All news with #aws tag

🔒 Amazon has made Policy in Bedrock AgentCore generally available, providing centralized, fine-grained controls for agent-to-tool interactions. Teams can author policies in natural language that AWS converts into Cedar and stores in a policy engine attached to an AgentCore Gateway, which intercepts traffic and evaluates requests before allowing or denying access. Operating outside agent code, this lets security, compliance, and operations enforce access rules and validate inputs without modifying agents, improving governance and visibility across deployments.

🔒 Amazon Web Services (AWS) announced the issuance of the PiTuKri ISAE 3000 Type II attestation report covering 183 services, confirming its control environment aligns with the Finnish Traficom Cyber Security Centre’s criteria. The independent report covers October 1, 2024 to September 30, 2025 and adds five services to scope: Amazon Verified Permissions, AWS B2B Data Interchange, AWS Resource Explorer, AWS Security Incident Response, and AWS Transform. Customers can obtain the attestation via AWS Artifact, and AWS reiterates that security is a shared responsibility between the provider and the customer.

🔒 LexisNexis has confirmed a breach after the threat actor FulcrumSec posted 2.04 GB of files allegedly exfiltrated from its AWS environment. The group says they exploited a React2Shell vulnerability in an unpatched React frontend container on February 24 to reach Redshift tables, VPC databases and plaintext Secrets Manager entries. LexisNexis characterizes the material as mostly legacy data from before 2020 and says it contained no Social Security numbers, driver’s license numbers, financial data, active passwords, customer search queries, client/matter data, or contracts.

🚨 Amazon has confirmed that drone strikes damaged three AWS data centers in the United Arab Emirates and one in Bahrain, causing an ongoing outage that is affecting dozens of cloud services. The attacks caused structural and power damage and triggered fire suppression that resulted in additional water damage. Amazon is restoring physical infrastructure while pursuing software-based recovery paths and advising customers to back up and migrate workloads to unaffected regions.

🚀 Amazon OpenSearch Service has expanded the OpenSearch Optimized instance family with OR2 and OM2 in AWS GovCloud (US-East, US-West). In internal benchmarks, OR2 delivers up to 26% higher indexing throughput versus OR1 (and up to 70% versus R7g), while OM2 delivers up to 15% higher throughput versus OR1 (and up to 66% versus M7g). Both instance types pair compute and local caching with S3-based managed storage, offer pay-as-you-go and reserved pricing, and come in a range of sizes to support indexing-heavy workloads.

⏱️ AWS Batch now supports a configurable scale-down delay for managed compute environments, letting operators keep instances running after jobs complete to reduce relaunch latency. The new minScaleDownDelayMinutes parameter accepts values from 20 minutes up to 1 week and is applied per instance based on when it last finished a job. You can set the delay when creating or updating a compute environment via the API or Management Console; the feature is available in all AWS Regions where AWS Batch is supported.

🔐 AWS introduced standardized IAM context keys for its managed remote Model Context Protocol (MCP) servers so AI agents can operate with existing IAM credentials while enabling distinct governance controls. The two keys — aws:ViaAWSMCPService (boolean) and aws:CalledViaAWSMCP (string) — let you allow or deny MCP-initiated actions and restrict access to specific MCP servers. AWS will also simplify public endpoint authorization so AI calls use standard IAM permissions (no separate MCP actions) and plans to add VPC endpoint support for private-network enforcement and two-stage authorization.

🔔 AWS Config now supports 30 additional AWS resource types across key services including Amazon Bedrock AgentCore and Amazon Cognito. If you have recording enabled for all resource types, AWS Config will automatically begin tracking these new additions. The newly supported types are also available for use in Config rules and Config aggregators. This update expands visibility for discovery, assessment, audit, and remediation across Regions where each resource is available.

🔒 AWS is introducing pricing for VPC Encryption Controls, a regional capability that audits and enforces encryption-in-transit for traffic within and across Virtual Private Clouds. The feature supports Monitor mode to detect unencrypted flows and Enforce mode to prevent the creation or operation of resources that allow unencrypted traffic. Beginning March 1, 2026, AWS will apply a fixed hourly charge to every non-empty VPC with Encryption Controls enabled; empty VPCs enabled with the feature are not charged. When encryption is enabled on a Transit Gateway, standard VPC Encryption Controls charges apply to all VPCs attached to that Transit Gateway regardless of each VPC's mode or whether they are empty.

