All news with #aws tag

Amazon Inspector: Org-wide Management via AWS Organizations

🔒 Amazon Inspector can now be enabled, configured, and managed centrally across your AWS Organization using a new Inspector policy type in AWS Organizations. Administrators designate a delegated admin, enable the Inspector policies policy type, and create policies that specify scan types (Amazon EC2, ECR, Lambda standard, Code Scanning, Code Security) and Regions. Once attached to a root, OU, or account, the policy automatically enables Inspector for all covered accounts — including new accounts that join or move into covered OUs — ensuring consistent vulnerability scanning coverage and reducing operational overhead.

Fortinet Adds AI-Driven Managed IPS Rules for AWS Cloud

🔒 Fortinet is an official launch partner for third-party rules on AWS Network Firewall, introducing Fortinet Managed IPS Rules powered by FortiGuard AI-Powered Security Services. The managed service uses AI/ML from FortiGuard Labs to automatically translate global threat telemetry into continuously updated IPS rules, removing manual tuning and improving detection timeliness. Deployment is fast via AWS Marketplace and integrates natively with AWS Network Firewall, helping teams scale protection across cloud workloads while supporting compliance objectives.

AWS NAT Gateway Adds Regional Availability Mode Across AZs

📢 Amazon Web Services (AWS) has introduced a regional availability mode for NAT Gateways, enabling a single NAT Gateway to automatically expand and contract across Availability Zones within your VPC. A regional NAT Gateway does not require a public subnet and removes the need to create or delete AZ-specific NATs or edit route tables when workloads shift. The feature supports Amazon-provided IPs and bring your own IP (BYOIP) and is available in all commercial AWS Regions except AWS GovCloud (US) and the China Regions.

AWS launches RISP Group Sharing for org-level cost control

💼 AWS announced general availability of Reserved Instances and Savings Plans (RISP) Group Sharing, a Billing and Cost Management feature that gives organizations granular control over how commitments are distributed across accounts and business units. Administrators create groups using AWS Cost Categories and choose Prioritized or Restricted sharing to align savings or enforce isolation. The feature is available in all Regions except AWS GovCloud (US) and China and can be enabled from Billing preferences.

Amazon EKS Adds Enhanced Container Network Observability

🔍 Amazon EKS now delivers enhanced container network observability with granular, network-related metrics and integrated console visualizations to help teams monitor and troubleshoot Kubernetes networking on AWS. Powered by Amazon CloudWatch Network Flow Monitor, the capabilities reveal cross-AZ flows, top-talkers, retransmissions, and retransmission timeouts for faster root cause analysis. Teams can ingest metrics into their preferred observability stacks and use the console views to eliminate blind spots during incidents. These features are available in all commercial Regions where CloudWatch Network Flow Monitor is offered.

AWS Secrets Manager: Managed External Secrets Launch

🔐 AWS Secrets Manager introduces managed external secrets, a default-enabled feature that automates rotation for third-party SaaS credentials using provider-supported rotation strategies. The service removes the need to build and maintain rotation Lambda functions by enforcing a vendor-prescribed secret format and offering multiple rotation approaches. An onboarding guide enables any SaaS provider to join as a partner and publish prescriptive rotation guidance. At launch, the feature lists Salesforce, BigID, and Snowflake, and is available in all Regions where Secrets Manager operates.

Amazon DynamoDB Adds Multi-Attribute Composite Keys to GSIs

🆕 Amazon DynamoDB now supports composite primary keys composed of up to eight attributes in global secondary indexes. Partition and sort keys can each include up to four attributes, removing the need to create synthetic concatenated keys and perform backfills. Multi-attribute keys improve data distribution and uniqueness while enabling left-to-right filtering on sort key attributes. The capability is available at no extra cost across all AWS Regions and can be created via the Console, CLI, SDKs, or API.

Amazon Bedrock Guardrails Expand Code-Related Protections

🔒 Amazon Web Services expanded Amazon Bedrock Guardrails to cover code-related use cases, enabling detection and prevention of harmful content embedded in code. The update applies content filters, denied topics, and sensitive information filters to code elements such as comments, variable and function names, and string literals. The enhancements also include prompt leakage detection in the standard tier and are available in all supported AWS Regions via the console and APIs.

AWS Network Firewall Adds Managed Rules from AWS Partners

🔒 AWS Network Firewall now supports managed rule groups from AWS Partners, enabling customers to deploy partner-maintained, automatically updated security rules directly into firewall policies. You can subscribe and deploy these pre-configured rule groups via the AWS Network Firewall console or through AWS Marketplace, with consolidated billing and potential long-term pricing benefits. Available sellers include Check Point, Fortinet, Infoblox, Lumen, Rapid7, ThreatSTOP, and Trend Micro in all AWS commercial regions where the services are offered.

AWS PrivateLink Adds Cross-Region Connectivity for Services

🔒 AWS now enables native cross-region connectivity for AWS PrivateLink, allowing Interface VPC endpoints to reach supported AWS services hosted in other Regions within the same partition. Service consumers can access S3, Route 53, ECR and more via private IPs in their VPCs without cross-region peering or traversing the public internet. This simplifies global private networking and supports data residency and security requirements.

