< ciso
brief />
Tag Banner

All news with #aws tag

2299 articles · page 17 of 115

Introducing the AWS Customer Incident Response Team

🔒 The AWS Customer Incident Response Team (CIRT) is a 24/7 global team that helps customers during active security events affecting the customer side of the Shared Responsibility Model. The team analyzes AWS service logs and the control plane using sources like AWS CloudTrail, VPC Flow Logs, and GuardDuty, provides triage and containment guidance, and recommends follow-up actions. AWS also publishes tools, workshops, and the Threat Technique Catalog for AWS (TTC) to help customers prepare and detect recurring tactics and techniques.
read more →

RDS Multi-AZ adopts ENA Express for replication

🚀 Amazon RDS Multi-AZ instances now use ENA Express to accelerate cross-AZ replication traffic. ENA Express leverages AWS's Scalable Reliable Datagram (SRD) protocol to deliver up to 25 Gbps single-flow bandwidth, improve congestion control and multi-pathing, and reduce latency variability for synchronous replication. This enhancement increases write throughput and lowers write latencies for write-intensive workloads and is available at no extra charge for several RDS engines across numerous regions. To enable on existing instances, perform a start-stop or scale compute action and consult the user guide for supported instance types.
read more →

Well‑Architected Software Supply Chain Best Practices

🔒 This AWS Security blog post outlines best practices for defending against software supply chain attacks, motivated by recent npm incidents like Shai‑Hulud and axios. It emphasizes reducing long‑lived credentials by using temporary credentials (AWS CLI login, IAM Identity Center, OIDC) and centralizing secrets with AWS Secrets Manager or Systems Manager Parameter Store. The article advocates layered defenses including MFA, multi‑approver workflows, artifact signing with AWS Signer, central package repositories using CodeArtifact, image scanning with Amazon Inspector, and provenance attestations for npm packages.
read more →

AWS VPC IPAM adds tagging for allocations

🛈 Amazon VPC IP Address Manager (IPAM) now supports tags on IPAM pool allocations, letting customers organize, govern, and control access to individual IP address allocations using existing tagging workflows. Tags can be applied at creation or added to existing allocations and referenced in AWS Identity and Access Management and Service Control Policies for centralized governance. Administrators can enforce environment-based allocation controls and teams can search and filter allocations by tag across accounts. The feature is available in all AWS Regions where IPAM is supported at no additional cost.
read more →

AWS Glue Data Catalog Client Adds Hive 3 Support

🔧 The AWS Glue Data Catalog Client for Apache Hive Metastore now supports Hive 3 and can discover multiple catalogs in the Glue Data Catalog. This open-source reference implementation enables Hive-compatible clients to list and read multiple catalogs and serves as a foundation for customers and partners to build their own integrations. See the announcement for details on using the client.
read more →

AWS Transform adds advanced migration assessment tools

🔍 AWS Transform now includes enhanced migration assessment capabilities that support what-if scenarios, customizable assumptions, flexible file formats, and expanded TCO assessment features. These updates enable rapid building of migration business cases and faster decision-making. The tool accepts inputs from RVTools, CMDBs, AWS discovery exports, and many third-party discovery tools. New analysis options cover EC2, FSx, S3, SQL Server on EC2, virtual desktops, and additional Cloud Value Framework pillars.
read more →

AWS Security Agent adds verification scripts

🔐 AWS Security Agent now generates verification scripts for penetration test findings to help teams reproduce and validate discovered vulnerabilities. The tool creates ready-to-run scripts for each confirmed finding that include setup instructions, documented environment variables, and redacted sensitive values. Teams download the script, configure variables, and execute it against targets to streamline triage and speed remediation. Verification scripts are available in all Regions where AWS Security Agent is supported.
read more →

Amazon GameLift Streams adds G6e stream class

🎮 Amazon GameLift Streams has introduced Generation 6e (G6e) stream classes, delivering enhanced GPU performance for streaming graphically demanding games and applications. The G6e classes use EC2 G6e instances with NVIDIA L40S Tensor Core GPUs and 3rd gen AMD EPYC processors, offering 2x GPU memory and up to 2.9x faster GPU memory bandwidth versus standard Gen6 classes. Two variants — gen6e_pro and gen6e_pro_win2022 — provide a full dedicated NVIDIA L40S GPU with 48 GB memory, suited for AAA-quality streaming at high resolutions. G6e stream classes are available in select AWS Regions including US East, US West, Europe, and Asia Pacific.
read more →

Amazon WorkSpaces adds Linux WorkSpace migration

🔄 Amazon WorkSpaces now supports WorkSpace Migration for all Linux operating systems offered by the service, enabling seamless migration between Linux OS versions and distributions. The feature automatically transfers user data from a Linux WorkSpace’s home directory to the new WorkSpace, removing the need for manual data copying. Supported in AWS commercial and AWS GovCloud (US) Regions where WorkSpaces Personal is available, the capability helps streamline OS upgrades and migrations without disrupting end users.
read more →

Amazon Keyspaces expands to Malaysia and Thailand

🚀 Amazon Keyspaces (for Apache Cassandra) is now available in the Asia Pacific (Malaysia) and Asia Pacific (Thailand) Regions, enabling customers to build Cassandra-compatible applications with lower latency and keep data within the Region to meet residency requirements. The managed, serverless service offers virtually unlimited throughput and storage while customers pay only for used resources. These Regions provide the same features as other AWS Regions, including point-in-time recovery, Multi-Region replication, CDC streams, and IPv6 support, reducing operational overhead of running Cassandra clusters.
read more →

