All news with #aws tag

Amazon ECS Service Connect Adds Envoy Access Logs Support

🔍 Amazon ECS Service Connect now captures per-request telemetry with Envoy access logs to improve visibility into service-to-service traffic for tracing, debugging, and compliance. Access logging is enabled via the ServiceConnectConfiguration and emits Envoy logs to STDOUT alongside application logs, flowing through the existing ECS log pipeline without extra infrastructure. Query strings are redacted by default and the feature supports HTTP, HTTP/2, gRPC, and TCP protocols. The capability is available in all regions where Service Connect is supported.

AWS releases AI agent context pack for Greengrass developers

🤖 AWS announced an open-source AI agent context package for AWS IoT Greengrass that provides ready-to-use instructions, examples, and templates to accelerate edge device application development. The package is published on GitHub under the Creative Commons Attribution Share Alike 4.0 license and is designed to integrate with generative AI tools such as Amazon Q. Developers can clone the repository to jumpstart creation, testing, and fleet-wide deployment workflows across supported Regions.

Amazon OCSF Ready Specialization for AWS Partners Program

🔒 Amazon today introduced the Amazon OCSF Ready Specialization to recognize AWS Partners that have technically validated their software to integrate with OCSF-compatible Amazon services and demonstrated customer success in production. The designation helps customers find pre-validated partner solutions that send or receive logs and security events in the OCSF schema, reducing integration complexity. Partners earn AWS Specialization Program benefits and signature support, including private strategy sessions and AWS guest speaker assistance. The specialization replaces and expands the prior Amazon Security Lake Specialization to broaden standardized security data interoperability.

AWS Backup: Single-step Cross-Region Snapshot Copy

🔁 AWS Backup now supports a single-action copy of database snapshots across AWS Regions and accounts for Amazon RDS, Amazon Aurora, Amazon Neptune, and Amazon DocumentDB. This eliminates the previous two-step process and removes the need for intermediate copies, custom scripts, or Lambda automation. The change reduces operational complexity and helps achieve faster RPOs while removing costs associated with intermediate snapshot storage. You can use the feature today via the AWS Management Console, AWS CLI, or AWS SDKs.

AWS Serverless MCP Server Adds ESM Tools for Lambda

🔧 The AWS Serverless Model Context Protocol (MCP) Server now includes specialized tools to configure and manage AWS Lambda event source mappings (ESM), combining AI assistance with ESM expertise. The new toolset—comprising the ESM guidance tool, the ESM optimization tool, and an ESM Kafka troubleshooting tool—translates high-level throughput, latency, and reliability requirements into concrete ESM configurations and generates optimized AWS SAM templates. It also validates VPC network topology for VPC-based event sources and diagnoses common ESM issues to streamline setup, tuning, and troubleshooting workflows.

AWS Cloud Map Adds Cross-Account Support in GovCloud

🔁 AWS Cloud Map now supports cross-account service discovery in AWS GovCloud (US) Regions through integration with AWS Resource Access Manager (AWS RAM). By sharing namespaces, you can allow individual accounts, Organizational Units, or an entire AWS Organization to discover resources such as Amazon ECS tasks, EC2 instances, and DynamoDB tables across accounts. The capability is available now in GovCloud (US-East) and GovCloud (US-West) via Console, API, SDK, CLI, and CloudFormation.

TwelveLabs Marengo 3.0 Now on Amazon Bedrock Platform

🎥 TwelveLabs' Marengo Embed 3.0 is now available on Amazon Bedrock, providing a unified video-native multimodal embedding that represents video, images, audio, and text in a single vector space. The release doubles processing capacity—up to 4 hours and 6 GB per file—expands language support to 36 languages, and improves sports analysis and multimodal search precision. It supports synchronous low-latency text and image inference and asynchronous processing for video, audio, and large files.

Stability AI Image Tools Expanded in Amazon Bedrock

🖼 Amazon Bedrock now offers four new image-editing tools in Stability AI Image Services: Outpaint, Fast Upscale, Conservative Upscale, and Creative Upscale. These additions expand the platform's Edit, Upscale, and Control capabilities, enabling creators to perform targeted edits and resolution enhancements with greater precision. The tools are accessible via the Bedrock API and are initially supported in US West (Oregon), US East (N. Virginia), and US East (Ohio).

Spike in Automated Botnet Attacks Targeting PHP, IoT

🔍 Cybersecurity researchers warn of a sharp rise in automated botnet campaigns targeting PHP servers, IoT devices, and cloud gateways. The Qualys Threat Research Unit says Mirai, Gafgyt, Mozi and similar botnets are exploiting known CVEs, misconfigurations and exposed secrets to recruit vulnerable systems. Attackers leverage active debug interfaces (for example using '/?XDEBUG_SESSION_START=phpstorm'), scan from cloud providers to mask origin, and turn compromised routers and DVRs into residential proxies. Recommended mitigations include prompt patching, removing development tools from production, securing secrets with AWS Secrets Manager or HashiCorp Vault, and restricting public cloud access.

Amazon S3 Adds Conditional Copy Support for Writes

🔐 Amazon S3 now supports conditional copy operations via the CopyObject API, enabling verification of an object's existence or content in the destination bucket before copying. You can supply the HTTP If-None-Match header to ensure the destination object does not exist, or If-Match with an ETag to validate content prior to copy. Administrators can enforce these checks using s3:if-match and s3:if-none-match bucket policy condition keys. This capability is available at no additional charge in all AWS Regions and removes the need for additional client-side coordination or pre-copy validation calls.

