All news with #aws tag

AWS Deadline Cloud Adds 6th–8th Gen EC2 Instances Now

🚀 Deadline Cloud now supports an expanded set of EC2 instance families — including C7i, C7a, M7i, M7a, R7a, R7i, M8a, M8i and R8i — plus additional 6th-generation types that were previously unavailable. The update broadens compute-optimized, general-purpose and memory-optimized options for visual effects and animation rendering workloads. Studios can better right-size resources for tasks ranging from compute-heavy simulations to memory-intensive scene processing, improving performance and cost-efficiency in the Regions where Deadline Cloud is offered.

Amazon EVS Expanded to Mumbai, Sydney, Canada, Paris

🚀 Amazon has expanded Amazon Elastic VMware Service (EVS) to all availability zones in Asia Pacific (Mumbai), Asia Pacific (Sydney), Canada (Central), and Europe (Paris). EVS runs VMware Cloud Foundation on EC2 bare‑metal instances powered by AWS Nitro, and can be deployed via a step‑by‑step workflow or the AWS CLI in hours. The expansion delivers lower latency, improved data‑residency options, and additional resiliency and high‑availability choices for VMware workloads.

AWS IoT Greengrass v2.16 Adds Log Forwarding and TPM

🔒 AWS IoT Greengrass v2.16 adds a system log forwarder and a new nucleus lite (v2.3) with TPM 2.0 support. The system log forwarder uploads system logs to AWS CloudWatch to simplify debugging and centralize operational visibility for edge applications. The nucleus lite TPM integration provides a hardware-based root of trust for secure secrets storage and streamlined device authentication on resource-constrained devices. The update is available in all AWS Regions where Greengrass is offered.

AWS launches regional service discovery in Builder Center

🔍 AWS announced AWS Capabilities by Region in Builder Center, a web-based tool to discover and compare service availability, features, APIs, and CloudFormation resources across AWS Regions. The interactive interface lets users explore Regions, run side-by-side comparisons, and view forward-looking roadmap details to support global deployment planning. AWS also enhanced the Knowledge MCP Server to expose regional capability data in an LLM-compatible format, enabling MCP clients and agentic frameworks to obtain real-time availability insights and suggested alternatives when features are unavailable.

Amazon ECS: Managed EBS Permissions for Non-Root Containers

🔐 Amazon Elastic Container Service (ECS) now supports mounting Amazon EBS volumes to containers running as non-root users. ECS automatically sets file system permissions on the attached EBS volume so non-root processes can securely read and write while preserving root ownership. This removes the need for manual chown/chmod or custom entrypoint scripts, simplifying security-first container deployments. The capability is available across all AWS Regions for EC2, AWS Fargate, and ECS Managed Instances.

AWS Backup: Support for KMS Customer Managed Keys for Vaults

🔐 AWS Backup now lets you encrypt logically air-gapped vaults with your own AWS KMS customer managed keys (CMKs). This gives organizations more control over key lifecycle, access policies, and compliance posture while preserving the security benefits of logically air-gapped backups. Support covers same-account and cross-account CMKs and is available in all Regions where air-gapped vaults are supported. You can enable CMK encryption when creating vaults via the console, API, or CLI.

CloudWatch Application Signals Now in AWS GovCloud

🔒 CloudWatch Application Signals is now available in AWS GovCloud (US-East) and AWS GovCloud (US-West), extending automated application observability to government and regulated workloads. The service automatically collects telemetry from Amazon EC2, Amazon ECS, Amazon EKS and AWS Lambda to provide real-time health, dependency visualization and anomaly detection. By eliminating manual instrumentation, it helps teams meet compliance and monitoring requirements while improving incident detection and resolution. For pricing and setup, consult the CloudWatch pricing page and Application Signals documentation.

ThreatsDay Bulletin: Cybercrime Trends and Major Incidents

🛡️ This bulletin catalogues a broad set of 2025 incidents showing cybercrime’s increasing real-world impacts. Microsoft patched three Windows GDI flaws (CVE-2025-30388, CVE-2025-53766, CVE-2025-47984) rooted in gdiplus.dll and gdi32full.dll, while Check Point warned partial fixes can leave data leaks lingering. Threat actors expanded toolsets and infrastructure — from RondoDox’s new exploits and TruffleNet’s AWS abuse to FIN7’s SSH backdoor and sophisticated phishing campaigns — and law enforcement action ranged from large fraud takedowns to prison sentences and cross-border crackdowns.

Amazon S3 Adds Tagging for S3 Tables (ABAC & Cost)

🔖Amazon S3 now supports tags on S3 Tables to enable attribute-based access control (ABAC) and cost allocation. Tags can be applied to table buckets and individual tables, letting you manage permissions for users and roles without frequent IAM or resource-policy updates. Tagging is available in all Regions where S3 Tables is offered and can be used via the Console, SDK, API, or CLI. Use tags to simplify governance and track costs.

AWS End User Messaging adds SMS Carrier Lookup feature

📲 AWS End User Messaging now offers Carrier Lookup, enabling customers to retrieve carrier-related details for a phone number — including country, number type, dialing code, and mobile network and carrier codes. By validating these attributes before sending, teams can improve SMS deliverability, reduce failed or misrouted messages, and avoid sending to incorrect destinations. The capability supports common use cases such as OTPs, account updates, reminders, and promotions, and is available in all AWS Regions where the service is offered.

