All news with #aws tag

Amazon MWAA Announces Support for Apache Airflow 3.0

🚀 Amazon Managed Workflows for Apache Airflow (MWAA) now supports Apache Airflow 3.0, enabling easier authoring, scheduling, and monitoring of complex workflows. The release introduces a redesigned UI and an event-driven scheduler that can trigger workflows directly from external events. The new Task SDK and Task Execution API reduce boilerplate, improve isolation, and limit direct metadatabase access. MWAA also adds Python 3.12 support and security fixes to enhance reliability.

Amazon Connect Adds Agent Time-Off Balance Data to Analytics

🔍 Amazon Connect now surfaces agent time-off balance data in the analytics data lake, enabling managers and analysts to generate reports and insights from both current and historical balances across categories such as paid time-off, sick leave, and leave of absence. The capability includes a chronological transaction log that shows each adjustment and its impact on balances, removing the need for manual reconciliation and improving manager productivity and response to agent inquiries. It is available in all AWS Regions where Amazon Connect scheduling is supported.

Amazon CloudWatch Application Map Generally Available

🗺️ Amazon CloudWatch now provides an out-of-the-box Application Map that automatically discovers, groups, and visualizes services and dependencies across AWS accounts and regions. SRE and DevOps teams can apply dynamic grouping by teams, business units, or criticality to align views with operational responsibilities and accelerate troubleshooting. The map integrates with a contextual troubleshooting drawer that surfaces metrics, SLOs, health indicators, changes, and top observations, and users can pivot to application-specific dashboards for deeper investigation. This capability is available in all AWS commercial regions at no additional cost.

Amazon Bedrock Data Automation Adds Enhanced Transcription

🔊 Amazon Bedrock Data Automation (BDA) now offers enhanced transcription with speaker diarization and channel identification, letting developers separate and process individual speakers or channels in audio files. It also provides a guided, natural language blueprint workflow for extracting custom audio insights. These capabilities simplify reading and analysis of multi-party recordings—customer calls, telehealth visits, webinars, public-safety recordings, and meetings—and support subtitle creation, compliance monitoring, and productivity analysis. BDA is available in seven AWS Regions.

AWS API MCP Server v1.0.0 enables natural API control

🧭 The AWS API MCP Server v1.0.0 enables foundation models to interact with AWS APIs via natural language by generating and executing syntactically correct CLI commands. This release reduces startup time and removes local dependencies by converting the suggest_aws_command tool into a remote service, and adds streamable HTTP transport alongside stdio. Security and governance are strengthened with improved secure file system controls, better input validation, configurable denials, and options to require human oversight for mutating actions. Observability is improved through CloudWatch agent log collection, and an experimental get_execution_plan tool (enabled by EXPERIMENTAL_AGENT_SCRIPTS) offers prescriptive workflows; the server is available as a container and open-source on the AWS Labs GitHub repository.

Amazon Detective Adds AWS PrivateLink VPC Endpoint Support

🔒 Amazon Detective now supports VPC endpoints via AWS PrivateLink, allowing you to initiate Detective API calls from inside your VPC without Internet traversal. The capability is available in all AWS Regions where Detective is offered. Create a VPC endpoint through the VPC console, API, or SDK; this provisions an elastic network interface with a private IP in your chosen subnets as the entry point. Detective continues to ingest and correlate logs and findings to power investigations.

SageMaker Unified Studio adds SSO for Spark sessions

🔐 Amazon SageMaker Unified Studio now supports corporate identities for interactive Apache Spark sessions using AWS Identity Center trusted identity propagation. Data engineers and scientists can sign on to JupyterLab Spark sessions with organizational credentials while administrators apply fine-grained access controls and maintain end-to-end data access traceability. The integration leverages AWS Lake Formation, Amazon S3 Access Grants, and Amazon Redshift Data APIs, and includes comprehensive AWS CloudTrail logging for interactive and background sessions to streamline compliance.

AWS Knowledge MCP Server Now Generally Available Globally

🔎 The AWS Knowledge MCP Server is now generally available, giving AI agents and MCP-compatible clients access to authoritative AWS documentation, blog posts, What's New announcements, and Well-Architected guidance in an LLM-friendly format. The GA release also adds structured knowledge about regional API and CloudFormation resource availability. The server is publicly accessible at no cost and does not require an AWS account, though usage is rate-limited. Configure MCP clients to use the AWS Knowledge MCP Server endpoint to anchor agent responses in trusted AWS context and reduce manual context management.

AWS DataSync Supports VPC Endpoint Policies and FIPS

🔒 AWS DataSync now supports VPC endpoint policies, enabling administrators to control access to DataSync API operations through VPC service endpoints, including FIPS 140-3 enabled endpoints. You can restrict specific actions such as CreateTask, StartTaskExecution, or ListAgents and combine these controls with identity-based and resource-based policies. The capability is available in all AWS Regions and helps strengthen security posture and compliance when accessing DataSync via VPC endpoints.

AWS Cloud WAN Now Available Across AWS GovCloud Regions

🛰️ AWS has made AWS Cloud WAN available in AWS GovCloud (US-West) and AWS GovCloud (US-East) as of Oct 1, 2025. The service provides a central dashboard and policy-driven networking to create a global network that spans VPCs, Transit Gateways, and on-premises locations. It supports BGP-based global route exchange and connectivity via Site-to-Site VPN, Direct Connect, or third-party SD-WAN solutions. The dashboard offers consolidated visibility into network health, security, and performance to simplify operations.