🔒 AWS Elemental MediaLive now supports SRT Listener mode for both inputs and outputs, allowing MediaLive to wait for connections instead of initiating them. This simplifies networking by removing the need for outbound connections or static public IP addresses and complements existing SRT Caller mode. Listener inputs and outputs offer configurable latency and mandatory AES encryption and are available in all Regions where MediaLive is offered.

🚀 Amazon Lightsail now provides a new WordPress blueprint that streamlines launching and managing a site with a guided setup wizard. The VPS image comes preinstalled and enforces IMDSv2 by default for improved instance metadata security. From the console you can attach a static IP, configure DNS, and enable HTTPS with a free Let's Encrypt certificate within minutes.

🔧 EC2 Image Builder now supports wildcard patterns in lifecycle policies so teams can apply retention and cleanup rules across multiple image recipes with a single policy. The console also simplifies IAM role creation by pre-populating required default permissions for lifecycle management. These enhancements reduce manual configuration, lower the risk of misconfiguration, and make it easier to scale image lifecycle operations as new recipes are added. Lifecycle Policies are available in all commercial AWS regions.

🔁 Amazon Application Recovery Controller (ARC) Region switch now includes post-recovery workflows, native Amazon RDS execution blocks, and support in the AWS provider for Terraform. The update automates failover and the subsequent recovery preparation steps to reduce manual coordination and lower error risk. Post-recovery workflows support Lambda actions, RDS read-replica creation, nested ARC plans, and manual approvals, and can be triggered for active/passive deployments. Terraform support enables DR plans as Infrastructure-as-Code for CI/CD integration.

🔔 AWS Network Firewall now emits real-time state change and configuration notifications via Amazon EventBridge. This integration reports updates across AWS Managed Rules, Partner Managed Rules, and firewall configurations so security and ops teams can centralize monitoring. With EventBridge you can route events to Amazon SNS, ITSM ticketing, or third‑party SIEMs to automate alerts and accelerate response.

🔁 Amazon Bedrock batch inference now accepts the Converse API as a model invocation type, letting you submit batch inputs in a consistent, model-agnostic Converse request format and receive outputs in the Converse response format. This unifies real-time and batch request formats, simplifying prompt management and reducing the effort of switching between models. You can configure the Converse invocation type through the Bedrock console or API, and the capability is available in all Regions that support Bedrock batch inference.

🔧 Amazon CloudWatch now lets administrators customize destination log group names when creating log centralization rules, using attributes such as account ID, region, log group name, organization ID, organizational unit ID, root ID, or the full organizational path. Patterns like ${source.accountId}/${source.region}/${source.logGroup} produce readable hierarchies (for example, 123456789012/us-east-1/cloudtrail/managementevent). The feature is available in all centralization rules supported regions. One centralized copy is ingested for free; additional copies (including backup-region copies) are charged at $0.05/GB and storage fees apply.

🔒 AWS Resource Access Manager (RAM) now provides a resource share configuration that preserves shared access when accounts move between AWS Organizations. The new RetainSharingOnAccountLeaveOrganization parameter and the ram:RetainSharingOnAccountLeaveOrganization condition key allow administrators to retain access to resources such as Route53 Resolver Rules, Transit Gateways, and IPAM pools when accounts leave an organization. Security teams can enforce the setting using Service Control Policies (SCPs). RAM will treat moved accounts as external principals, requiring explicit invitation acceptance to maintain access. This capability is available in all AWS commercial Regions at no additional cost.

💳 AWS now lets UK customers pay via Bacs Direct Debit, enabling automated GBP-based bank payments for AWS services. Customers can connect personal or business accounts that support the Bacs standard and authenticate through their bank’s mobile app or online banking to verify ownership. New customers select Bacs Direct Debit during sign-up; existing customers add it in the Billing console’s Payment Preferences. The option is available in UK regions at no additional cost.

🔍 AWS has enhanced Amazon OpenSearch Service Cluster Insights with two new detections: Cluster Overload and Suboptimal Sharding Strategy. The updates surface shard imbalances and elevated resource utilization (CPU, memory, disk I/O, throughput, and disk utilization), identify affected resources, and provide clear mitigation and scale-up recommendations. These insights are available at no additional cost for OpenSearch 2.17+ in Regions where the OpenSearch UI is offered.

🚀 Oracle Database@AWS is now available in the EU‑West‑1 (Dublin) AWS Region, initially deployed in a single Availability Zone. The service provides access to OCI managed Oracle Exadata systems hosted within AWS data centers and supports like‑for‑like migrations of on‑premises Exadata and Oracle RAC workloads. Integrations include AWS Key Management Service for encryption and AWS CloudWatch for monitoring, helping address regional data residency requirements.