All news with #aws tag

Amazon Redshift Concurrency Scaling Adds More Regions

🚀 Amazon Redshift Concurrency Scaling is now available in ten additional AWS regions, including Africa (Cape Town), several Asia Pacific locations, Europe (Milan), Middle East (Bahrain), Mexico (Central) and AWS GovCloud (US‑West). The feature elastically adds query processing capacity in seconds to maintain fast performance for thousands of concurrent users and hundreds of simultaneous queries. Customers with an active Redshift cluster earn up to one hour of free Concurrency Scaling credits and can control allocation, set cluster limits, and monitor usage through Amazon CloudWatch; enable it by setting the Concurrency Scaling Mode to Auto in the AWS Management Console.

AWS Network Firewall Enhances Application-Layer Controls

🔐 AWS released enhanced default application-layer rules for AWS Network Firewall to better handle TLS client hellos and HTTP requests that are split across multiple packets. The update adds new default stateful actions — drop and alert established — enabling security teams to enforce controls without complex custom rules while supporting modern TLS implementations and large HTTP requests. Detailed logging preserves visibility. Available in all supported AWS Regions.

AWS Expands EC2 C8gn Graviton4 Instances to Regions

🚀 Amazon expanded availability of EC2 C8gn instances—powered by Graviton4—to Europe (Frankfurt, Stockholm) and Asia Pacific (Singapore), in addition to existing US Regions. C8gn delivers up to 30% better compute vs Graviton3-based C7gn, includes 6th-generation Nitro Cards, and offers up to 600 Gbps network bandwidth. Instances scale to 48xlarge with up to 384 GiB memory and 60 Gbps EBS bandwidth, and select sizes support Elastic Fabric Adapter (EFA) for lower-latency clusters optimized for network-intensive workloads.

Research and Engineering Studio on AWS 2025.09 Release

🚀 Research and Engineering Studio (RES) on AWS 2025.09 introduces fractional GPU support, simplified AMI management, and broader deployment flexibility to help teams run graphics‑intensive and compute workloads more efficiently. The release adds Amazon EC2 g6f support for GPU fractionalization and Systems Manager Parameter Alias support for AMI IDs. Integration with Amazon Cognito user pools and customizable CIDR ranges in the CloudFormation template streamline authentication and network planning, while regional expansion improves accessibility.

AWS Billing: Consolidated Cost Views Across Organizations

🔔 AWS has announced general availability of new AWS Billing and Cost Management features that let customers create and share custom billing views across multiple AWS Organizations from a single account. Users can share views with accounts outside their organization and combine multiple custom views into consolidated perspectives. These consolidated views are accessible via AWS Cost Explorer and AWS Budgets, enabling cross-organization cost analysis and budgeting.

Amazon CloudWatch Adds Tag-Based Telemetry for Metrics

🔍 Amazon CloudWatch introduces tag-based telemetry so teams can monitor metrics and configure alarms using existing AWS resource tags. This lets DevOps and cloud administrators build dynamic monitoring views that follow organizational tagging, automatically adapting as resources change. Tag-based query filtering cuts manual dashboard and alarm updates, and can be enabled with one click or via the AWS CLI and SDKs.

Preview Amazon S3 Tables Directly in the S3 Console

🔍 You can now preview Amazon S3 Tables directly in the S3 console without writing SQL. The console preview displays table schema, column types, and sample rows so you can quickly inspect structure and key data points without additional setup. Previews are available in all AWS Regions where S3 Tables are offered. You are charged only for the S3 requests used to read the sampled rows; consult S3 pricing and the S3 User Guide for details.

Amazon EC2 Allowed AMIs: New Parameters for Governance

🔒 Amazon EC2’s account-wide Allowed AMIs setting now supports four new parameters — marketplace codes, deprecation time, creation date, and AMI names — to tighten AMI discovery and usage controls. Previously limited to account IDs and owner aliases, administrators can now define additional criteria to block Marketplace images, filter out outdated AMIs, and enforce naming patterns. These parameters integrate with Declarative Policies and are available in all regions, including AWS China and AWS GovCloud (US), enabling centralized AMI governance across your organization.

Amazon RDS: PostgreSQL 18.0 Available in Public Preview

🆕 Amazon RDS for PostgreSQL 18.0 is now available in the RDS Database Preview Environment, enabling evaluation of new PostgreSQL capabilities within a fully managed sandbox. PostgreSQL 18.0 introduces multicolumn B-tree skip scan, improved WHERE handling for OR/IN conditions, parallel GIN builds, updated join behavior, and UUIDv7 support. The preview preserves instances for up to 60 days, restricts snapshots to the preview environment, and supports database import/export via dump/load; pricing follows the US East (Ohio) Region.

AWS X-Ray Adds Adaptive Sampling for Error and Cost Control

🔍 AWS X-Ray now supports adaptive sampling to automatically adjust trace sampling within user-defined limits. This feature offers two modes—Sampling Boost to temporarily raise sampling when anomalies are detected and Anomaly Span Capture to retain spans tied to anomalies even if the full trace isn't sampled. Adaptive sampling aims to reduce MTTR by capturing critical traces during incidents while keeping observability costs low. It is available in all commercial regions where X‑Ray is offered.

