All news with #aws tag

AWS CloudTrail Data Event Aggregation for Monitoring

🔍 AWS announced aggregated CloudTrail data events to help teams monitor high-volume API activity without processing every individual event. Aggregations consolidate data events into 5-minute summaries that surface trends such as access frequency, error rates, and top actions while preserving access to detailed events when required. You can enable aggregation via the console or CLI and choose from pre-built templates for API activity, resource access, and user activity. Aggregations are billed based on the number of data events analyzed and are available in all commercial Regions.

Amazon CloudWatch Adds Scheduled Logs Insights Queries

🔁 Amazon CloudWatch Logs now supports scheduled Logs Insights queries that run automatically on a recurring cadence and deliver results to Amazon S3 or Amazon EventBridge. This capability lets teams automate log analysis, track trends, and detect anomalies without manually re-running queries. Administrators can configure schedules via the Console, AWS CLI, AWS CDK, or SDKs, and store results for reporting or trigger incident workflows. The feature is available in multiple AWS regions across the US, Europe, Asia Pacific, and South America.

AWS S3 bucket-level setting to standardize encryption

🔒 Amazon S3 now provides a bucket-level default encryption configuration to enforce SSE-S3 or SSE-KMS for all write requests, allowing organizations to standardize server-side encryption types across buckets. The PutBucketEncryption API update lets you disable SSE-C on specific buckets or in CloudFormation templates. This capability is available in all AWS Regions and configurable via Console, SDK, API, or CLI. It helps simplify compliance and reduce misconfiguration risk.

AWS IAM Adds aws:SourceVpcArn for Region Controls Support

🔒 AWS Identity and Access Management (IAM) introduces the global condition key aws:SourceVpcArn, which returns the ARN of the VPC where a VPC endpoint is attached. Administrators can apply this key in IAM policies to enforce region-based controls for resources accessed via AWS PrivateLink, restricting access to VPC endpoints in specified regions. The new condition key helps meet data residency and compliance requirements and is available in all commercial AWS Regions.

Amazon OpenSearch Service Adds Cluster Insights Dashboard

🔍 Amazon OpenSearch Service now includes Cluster Insights, a unified monitoring dashboard that consolidates logs and metrics to give operators comprehensive operational visibility across nodes, indices, and shards. The feature automates correlation of critical data, highlights performance metrics and top‑N query analysis, and surfaces targeted remediation steps to speed troubleshooting. Built into the OpenSearch UI, Cluster Insights retains monitoring resilience during cluster unavailability and provides account‑level summaries for managing multiple deployments. It is available at no additional cost for OpenSearch 2.17 or later in regions where the OpenSearch UI is offered.

AWS enables console sign-in credentials for CLI and SDK

🔐 AWS now permits developers to use their existing AWS Management Console sign-in credentials for programmatic access via the AWS CLI, AWS Tools for PowerShell, and AWS SDKs after a brief browser-based authentication flow. The aws login command in AWS CLI v2.32.0 and later obtains automatically rotated, short-lived credentials to reduce reliance on long-term access keys. This capability is available in all commercial AWS regions and aims to streamline local development setup while improving security posture.

Amazon Connect: Instance-to-Instance Calls via AWS Backbone

📞 Amazon Connect now routes calls between instances in the same AWS account over the AWS global backbone, avoiding the Public Switched Telephony Network when both numbers are provisioned or ported into Amazon Connect. Calls between instances, whether within a region or across regions, gain improved audio quality, simplified billing, and preserved call context for transfers. This capability is available in all commercial regions where Amazon Connect is offered except Africa (Cape Town).

AWS launches EC2 M7i instances in Europe (Zurich) region

🚀 Amazon Web Services has launched Amazon EC2 M7i instances in the Europe (Zurich) region, powered by custom 4th Gen Intel Xeon Scalable processors (Sapphire Rapids) available only on AWS. M7i delivers up to 15% better performance over comparable x86-based Intel processors and up to 15% improved price-performance versus M6i. Instances scale to 48xlarge and include two bare-metal sizes with built-in Intel accelerators that offload data operations and optimize CPU-bound workloads.

Amazon GuardDuty Malware Protection for AWS Backup

🔒 Amazon announced GuardDuty Malware Protection for AWS Backup, extending malware detection to backups of Amazon EC2 instances, Amazon EBS volumes, and Amazon S3 objects. The capability automatically scans new backups, supports on-demand scans of existing backups, and can identify the last known clean backup to reduce recovery impact. It offers incremental scanning to analyze only changed data between backups, lowering costs versus full rescans, and can be enabled even if GuardDuty foundational data sources are not active. The feature is available in supported Regions and accessible via the AWS Backup console, API, or CLI.

Amazon ECR adds Archive storage class and lifecycle rules

📦 Amazon Web Services announced a new Amazon ECR Archive storage class to lower costs for large volumes of rarely accessed container images. Lifecycle policies can now archive images by last pull time, age, or count, and archived images are excluded from repository image limits. Archived images are inaccessible for pulls but can be restored via Console, CLI, or API within about 20 minutes, and all operations are logged to CloudTrail; the feature is available in AWS Commercial and GovCloud (US) Regions.

