All news with #aws tag

AWS Health Adds Multi-Region EventBridge Resilience

🔁 AWS Health now sends events simultaneously to the impacted AWS Region and US West (Oregon), enabling customers to create multi-region, redundant Amazon EventBridge rules or a simplified single-rule path that captures all commercial-partition Health events. US West (Oregon) serves as the backup for all commercial regions, with US East (N. Virginia) as the backup for US West. In China and AWS GovCloud the service delivers events to their respective paired regions. The update is available in all AWS regions.

Amazon EC2 I7i Instances Expand to Additional Regions

🚀 Amazon Web Services has expanded availability of Amazon EC2 I7i Storage Optimized instances to AWS Europe (Ireland) and Asia Pacific (Seoul, Hong Kong). Powered by 5th‑generation Intel Xeon Scalable processors and 3rd‑generation AWS Nitro SSDs, I7i delivers up to 23% better compute and notable storage-performance and latency improvements versus I4i. Available in eleven sizes, including bare metal, these instances are aimed at I/O‑intensive, latency‑sensitive workloads that require very high random IOPS and multi‑TB dataset access.

Amazon RDS for PostgreSQL: New Minor Versions Available

🐘 Amazon RDS for PostgreSQL now supports minor versions 17.7, 16.11, 15.15, 14.20, and 13.23; AWS recommends upgrading to address known security vulnerabilities and receive community bug fixes. The release adds the pgcollection extension for RDS PostgreSQL 15.15 and above (including 16.11 and 17.7), providing an ordered, efficient key-value collection type usable inside PostgreSQL functions to speed in-memory data processing. Extension updates include pg_tle 1.5.2 and H3_PG 4.2.3, and operators can use automatic minor version upgrades or Blue/Green deployments to minimize disruption during upgrades.

Amazon Connect adds completion metrics for agent evaluations

📊 Amazon Connect now provides metrics that track completion of agent performance evaluations, helping managers verify that required reviews (for example, five per agent per month) are finished. The capability displays real-time analytics in the Connect UI and exposes the same signals via APIs for integration with reporting workflows. Teams can also compare scoring patterns across managers to identify evaluation consistency and accuracy improvements.

AWS IoT Core Adds Location Resolution for Sidewalk Devices

📡 AWS IoT Core Device Location now resolves approximate positions for Amazon Sidewalk-enabled devices using inputs such as WiFi access points, GNSS, and Bluetooth Low Energy. The service converts those inputs into geo-coordinates and delivers them to AWS IoT rules or MQTT topics to support asset tracking and geo-fencing without GPS hardware. To get started, install Sidewalk SDK v1.19 or later, provision devices in AWS IoT Core for Amazon Sidewalk, and enable location during provisioning. This capability is available in the AWS US-East (N. Virginia) Region; the Amazon Sidewalk network is available only in the United States.

AWS Transform Generates LZA Network Configurations

🔁 AWS now enables AWS Transform for VMware to automatically generate network configuration YAML files that are directly compatible with the Landing Zone Accelerator on AWS (LZA). Building on Transform’s existing infrastructure-as-code outputs for AWS CloudFormation, AWS CDK, and Terraform, the capability converts VMware network environments into LZA-ready YAML that can be imported into LZA’s deployment pipeline. The feature is available in all AWS Transform target Regions and is intended to reduce manual effort and deployment time while improving consistency across multi-account environments.

Zero-day Campaign Targets Cisco ISE and Citrix Systems

🔒 Amazon Threat Intelligence disclosed an advanced APT campaign that weaponized zero-day vulnerabilities in Citrix NetScaler (Citrix Bleed 2, CVE-2025-5777) and Cisco Identity Services Engine (CVE-2025-20337). Attackers achieved pre-auth remote code execution via input-validation and deserialization flaws and deployed an in-memory web shell masquerading as the ISE IdentityAuditAction component. The implant registered as a Tomcat HTTP listener, used DES with nonstandard Base-64 encoding, required specific HTTP headers, and relied on Java reflection and bespoke decoding routines to evade detection.

Amazon EC2 U7i-12tb Instances Launch in Stockholm Region

🚀 Amazon has made EC2 High Memory U7i instances with 12TB of DDR5 memory available in the Europe (Stockholm) Region. The u7i-12tb.224xlarge offers 896 vCPUs, up to 100 Gbps for both EBS and networking, and supports ENA Express for improved network performance. Powered by custom fourth‑generation Intel Xeon (Sapphire Rapids), these instances target mission‑critical in‑memory databases such as SAP HANA, Oracle, and SQL Server, enabling higher transaction throughput and faster data loading.

Amazon Kinesis Video Streams adds WebRTC multi-viewer

📹 Amazon Kinesis Video Streams now supports WebRTC-based multi-viewer streaming, enabling up to three concurrent viewers of a live feed without increasing device compute or bandwidth. The feature records session audio and video to the cloud for storage, playback, and analytics, and supports two-way audio so participants can communicate in real time. Developers can use the Kinesis Video Streams with WebRTC SDK across cameras, IoT devices, PCs, and mobile devices to build live and on-demand scenarios such as home security, remote proctoring, and robot control centers.

AWS Network Load Balancer Adds QUIC Passthrough Mode

🚀 AWS announced that the Network Load Balancer (NLB) now supports QUIC in passthrough mode, enabling low-latency forwarding of QUIC traffic while preserving session stickiness via the QUIC Connection ID. This helps mobile applications maintain consistent connections when client IPs change during roaming between cellular towers or when switching between Wi‑Fi and cellular. You can enable QUIC on existing or new NLBs through the AWS Management Console, CLI, or APIs. QUIC support is available at no additional charge in all AWS commercial and AWS GovCloud (US) regions and is metered under existing UDP Load Balancer Capacity Unit entitlements.

