All news with #aws tag

🚀 Amazon Timestream for InfluxDB 3 Enterprise now supports expanded multi-node clusters up to 15 nodes, enabling 1–4 combined writer/reader nodes, 0–13 dedicated reader-only nodes, plus a dedicated compactor node for long-term storage. Multi-node deployments distribute nodes across Availability Zones for improved fault tolerance and availability. You can add and remove nodes on Enterprise clusters, upgrade from Core to Enterprise, and configure custom topologies via the console, AWS CLI, or SDKs.

🤖 AWS announces general availability of AWS Partner Central agents, AI-powered agentic capabilities built on Amazon Bedrock AgentCore to accelerate partner co-selling. Agents provide pipeline insights, tailored sales plays, and next-step recommendations, and can populate CRM fields from transcripts, notes, and emails. They also identify funding eligibility, pre-fill funding requests, and are available in all commercial AWS Regions.

📤 Amazon SimpleDB now supports exporting domain data directly to Amazon S3 in standard JSON format. Exports run in the background with no impact on database performance and support cross-region and cross-account targets, multiple encryption options, and flexible S3 bucket configuration. The capability is available in all SimpleDB regions and is accessed via three new APIs — StartDomainExport, GetExport, and ListExports — with built-in rate limits; there is no additional charge for the tool, though standard data transfer fees apply.

📧 Amazon Connect now lets agents forward email contacts to external email addresses and distribution lists directly from the Agent workspace and Contact Center Panel. When forwarded, agents retain ownership and the complete communication trail of the original contact, keeping a single point of contact for customers. This streamlines collaboration with back-office teams, subject matter experts, partners, and stakeholders. Email forwarding is available in multiple AWS regions.

⚠️ Phantom Labs Research demonstrated a DNS-based exfiltration technique targeting the AWS Bedrock AgentCore Code Interpreter that bypasses expected Sandbox Mode network restrictions. Maliciously crafted files (for example, CSVs) can influence generated Python code to use DNS queries as a covert command-and-control channel. In tests, researchers executed commands, enumerated and retrieved S3 content and secrets while the environment still reported network access disabled. AWS says this is intended behavior and updated documentation; organisations should inventory AgentCore instances, tighten IAM roles and move sensitive workloads to VPC mode.

🔁 AWS now supports IAM Identity Center multi-Region replication, enabling workforce access and supported AWS managed applications to operate from additional Regions for improved resiliency and lower latency. Administrators create a multi-Region customer-managed KMS key, replicate it to target Regions, and add those Regions in the Identity Center console. External IdP configurations (for example, Okta or Microsoft Entra ID) must be updated with new ACS and access portal URLs so both service-provider and IdP-initiated flows work. Instance-level management remains centralized in the primary Region while additional Regions provide read-only replicated configuration and local application access.

🔒 AWS Security Agent now integrates with AWS Service Quotas, giving teams a centralized view of applied limits and utilization for security workloads. Users can request quota increases through the Service Quotas console, and eligible requests are automatically approved to reduce manual intervention. The update explicitly covers pentesting limits, including action hours and concurrent pentest jobs, helping security and development teams scale testing without unexpected constraints.

📈 Amazon CloudWatch Application Signals now includes three console-based SLO capabilities: SLO Recommendations, Service-Level SLOs, and SLO Performance Report. The features analyze 30 days of service metrics (P99 latency and error rates) to suggest validated, data-driven SLO targets and allow customers to approve recommendations before rollout. Service-Level SLOs provide a holistic view of service reliability across operations, while SLO Performance Report delivers calendar-aligned historical analysis for daily, weekly, and monthly intervals. These updates aim to reduce misconfigured thresholds and alert fatigue and are available in all Regions where Application Signals runs; pricing is usage-based with per-SLO charges.

🚀Amazon MSK now supports Standard brokers on AWS Graviton3-based M7g instances in the Africa (Cape Town) region. M7g brokers deliver up to 24% compute cost savings and up to 29% higher write and read throughput versus comparable M5-based MSK clusters. You can create new clusters with M7g brokers or upgrade existing M5 clusters via the Amazon MSK console or AWS CLI; consult the Amazon MSK Developer Guide for implementation details.

🔐 Starting today, AWS Network Firewall is available in the AWS European Sovereign Cloud, enabling European customers — especially highly regulated industries, government agencies, and organizations with strict data sovereignty requirements — to deploy managed firewall protections while keeping data and operations within EU borders. The service delivers the same capabilities offered in other AWS Regions and automatically scales with VPC traffic to provide high-availability protections without customers needing to maintain underlying infrastructure. Refer to the AWS Region Table and service documentation for availability and configuration guidance.

