All news with #aws tag

Amazon EventBridge Adds Customer-Managed KMS Support

🔐 Amazon EventBridge now supports AWS KMS customer managed keys for event bus rule filter patterns and input transformers. This lets you encrypt the logic that selects and modifies events with your own keys to meet security and compliance requirements while retaining full key control. The feature is available in all commercial AWS Regions and can be audited via AWS CloudTrail. There is no additional EventBridge charge, though standard AWS KMS pricing applies.

AWS Budgets Adds Custom Time Periods for Project Funding

📊 AWS Budgets now supports custom time periods, letting teams define flexible start and end dates for a budget rather than relying on calendar-based cycles. This enables single-budget tracking for time-bound projects (for example, a three-month development sprint starting mid-month) and triggers alerts as spend approaches thresholds. The feature is available today in all AWS commercial Regions except the AWS GovCloud (US) and China Regions.

Scattered Spider Resurfaces, Targets Financial Sector Again

🔍 Cyber threat group Scattered Spider has been linked to a new campaign targeting financial services, according to ReliaQuest. The attackers gained access by socially engineering an executive and abusing Azure AD self-service password reset, then moved laterally via Citrix and VPN to compromise VMware ESXi. They escalated privileges by resetting a Veeam service account, assigning Azure Global Administrator rights, and attempted data extraction from Snowflake and AWS. The activity contradicts the group's retirement claims and suggests regrouping or rebranding.

AWS Network Firewall Enhances Console Monitoring and TLS

🔒 AWS Network Firewall now delivers expanded console monitoring and enhanced TLS inspection capabilities to improve outbound security. The monitoring dashboard adds visibility into traffic to AWS services such as Amazon S3, Amazon DynamoDB, and AWS Backup, including traffic sent over PrivateLink, and surfaces top source and destination IPs by packets and bytes. Customers can filter views by IP and protocol for targeted analysis. A new session holding feature for TLS Inspection prevents TCP/TLS establishment from reaching servers until SNI-based rules are evaluated, strengthening controls against malicious endpoints.

AWS PCS Supports EC2 Capacity Blocks for ML Workloads

🔧 Amazon Web Services has added native support for EC2 Capacity Blocks in the Parallel Computing Service (PCS), enabling use of reserved EC2 instances directly within PCS Slurm clusters. This integration lets Capacity Blocks be associated with PCS compute node groups via an EC2 Launch Template, simplifying capacity planning for GPU‑based ML workloads. The feature is available in all Regions where both services are offered and aims to improve availability and predictability for cutting‑edge GPU jobs.

AWS End User Messaging: CloudFormation Support for SMS

📩 AWS End User Messaging SMS now supports AWS CloudFormation, enabling customers to deploy and manage SMS resources using templates. Phone numbers, sender IDs, configuration sets, protection configurations, opt-out lists, resource policies, and phone pools can be provisioned and managed declaratively alongside other AWS resources. This support is available in all Regions where End User Messaging is offered, simplifying deployments and delivery pipelines.

Amazon RDS for MySQL: Extended Support minor 5.7.44

🔒 Amazon RDS for MySQL now supports the Extended Support minor release 5.7.44-RDS.20250818, and AWS recommends upgrading to this build to address known security vulnerabilities and bug fixes in earlier 5.7 releases. Extended Support provides up to three additional years of critical security and bug fixes after a major community end-of-support date. This coverage applies to MySQL databases running on both RDS and Aurora, and administrators can create or update instances in the Amazon RDS Management Console; see the Amazon RDS User Guide for upgrade details.

CrowdStrike Secures AI Across the Enterprise with Partners

🔒 CrowdStrike describes how the Falcon platform delivers unified visibility and lifecycle defense across the full AI stack, from GPUs and training data to inference pipelines and SaaS agents. The post highlights integrations with NVIDIA, AWS, Intel, Dell, Meta, and Salesforce to extend protection into infrastructure, data, models, and applications. It also introduces agentic defense via Charlotte AI for autonomous triage and rapid response, and emphasizes governance controls to prevent data leaks and adversarial manipulation.

Automating OIDC Client Secret Rotation for ALB on AWS

🔁 This AWS blog demonstrates how to automate OIDC client secret rotation for Application Load Balancer authentication using AWS Secrets Manager, AWS Lambda, and Amazon EventBridge. The solution securely stores IdP credentials (Auth0 in the example), schedules a Lambda handler to fetch and compare tokens, and updates Secrets Manager and ALB listener rules when changes occur. It reduces manual effort, limits plaintext credential exposure, and adds monitoring via CloudWatch alarms.

Multi-Region Key Replication in AWS Payment Cryptography

🔐 AWS introduces Multi-Region keys for AWS Payment Cryptography, a built-in option to automatically synchronize exportable symmetric payment keys from a primary Region to one or more replica Regions. You can choose account-level defaults or per-key replication targets, keep consistent key IDs across Regions, and rely on asynchronous replication with monitoring via new CloudTrail events. The feature improves availability and disaster recovery for global payment operations while preserving granular control over replication.