Amazon EBS adds per-minute avg IOPS and throughput metrics

📈 Amazon EBS now emits two new per-volume CloudWatch metrics—VolumeAvgIOPS and VolumeAvgThroughput—providing one-minute average I/O and throughput visibility. These metrics are enabled by default at no extra charge for all EBS volumes attached to EC2 Nitro instances in Commercial Regions, including AWS GovCloud (US) and AWS China. Use them to monitor trends, troubleshoot performance bottlenecks, tune provisioned performance, and build dashboards or alarms to automate responses.

AWS Elastic Beanstalk: Corretto 25 with Tomcat 11 on AL2023

🚀 AWS Elastic Beanstalk now supports building and deploying Tomcat 11 applications using Amazon Corretto 25 on Amazon Linux 2023 (AL2023). The platform enables developers to leverage Java 25 and Jakarta EE 11 features such as compact object headers, ahead‑of‑time (AOT) caching, and structured concurrency while benefiting from AL2023’s security and performance improvements. Environments can be created through the Elastic Beanstalk Console, CLI, or API and are generally available in commercial and GovCloud regions.

Amazon EC2 High-Memory U7i-8tb Instances in London

🚀 AWS has launched Amazon EC2 U7i-8tb (u7i-8tb.112xlarge) instances in the Europe (London) region, offering 8 TiB of DDR5 memory and 448 vCPUs for memory-intensive workloads. Powered by custom fourth-generation Intel Xeon Scalable processors (Sapphire Rapids), these 7th-generation instances deliver up to 135% more compute than prior U-1 instances and support up to 100 Gbps for EBS and networking with ENA Express. They are aimed at mission-critical in-memory databases like SAP HANA, Oracle, and SQL Server.

Rise in Attacks on PHP Servers, IoT and Cloud Gateways

🔒 Qualys' Threat Research Unit reports a sharp rise in attacks targeting PHP servers, IoT devices and cloud gateways, driven by botnets such as Mirai, Gafgyt and Mozi exploiting known CVEs and misconfigurations. Researchers highlight active exploitation of flaws like CVE-2022-47945 (ThinkPHP RCE), CVE-2021-3129 (Laravel Ignition) and aging test/debug artifacts such as CVE-2017-9841, while attackers also harvest exposed AWS credentials. Qualys urges continuous visibility, timely patching, removal of debugging tools in production and managed secret stores to reduce risk.

Amazon Web Grounding for Nova Models Now Generally Available

🌐 Web Grounding is now generally available as a built-in tool for Nova models, usable today with Nova Premier via the Amazon Bedrock tool use API. It retrieves and incorporates publicly available information with citations to support responses, enabling a turnkey RAG solution that reduces hallucinations and improves accuracy. Cross-region inference makes the tool available in US East (N. Virginia), US East (Ohio), and US West (Oregon). Support for additional Nova models will follow.

AWS Control Tower Now Available in Asia Pacific (NZ)

🚀 AWS Control Tower is now available in the AWS Asia Pacific (New Zealand) Region, bringing the service to 34 AWS Regions plus the AWS GovCloud (US) Regions. The service simplifies setup and governance of a secure, multi-account AWS environment, enabling a landing zone in 30 minutes or less and centralized visibility into compliance status. Existing customers can extend governance to the new region via the Control Tower settings by selecting regions and updating their landing zone; once applied, governed accounts, managed accounts, and registered organizational units (OUs) will be managed in the new region.

Notable Post-Quantum Cryptography Initiatives 2023

🔐 The article surveys major post‑quantum cryptography (PQC) initiatives from 2023–2025 that aim to prepare governments and industry for an eventual Q‑Day. It highlights NIST's standardization of ML‑KEM, ML‑DSA and SLH‑DSA (with HQC later selected) and vendor adoption by Google, AWS, Microsoft and others, including Chrome's default hybrid key exchange. Collaborative efforts such as the Linux Foundation's PQCA, the PQC Coalition and IETF's PQUIP are creating tooling, guidance and implementations, while agencies and standards bodies provide migration roadmaps and practical advice on crypto agility and hybrid strategies to mitigate "harvest now, decrypt later" risks.

Amazon ElastiCache Adds Dual-Stack IPv6 Service Endpoints

🌐 Amazon ElastiCache now provides dual-stack service endpoints, enabling management of resources over both IPv4 and IPv6. ElastiCache interface VPC endpoints powered by AWS PrivateLink also support dual-stack connectivity. The update, available in all AWS commercial, China, and GovCloud (US) Regions, helps simplify IPv6 migration and compliance without extra charges. This enables staged migrations and modernization while preserving existing IPv4 access.

AWS Offers EC2 I7i Storage-Optimized Instances in GovCloud

🚀 Amazon Web Services has made EC2 I7i storage-optimized instances available in the AWS GovCloud (US-East, US-West) Regions. These instances use 5th-generation Intel Xeon Scalable processors and 3rd-generation AWS Nitro SSDs to deliver up to 23% better compute performance and more than 10% better price performance versus prior I4i instances, along with up to 45 TB of NVMe local storage. I7i is offered in eleven sizes (nine virtual up to 48xlarge and two bare metal) with up to 100 Gbps network and 60 Gbps EBS bandwidth, and supports torn write prevention up to 16KB to reduce database bottlenecks for I/O-intensive, latency-sensitive workloads.

Amazon Kinesis Data Streams: Record Size Raised to 10MiB

📣 Amazon Web Services has increased the maximum record size for Kinesis Data Streams from 1MiB to 10MiB and doubled the maximum PutRecords request size to 10MiB. You can update a stream's maximum record size to 10MiB via the AWS Management Console or the UpdateMaxRecordSize API using the AWS SDK or CLI, and continue using existing Kinesis APIs to publish and consume larger records. AWS Lambda now supports Kinesis payloads up to 6MiB; there are no additional charges beyond standard Kinesis fees. The feature is available in supported regions and AWS provides documentation describing region coverage and downstream handling guidance.