🔗 Amazon OpenSearch Service now supports cross-account data access, allowing users to query OpenSearch domains hosted in different AWS accounts from a single OpenSearch UI application within the same region. The capability works for domains in both public and VPC configurations and removes the need to switch endpoints or replicate data. It supports authentication via IAM (including SAML through IAM federation) and IAM Identity Center, enabling centralized observability and analytics while keeping data in place and preserving account-level access controls.

🤖 The open-source Landing Zone Accelerator (LZA) Model Context Protocol (MCP) Server enables management of LZA deployments via natural-language conversations with AI assistants. The containerized MCP endpoint provides 20 specialized tools to search documentation across LZA versions, manage configurations, monitor pipelines, and surface actionable failure insights. It integrates with IDEs such as Kiro, Amazon Q Developer, and Claude Code, uses temporary credentials per AWS security best practices, and is available now in supported commercial and GovCloud regions.

🛠️ AWS Elastic Beanstalk now includes a Deployments tab in the environment dashboard, offering a consolidated view of deployment history and real-time, step-by-step deployment logs. Previously, customers had to wait until a deployment completed and then aggregate events from multiple sources; the new tab surfaces status, events, and detailed logs while deployments are still in progress. The feature covers application deployments, configuration updates, and environment launches, and is supported across all Linux-based platform branches and available in AWS Commercial and GovCloud (US) Regions.

🔒 AWS Private CA Connector for SCEP now supports AWS PrivateLink, enabling clients within an Amazon VPC to request certificates without traversing the public internet. The managed AWS Private CA Connector for SCEP uses SCEP to automate certificate enrollment and renewal for mobile, network, and IoT devices. PrivateLink removes the need for internet gateways, NAT devices, or VPNs while keeping traffic on the AWS network.

🛡️ This post presents the AMI Lineage solution to help organizations track and govern Amazon Machine Images (AMIs) across AWS. It explains how AWS lineage metadata (announced at the end of 2024) can be combined with a centralized Amazon Neptune graph, EventBridge, Lambda, API Gateway, and Security Hub to validate image origins, enforce SCPs, and assess CVE impact. The architecture uses a three-account model (management, security tooling, member) to centralize sensitive processing, automate compliance checks, and provide queryable lineage and remediation workflows for security teams.

🚀 AWS announced the general availability of CDK Mixins in the aws-cdk-lib, enabling developers to attach composable, reusable abstractions to any construct (L1, L2, or custom) without rebuilding existing infrastructure code. Mixins use a concise .with() syntax to add behaviors like auto-delete, bucket encryption, versioning, and block public access, and multiple Mixins can be combined into custom L2 constructs. Teams can apply Mixins across scopes or use Mixins.of() for resource-type or path-pattern filtering, helping enforce reusable security and compliance policies while preserving day-one access to new AWS features.

⚡ Amazon EC2 M8i and M8i-flex instances are now available in Europe (Ireland) and Europe (London). Powered by AWS-exclusive custom Intel Xeon 6 processors, they deliver up to 15% better price-performance and 2.5x the memory bandwidth versus previous Intel-based instances. AWS reports up to 20% higher general compute performance versus M7i, with specific workload gains—up to 30% for PostgreSQL, 60% for NGINX web applications, and 40% for deep learning recommendation models. M8i-flex targets common general-purpose sizes while M8i offers larger and SAP-certified configurations including a new 96xlarge.

🔔 Amazon announced that AgentCore Memory for Bedrock now supports streaming notifications for long-term memory, delivering push events to Amazon Kinesis whenever memory records are created or modified. Developers can subscribe to these streams to trigger downstream workflows, refresh application state, and build audit trails without polling. This reduces developer overhead and simplifies integration of personalized, memory-driven experiences. The feature is available in 15 AWS Regions.

⚡ AWS Glue zero-ETL now supports configurable change data capture (CDC) refresh intervals and on-demand ingestion for Amazon DynamoDB sources. You can set refresh windows from 15 minutes up to 6 days, letting teams balance data freshness and cost, and trigger immediate ingestion for urgent updates. These enhancements align DynamoDB zero-ETL integrations with SaaS sources such as Salesforce, SAP, and ServiceNow. The capabilities are available today in all regions where zero-ETL is supported.

🖥️ AWS now offers Windows Server 2025 bundles for Amazon WorkSpaces, available for both Personal and Core WorkSpaces. These managed bundles let customers launch Windows Server 2025 instances to run modern applications, including eligible Microsoft 365 Apps for enterprise that require newer Windows. The option introduces enhanced security and firmware protections such as TPM 2.0, UEFI Secure Boot, and Secured-core server, and is available in all Regions where WorkSpaces is offered.