All news with #aws tag

🤖 AWS Cost Explorer now integrates Amazon Q generative AI so you can query your AWS cost and usage data using natural language. Suggested prompts and a new 'Ask Question' button let users pose common or custom questions while Cost Explorer automatically updates charts, filters, and groupings to match the query. When Amazon Q uses additional datasets like pricing or anomaly detection, visual outputs appear in an artifacts panel. The conversation remains contextual for follow-up analysis without switching tools.

📝 Amazon has added import/export capabilities to SageMaker Unified Studio notebooks to simplify migration from JupyterLab and other platforms. The feature supports .ipynb, .json, and .py formats while preserving cell types, outputs, execution history, and metadata. Exports are available in four package types (.zip with requirements, .ipynb, .py, and native .json). The release also introduces developer productivity features including cell reordering, keyboard shortcuts, cell renaming, and multi-line SQL with tabbed results.

🔑 AWS has added support for policy store aliases along with named policies and policy templates in Amazon Verified Permissions. Developers can now assign human-readable aliases to tenant policy stores and reference policies by meaningful names instead of system-generated IDs. This removes the need for separate mapping tables and simplifies multi-tenant deployments and everyday policy management. These capabilities are available in all Regions where the service operates.

🔒 Amazon WorkSpaces Personal now assigns globally unique, publicly resolvable DNS names to each AWS PrivateLink interface VPC endpoint. This change eliminates DNS name collisions across VPCs and accounts, enabling enterprises to deploy WorkSpaces Personal directories in multiple VPCs without conflict. The AWS-managed names resolve to private IP addresses reachable only within the respective VPC, require no additional Route 53 or custom DNS configuration, and remain backward compatible. The feature is available in all regions where PrivateLink supports WorkSpaces.

🚀 AWS announced the general availability of Smithy-Java, an open-source Java framework that generates type-safe clients and standalone types from Smithy models. Built on Java 21 virtual threads, it offers a simpler blocking-style API while remaining competitive with complex async alternatives. The GA release includes a Java client code generator, support for AWS SigV4 and major protocols, a dynamic client that requires no codegen step, standalone type generation for reuse, schema-driven serialization to reduce SDK size, and binary decision diagrams for faster endpoint resolution.

🔔 Amazon Web Services now lets customers create Amazon FSx for OpenZFS file systems in the Asia Pacific (Melbourne) Region. The fully managed service delivers low-latency, high-throughput shared file storage built on the OpenZFS file system with features like snapshots, data cloning, and compression. Designed for demanding workloads, it offers sub-millisecond latencies and multi-GB/s throughput while simplifying deployment and scaling. Check the AWS Region Table and product page for availability and details.

🚀 The new AWS IoT Greengrass Component SDK delivers a compact, high-performance runtime for edge devices, reducing component memory footprints to under 0.5MB compared with roughly 30MB. It provides native C, C++, and Rust bindings while maintaining compatibility with both the Greengrass nucleus and nucleus lite. Targeted at resource-constrained industries such as automotive, industrial IoT, robotics, and smart buildings, the SDK enables more complex AI/ML workloads at the edge and is available in all AWS Regions where Greengrass is offered.

🔐 Amazon S3 is rolling out a new default bucket security setting that will automatically disable server-side encryption with customer-provided keys (SSE-C) for all new general purpose buckets. For existing buckets in accounts without any SSE-C-encrypted objects, S3 will also block SSE-C for new write requests. AWS will not change buckets in accounts that already use SSE-C. The rollout covers 37 regions, including AWS China and GovCloud, over the next few weeks.

📣 Amazon RDS for Oracle now supports Oracle Management Agent version 24.1.0.0.v1 for Oracle Enterprise Manager Cloud Control 24aiR1. To enable it, add the OEM_AGENT option in Option Groups and set the AGENT_VERSION to "24.1.0.0.v1". You must also configure OMS hostname (or IP), port, agent registration password, and a minimum TLS version of TLSv1.2 so the agent can securely communicate with your Oracle Management Service. Refer to the Amazon RDS for Oracle documentation for full configuration guidance.

🔧 The Apache Spark troubleshooting and upgrade agents for Amazon EMR are now available as Kiro powers, providing one-click, AI-assisted Spark operations directly in the Kiro IDE. The troubleshooting power identifies root causes by analyzing logs, metrics, and configurations across EMR on EC2 and EMR Serverless, and offers targeted PySpark code recommendations. The upgrade power automates Spark version migrations—including code transformation, dependency resolution, remote validation, and data quality comparison—compressing upgrades from months to weeks. Both powers connect via MCP Proxy for AWS with IAM role-based authentication and record actions in AWS CloudTrail; they are available in all AWS commercial regions.

