network Load Balancer hop, which can reduce latency and simplify deployments. The integration brings Layer 7 capabilities — such as HTTP/HTTPS health checks, advanced request‑based routing, and native container service alignment — while retaining NLB-based layer‑4 options.

AWS Lambda lowers Kafka ESM costs with Provisioned mode

⚡ AWS announces enhancements to Lambda's Provisioned mode for Kafka event source mappings, enabling grouping of ESMs and higher density of event pollers to reduce costs by up to 90% for low-throughput workloads. Each Event Poller Unit (EPU) still provides 20 MB/s but now defaults to 10 pollers per EPU and supports shared capacity via the new PollerGroupName parameter. Changes are available today across AWS Commercial Regions and can be configured via API, CLI, Console, SDK, CloudFormation, or SAM.

CloudWatch Console Adds Automated Agent Management

⚙️ Amazon CloudWatch now provides an in-console experience for automated installation and configuration of the CloudWatch agent on EC2 instances. The new UI surfaces agent status across your EC2 fleet, automatically detects supported workloads, and uses CloudWatch observability solutions to recommend monitoring configurations. Customers can deploy agents with one-click installs or create tag-based policies for automated fleet-wide management, including for auto-scaled instances, reducing setup time from hours to minutes.

AWS Backup Adds Support for FSx Intelligent-Tiering

🔒 AWS Backup now supports Amazon FSx Intelligent-Tiering, enabling centralized protection for FSx for Lustre and FSx for OpenZFS file systems. The Intelligent-Tiering storage class delivers fully elastic file storage that automatically scales with workloads while optimizing costs through pay-for-what-you-use elasticity. Existing Amazon FSx backup plans continue to run without modification. Support is available in all Regions where FSx Intelligent-Tiering is offered, and you can manage protections from the AWS Backup console.

AWS Landing Zone Accelerator: Universal Configuration

🔒 AWS has released the Landing Zone Accelerator on AWS sample security baseline called the Universal Configuration, designed to deploy a secure, multi-account environment rapidly. It encodes AWS Well‑Architected security best practices and automates hundreds of controls to accelerate compliance for regulated workloads. The release is paired with the LZA Compliance Workbook on AWS Artifact, which maps technical controls to frameworks such as NIST, ISO, HIPAA, and CMMC.

Amazon Connect Adds Persistent Agent Connection Feature

📞 Amazon Connect now supports a persistent agent connection that keeps an open channel between agents and the service after a call ends. Administrators can enable the feature per agent profile to reduce customer connect time and help meet telemarketing compliance such as the U.S. Telephone Consumer Protection Act (TCPA) for outbound campaigns. The capability is available in all Amazon Connect regions and carries no additional charge beyond standard Amazon Connect usage and telephony fees.

Transfer Data Across AWS Partitions with Roles Anywhere

🔐 AWS outlines replacing cross-partition IAM user keys with IAM Roles Anywhere to securely transfer data between AWS partitions. The post explains partition isolation (Commercial, GovCloud, China), why long-lived access keys are discouraged, and how IAM Roles Anywhere uses X.509 certificates and temporary credentials. It also covers using an external CA or AWS Private CA to issue and manage certificates for workloads.

AWS Tag Policies: Validate and Enforce Required Tags

🔒 AWS Organizations Tag Policies introduces Reporting for Required Tags, a validation check that ensures IaC deployments include mandatory tags. You define a tag policy specifying required keys and enable validation for CloudFormation, Terraform, or Pulumi workflows. Validation is implemented by activating the AWS::TagPolicies::TaggingComplianceValidator Hook in CloudFormation, adding plan-time checks in Terraform, or enabling the aws-organizations-tag-policies policy pack in Pulumi. The feature is available via the AWS Management Console, AWS CLI, and AWS SDK in supported Regions.

AWS DMS Schema Conversion Adds SAP ASE to PostgreSQL

🤖 AWS Database Migration Service (DMS) Schema Conversion now supports conversions from SAP Adaptive Server Enterprise (ASE) to both Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL. The integrated generative AI capability helps automatically translate complex database code such as stored procedures, functions, triggers, cursors, and other ASE-specific constructs that traditionally require manual conversion. Schema Conversion also provides detailed assessment reports to help migration teams plan, estimate effort, and reduce risk when executing migrations to PostgreSQL-compatible managed databases on AWS.

AWS Recycle Bin Extends Support to EBS Volumes Now

♻️ Recycle Bin for Amazon EBS now supports EBS Volumes, allowing you to recover accidentally deleted volumes directly rather than restoring from snapshots. You can create retention rules to protect all volumes or target specific volumes with tags; recovered volumes retain tags, permissions, and encryption and are immediately available at full performance. Volumes in Recycle Bin are billed at standard EBS Volume rates and the capability is available via CLI, SDKs, and the AWS Console across commercial, China, and AWS GovCloud (US) Regions.

