All news with #aws tag

AWS License Manager Adds Shared Managed Active Directory

🔁 AWS License Manager now supports shared AWS Managed Active Directory across multiple AWS accounts, enabling centralized management of Microsoft product subscriptions. Customers can subscribe once in a single admin account and extend those subscriptions to directory consumer accounts across their AWS Organization. This reduces duplicate directories and IT overhead and is available in all commercial regions where License Manager user subscription is supported.

npm Supply-Chain Worm 'Shai-Hulud' Compromises Packages

🛡️ CISA released an alert about a widespread software supply chain compromise affecting the npm registry: a self-replicating worm called 'Shai-Hulud' has compromised over 500 packages. The actor harvested GitHub Personal Access Tokens and cloud API keys for AWS, Google Cloud, and Azure, exfiltrating them to a public repository and using them to publish malicious package updates. CISA recommends immediate dependency reviews, credential rotation, enforcing phishing-resistant MFA, pinning package versions to releases before Sept. 16, 2025, hardening GitHub settings, and monitoring for anomalous outbound connections.

ShadowV2 Botnet Targets Misconfigured AWS Docker Containers

⚠️ Researchers at Darktrace disclosed ShadowV2, a DDoS-focused botnet that exploits misconfigured Docker daemons on AWS EC2 instances to deploy a Go-based RAT and enlist hosts as attack nodes. The campaign uses a Python spreader to spawn an Ubuntu setup container, build a custom image, and run an ELF payload that checks in with a Codespaces-hosted C2. Operators leverage HTTP/2 Rapid Reset floods, a Cloudflare UAM bypass via ChromeDP, and a FastAPI/Pydantic operator API, signaling a modular DDoS-for-hire service.

Amazon Nova Act IDE Extension for Agent Development and Testing

🤖 Amazon Web Services announced the Nova Act extension, embedding the agent development workflow directly into popular IDEs such as Visual Studio Code, Kiro, and Cursor. The extension unifies natural-language script creation, fine-grained scripting controls, and integrated browser testing into a single interface, reducing context switching across tools. Built on the Nova Act SDK (research preview since March 2025), the extension is available today from IDE extension marketplaces and the project’s GitHub repository includes documentation and examples to get started.

Amazon RDS supports cross-Region and cross-account snapshots

🔁 Amazon RDS now supports single-step cross-Region and cross-account copying of snapshots for Amazon RDS and Amazon Aurora. This new capability eliminates the prior two-step process and removes the need for an intermediate snapshot, helping customers achieve tighter recovery point objectives while reducing storage and operational costs. The feature is available in all AWS Regions, including AWS China and AWS GovCloud (US), and can be used today via the AWS Management Console, AWS CLI, or AWS SDKs.

AWS IAM Identity Center Adds Customer-Managed KMS Keys

🔐 IAM Identity Center now supports customer-managed AWS KMS keys to encrypt workforce identity data, including user and group attributes. While AWS-owned keys remain the default, a customer-managed key (CMK) lets organizations control key lifecycle, policies, and usage permissions for stronger security and compliance. CMKs can be set when enabling a new organization instance or added to existing ones, and their usage is auditable via AWS CloudTrail. Support is available for access to accounts and select AWS applications across all IAM Identity Center regions; standard KMS charges apply.

AWS Launches EC2 Instance Attestation for Trusted Instances

🔒 AWS announced general availability of EC2 instance attestation in September 2025, enabling customers to cryptographically verify that only trusted software and configurations run on EC2 instances, including those with AI chips and GPUs. The feature uses NitroTPM and Attestable AMIs to create and compare cryptographic measurements of AMI contents. It integrates with AWS KMS so key operations can be restricted to instances that pass attestation. EC2 instance attestation is available in all AWS Commercial Regions, including AWS GovCloud (US).

Amazon Connect: Custom Attributes for Interaction Segments

📞 Amazon Connect now lets administrators associate custom, predefined attributes with individual interaction segments. Attributes such as business unit, account type, or contact reason can be centrally managed and applied through contact flows or the UpdateContact API, ensuring each segment retains accurate business context during transfers and multi-party interactions. For example, engagements that start in Support and move to Sales keep distinct business unit names per segment. This capability strengthens reporting and analytics across the customer journey and is available in all AWS regions.

Amazon EC2 R8gb: EBS-optimized Graviton4 instances

🚀 Amazon EC2 R8gb instances are now generally available as EBS-optimized compute powered by AWS Graviton4. AWS reports up to 30% better compute performance versus Graviton3 and up to 150 Gbps of EBS bandwidth, delivering higher block storage throughput than same-sized Graviton4 counterparts. Sizes scale to 24xlarge (including a metal option) with up to 768 GiB memory and 200 Gbps networking; select large sizes support EFA. Initially available in US East (N. Virginia) and US West (Oregon).

Amazon Redshift Serverless Now Available in Taipei

🚀 Amazon Redshift Serverless is now generally available in the AWS Asia Pacific (Taipei) region, enabling analysts, developers, and data scientists to run and scale analytics without provisioning or managing clusters. The service automatically provisions and intelligently scales compute, with per-second billing for workload duration. Users can query data via Query Editor V2 or existing BI tools, load data from Amazon S3, restore snapshots, and directly query open formats like Apache Parquet, while benefiting from unified billing across data sources.

