All news with #aws tag

Amazon Nova Act IDE Extension for Agent Development and Testing

🤖 Amazon Web Services announced the Nova Act extension, embedding the agent development workflow directly into popular IDEs such as Visual Studio Code, Kiro, and Cursor. The extension unifies natural-language script creation, fine-grained scripting controls, and integrated browser testing into a single interface, reducing context switching across tools. Built on the Nova Act SDK (research preview since March 2025), the extension is available today from IDE extension marketplaces and the project’s GitHub repository includes documentation and examples to get started.

Amazon EC2 R8gb: EBS-optimized Graviton4 instances

🚀 Amazon EC2 R8gb instances are now generally available as EBS-optimized compute powered by AWS Graviton4. AWS reports up to 30% better compute performance versus Graviton3 and up to 150 Gbps of EBS bandwidth, delivering higher block storage throughput than same-sized Graviton4 counterparts. Sizes scale to 24xlarge (including a metal option) with up to 768 GiB memory and 200 Gbps networking; select large sizes support EFA. Initially available in US East (N. Virginia) and US West (Oregon).

Amazon Redshift Serverless Now Available in Taipei

🚀 Amazon Redshift Serverless is now generally available in the AWS Asia Pacific (Taipei) region, enabling analysts, developers, and data scientists to run and scale analytics without provisioning or managing clusters. The service automatically provisions and intelligently scales compute, with per-second billing for workload duration. Users can query data via Query Editor V2 or existing BI tools, load data from Amazon S3, restore snapshots, and directly query open formats like Apache Parquet, while benefiting from unified billing across data sources.

Automating Security Hub Exceptions with Business Context

🔒 This post describes an automated approach to validate and document exceptions to AWS Security Hub findings, enabling security teams to enforce governance while developers request and implement compensating controls. The solution leverages EventBridge, SQS, Lambda, and DynamoDB to validate controls, collect evidence, and maintain an immutable audit trail. It preserves segregation of duties, supports multiple validation types, and includes deployment scripts and CloudFormation templates. The authors emphasize the reference architecture is a starting point and must be reviewed and adapted before production use.

Amazon Connect Contact Lens Adds Redaction in 7 Languages

🔒 Amazon Connect Contact Lens now provides automatic sensitive data redaction for voice and chat conversational analytics in French (France, Canada), Portuguese (Portugal, Brazil), Italian, German, and Spanish (Spain). You can remove PII, financial account numbers and PINs, and Internet access details from transcripts and audio files, choosing to redact selected entities or all detected sensitive data. Redacted values can be replaced with a generic placeholder (e.g., [PII]) or an entity-specific placeholder (e.g., [NAME]). Sensitive data redaction is available in all AWS Regions where Amazon Connect is offered.

Amazon Connect Flow Designer: New Analytics Mode Now

📊 Amazon Connect's Flow Designer now includes an analytics mode that surfaces aggregate metrics across drag-and-drop flows to help teams build and optimize customer journeys. You can visualize step-level behavior, including where users abandon, encounter errors, or are transferred to agent queues, enabling targeted troubleshooting and configuration fixes. This capability is included with Amazon Connect (with unlimited AI) pricing and is available in all AWS regions.

Regaining Control of AI Agents and Non-Human Identities

🔐 Enterprises are struggling to secure thousands of non-human identities—service accounts, API tokens, and increasingly autonomous AI agents—that proliferate across cloud and CI/CD environments without clear ownership. These NHIs often use long-lived credentials, lack contextual signals for adaptive controls, and become over-permissioned or orphaned, creating major lateral-movement and compliance risks. The article recommends an identity security fabric—including discovery, risk-based privilege management, automated lifecycle policies, and integrations such as Okta with AWS—to regain visibility and enforce least-privilege at scale.

Protect AI Development Using Falcon Cloud Security

🔒 Falcon Cloud Security provides end-to-end protection for AI development pipelines by embedding AI detection into CI/CD workflows, scanning container images, and surfacing AI-related packages and CVEs in real time. It extends visibility to cloud model services — including AWS SageMaker and Bedrock, Azure AI, and Google Vertex AI — revealing model provenance, dependencies, and API usage. Runtime inventory ties build-time detections to live containers so teams can prioritize fixes, govern models, and maintain delivery velocity without compromising security.

AWS Organizations SCPs Now Support Full IAM Language

🔐 AWS announced that AWS Organizations service control policies (SCPs) now support the full IAM policy language, adding features such as NotAction, NotResource, resource-level Allow statements, conditions in Allow, and more flexible action wildcards. The update is available across AWS commercial and GovCloud (US) Regions. These changes simplify permission models, reduce prior workarounds (such as tagging-based exceptions), and make SCPs more expressive and concise. AWS recommends careful wildcard use and continuing to prefer explicit Deny statements for robust controls.

Amazon OpenSearch Ingestion Adds Cross-Account Ingestion

🔁 Amazon OpenSearch Ingestion now supports cross-account ingestion for push-based sources such as HTTP and OpenTelemetry (OTel). This capability lets teams share ingestion pipelines across AWS accounts without relying on VPC peering or AWS Transit Gateway, simplifying centralized observability and analytics workflows. The feature is available today in all regions where OpenSearch Ingestion is offered; customers can configure resource policies in the AWS Management Console or CLI and enable pipeline endpoints from their VPCs to begin ingesting data.