Amazon SageMaker Managed MLflow Now in AWS GovCloud

🛡️ Amazon SageMaker managed MLflow is now available in both AWS GovCloud (US-West) and AWS GovCloud (US-East) regions. The managed service integrates MLflow experiment tracking with SageMaker capabilities, streamlining AI experimentation and accelerating GenAI development from idea to production. It provides end-to-end observability to help reduce time-to-market and simplify compliance and operational oversight for government workloads.

CloudWatch & OpenSearch Integrated Analytics Expands

📈 Amazon has expanded the CloudWatch and OpenSearch Service integrated analytics experience to five additional commercial regions: Asia Pacific (Osaka and Seoul), Europe (Milan and Spain), and US West (N. California). CloudWatch Logs customers can now query logs with SQL or OpenSearch PPL in addition to CloudWatch Logs Insights QL, including JOINs, subqueries, and rich JSON, mathematical, datetime and string functions. With a few clicks, users can create OpenSearch dashboards for VPC, WAF, and CloudTrail logs and analyze data in-place without copying logs or building ETL pipelines.

Defending LLM Applications Against Unicode Tag Smuggling

🔒 This AWS Security Blog post examines how Unicode tag block characters (U+E0000–U+E007F) can be abused to hide instructions inside text sent to LLMs, enabling prompt-injection and hidden-character smuggling. It explains why Java's UTF-16 surrogate handling can make one-pass sanitizers inadequate and shows recursive sanitization as a remedy, plus Python-safe filters. The post also outlines using Amazon Bedrock Guardrails denied topics or Lambda-based handlers as mitigation and notes visual/compatibility trade-offs.

AWS Direct Connect 100G and 10G with MACsec in Bogota

🔌 AWS expanded 10 Gbps and 100 Gbps Direct Connect dedicated connections with MACsec encryption at the Equinix BG1 data center near Bogota, Colombia. Customers can now provision private, direct network access from this location to all public AWS Regions (except China), AWS GovCloud Regions, and AWS Local Zones. The enhancement delivers more consistent, lower-latency and encrypted connectivity for enterprises and partners in the region.

AWS Direct Connect opens MAD3 location in Madrid data center

🔌 AWS has opened a new AWS Direct Connect location at the Digital Realty MAD3 data center near Madrid, Spain. The site provides dedicated 10 Gbps and 100 Gbps connections with optional MACsec encryption and enables private network access to all public AWS Regions (except China), AWS GovCloud Regions, and AWS Local Zones. This is the third Direct Connect site in Madrid and the fourth in Spain, offering a lower-variance networking option compared with the public internet. It joins more than 146 Direct Connect locations worldwide, expanding options for colocations and hybrid deployments.

Amazon SNS Adds FIPS 140-3 Endpoints in US and Canada

🛡️ Amazon Simple Notification Service (Amazon SNS) now supports additional FIPS 140-3 validated endpoints across several AWS Regions in the United States and Canada. These FIPS-compliant endpoints allow organizations, including federal contractors, to meet requirements to use validated cryptographic modules when encrypting sensitive data. The new endpoints support requests over dual-stack public and VPC endpoints and are available in US East (N. Virginia and Ohio), US West (N. California and Oregon), Canada (Central and Calgary) and AWS GovCloud (US). Customers can use these endpoints to run SNS workloads that require FIPS 140-3 validated cryptography within the listed regions.

Amazon SNS Adds IPv6 Support in AWS GovCloud (US) Regions

🌐 Amazon Simple Notification Service (Amazon SNS) now supports IPv6 for API requests in the AWS GovCloud (US) Regions, giving customers the option to use IPv6 or IPv4 over dual‑stack public and VPC endpoints. The new endpoints are validated under FIPS 140-3, and SNS now supports IPv6 across all AWS Regions where the service is available.

AWS Transform Adds Terraform Module Generation for VMware

🔁 AWS Transform for VMware now generates reusable Terraform modules from discovered VMware network definitions, complementing existing AWS CloudFormation and CDK outputs. The feature converts source network configurations into modular, customizable infrastructure code that fits into current deployment pipelines. It is available in all Regions where the service is offered and helps teams preserve operational consistency during migrations. By producing Terraform modules, the service enables reuse of Terraform-based workflows, reduces manual configuration effort, and supports teams that prefer Terraform for network automation.

AWS Step Functions Gains Integration with Service Quotas

📣 AWS announces general availability of AWS Service Quotas integration with AWS Step Functions, allowing customers to view account-level quota values in the Service Quotas console and monitor utilization with Amazon CloudWatch metrics. Users can request quota increases directly from the console, and eligible changes are applied automatically to reduce manual intervention. The feature is available in all commercial and AWS GovCloud (US) Regions where Step Functions is provided and can be accessed via the console or CLI.

AWS Transfer Family Adds Four New IAM Condition Keys

🔒 AWS has added four service-specific IAM condition keys for AWS Transfer Family, enabling administrators to write more granular policies and SCPs. These keys let you constrain server protocols, endpoint types, and storage domains at request time. For example, use transfer:RequestServerEndpointType to block public servers or transfer:RequestServerProtocols to allow only SFTP. The keys are available in all Regions where the service is offered.