Automating Security Hub Exceptions with Business Context

🔒 This post describes an automated approach to validate and document exceptions to AWS Security Hub findings, enabling security teams to enforce governance while developers request and implement compensating controls. The solution leverages EventBridge, SQS, Lambda, and DynamoDB to validate controls, collect evidence, and maintain an immutable audit trail. It preserves segregation of duties, supports multiple validation types, and includes deployment scripts and CloudFormation templates. The authors emphasize the reference architecture is a starting point and must be reviewed and adapted before production use.

Amazon Connect Contact Lens Adds Redaction in 7 Languages

🔒 Amazon Connect Contact Lens now provides automatic sensitive data redaction for voice and chat conversational analytics in French (France, Canada), Portuguese (Portugal, Brazil), Italian, German, and Spanish (Spain). You can remove PII, financial account numbers and PINs, and Internet access details from transcripts and audio files, choosing to redact selected entities or all detected sensitive data. Redacted values can be replaced with a generic placeholder (e.g., [PII]) or an entity-specific placeholder (e.g., [NAME]). Sensitive data redaction is available in all AWS Regions where Amazon Connect is offered.

Amazon Connect Flow Designer: New Analytics Mode Now

📊 Amazon Connect's Flow Designer now includes an analytics mode that surfaces aggregate metrics across drag-and-drop flows to help teams build and optimize customer journeys. You can visualize step-level behavior, including where users abandon, encounter errors, or are transferred to agent queues, enabling targeted troubleshooting and configuration fixes. This capability is included with Amazon Connect (with unlimited AI) pricing and is available in all AWS regions.

Regaining Control of AI Agents and Non-Human Identities

🔐 Enterprises are struggling to secure thousands of non-human identities—service accounts, API tokens, and increasingly autonomous AI agents—that proliferate across cloud and CI/CD environments without clear ownership. These NHIs often use long-lived credentials, lack contextual signals for adaptive controls, and become over-permissioned or orphaned, creating major lateral-movement and compliance risks. The article recommends an identity security fabric—including discovery, risk-based privilege management, automated lifecycle policies, and integrations such as Okta with AWS—to regain visibility and enforce least-privilege at scale.

Protect AI Development Using Falcon Cloud Security

🔒 Falcon Cloud Security provides end-to-end protection for AI development pipelines by embedding AI detection into CI/CD workflows, scanning container images, and surfacing AI-related packages and CVEs in real time. It extends visibility to cloud model services — including AWS SageMaker and Bedrock, Azure AI, and Google Vertex AI — revealing model provenance, dependencies, and API usage. Runtime inventory ties build-time detections to live containers so teams can prioritize fixes, govern models, and maintain delivery velocity without compromising security.

AWS Organizations SCPs Now Support Full IAM Language

🔐 AWS announced that AWS Organizations service control policies (SCPs) now support the full IAM policy language, adding features such as NotAction, NotResource, resource-level Allow statements, conditions in Allow, and more flexible action wildcards. The update is available across AWS commercial and GovCloud (US) Regions. These changes simplify permission models, reduce prior workarounds (such as tagging-based exceptions), and make SCPs more expressive and concise. AWS recommends careful wildcard use and continuing to prefer explicit Deny statements for robust controls.

Amazon OpenSearch Ingestion Adds Cross-Account Ingestion

🔁 Amazon OpenSearch Ingestion now supports cross-account ingestion for push-based sources such as HTTP and OpenTelemetry (OTel). This capability lets teams share ingestion pipelines across AWS accounts without relying on VPC peering or AWS Transit Gateway, simplifying centralized observability and analytics workflows. The feature is available today in all regions where OpenSearch Ingestion is offered; customers can configure resource policies in the AWS Management Console or CLI and enable pipeline endpoints from their VPCs to begin ingesting data.

AWS Summer 2025 SOC 1 Report Covers 183 Services In Scope

🔒 AWS has published its Summer 2025 SOC 1 report covering 183 services for the period July 1, 2024 through June 30, 2025. The report provides independent assurance on controls relevant to customer financial reporting. Customers can download the report via AWS Artifact in the AWS Management Console for on-demand access. AWS says it will continue to expand service coverage and invites customers to contact their account team or the Compliance team with questions.

Amazon RDS supports MySQL Innovation Release 9.4 Preview

🚀 Amazon RDS for MySQL now supports MySQL Innovation Release 9.4 in the Amazon RDS Database Preview Environment, enabling customers to evaluate the latest community Innovation Release on managed RDS instances. The Preview Environment supports Single‑AZ and Multi‑AZ deployments on current instance classes and retains preview instances for up to 60 days. Snapshots created in the Preview Environment are restricted to the Preview Environment, and preview instances are billed at the same rates as production RDS instances in the US East (Ohio) Region.

Amazon Redshift Multidimensional Data Layouts GA for Queries

🚀 Amazon Redshift announces general availability of Multidimensional Data Layouts (MDDL), a dynamic sorting feature that reorganizes data according to actual query filters to accelerate analytics. MDDL creates a multidimensional virtual sort key that co-locates rows typically accessed together, enabling block-level and predicate-column skipping during execution. For tables using the default AUTO sort key, Redshift analyzes query history and automatically selects MDDL or an optimal single-column sort key based on expected benefits. AWS reports up to 10x end-to-end performance improvements for workloads with repetitive filters; MDDL is available in all AWS commercial regions.