Amazon OpenSearch Serverless Adds PrivateLink for Management

🔒 Amazon OpenSearch Serverless now supports AWS PrivateLink for management console access, enabling private connectivity between your VPC and OpenSearch Serverless without traversing the public internet. This allows administrators to create, manage, and configure serverless resources via a private interface endpoint, reducing reliance on public IPs and firewall-only controls. Data ingestion and query operations continue to require OpenSearch Serverless VPC endpoint configuration. PrivateLink is available in regions where the service is offered and will incur additional VPC endpoint charges.

Amazon RDS Adds Multi-AZ for SQL Server Web Edition

🔔 Amazon RDS for SQL Server Web Edition now supports Multi‑AZ deployments, providing web‑focused workloads with built‑in high availability and automated failover to a standby replica in a separate Availability Zone. Customers enable the feature by selecting the Multi‑AZ option when configuring their RDS instance; RDS synchronously replicates data and handles failover automatically. This removes the need to move to more expensive SQL Server editions for HA—check pricing and regional availability in the RDS documentation.

Updating CRLs Privately with AWS Private CA and VPC Delivery

🔒 This AWS Security post explains two approaches to make certificate revocation lists (CRLs) available only to internal systems without exposing the S3 CRL bucket to the public internet. The first approach relocates CRLs by using a custom CDP CNAME and an EventBridge‑triggered Lambda that copies generated CRLs from the ACM Private CA S3 bucket to an internal store, with SNS notifications and example Python code. The second approach confines CRL retrieval inside AWS by using a VPC Gateway S3 endpoint, tightly scoped S3 bucket policies, and private Route 53 DNS so CRLs are resolvable and retrievable only from within the VPC.

AWS Cloud WAN Routing Policy for Traffic Control, Flexibility

🌐 AWS has announced the general availability of AWS Cloud WAN Routing Policy, delivering fine-grained controls to optimize route management and traffic behavior across global wide-area networks. The feature supports route filtering, summarization, and advanced BGP attribute configuration to limit unnecessary route propagation, prevent asymmetric or sub‑optimal paths, and contain reachability blast radius. It also exposes enhanced routing database visibility for faster troubleshooting in complex multi‑path hybrid environments. Routing Policy is available in all Regions where Cloud WAN is offered and can be enabled via the Management Console, CLI, or SDK at no additional charge.

Amazon Braket Adds Per-Device Spending Limits for QPUs

🔒 Amazon Braket now lets customers set per-device spending limits for quantum processing units (QPUs), enabling tighter cost controls and automated validation of task submissions. Tasks that would exceed remaining budgets are rejected at submission, and limits apply only to on-demand QPU tasks—not to simulators, notebook instances, hybrid jobs, or Braket Direct reservation tasks. Available now in all supported AWS Regions at no additional charge, limits can be updated or deleted any time; researchers may also apply for AWS Cloud Credits for Research to offset experiments.

AWS Glue Adds Zero-ETL Support for More SAP Entities

🔄 AWS Glue now provides full snapshot and incremental zero-ETL ingestion for additional SAP entities. The update adds snapshot ingestion for entities without deletion tracking and timestamp-based incremental loads for non-ODP systems, extending existing ODP support. Organizations can ingest SAP data directly into Amazon Redshift or the lakehouse architecture used by Amazon SageMaker, reducing engineering effort and operational complexity. This feature is available in all Regions where AWS Glue zero-ETL is offered.

AWS Offers Microsoft SQL Server 2025 License-Included AMIs

🚀 Amazon EC2 now provides License-Included (LI) AMIs for Microsoft SQL Server 2025, enabling fast deployment of the latest SQL Server release on Windows EC2 instances. These managed images are created and maintained by AWS and default to TLS 1.3 for improved security and performance. AMIs include preinstalled management tools such as AWS Tools for Windows PowerShell, AWS Systems Manager, and AWS CloudFormation, plus network and storage drivers. The images are available in all commercial AWS Regions and AWS GovCloud (US), simplifying provisioning and lifecycle management for enterprise workloads.

ALB Target Optimizer: Per-Target Concurrency Control

🔧 Application Load Balancer now includes Target Optimizer, which enforces a maximum number of concurrent requests per target to align load with processing capacity. You enable it by creating a target group with a target control port and running an AWS-provided agent on each target. The feature can be configured per target group and is available in AWS Commercial, GovCloud (US), and China Regions. Note that enabled target groups consume additional LCUs and may increase costs.