AWS Lambda Code Signing Now Available in GovCloud Regions

🔐 AWS Lambda now supports code signing in AWS GovCloud (US-West and US-East) through the managed AWS Signer service. Lambda validates signatures at deployment to ensure code has not been altered and that it originates from trusted signers. Administrators can create Signing Profiles, bind allowed profiles to functions, and configure whether failed signature checks produce warnings or reject deployments. Access and permissions are controlled via IAM, and there is no additional charge to use this capability.

AWS ARC Region Switch Now Available in New Zealand

🔁 Amazon Web Services has made the Application Recovery Controller Region switch feature available in the Asia Pacific (New Zealand) Region. Region switch lets teams orchestrate and execute cross-account and cross-Region recovery steps while providing real-time dashboards and consolidated data collection to support regulator and compliance reporting. The feature supports failover/failback for active/passive designs and shift-away/return for active/active architectures, and automatically replicates plans to all Regions where the application runs.

Amazon Route 53 Resolver Query Logging Now in NZ Region

🛰️ Amazon Route 53 Resolver Query Logging is now available in Asia Pacific (New Zealand). You can log DNS queries originating in VPCs to capture queried domain names, the AWS resources that issued the queries (including source IP and instance ID), and the responses received. Logs can be delivered to Amazon S3, CloudWatch Logs, or Amazon Data Firehose, and query logging configurations may be shared across accounts via AWS RAM. There is no additional Route 53 charge for enabling query logging, though storage and ingestion on the chosen destination may incur costs.

Pandoc SSRF Exploited to Target AWS IMDS, Steal EC2 Keys

🔒 Wiz has observed in-the-wild exploitation attempts of CVE-2025-51591, an SSRF in Pandoc that renders iframe tags and can direct them at the AWS Instance Metadata Service (IMDS). Attackers submitted crafted HTML aiming to access 169.254.169.254 to exfiltrate temporary IAM metadata and EC2 credentials. Attempts seen from August and continuing for weeks were blocked where IMDSv2 was enforced. Administrators should mitigate by using Pandoc's -f html+raw_html or --sandbox options, enforce IMDSv2, and apply least-privilege roles.

Amazon EC2 Auto Scaling — Forced Immediate Cancel Feature

⚡ Amazon EC2 Auto Scaling now allows customers to force-cancel ongoing instance refreshes immediately by setting WaitForTransitioningInstances to false when calling the CancelInstanceRefresh API. The change bypasses waiting for in-progress launches, terminations, or instance lifecycle hooks, enabling rapid aborts of deployments during incidents or to roll forward to corrected releases. The capability is available in all AWS regions, including AWS GovCloud (US).

Amazon GameLift Servers: Dallas Local Zone Launches

🎮 Amazon GameLift Servers now supports the new AWS Local Zone in Dallas, Texas (us-east-1-dfw-2), enabling fleets to deploy EC2 C6gn, C6i, C6in, M6g, M6i, M6in, M8g, and R6i instances. From the GameLift Servers Console you can enable the Dallas Local Zone and add it to your fleets like any other Region or Local Zone. This launch lets studios run latency-sensitive multiplayer, AR/VR, and tournament workloads closer to Dallas-area players for single-digit millisecond latency and improved responsiveness.

AWS removes network burst limits for I7i and I8g instances

🚀 Today AWS removed networking bandwidth burst duration limits for Amazon EC2 I7i and I8g instances larger than 4xlarge, doubling the network bandwidth available at all times for those sizes. Where instances previously relied on a network I/O credit mechanism to burst above a baseline, larger I7i and I8g instances can now sustain their maximum network performance indefinitely. The change delivers more predictable, uninterrupted throughput for memory- and network‑intensive workloads such as distributed databases, real‑time analytics and AI preprocessing; smaller sizes retain existing baseline-and-burst behavior.

Optimize Security Operations with AWS Incident Response

🔒 AWS Security Incident Response provides an AWS-native incident management capability that combines automated triage, threat intelligence, and customer metadata to surface and prioritize genuine threats. The service integrates with Amazon GuardDuty, AWS Security Hub, and select third-party detections, and offers a unified console with 24/7 access to the AWS Customer Incident Response Team (CIRT). It supports delegated administration, organization-wide coverage, and immutable case timelines. Included with Amazon Managed Services (AMS), it accelerates investigation and containment to reduce mean time to resolution.

Amazon DataZone Now Available in Three Additional Regions

🔔 Amazon DataZone is now available in AWS Asia Pacific (Hong Kong), Asia Pacific (Malaysia), and Europe (Zurich) Regions. The fully managed Amazon DataZone service catalogs, discovers, analyzes, shares, and governs organizational data, integrating with AWS Glue Data Catalog and Amazon Redshift. Consumers can search, subscribe, and analyze assets using tools like Amazon Redshift and Amazon Athena from the DataZone portal. The service also underpins governance in the next generation of Amazon SageMaker to simplify discovery and secure access to data and models.

Defense-in-Depth: Building an AWS Control Framework

🔒 This post outlines a practical, layered approach to reduce risk in AWS by moving beyond detective-only controls to a comprehensive defense‑in‑depth control framework. It recommends combining preventative, proactive, detective, and responsive controls across the resource lifecycle and illustrates how AWS services such as AWS Control Tower, AWS Organizations, Security Hub, and AWS Config enable that strategy. The guidance covers concrete patterns—from SCPs, RCPs and policy‑as‑code in CI/CD to automated remediation via Lambda and Systems Manager—to scale governance, reduce findings, and shorten remediation time.