AWS Cost Optimization Hub Adds Cost Efficiency Metric

📈 AWS has introduced a Cost Efficiency metric in the AWS Cost Optimization Hub to help organizations measure the percentage of cloud spend that can be optimized. The metric divides aggregated estimated monthly savings from rightsizing, idle, and commitment recommendations by optimizable spend and refreshes daily. It surfaces trend data so teams can benchmark performance, set cost-savings goals, and observe improvements or regressions as resources are changed. Cost Efficiency is available in all Regions where the hub is supported and setup guidance is provided in the user guide and accompanying blog.

Amazon ECS Managed Instances: Configurable Scale-In Delay

🚀 Amazon ECS Managed Instances now lets you configure a scale-in delay so you can better align instance terminations with workload patterns and business requirements. You can set the scaleInAfter parameter to any value up to 60 minutes, or set it to -1 to disable automatic infrastructure optimization and allow instances to remain until they are patched after 14 days. Configure scaleInAfter when creating or updating an ECS Managed Instances capacity provider via the ECS API, console, SDKs, CDK, or CloudFormation. This capability is available in all commercial AWS Regions and helps teams balance cost optimization against availability.

AWS Site-to-Site VPN: New VPN Concentrator for Multi-site

🔒 AWS Site-to-Site VPN introduces VPN Concentrator, a managed feature that simplifies multi-site connectivity for distributed enterprises. It enables customers to aggregate up to 100 low-bandwidth remote sites (recommended for deployments of 25+ sites, each under 100 Mbps) behind a single attachment to AWS Transit Gateway. The concentrator reduces operational overhead, improves bandwidth utilization, and lowers per-site VPN costs.

AWS Introduces E-Invoice Delivery for Ariba, Coupa

📥 AWS announced general availability of its new E-Invoice delivery capability that lets customers connect their SAP Ariba and Coupa procurement portals to AWS to retrieve purchase orders and deliver PO-matched invoices back on the same day. Customers can onboard via the AWS Billing and Cost Management console and track invoice delivery status in both systems. The feature is available in all AWS Regions except GovCloud (US) and the China regions. This streamlines invoice processing and reduces manual reconciliation.

AWS CloudFormation Language Server Brings IDE Intelligence

🛠️ The new AWS CloudFormation Language Server brings context-aware authoring, validation, and drift-aware deployment views into supported IDEs through the AWS Toolkit. It provides auto-complete, schema validation, policy checks via CloudFormation Guard, and deployment validation directly within the editor. The Language Server flags invalid resource properties, missing IAM permission requirements, and configuration drift so developers can detect syntax, permission, and configuration issues before deployment and move safely from design to production.

Cloudflare Outage Highlights Risks of Single-Vendor Reliance

🔍 An intermittent outage at Cloudflare on Nov. 18 briefly disrupted many major websites and forced some customers to pivot DNS and routing to preserve availability. Those provisional workarounds may have exposed origin infrastructure by bypassing edge protections such as WAFs and bot management. Security teams should review OWASP-related logs, emergency DNS changes, and any ad hoc services or devices introduced during the outage. The incident underscores single-vendor risk and the need for formal fallback plans.

Amazon API Gateway Adds Enhanced TLS Security Policies

🔐 Amazon API Gateway now supports enhanced TLS security policies for REST APIs and custom domain names, giving customers more granular control over encryption, cipher selection, and endpoint access. Policy options include TLS 1.3-only, Perfect Forward Secrecy, FIPS-compliant cipher suites, and Post Quantum Cryptography choices. The update, available in many AWS commercial Regions, aims to simplify compliance with stricter regulations and strengthen cryptographic posture.

AWS launches EC2 M7i instances in Europe (Zurich) region

🚀 Amazon Web Services has launched Amazon EC2 M7i instances in the Europe (Zurich) region, powered by custom 4th Gen Intel Xeon Scalable processors (Sapphire Rapids) available only on AWS. M7i delivers up to 15% better performance over comparable x86-based Intel processors and up to 15% improved price-performance versus M6i. Instances scale to 48xlarge and include two bare-metal sizes with built-in Intel accelerators that offload data operations and optimize CPU-bound workloads.

AWS enables console sign-in credentials for CLI and SDK

🔐 AWS now permits developers to use their existing AWS Management Console sign-in credentials for programmatic access via the AWS CLI, AWS Tools for PowerShell, and AWS SDKs after a brief browser-based authentication flow. The aws login command in AWS CLI v2.32.0 and later obtains automatically rotated, short-lived credentials to reduce reliance on long-term access keys. This capability is available in all commercial AWS regions and aims to streamline local development setup while improving security posture.

AWS Marketplace Adds A2A Server Support for AgentCore

🛠️ AWS Marketplace now supports Agent-to-Agent (A2A) servers and streamlined deployment for third-party AI agents built for Amazon Bedrock AgentCore Runtime. The update pre-populates required environment variables in the AgentCore console and adds AWS CLI instructions within Marketplace listings so customers can procure and deploy A2A servers directly. AWS Partners can list A2A and MCP servers and containerized AgentCore Runtime products, define vendor launch configurations, and enable flexible pricing (including free API-based SaaS) to accelerate onboarding. These capabilities reduce deployment complexity and add protocol flexibility to meet diverse customer needs.