All news with #aws tag

🔒 The AWS Customer Incident Response Team describes a tactic where attackers use credentials with the organizations:LeaveOrganization permission to remove a member account from an AWS Organization, bypassing inherited safeguards such as Service Control Policies and centralized management. After removal, the account is disentangled from consolidated billing, organization-wide CloudTrail trails, and delegated GuardDuty findings, reducing visibility. The post urges deploying the DenyLeaveOrganizationSCP, enforcing least privilege, securing root users with MFA and centralized root management, and updating detection and response workflows to monitor related CloudTrail events.

🔒 A public GitHub repository tied to a suspected CISA contractor exposed plain-text credentials—AWS tokens, GitHub access tokens, Kubernetes files, workflows and internal documents—discovered on May 14 by GitGuardian. The repo, active since November 13, 2025, contained roughly 844 MB of data and was taken offline within a day after disclosure. CISA is investigating and reports no current indication of sensitive compromise. Experts recommend centralized secret management, automated secret scanning, strict vendor controls and MFA to prevent similar exposures.

🚀 Amazon Managed Workflows for Apache Airflow (Amazon MWAA) now supports Apache Airflow 3.2, the latest major release of the open-source orchestration framework. The update brings data-aware scheduling, asset partitioning, and expanded Human-in-the-Loop (HITL) features to simplify pipeline control and approvals. Other enhancements include Grid View virtualization, full XCom UI management, and async callable support in PythonOperator. Environments can be launched or upgraded in all supported MWAA regions via the AWS Console.

🔒 This AWS Security blog post outlines a pattern-based approach to policy as code, using Open Policy Agent (OPA) in CI/CD pipelines to validate Terraform plan JSON before deployment. It organizes checks around recurring control intents—required metadata, allowed configuration, exposure restriction, protection enforcement, and privilege constraint—to simplify review and maintenance. The article includes examples for S3 secure transport, VPC security group exposure, and IAM trust policy constraints, and describes artifact retention and phased rollout best practices.

🌐 Amazon Managed Grafana now supports dual-stack connectivity, allowing workspaces to communicate over both IPv4 and IPv6. Dual-stack mode requires workspaces to run Grafana 10.4 or later and is available in all regions where the service is generally available. This capability reduces the need to manage overlapping VPC address spaces and eases migrations to IPv6 while retaining IPv4 compatibility. Enable dual-stack through the console, API, or CLI and consult the Amazon Managed Grafana User Guide for configuration details.

🗺️ The AWS Management Console now displays AWS Local Zones in the Region selector, showing Local Zones alongside standard Regions in the console's top navigation. Selecting the Local Zones tab lists all opted-in Local Zones and clicking one brings users to the parent Region's Console page to view and manage resources. This streamlines navigation for customers operating across multiple Local Zones parented to different AWS Regions. The capability is available across all AWS Local Zones in public AWS Regions; to get started, open the Region selector in the Management Console.

🔔 AWS Glue zero-ETL integrations are now available in the Asia Pacific (Mumbai) region. With this expansion, customers can replicate data from sources such as Amazon DynamoDB, Oracle Database@AWS, self-managed databases (Oracle, SQL Server, MySQL, PostgreSQL) and supported SaaS apps directly into analytics targets without building ETL pipelines. It automates schema mapping, change data capture, and incremental replication to reduce latency and accelerate analytics and ML workflows.

🌐 Amazon Lightsail CDN distributions now support IPv6-only instances as origins. This enables customers to host websites and applications on cost-effective IPv6-only instances while delivering content through the Lightsail CDN with low latency and high transfer speeds worldwide. Previously, only IPv4 and dual-stack origins were supported. Lightsail CDN also accepts instances, containers, buckets, and load balancers as origins.

📢 Amazon Elastic VMware Service (Amazon EVS) now supports up to 32 ESXi hosts per environment, doubling the previous 16-host limit. You can place hosts within VMware Cloud Foundation domains as a single large cluster, multiple smaller clusters, or combinations that match operational requirements, and submit a service quota increase to scale. This capability is available in all regions where Amazon EVS is offered and aims to reduce the overhead of managing multiple environments.

🛠️ AWS SAM CLI now processes AWS CloudFormation Language Extensions in-memory for local workflows, letting developers define repeating serverless resources once and iterate without deploying to the cloud. Commands such as sam build, sam local invoke, sam sync, and sam local start-api automatically expand Fn::ForEach loops and support several helper functions and conditional policies. Update to the latest SAM CLI and add AWS::LanguageExtensions to your template to begin.

