< ciso
brief />
Tag Banner

All news with #aws tag

2299 articles · page 24 of 115

Five Ways to Use Kiro and Amazon Q for AWS Security

🔐 AWS security teams can accelerate triage and remediation using Kiro and Amazon Q Developer. The post outlines five techniques—embedding persistent security context, accelerating Security Hub triage, remediating infrastructure-as-code, performing Well-Architected security reviews, and drafting Service Control Policies—aligned to the AWS Well-Architected Security Pillar. It highlights steering files and .amazonq/rules to codify standards, recommends staged testing and human validation, and proposes measurable metrics to track reduced time-to-triage and improved compliance.
read more →

FTC to Bar Kochava From Selling Americans' Location Data

🔒 The Federal Trade Commission will ban data broker Kochava and its subsidiary Collective Data Solutions (CDS) from selling precise geolocation data without consumers' affirmative express consent as part of a settlement stemming from an August 2022 suit. The FTC alleged Kochava supplied paid clients — via an AWS Marketplace feed — with high-volume raw latitude/longitude transactions that enabled tracking to sensitive sites. Under the proposed court order, sales or transfers of precise location data are prohibited unless consumers directly request a service and explicitly consent; the companies must also implement a sensitive location program, supplier assessments, consent withdrawal and disclosure mechanisms, incident reporting to the FTC, and retention/deletion schedules.
read more →

Amazon Bedrock AgentCore arrives in AWS GovCloud US-West

🔒 Amazon announces that Bedrock AgentCore is now available in the AWS GovCloud (US-West) Region, bringing enterprise-grade agentic AI to workloads with elevated compliance and data residency requirements. AgentCore is a managed platform for building, deploying, and operating AI agents at scale without customers managing infrastructure. Core capabilities include AgentCore Runtime for session-isolated, long-running agents; AgentCore Gateway, which uses the Model Context Protocol to convert APIs and Lambda functions into agent-ready tools with controlled access to enterprise services; AgentCore Identity for integrated authentication and permission delegation; and AgentCore Observability and Evaluations for real-time monitoring and continuous quality assessment in production.
read more →

Amazon Bedrock AgentCore Launches in AWS GovCloud (US)

🔒 Amazon announced AgentCore availability in the AWS GovCloud (US-West) region, bringing enterprise-grade agent capabilities to workloads with elevated compliance needs. AgentCore is a managed platform for building, deploying, and operating AI agents at scale without customers managing infrastructure. Its composable services—including Runtime, Gateway, Identity, Observability, and Evaluations—enable session isolation, long-running workloads, secure access to enterprise data via the Model Context Protocol, and integration with existing identity providers.
read more →

Amazon OpenSearch Cluster Insights Expands Coverage

🔍 Amazon OpenSearch Service expanded Cluster Insights to support OpenSearch 1.0 and later and Elasticsearch 6.8 and later, providing proactive cluster health and performance visibility via the Console. A new Unused Index insight identifies indices with zero search or indexing activity in the last 30 days and recommends migrating them to warm or cold storage to reduce costs. These insights surface through the Console, OpenSearch UI, OpenSearch Service Notifications, and Amazon EventBridge, and are available at no additional cost in all Regions where the service runs.
read more →

AWS Backup speeds Amazon EKS cluster backups up to 10x

🚀 AWS Backup now completes Amazon EKS cluster state backups up to 10x faster. This improvement reduces backup windows for clusters with large numbers of namespaces and Kubernetes resources from days to hours and is automatically enabled at no additional cost in supported Regions. AWS Backup is a policy-based, fully managed solution to centralize and automate protection across compute, storage, and databases.
read more →

Amazon WorkSpaces Applications adds URL redirection

🔁 Amazon WorkSpaces Applications now supports host-to-client URL redirection, automatically launching approved links from streaming sessions in the user's local browser. Administrators can configure allow and deny URL patterns via the AWS Management Console to keep sensitive applications inside the streaming environment while offloading bandwidth-heavy content such as video. The feature works for browser navigation and embedded links in applications like Microsoft Word, with host-side support for Chrome and Edge; URLs on the configured allow list open automatically in the user's default local browser.
read more →

Amazon SES Increasingly Abused in Phishing Attacks Globally

📧 Kaspersky reports a surge in phishing campaigns that abuse AWS Simple Email Service (SES) to bypass authentication and reputation-based defenses. Attackers are exploiting exposed AWS Identity and Access Management keys discovered in public repositories, configuration files, container images, backups, and open S3 buckets. They automate secret scanning, permission validation, and mass email distribution to send highly credible lures—custom HTML templates and fake document-signing notifications—that redirect victims to AWS-hosted phishing pages.
read more →

Amazon SES abused in phishing campaigns, Kaspersky warns

🔔 Kaspersky reports an increase in phishing campaigns that abuse Amazon Simple Email Service (SES) to send authenticated-looking malicious messages that can bypass reputation-based filters. Attackers are harvesting exposed AWS access keys from public repositories and assets, automating secret discovery, permission checks, and mass email distribution. Because messages originate from a trusted service, SPF, DKIM, and DMARC checks and IP blocks are often ineffective, prompting Kaspersky to recommend stricter IAM controls, MFA, key rotation, and IP restrictions.
read more →