ECS Service Connect: Cross-Account Support in GovCloud

🔗 Amazon ECS Service Connect now supports cross-account communication in AWS GovCloud through integration with AWS Resource Access Manager (AWS RAM). You can share the underlying AWS Cloud Map namespaces with individual accounts, Organizational Units (OUs), or your entire AWS Organization to register services from multiple accounts in a single namespace. The capability works for both Fargate and EC2 launch modes in GovCloud (US-West and US-East) and is available via Console, API, SDK, CLI, and CloudFormation, simplifying service discovery and reducing duplication.

Amazon EventBridge Adds SQS Fair Queue Target Support

🚀 Amazon EventBridge now supports sending events directly to Amazon SQS fair queues, improving message distribution across consumer groups and reducing noisy-neighbor effects in multi-tenant systems. You can choose a fair queue as an EventBridge target via the AWS Management Console, AWS CLI, or AWS SDKs and must supply a MessageGroupID, either as a static value or using a JSON path. Fair queues let multiple consumers process messages from the same tenant concurrently while keeping processing times consistent. Support for Fair Queue and FIFO targets is available in all AWS commercial and AWS GovCloud (US) Regions.

AWS Expands EC2 G6f NVIDIA L4 GPU Instances to More Regions

🚀 Amazon Web Services has expanded availability of EC2 G6f instances powered by NVIDIA L4 GPUs to Europe (Spain) and Asia Pacific (Seoul), improving access for graphics and visualization workloads. G6f instances support GPU partitions as small as one-eighth of a GPU with 3 GB of GPU memory, enabling finer-grained right-sizing and cost savings compared to single‑GPU options. Instances are offered in multiple sizes paired with third‑generation AMD EPYC processors, and are purchasable as On‑Demand, Spot, or via Savings Plans; customers should use NVIDIA GRID driver 18.4 or later to launch these instances.

What CISOs Should Know About Securing MCP Servers Now

🔒 The Model Context Protocol (MCP) enables AI agents to connect to data sources, but early specifications lacked robust protections, leaving deployments exposed to prompt injection, token theft, and tool poisoning. Recent protocol updates — including OAuth, third‑party identity provider support, and an official MCP registry — plus vendor tooling from hyperscalers and startups have improved defenses. Still, authentication remains optional and gaps persist, so organizations should apply zero trust and least‑privilege controls, enforce strong secrets management and logging, and consider specialist MCP security solutions before production rollout.

AWS ALB Adds JWT Verification for Service-to-Service Auth

🔐 Amazon Web Services added JWT Verification to the Application Load Balancer (ALB), enabling ALB to validate token signatures, expirations, and claims in request headers. The capability supports OAuth 2.0 flows including Client Credentials, letting teams offload M2M/S2S token validation to the ALB without changing application code. The feature is available in all ALB-supported AWS Regions.

Amazon ElastiCache M7g and R7g Graviton3 in GovCloud

🚀 Amazon Web Services has added Graviton3-based M7g and R7g ElastiCache node families to AWS GovCloud (US-East and US-West). These Graviton3 nodes deliver improved price‑performance versus Graviton2 — for example, running ElastiCache for Redis OSS on an R7g.4xlarge can yield up to 28% higher throughput, up to 21% improved P99 latency, and up to 25% greater networking bandwidth. To adopt, create a new cluster or upgrade via the AWS Management Console; consult pricing and the node-type documentation for regional availability and details.

Amazon EKS Independent Validation of Zero-Operator Access

🔒 AWS announced an independent affirmation of the Amazon EKS zero operator access design, validated by cybersecurity firm NCC Group. The review found no architectural gaps and confirmed that AWS personnel lack technical means to access or manipulate customer content in managed Kubernetes control planes or etcd backups. AWS highlights Nitro-based confidential compute, tightly scoped administrative APIs with multi-party change approval, mandatory logging and auditing, and envelope encryption for etcd as core protections. Customers retain visibility via cluster audit logs and remain responsible for securing worker node configurations outside managed modes.

AWS FIS Adds Partial-Failure Test Scenarios for AZs

🧪 AWS Fault Injection Service (FIS) introduces two new pre-built experiment scenarios to simulate partial, cross- and single-AZ disruptions. The AZ: Application Slowdown scenario simulates increased latency and degraded performance within a single Availability Zone to validate observability, alarms, and AZ evacuation playbooks. The Cross-AZ: Traffic Slowdown scenario simulates degraded traffic between AZs and lets you target subsets of traffic for realistic gray-failure testing. These scenarios are available in all Regions where AWS FIS is offered, including AWS GovCloud (US).

Amazon Connect Cases Adds Conditional Field Visibility

🔧 Amazon Connect Cases now supports conditional field visibility and dependent field options to streamline case layouts and reduce data-entry errors. Administrators can show fields only when relevant (for example, display a Return Reason field for return cases) and restrict choice lists based on other selections (e.g., limit Issue Type to hardware options when Issue Category is Hardware). The feature is available in multiple AWS regions.

AWS Site-to-Site VPN supports 5 Gbps bandwidth per tunnel

🔒 AWS Site-to-Site VPN now supports configurable tunnel bandwidth up to 5 Gbps, a 4x increase over the previous 1.25 Gbps limit. The update reduces the need to deploy complex protocols such as ECMP to aggregate tunnels, simplifying high-throughput hybrid connectivity for migrations, analytics, and disaster recovery. The capability is available in most commercial and GovCloud (US) Regions with a few regional exceptions.