AWS Summer 2025 SOC 1 Report Covers 183 Services In Scope

🔒 AWS has published its Summer 2025 SOC 1 report covering 183 services for the period July 1, 2024 through June 30, 2025. The report provides independent assurance on controls relevant to customer financial reporting. Customers can download the report via AWS Artifact in the AWS Management Console for on-demand access. AWS says it will continue to expand service coverage and invites customers to contact their account team or the Compliance team with questions.

Amazon RDS supports MySQL Innovation Release 9.4 Preview

🚀 Amazon RDS for MySQL now supports MySQL Innovation Release 9.4 in the Amazon RDS Database Preview Environment, enabling customers to evaluate the latest community Innovation Release on managed RDS instances. The Preview Environment supports Single‑AZ and Multi‑AZ deployments on current instance classes and retains preview instances for up to 60 days. Snapshots created in the Preview Environment are restricted to the Preview Environment, and preview instances are billed at the same rates as production RDS instances in the US East (Ohio) Region.

Amazon Redshift Multidimensional Data Layouts GA for Queries

🚀 Amazon Redshift announces general availability of Multidimensional Data Layouts (MDDL), a dynamic sorting feature that reorganizes data according to actual query filters to accelerate analytics. MDDL creates a multidimensional virtual sort key that co-locates rows typically accessed together, enabling block-level and predicate-column skipping during execution. For tables using the default AUTO sort key, Redshift analyzes query history and automatically selects MDDL or an optimal single-column sort key based on expected benefits. AWS reports up to 10x end-to-end performance improvements for workloads with repetitive filters; MDDL is available in all AWS commercial regions.

AWS Organizations Adds Full IAM Policy Language to SCPs

🔐 AWS Organizations now supports the full IAM policy language for service control policies (SCPs), allowing administrators to use conditions, individual resource ARNs, and the NotAction element with Allow statements. You can also apply wildcards at the beginning or middle of Action strings and use the NotResource element for finer scoping. These enhancements let teams create more concise and precise organizational guardrails to enforce least-privilege across accounts. The change is backward compatible and available in all AWS commercial and AWS GovCloud (US) Regions.

AWS Neuron SDK 2.26 Adds Trn2, PyTorch 2.8, JAX 0.6.2

🚀 AWS has released Neuron SDK 2.26.0 as generally available, delivering framework and runtime improvements for Inferentia and Trainium-based instances. The update adds support for PyTorch 2.8 and JAX 0.6.2, enhances inference on Trainium2 (Trn2) instances, and enables deployment of models such as FLUX.1-dev and beta Llama 4 Scout/Maverick. It also introduces expert parallelism (beta) for MoE models, new Neuron Kernel Interface APIs, and an improved Neuron Profiler with system profile grouping for distributed workloads.

AWS SiteWise MCP Server Accelerates Industrial Modeling

⚙️ AWS published a Model Context Protocol (MCP) server for AWS IoT SiteWise in the AWS Labs open-source MCP repository to simplify industrial data modeling. The server embeds domain validation and automated modeling, applying correct units, data types, and quality indicators so models are production-ready. It maintains compatibility with existing SiteWise tools and APIs while adding conversational interfaces to streamline model authoring, asset onboarding, and downstream analytics enablement.

Source-of-Truth Authorization for RAG Knowledge Bases

🔒 This post presents an architecture to enforce strong, source-of-truth authorization for Retrieval-Augmented Generation (RAG) knowledge bases using Amazon S3 Access Grants with Amazon Bedrock. It explains why vector DB metadata filtering is insufficient—permission changes can be delayed and complex identity memberships are hard to represent—and recommends validating permissions at the data source before returning chunks to an LLM. The blog includes a practical Python walkthrough for exchanging identity tokens, retrieving caller grant scopes, filtering returned chunks, and logging withheld items to reduce the risk of sensitive data leaking into LLM prompts.

Amazon VPC Reachability and Network Access Analyzer Expand

🛰️ Amazon has expanded VPC Reachability Analyzer and VPC Network Access Analyzer to seven additional regions — New Zealand, Hyderabad, Melbourne, Taipei, Calgary, Tel Aviv, and Mexico Central. Reachability Analyzer diagnoses network reachability between source and destination resources, while Network Access Analyzer identifies unintended access paths that may bypass security controls. This regional launch improves troubleshooting, compliance checks, and multi-account network visibility; pricing and documentation are available through AWS resources.

Amazon Q Developer CLI Adds Remote MCP Server Support

🔒 Amazon Q Developer CLI now supports remote MCP servers to centralize tool integrations and OAuth-based authentication, enhancing scalability and security in development workflows. Administrators specify HTTP transport, the authentication URL, and optional headers in agent configuration or mcp.json. Upon successful OAuth authentication, the CLI enumerates tools on the MCP server and exposes them to the agent. This capability is available in both the CLI and the Amazon Q Developer IDE plugins.

AWS Kinesis Data Streams Adds IPv6 and FIPS in GovCloud

🌐 Amazon Web Services announced that Kinesis Data Streams now supports API requests over IPv6 in the AWS GovCloud (US) Regions, with optional dual-stack (IPv4/IPv6) public and VPC endpoints. The new endpoints have been validated under FIPS 140-3, enabling FIPS-compliant encryption for customers contracting with the US federal government. IPv6 support reduces address overlap and simplifies connectivity for devices and networks already using IPv6. This capability is available in all Regions where Kinesis Data Streams operates, including GovCloud and China Regions.