Amazon EKS Adds Community Add-Ons Catalog for GovCloud

🔒Amazon EKS now offers a curated catalog of community add-ons for AWS GovCloud (US) Regions. The catalog includes popular open-source components such as metrics-server, kube-state-metrics, cert-manager, prometheus-node-exporter, fluent-bit, and external-dns, all packaged, scanned, and validated for compatibility by EKS. Container images are hosted in an EKS-owned private ECR repository, and you can install and manage add-ons via the EKS Console, API, CLI, eksctl, or infrastructure-as-code tools like AWS CloudFormation.

AWS launches EC2 I7i storage-optimized instances globally

🚀 Amazon Web Services has announced the availability of high-performance, storage-optimized EC2 I7i instances in the South America (São Paulo) and Canada West (Calgary) regions. Powered by 5th-generation Intel Xeon Scalable processors and 3rd-generation AWS Nitro SSDs, these instances deliver up to 23% better compute and improved price performance versus I4i. I7i offers up to 45TB NVMe, lower latency, and enhanced real-time storage performance, with support for bare-metal sizes and up to 100Gbps networking for I/O-intensive, latency-sensitive workloads.

Amazon Lex Adds LLM-Based NLU for Eight New Languages

🚀 Amazon Lex now leverages large language models to augment the natural language understanding of deterministic conversational bots in eight additional languages: Chinese, Japanese, Korean, Portuguese, Catalan, French, Italian, and German. The enhancement helps voice and chat bots parse complex utterances, tolerate spelling errors, and extract key details from verbose inputs so bots can fulfill customer requests. The capability is available in 10 commercial AWS Regions where Amazon Connect operates.

AWS FIS Adds EBS I/O Latency Injection for Testing

⚙️ Amazon EBS now provides a latency injection action in AWS Fault Injection Service (FIS) to simulate degraded I/O performance on EBS volumes as part of controlled fault injection experiments. The action reproduces real-world signals such as Amazon CloudWatch alarms and OS timeouts so teams can observe application behavior and validate recovery. Pre-defined templates are available in the EBS and FIS consoles, and experiments can be customized or combined with other actions to integrate into chaos engineering and CI workflows. The capability is available in all Regions where FIS is supported.

Amazon EC2 adds detailed NVMe instance store metrics

📊 Amazon announced detailed performance statistics for EC2 instance store NVMe volumes, providing real-time I/O visibility on Nitro-based instances. The capability exposes 11 metrics at one-second granularity, including IOPS, throughput, queue lengths, and latency histograms broken down by IO size. Available by default across AWS Commercial and China Regions at no extra charge, it aligns NVMe monitoring with EBS detailed metrics for a consistent operational experience.

AWS OSPAR 2025 Report: 170 Services Covered Under OSPAR v2.0

🔒 AWS has completed its annual OSPAR 2025 audit cycle under the newly enhanced OSPAR v2.0 guidelines, becoming the first global cloud provider in Singapore to receive the report. The certification covers 170 services in the AWS Asia Pacific (Singapore) Region, including seven newly scoped services such as Amazon DynamoDB Accelerator (DAX) and AWS Payment Cryptography. Customers can retrieve the full report through AWS Artifact to support due diligence and compliance.

Amazon AppStream Adds Fractional GPU Graphics G6 Instances

🖥️ Amazon AppStream 2.0 now supports Graphics G6 instances with fractionalized GPU sizes, enabling customers to provision GPU capacity in smaller fractions (for example 1/2, 1/4, or 1/8) instead of full GPU instances. The new G6f and Gr6f options are built on the EC2 G6 family and are designed to optimize shared GPU resources for graphics workloads that need less than a full GPU. These instances are available in 10 AWS Regions and use pay-as-you-go pricing; they can be launched from the AWS Management Console or via the AWS SDK when creating an image builder or fleet.

Amazon Aurora PostgreSQL Limitless Now in AWS GovCloud

🚀 Amazon Aurora PostgreSQL Limitless Database is now available in AWS GovCloud (US‑East, US‑West), providing a serverless endpoint that transparently distributes data and queries across multiple Aurora Serverless instances while preserving transactional consistency. The service supports PostgreSQL 16.6, 16.8, and 16.9 compatibility and includes distributed query planning and transaction management so you don’t need to build custom sharding or manage multiple databases. Compute automatically scales up and down within customer-specified budgets, reducing the need to provision for peak capacity.

AWS Storage Gateway Adds IPv6 Dual-Stack Support Globally

🌐 AWS Storage Gateway now supports IPv6 for endpoints, APIs, and gateway appliance interfaces, offering new dual‑stack access alongside IPv4. Existing IPv4-only endpoints remain available for backward compatibility. Customers can standardize on IPv6 or transition gradually using the dual‑stack appliances and APIs. Support is available in all AWS Regions where the service is offered.

Amazon S3 Adds Conditional Deletes for General Buckets

🔒 Amazon S3 now supports conditional deletes in S3 general purpose buckets. You can include an HTTP If-Match header with an object's ETag when calling DeleteObject or DeleteObjects; S3 will only delete the object if the provided ETag matches, reducing accidental removals in high-concurrency, multi-writer environments. Administrators can also enforce conditional deletes using the s3:if-match bucket policy condition. The capability is available at no additional cost in all AWS Regions and accessible via the API, SDKs, and CLI.