🗂️ AWS Glue Schema Registry is now available in Asia Pacific (Jakarta), Europe (Spain), and Europe (Zurich). The serverless, free registry centralizes Avro, JSON, and Protobuf schemas to validate streaming data and control schema evolution. Through Apache-licensed serializers and deserializers it integrates with C# and Java applications for Apache Kafka/Amazon MSK, Amazon Kinesis Data Streams, Apache Flink/Kinesis Data Analytics, and AWS Lambda. The expansion aims to reduce cross-team coordination, improve streaming data quality, and lower downstream application failures.

📊 Amazon SageMaker Data Agent now embeds interactive charting, SQL analytics across Snowflake sources, and materialized view management directly inside SageMaker Unified Studio notebooks. You can ask natural-language prompts like "plot monthly revenue trends by region for 2025" to generate interactive charts that support hover, editing, and refinement without writing code. When analyses span AWS and Snowflake, the agent lets you join Snowflake tables via external connections with AWS Glue Data Catalog data in a single prompt. The agent can also recommend and create materialized views, including refresh schedules, to optimize query performance.

🔍 Partner Revenue Measurement now integrates with AWS Marketplace Metering for AMI and ML products, enabling automatic attribution of service consumption. This captures Amazon EC2 and Amazon SageMaker usage across partner-managed and customer-managed accounts without additional partner implementation, complementing Resource Tagging and User Agent string methods. The capability is generally available in all commercial regions and helps partners understand revenue impact and consumption patterns.

📈 Partner Revenue Measurement now supports embedding a User Agent string to attribute AWS service consumption to specific AWS Marketplace products. Partners can format the string as APN_1.1/pc_<AWS Marketplace product-code>$ and apply it in application code, via environment variables, or in the shared AWS configuration to capture API-driven usage across common SDKs. This complements Resource Tagging and Marketplace Metering and is generally available in all commercial regions.

🔒 The AWS Secrets Manager console now lets you enter a custom customer-managed AWS KMS key ARN when creating secrets. Previously, the console only presented keys from the current account in a dropdown. By accepting direct KMS key ARNs, the console now supports keys in other accounts and aligns with existing API capabilities. This change simplifies cross-account encryption workflows and offers more flexible key management across accounts.

🔒 This post explains how AWS KMS and the AWS Encryption SDK mitigate AES-GCM invocation and data bounds by deriving a fresh symmetric key per encryption using nonce-based KDFs. By producing unique K_d values (via HMAC-SHA256 in KMS and HKDF-SHA512 in the SDK) and using per-invocation IV and frame controls, they prevent (K, IV) reuse and limit exhaustion. Default settings—128- or 256-bit nonces, 96-bit IVs, and 4 KB frames—keep total data and invocation counts well within conservative security margins, reducing the need for manual key rotation and operational tracking.

📈 Amazon QuickSight now supports sparklines, letting authors embed compact line or area trend charts directly inside table cells. Authors add sparklines by configuring a metric with a date dimension; QuickSight automatically renders a miniature trend for each row. Customization includes visual type, line color, interpolation (linear, smooth, or stepped), and shared or independent Y-axis scaling. The feature is available in all QuickSight regions.

🔍 Amazon CloudWatch Query Studio is now in public preview, bringing native PromQL querying and integrated visualization to the CloudWatch console. The interface unifies PromQL and CloudWatch Metric Insights so teams can query AWS-vended and OpenTelemetry metrics side by side without switching tools. Query Studio offers a visual form builder with autocomplete and a code editor with syntax highlighting, and it lets users add charts or create alarms directly from query results.

🔐 CERT-EU attributed a cloud compromise of the European Commission to TeamPCP, saying attackers used a compromised AWS API key allegedly stolen in a Trivy supply‑chain incident to access the Commission’s cloud and harvest secrets. The intruders used TruffleHog to locate additional credentials, attached a new access key to an existing user to evade detection, and carried out reconnaissance before exfiltrating data. The stolen dataset was later posted by ShinyHunters as a 90GB archive (≈340GB uncompressed), and CERT-EU confirmed the theft includes tens of thousands of files with personal information. CERT-EU reported no websites were defaced and found no evidence of lateral movement between Commission AWS accounts.

🌐 Amazon ElastiCache Serverless now supports IPv6 and dual-stack connectivity, expanding beyond previous IPv4-only access. When creating a Serverless cache, you can choose IPv4, IPv6, or dual stack so a cache can accept connections over both protocols simultaneously. IPv6 support also enables deployment into IPv6-only subnets. The capability is available in all AWS Regions, including AWS GovCloud (US) and China Regions, at no additional charge.