AWS Clean Rooms adds mutable payment controls

🔒 AWS Clean Rooms now supports mutable, fine-grained payment configurations that let collaboration members flexibly assign payment responsibilities. Customers can designate which partners are authorized to pay for specific cost types—such as SQL queries, PySpark jobs, ML training and inference, and synthetic data generation—after a collaboration is created. Authorized payers can be added or removed via change requests that require member approval; SQL and PySpark analyses may have multiple payers and one can be chosen at submission.
read more →

CloudWatch Logs Insights adds new query capabilities

🔍 Amazon CloudWatch Logs Insights query language gains 13 new commands and functions to enhance log querying, transformation, and analysis. New features include string and numeric functions like round, startswith, endswith, case, regex_replace, and haversine, encoding/decoding functions such as urlencode, urldecode, base64encode, base64decode, and parse/analysis commands like parse logfmt, expand, and relevantfields. These additions enable prefix filtering, inline Base64 decoding, logfmt parsing, JSON array expansion, geographic distance calculation, and automatic surfacing of relevant fields across high-cardinality groups.
read more →

Amazon EMR adds Apache Spark 4.0.2 support

🚀 Amazon EMR now supports Apache Spark 4.0.2 across all deployment models, adding ANSI SQL and VARIANT data type support to simplify data pipelines. The release enables fine-grained access control (FGAC) for read and write operations on Lake Formation registered tables and adopts Apache Iceberg v3 for stronger transaction guarantees and lineage tracking. Enhanced streaming capabilities improve stateful processing and monitoring for real-time applications.
read more →

AWS Completes S&P Global KY3P Assessment Report

🔒 AWS has completed the S&P Global Know Your Third Party (KY3P) assessment to validate its security posture and help customers reduce supplier due diligence. The KY3P assessment is evidence-based and evaluates operation of controls across privacy, network, access, and physical security domains. Results can be mapped to frameworks such as NIST CSF v2, PCI DSS 4.0, and ISO 27001:2022 to provide customers with standardized risk data and improved visibility into supply chain risks.
read more →

SageMaker Unified Studio automates Glue connector provisioning

🔧 Amazon SageMaker Unified Studio now automatically creates Glue connections across subnets to enable job retries when a primary subnet becomes unavailable. Administrators define a domain VPC with multiple private subnets and the system provisions connectors for new projects so retries can run on alternate subnets without manual intervention. This reduces unplanned data-pipeline downtime and helps meet SLAs across AWS Regions where SageMaker Unified Studio is available.
read more →

SageMaker Inference Adds OpenAI-Compatible APIs

🧩 Amazon SageMaker Inference now supports OpenAI-compatible APIs, enabling existing tools and frameworks like the OpenAI SDK, LangChain, and Strands Agents to connect directly to SageMaker endpoints. Switching requires only changing an endpoint URL, with no custom integration code or SDK wrappers. You can continue using your current authentication approach while choosing GPU instances, keeping data in your VPC, running open source or fine-tuned models, and leveraging auto-scaling policies. This capability is available today across multiple AWS regions with AWS credentials and automatic token refresh for production use.
read more →

Automating identity lifecycle with AWS Directory APIs

🔒 AWS Managed Microsoft AD now supports CRUD operations on users and groups through the Directory Service Data APIs, accessible via the AWS CLI, APIs, and Management Console. This enables automation of identity lifecycle management and tighter security controls by integrating with services like Amazon GuardDuty, AWS Step Functions, and Amazon EventBridge. The blog demonstrates a practical workflow that detects unusual AD user behavior and triggers automated remediation such as disabling accounts and notifying stakeholders.
read more →

Amazon Bedrock adds request-level usage attribution

🛈 Amazon Bedrock now supports request-level usage attribution on the InvokeModel and InvokeModelWithResponseStream APIs, enabling customers to tag individual model inference calls with attributes such as team, project, and environment. This capability extends existing attribution options like application inference profiles, IAM principal attribution, project-level tracking on bedrock-mantle, and workspace tracking for Anthropic Claude models. Customers can enable model invocation logging in their AWS Region and include metadata in requests to analyze usage in Bedrock model invocation logs. The feature is available in all AWS commercial Regions where Amazon Bedrock is offered.
read more →

Why Amazon Bedrock AgentCore Chose Cedar Policies for Agents

🔒 Amazon explains how AgentCore Gateway enforces a centralized authorization layer between autonomous agents and external tools, treating the LLM as an untrusted actor. Policies are expressed in the open-source Cedar language for readability, bounded execution, and mathematical analyzability, enabling deterministic enforcement and formal verification during policy authoring and attachment. A neuro-symbolic workflow translates natural-language rules into Cedar, validates them with Cedar Analysis, and enforces decisions at runtime to constrain tool invocations and filter unavailable actions.
read more →

AWS Deadline Cloud adds job attachment browsing

🎯 AWS Deadline Cloud now lets users browse job attachment files directly within the Deadline Cloud monitor. The fully managed render management service handles uploads and downloads via Amazon S3, and the new capability shows files organized as inputs and outputs. Users can view attached assets in the browser or desktop monitor and download individual files without retrieving all job outputs.
read more →