AWS Network Firewall Log Analysis Using OpenSearch

📊 The post describes a new Amazon CloudWatch and Amazon OpenSearch Service dashboard that simplifies analysis of AWS Network Firewall logs by removing previous multi-step setup and streamlining integration. It explains prerequisites, creating an OpenSearch integration and dashboard, selecting log groups, sync intervals, and IAM roles. The overview covers widgets, filters, CSV export, common use cases, and cost considerations to improve visibility and troubleshooting.

AWS launches EC2 P6-B300 with NVIDIA Blackwell Ultra

🚀 Amazon Web Services has announced general availability of Amazon EC2 P6-B300 instances powered by NVIDIA Blackwell Ultra B300 GPUs. The p6-b300.48xlarge delivers eight GPUs, 2.1 TB of high-bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps ENA throughput, and 4 TB of system memory. It targets training and deploying trillion-parameter foundation models and LLMs, offering higher memory, compute, and networking versus P6-B200.

Amazon Bedrock adds Priority and Flex inference tiers

🔔 Amazon Bedrock introduces two new inference tiers—Priority and Flex—to help customers balance cost and latency for varied AI workloads. Flex targets non-time-critical jobs like model evaluations and summarization with discounted pricing and lower scheduling priority. Priority offers premium performance and preferential processing (up to 25% better OTPS vs. Standard) for mission-critical, real-time applications. The existing Standard tier remains available for general-purpose use.

EC2 Auto Scaling adds synchronous LaunchInstances API

🔔 Today, EC2 Auto Scaling launched a synchronous LaunchInstances API that gives customers precise control over where instances are provisioned and provides immediate feedback on capacity availability. The API supports overrides for any Availability Zone and/or subnet in an Auto Scaling group and includes optional asynchronous retries to help reach desired capacity. It is available now in US East (N. Virginia), US West (Oregon), Europe (Ireland), and Asia Pacific (Singapore) at no additional cost beyond standard EC2 and EBS usage. Use the AWS CLI or SDKs to get started.

OpenSearch Serverless: CloudTrail data-plane audit logging

🔒 Amazon has added detailed audit logging for OpenSearch Serverless data-plane requests through AWS CloudTrail. Customers can now record and retain user actions on collections — including authorization attempts, index changes, and search queries — to support compliance and incident investigations. Logs can be filtered with read-only or write-only options or captured using advanced event selectors for granular control. Data events are delivered to Amazon S3 and can be forwarded to Amazon CloudWatch Events for real-time monitoring and response.

Automating Session Manager Preferences with CloudFormation

🔐 This post explains how to centrally manage AWS Systems Manager Session Manager preferences across multiple accounts and Regions using CloudFormation StackSets and an AWS Lambda function. The solution automates updates to the SSM-SessionManagerRunShell document, provisions optional logging destinations (Amazon S3 or CloudWatch Logs), and can create KMS keys for session and log encryption. It aims to reduce manual configuration errors and ensure consistent security and compliance at scale.

AWS Releases Responsible AI and Updated ML Lenses at Scale

🔔 AWS has published one new Responsible AI lens and updated Generative AI and Machine Learning lenses to guide safe, secure, and production-ready AI workloads. The guidance addresses fairness, reliability, and operational readiness while helping teams move from experimentation to production. Updates include recommendations for Amazon SageMaker HyperPod, Agentic AI, and integrations with Amazon SageMaker Unified Studio, Amazon Q, and Amazon Bedrock. The lenses are aimed at business leaders, ML engineers, data scientists, and risk and compliance professionals.

AWS Transfer Family Terraform Module Adds Malware Scanning

🛡️ AWS has updated the Transfer Family Terraform module to support automated malware scanning workflows for files transferred to S3. The module provisions GuardDuty S3 Protection–based scan pipelines, dynamic routing based on results, and threat notifications in a single deployment. It preserves folder structure, allows granular S3 prefix targeting, and helps ensure only verified clean files reach applications and data lakes.

AWS EC2 I7ie Instances Arrive in Singapore Region Now

🚀 Amazon Web Services (AWS) has launched EC2 I7ie instances in the Asia Pacific (Singapore) Region. Designed for large storage I/O–intensive workloads, I7ie pairs 5th Gen Intel Xeon processors with 3rd‑generation AWS Nitro SSDs to deliver up to 40% better compute and up to 65% improved real‑time storage performance versus I3en. Instances support up to 120 TB local NVMe density, up to twice the vCPU and memory of prior generations, nine size options, and up to 100 Gbps networking with 60 Gbps EBS bandwidth.

Amazon RDS Adds R8gd and M8gd for Optimized Reads Now

🚀 Amazon RDS now supports R8gd and M8gd instances for Optimized Reads on Amazon Aurora PostgreSQL and RDS for PostgreSQL, MySQL, and MariaDB, offering improved price-performance. Optimized Reads uses local NVMe-based SSDs to store ephemeral data (temporary tables and evicted pages) to reduce network I/O and boost read latency and throughput. AWS reports up to 165% better throughput and up to 120% better price-performance on R8gd versus R6g for Aurora PostgreSQL. These instances are available in select US, Europe, and Asia Pacific regions and can be enabled via the Console, CLI, or SDK.