Amazon CloudFront Adds Cross-Account VPC Origins Support

🔒 Amazon announced that CloudFront now supports cross-account VPC origins, enabling distributions to reach ALB, NLB, and EC2 origins inside private subnets across different AWS accounts. Customers can grant access via AWS RAM, including across Organizations and OUs, removing the need to place origins in public subnets. The capability is available in AWS Commercial Regions at no extra charge and is designed to simplify security and multi-account operations.

AWS Releases Whitepaper on European Sovereign Cloud

🔒 Amazon Web Services (AWS) published a whitepaper, Overview of the AWS European Sovereign Cloud, available in English, German, and French, outlining the planned design and objectives. The document describes a new, independent cloud for Europe supported by a €7.8 billion investment and a target launch of the first Region in the State of Brandenburg, Germany by the end of 2025. It highlights dedicated physical infrastructure, logical isolation, EU-based corporate governance, and continued access to the full AWS service portfolio while addressing data sovereignty and law enforcement processes.

CloudWatch Database Insights expands anomaly detection

🔍 Amazon CloudWatch Database Insights now detects anomalies across additional metrics in its on‑demand analysis experience. The ML-driven on‑demand reports identify anomalies in database-level and OS-level counters and surface per‑SQL anomalies for top statements, automatically comparing selected periods to learned baselines. The feature pairs intuitive visualizations with specific remediation advice to help reduce mean time to diagnosis. Enable Advanced mode for Amazon Aurora or Amazon RDS via the AWS Management Console, APIs, or CloudFormation and consult RDS and Aurora documentation for availability by region, engine, and instance class.

Amazon FSx Integrates with AWS Secrets Manager for AD

🔒 Amazon FSx now integrates with AWS Secrets Manager to store and manage Active Directory domain service account credentials for FSx for Windows File Server and FSx for NetApp ONTAP Storage Virtual Machines (SVMs). This removes the need to supply plain-text service account usernames and passwords in the console, APIs, CLI, or CloudFormation, and enables credential rotation and improved credential hygiene. The capability is available in all AWS Regions where FSx is offered.

Migrating from OPA to Amazon Verified Permissions Guide

🔁 This AWS Security Blog post by Samuel Folkes outlines a practical approach to migrating authorization from Open Policy Agent (OPA) and Rego to Amazon Verified Permissions using the Cedar policy language. It highlights key benefits: a fully managed service, reduced operational overhead, and significant performance gains. The article walks through schema design, common translation patterns (RBAC, ABAC, ReBAC), application integration changes, testing practices, and a phased deployment strategy to compare and validate behavior during migration.

Keyspaces Multi-Region Replication: Bahrain and Hong Kong

🔁Amazon Web Services has expanded Amazon Keyspaces (for Apache Cassandra) to support Multi-Region Replication in Middle East (Bahrain) and Asia Pacific (Hong Kong). The managed capability automatically replicates tables across Regions with typically less than one second of replication lag, allowing applications to read and write the same table in multiple Regions. Customers gain lower latency, improved regional resiliency, and can replicate between these Regions and any other supported AWS Region while paying only for resources they use.

Amazon GameLift Streams Adds AWS Health Lifecycle Alerts

🔔 Amazon GameLift Streams now integrates with AWS Health to deliver automated lifecycle notifications for stream groups. AWS Health will send reminders on day 45 and day 150 about upcoming restrictions at day 180, and a final reminder on day 335 before automatic expiration on day 365. Stream groups older than 180 days cannot add new applications. The feature is available in all Regions at no extra cost, and the ExpiresAt field in the GetStreamGroup API or the Stream group details page in the console shows status.

AWS Marketplace Enables Local INR Transactions for India

🇮🇳 Buyers and sellers in India can now transact locally on AWS Marketplace using INR, with invoices issued in Indian Rupees and tax compliance facilitated by AWS India. India-based sellers can register to sell paid offerings, create private offers in USD or INR, and work with India-based Channel Partners. AWS India will automate WHT and GST-TCS collection and remittance to authorities, simplifying buyer compliance.

AWS CloudWatch Application Signals Adds AI Canary Debugging

🔍 CloudWatch Application Signals (Model Context Protocol / MCP Server) now ingests CloudWatch Synthetics canary data to enable AI-powered debugging of synthetic-monitoring failures. From natural-language prompts like “Why is my checkout canary failing?”, supported AI assistants (for example Amazon Q or Claude) drive diagnostics that correlate canary failures with metrics, traces, and dependencies. The system analyzes HAR files, CloudWatch Logs, S3 artifacts, and configuration to triage issues across network, authentication, performance, script, infrastructure, and dependency layers. This capability is available in all commercial AWS regions where CloudWatch Synthetics is offered; customers must have access to a compatible AI agent to use the AI-driven debugging features.

AWS Launches Memory-Optimized EC2 R8a Instances, GA

🧠 AWS has announced general availability of new Amazon EC2 R8a memory-optimized instances powered by 5th Gen AMD EPYC processors (Turin) with up to 4.5 GHz. R8a delivers up to 30% higher performance, up to 19% better price-performance and 45% more memory bandwidth versus R7a. Available in 12 sizes (including 2 bare metal) and SAP-certified, R8a targets latency-sensitive, memory-intensive workloads and supports Savings Plans, On-Demand and Spot purchasing.