< ciso
brief />
Tag Banner

All news with #aws tag

2299 articles · page 18 of 115

AWS Security Hub Adds Unused Identity Access Detection

🔐 AWS Security Hub now brings identity risk into the same unified console where central security teams manage threats, exposures, and posture findings. It detects unused IAM permissions, roles, and credentials across an AWS organization and correlates those identity findings with exposure context. When enabled, Security Hub automatically creates a service‑linked IAM Access Analyzer in each member account and evaluates 90 days of actual access activity. It also offers on‑demand recommended least‑privilege policies and is included in Security Hub Essentials at no additional cost.
read more →

Amazon DocumentDB 8.0 Serverless Now Available

🚀 Amazon DocumentDB (with MongoDB compatibility) Serverless is now available on DocumentDB 8.0. This on-demand, auto-scaling configuration automatically adjusts capacity based on application demand and can deliver up to 90% cost savings versus provisioning for peak load. DocumentDB 8.0 also offers up to 7x improved query latency, up to 5x better compression, broader MongoDB API compatibility (6.0–8.0), enhanced vector search, and other new features.
read more →

AWS Security Hub Extended Expands Curated Partner Set

🔒 AWS Security Hub Extended adds 21 curated partner solutions across nine security categories, including SentinelOne, CyberArk, Sublime, Varonis, LayerX, Native Security, and Zenity. The plan centralizes procurement, billing, and support with pay-as-you-go pricing, a single AWS bill, automatic Enterprise Discount Program eligibility, unified Level 1 support for Enterprise customers, and no long-term commitments. Findings from participating solutions are emitted in the OCSF schema and aggregated in AWS Security Hub to accelerate cross-domain detection and response.
read more →

SageMaker Unified Studio adds data quality tools

🛠️ Amazon SageMaker Unified Studio now integrates data quality rule authoring and evaluation powered by AWS Glue Data Quality. Data engineers, analysts, and data scientists can define rules, run evaluations, and view results for both data at rest and data in transit. The feature supports catalog table checks and Visual ETL job evaluations to detect issues before they impact analytics or ML workloads.
read more →

Security Hub Extended: A New Product-Led Adoption Model

🔒Security Hub Extended expands AWS Security Hub to include curated partner solutions in a single, unified console. Customers can discover, evaluate, and deploy vendor products with one click and pay-as-you-go pricing on their AWS bill, avoiding lengthy procurement and multi-year commitments. Integrated onboarding, OCSF-normalized findings, and AWS-native correlation surface combined attack paths and risk scoring. The offering launched in February 2026 with an expanding partner ecosystem.
read more →

AWS Introduces ExtendDB: DynamoDB API with Backends

🧩 ExtendDB v0.1 implements the DynamoDB API with pluggable storage backends, enabling developers to run DynamoDB-shaped workloads outside AWS-managed service. The reference backend uses PostgreSQL, and the architecture supports community-contributed adapters. Maintained by AWS under the Apache 2.0 license, ExtendDB targets local development, CI testing, on‑premises deployments, and disconnected edge sites. The project is open on GitHub for contributions.
read more →

AWS Transform adds automated network modernization

🔧 AWS announced that AWS Transform now includes a modernization engine and broad file-format support to streamline network migrations. The engine analyzes and optimizes constructs across naming, sizing, security, and structure while surfacing conflicts with existing VPCs in target accounts, replacing days of manual review with instant guidance. Customers can upload network configuration files in any format for translation into AWS-compatible networks, review and edit mapped VPCs or subnets, and retain control before provisioning.
read more →

AWS Local Zone Now Available in Istanbul, Türkiye Region

🚀 AWS announces general availability of a new AWS Local Zone in Istanbul, Türkiye, bringing compute, storage, networking, and select services closer to end users. The Local Zone supports Amazon EC2 (C7i, M7i, R7i), Amazon S3 One Zone-Infrequent Access, Amazon EBS (local snapshots and gp3/gp2/io1/sc1/st1), Amazon ECS, Amazon EKS, VPC, AWS Direct Connect, and Application Load Balancer. To enable, turn on the zone (eu-central-1-ist-1a) in the EC2 console or use the ModifyAvailabilityZoneGroup API to reduce latency and meet data residency needs.
read more →

Preventing Unauthorized AWS Organizations Account Removal

🔒 The AWS Customer Incident Response Team describes a tactic where attackers use credentials with the organizations:LeaveOrganization permission to remove a member account from an AWS Organization, bypassing inherited safeguards such as Service Control Policies and centralized management. After removal, the account is disentangled from consolidated billing, organization-wide CloudTrail trails, and delegated GuardDuty findings, reducing visibility. The post urges deploying the DenyLeaveOrganizationSCP, enforcing least privilege, securing root users with MFA and centralized root management, and updating detection and response workflows to monitor related CloudTrail events.
read more →

Contractor Exposed CISA and GovCloud Credentials Publicly

🔒 A public GitHub repository tied to a suspected CISA contractor exposed plain-text credentials—AWS tokens, GitHub access tokens, Kubernetes files, workflows and internal documents—discovered on May 14 by GitGuardian. The repo, active since November 13, 2025, contained roughly 844 MB of data and was taken offline within a day after disclosure. CISA is investigating and reports no current indication of sensitive compromise. Experts recommend centralized secret management, automated secret scanning, strict vendor controls and MFA to prevent similar exposures.
read more →