Securing Open Proxies in Your AWS Environment: Guidance

🔒 This AWS Security Blog post explains how to identify and secure open proxies in your AWS environment to prevent abuse, protect IP reputation, and control costs. It describes common proxy types—HTTP, SOCKS, transparent, and reverse—and the risks they introduce when misconfigured on EC2 instances, containers, and serverless functions. The guidance recommends strict access controls and authentication, deploying proxies in private subnets or via AWS PrivateLink, and restricting security groups and load balancers. It also emphasizes monitoring with VPC Flow Logs, CloudTrail, and GuardDuty, automated remediation, regular assessments with Amazon Inspector, and keeping incident response runbooks current.
read more →

AWS Console Mobile App Adds Enhanced CloudWatch Alarm Tools

📱 AWS has added expanded CloudWatch Alarm investigation tools to the AWS Console Mobile App. The update consolidates interactive metric graphs, AI-generated log summaries, and natural-language log search into a single alarm view to reduce time from notification to root cause. Engineers can zoom into specific time windows, adjust time zones, run voice or typed queries, and select pre-saved Logs Insights queries. Related metrics and resources are shown alongside alarms; the app is available in all AWS Commercial Regions at no additional cost.
read more →

AWS Entity Resolution Adds Incremental ML Matching Support

🔄 AWS announces General Availability of AWS Entity Resolution incremental ML-based matching workflows. Customers can now process only newly added records rather than reprocessing entire datasets, cutting latency and infrastructure costs. The feature supports up to 50M incremental records against 1B historical records and processes 1M incremental records in under one hour.
read more →

Amazon FSx Launches in AWS Asia Pacific (New Zealand)

🚀 Amazon FSx is now available in the AWS Asia Pacific (New Zealand) Region, offering fully managed, high-performance file systems for cloud workloads. The service supports NetApp ONTAP, Windows File Server, Lustre, and OpenZFS, and handles hardware provisioning, patching, and backups. Built on current AWS compute, networking, and disk technologies, FSx aims to deliver improved performance and lower TCO while supporting reliability, security, and scalability.
read more →

Amazon Quick adds Generate Analysis for dashboards

✨Amazon Quick now creates dashboards from natural language prompts using Generate Analysis. You describe the dashboard you want, select up to three datasets, and review an editable plan before generation. The feature produces organized sheets with visuals, filter controls, and calculated fields such as year-over-year and month-over-month comparisons, reducing creation time from hours to minutes. At launch, Generate Analysis is available to Enterprise subscription and Author Pro users, with promotional access for Authors through December 2026.
read more →

Amazon Aurora DSQL Adds PostgreSQL JSON Data Type Support

🆕 Aurora DSQL now supports the PostgreSQL JSON data type, enabling applications and tools that depend on PostgreSQL's native JSON type to work with Aurora DSQL without code changes. You can create or modify tables to store semi-structured data such as API payloads, configuration objects, or event logs alongside relational data. PostgreSQL compression is available and enabled by default for larger JSON payloads, helping reduce storage costs and improve storage efficiency.
read more →

AWS EC2 I8ge Instances Now Available in New Regions

🚀 Amazon Web Services has expanded availability of I8ge Amazon EC2 instances to Europe (Paris) and multiple Asia Pacific regions including Thailand, Hong Kong, Seoul, and Tokyo. Powered by Graviton4 processors and third-generation AWS Nitro SSDs, these storage-optimized instances deliver notable compute and storage gains and provide up to 120 TB of local NVMe. Offered in eleven sizes (including two metal options), I8ge instances also support high network and EBS bandwidth for data-intensive workloads.
read more →

VPC Lattice Adds Support for Private Domain Targets

🔒 AWS updated VPC Lattice to allow resource configurations to reference domain-name targets that are private to your VPC. You can share a resource configuration for a private FQDN across accounts by setting the Resource Config DNS Resolution property to IN_VPC, causing VPC Lattice to use the VPC's DNS to resolve targets. This enables secure cross-account access to privately hosted backends without public DNS entries. The capability is available via Console, CLI, SDKs and APIs at no additional cost in all regions where VPC Lattice is offered.
read more →

Amazon Quick Adds Dataset Q&A for Natural-Language SQL

📊 Amazon Quick now supports Dataset Q&A, a conversational analytics feature that lets users ask natural language questions directly against enterprise datasets while enforcing governance such as Row Level and Column Level Security. Powered by a text-to-SQL agent, it identifies relevant data and generates engine- and dialect-aware SQL for SPICE and AWS data assets like Amazon Redshift, Amazon Athena, Aurora PostgreSQL, and Apache Iceberg. Dataset owners can add custom instructions and semantic metadata to a knowledge graph, and an Explain capability lets users inspect the generated SQL and reasoning before acting on results.
read more →

Amazon Quick Adds Direct Query to S3 Table Buckets

🔍 Amazon Quick now supports Amazon S3 table buckets as a direct data source, enabling dashboards, conversational analytics, and exploration of Apache Iceberg tables stored in S3 without intermediate warehouses or OLAP layers. Paired with Zero-ETL ingestion from systems like Salesforce, SAP, and Amazon Kinesis Data Firehose, organizations can access near real-time insights with reduced pipeline complexity. Admins configure S3 table bucket permissions once, and authors can immediately create datasets and use Dataset Q&A to query the lakehouse in natural language.
read more →

Amazon EventBridge Data Plane Now Logged in AWS CloudTrail

🔒 Amazon EventBridge now supports logging data plane APIs to AWS CloudTrail, giving customers greater visibility into event bus activity. The update adds capture of the PutEvents API and records requester identity, IP address, timestamps, and request details. You can opt in per event bus via the CloudTrail console or APIs; the capability is available in commercial, GovCloud (US), and AWS China regions.
read more →