🧊 Amazon Redshift now writes directly to Apache Iceberg tables via the auto-mounted awsdatacatalog and supports ALTER TABLE DDL to change schema, partitioning, and table properties. Supported operations include ADD/DROP/ALTER columns, RENAME COLUMN, SET TABLE PROPERTIES, and ADD/DROP/REPLACE PARTITION FIELD to evolve partition strategies and compression settings. Tables modified by Redshift remain interoperable with other Iceberg engines and respect AWS Lake Formation permissions.

🚀 Amazon SageMaker Studio IDEs, including JupyterLab and Code Editor, now support GPU capacity reservations via SageMaker Flexible Training Plans (FTP), offering predictable access to high-performance resources and up to 65% cost savings versus On‑Demand. FTP provides a self-serve procurement flow to select instance type, reservation length, and start date. Studio apps can be launched using the purchased plan from the Instance dropdown, with automatic provisioning and proactive expiration notifications to protect work.

🔒 The AWS Secrets Manager Agent now supports pre-fetching secrets at startup and assuming an IAM role for retrieval. With pre-fetching you can specify a list of secrets or a tag to retrieve and cache via BatchGetSecretValue, reducing application startup latency and API overhead. The agent can also assume a provided role ARN per pre-fetch or HTTP request to enable cross-account secret retrieval. These capabilities are available in all Regions where Secrets Manager is offered.

🔍 Amazon CloudWatch Logs now returns up to 100,000 query results when using the Logs Insights query language; customers can set the desired limit via the LIMIT command. The GetQueryResults API supports pagination, returning up to 10,000 results per call with a continuation token. This increase is available in all commercial AWS regions and supported via the console, AWS CLI, AWS CDK, and AWS SDKs.

🚀 Amazon has expanded availability of Amazon EMR Serverless to six additional AWS Regions: Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Taipei), Asia Pacific (Thailand), and Mexico (Central). EMR Serverless lets data engineers and analysts run Apache Spark and Apache Hive workloads without managing clusters, offering fine-grained automatic scaling, fast launch times, and customizable worker configurations. It supports batch, interactive, and streaming workloads for cost-effective petabyte-scale analytics.

💬 AWS announces that Partner Central agents let partners create sales opportunities via natural language conversation instead of multi-step forms. Released March 16, 2026 and built on Amazon Bedrock AgentCore, the agents ingest meeting notes, proposals, and transcripts (PDF, DOCX, Excel, TXT), extract details, and recommend improvements. Accessible through Amazon Q chat in the AWS Console and programmatically via Model Context Protocol (MCP), they aim to reduce data entry, improve pipeline hygiene, and shorten sales cycles across all commercial AWS Regions.

🔒 The AWS AI Security Framework presents a structured model that helps security and business leaders align the right controls to the right use case, at the right layer, and at the right phase so AI can move from prototype to production securely. Its core principle is that you build AI on top of security, not add security later. The post maps controls across three layers—infrastructure, identity and data, and AI application—and across four use cases from answering to agentic and physical AI. It highlights Amazon Bedrock and AgentCore as pillars that decouple model choice from security infrastructure.

🛠️ Agents can now edit and delete related items directly within the Amazon Connect Cases agent workspace, enabling updates to comments, unlinking misassociated contacts, and removing cases opened in error. The release also lets agents create, modify, and delete custom related items such as orders, returns, and invoices to enrich case context. The capability reduces dependency on administrators and accelerates case resolution across multiple AWS regions.

🔒 Amazon RDS for PostgreSQL now offers Extended Support minor versions 11.22-rds.20260224, 12.22-rds.20260224, and 13.23-rds.20260224. We recommend upgrading to these releases to address known security vulnerabilities and bug fixes present in prior PostgreSQL versions. Use automatic minor version upgrades during scheduled maintenance windows and the AWS Organizations Upgrade Rollout Policy to stage upgrades across accounts. Consider Blue/Green deployments with physical replication to minimize downtime when applying minor version updates.

🔄 Amazon Managed Grafana now supports an in-place upgrade from Grafana 10.4 to 12.4 via the AWS Console, AWS SDK, or AWS CLI. Version 12.4 introduces native Scenes-powered dashboards and queryless Drilldown apps for point-and-click exploration of Prometheus metrics, Loki logs, Tempo traces, and Pyroscope profiles. The Amazon CloudWatch plugin gains PPL/SQL support, cross-account Metrics Insights, and log anomaly detection, while the rebuilt table visualization improves performance and interactivity. The in-place upgrade is supported in all AWS regions where Amazon Managed Grafana is generally available.