Amazon MWAA Adds Support for Apache Airflow 3.2 Release

🚀 Amazon Managed Workflows for Apache Airflow (Amazon MWAA) now supports Apache Airflow 3.2, the latest major release of the open-source orchestration framework. The update brings data-aware scheduling, asset partitioning, and expanded Human-in-the-Loop (HITL) features to simplify pipeline control and approvals. Other enhancements include Grid View virtualization, full XCom UI management, and async callable support in PythonOperator. Environments can be launched or upgraded in all supported MWAA regions via the AWS Console.
read more →

Pattern-Based Policy as Code for Governing IaC on AWS

🔒 This AWS Security blog post outlines a pattern-based approach to policy as code, using Open Policy Agent (OPA) in CI/CD pipelines to validate Terraform plan JSON before deployment. It organizes checks around recurring control intents—required metadata, allowed configuration, exposure restriction, protection enforcement, and privilege constraint—to simplify review and maintenance. The article includes examples for S3 secure transport, VPC security group exposure, and IAM trust policy constraints, and describes artifact retention and phased rollout best practices.
read more →

Amazon Managed Grafana Adds IPv6 Dual-Stack Support

🌐 Amazon Managed Grafana now supports dual-stack connectivity, allowing workspaces to communicate over both IPv4 and IPv6. Dual-stack mode requires workspaces to run Grafana 10.4 or later and is available in all regions where the service is generally available. This capability reduces the need to manage overlapping VPC address spaces and eases migrations to IPv6 while retaining IPv4 compatibility. Enable dual-stack through the console, API, or CLI and consult the Amazon Managed Grafana User Guide for configuration details.
read more →

AWS Console Adds Local Zones to Region Selector Now

🗺️ The AWS Management Console now displays AWS Local Zones in the Region selector, showing Local Zones alongside standard Regions in the console's top navigation. Selecting the Local Zones tab lists all opted-in Local Zones and clicking one brings users to the parent Region's Console page to view and manage resources. This streamlines navigation for customers operating across multiple Local Zones parented to different AWS Regions. The capability is available across all AWS Local Zones in public AWS Regions; to get started, open the Region selector in the Management Console.
read more →

AWS Glue Zero-ETL Expands to Asia Pacific (Mumbai) Region

🔔 AWS Glue zero-ETL integrations are now available in the Asia Pacific (Mumbai) region. With this expansion, customers can replicate data from sources such as Amazon DynamoDB, Oracle Database@AWS, self-managed databases (Oracle, SQL Server, MySQL, PostgreSQL) and supported SaaS apps directly into analytics targets without building ETL pipelines. It automates schema mapping, change data capture, and incremental replication to reduce latency and accelerate analytics and ML workflows.
read more →

Amazon Lightsail CDN Now Supports IPv6-Only Origins

🌐 Amazon Lightsail CDN distributions now support IPv6-only instances as origins. This enables customers to host websites and applications on cost-effective IPv6-only instances while delivering content through the Lightsail CDN with low latency and high transfer speeds worldwide. Previously, only IPv4 and dual-stack origins were supported. Lightsail CDN also accepts instances, containers, buckets, and load balancers as origins.
read more →

Amazon EVS expands capacity to support 32 ESXi hosts

📢 Amazon Elastic VMware Service (Amazon EVS) now supports up to 32 ESXi hosts per environment, doubling the previous 16-host limit. You can place hosts within VMware Cloud Foundation domains as a single large cluster, multiple smaller clusters, or combinations that match operational requirements, and submit a service quota increase to scale. This capability is available in all regions where Amazon EVS is offered and aims to reduce the overhead of managing multiple environments.
read more →

AWS SAM CLI Adds Support for CloudFormation Extensions

🛠️ AWS SAM CLI now processes AWS CloudFormation Language Extensions in-memory for local workflows, letting developers define repeating serverless resources once and iterate without deploying to the cloud. Commands such as sam build, sam local invoke, sam sync, and sam local start-api automatically expand Fn::ForEach loops and support several helper functions and conditional policies. Update to the latest SAM CLI and add AWS::LanguageExtensions to your template to begin.
read more →

Amazon Redshift Supports ALTER TABLE for Apache Iceberg

🧊 Amazon Redshift now writes directly to Apache Iceberg tables via the auto-mounted awsdatacatalog and supports ALTER TABLE DDL to change schema, partitioning, and table properties. Supported operations include ADD/DROP/ALTER columns, RENAME COLUMN, SET TABLE PROPERTIES, and ADD/DROP/REPLACE PARTITION FIELD to evolve partition strategies and compression settings. Tables modified by Redshift remain interoperable with other Iceberg engines and respect AWS Lake Formation permissions.
read more →

SageMaker Studio Adds Flexible Training Plan Reservations

🚀 Amazon SageMaker Studio IDEs, including JupyterLab and Code Editor, now support GPU capacity reservations via SageMaker Flexible Training Plans (FTP), offering predictable access to high-performance resources and up to 65% cost savings versus On‑Demand. FTP provides a self-serve procurement flow to select instance type, reservation length, and start date. Studio apps can be launched using the purchased plan from the Instance dropdown, with automatic provisioning and proactive expiration notifications to protect work.
read more →