All news with #aws tag

🔐 AWS Security Token Service (STS) now validates select identity-provider-specific claims from Google, GitHub, CircleCI, and Oracle Cloud Infrastructure for OIDC federation via the AssumeRoleWithWebIdentity API. You can reference these custom claims as condition keys in IAM role trust policies and resource control policies to enforce finer-grained access control and establish data perimeters. This enhancement builds on IAM's OIDC federation capabilities and is available in all AWS Commercial Regions.

🔐 AWS announced that AWS Multi-Party Approval now requires approvers to verify voting actions with a one-time password sent to their registered AWS Identity Center email address. The OTP is a six-digit code that must be entered within 10 minutes of receipt, with up to three attempts allowed. Verification occurs when the approver submits their vote, after they have reviewed request details. Administrators cannot bypass this control via credential resets or authentication endpoint changes.

🔒 Amazon RDS for MySQL now supports the MySQL community minor releases 8.0.45 and 8.4.8. AWS recommends upgrading to these minors to remediate known security vulnerabilities present in earlier releases and to benefit from bug fixes, performance improvements, and incremental features. You can enable automatic minor version upgrades to apply eligible updates during scheduled maintenance windows to reduce manual effort. For lower-risk updates and faster cutover, consider Amazon RDS Managed Blue/Green deployments and follow the Amazon RDS User Guide for upgrade instructions, regional availability, and pricing details.

🔐 Amazon CloudFront now supports mutual TLS (mTLS) for origins, allowing origin servers to cryptographically verify that incoming requests originate from authorized CloudFront distributions. This certificate-based approach replaces custom solutions like shared-secret headers and IP allow-lists, reducing operational overhead and improving security for public and externally hosted origins. Customers may use client certificates issued by AWS Private Certificate Authority or third-party private CAs imported through AWS Certificate Manager, and can configure origin mTLS via the Console, CLI, SDK, CDK, or CloudFormation. Origin mTLS works with AWS-supported mutual TLS origins such as Application Load Balancer and API Gateway, as well as on-premises and custom origins, and is available at no additional charge.

💰 AWS Network Firewall now supports flexible cost allocation via AWS Transit Gateway native attachments in AWS GovCloud (US) Regions, enabling centralized inspection charges to be distributed automatically across accounts. Administrators can create metering policies to allocate data processing costs to application teams based on actual usage instead of consolidating expenses in the firewall owner account. The feature is available in GovCloud (US-East) and GovCloud (US-West) and can be enabled through the AWS Management Console, CLI, or SDK. There are no additional fees beyond standard Network Firewall and Transit Gateway pricing.

📞 Amazon Connect now provides APIs to configure and run tests that simulate contact center voice interactions. You can programmatically set test parameters such as caller phone number or customer profile, call intent, expected responses, and business conditions like after-hours or full queues. The APIs support parallel execution and CI/CD integration to enable automated regression testing. These capabilities help validate workflows and accelerate safe deployments of new customer experiences.

🏥 AWS HealthImaging now supports storing and retrieving lossy compressed medical images using the JPEG XL DICOM transfer syntax (1.2.840.10008.1.2.4.112). This enables applications such as digital pathology whole slide imaging systems to consume native JPEG XL-encoded frames without on-the-fly transcoding. HealthImaging preserves image fidelity, reduces storage costs, and avoids retrieval latency caused by transcoding. JPEG XL support is available in all Regions where the service is generally available.

🔍 AWS announced integration of Amazon CloudWatch Application Signals with Kiro Powers to deliver AI agent-assisted troubleshooting workflows directly within the Kiro IDE. The Kiro power packages the Application Signals MCP server with curated steering files and hooks, providing focused observability guidance so agents receive only the context needed for a specific task. Developers can accelerate SLO triage and service isolation from hours to minutes with one-click installation across AWS Regions.

🔍 This post explains how to scale AWS Managed Microsoft AD by choosing between scale-up (edition upgrade to Enterprise) and scale-out (adding domain controller instances), and shows how to use Amazon CloudWatch dashboards to monitor directory health. It highlights key metrics—CPU, memory, disk, I/O, network, and DNS—recommended thresholds, and alerting guidance to inform scale decisions. The guidance recommends preferring reversible scale-out for capacity issues and reserving scale-up for Enterprise-only features such as multi-Region replication and large object counts.

⌛ Amazon Connect now provides improved estimated wait time metrics for queues and enqueued contacts, enabling contact centers to set accurate customer expectations and offer options such as callbacks when hold times extend. By integrating with routing criteria and agent proficiency settings, the metric supports smarter cross‑queue routing so customers reach appropriately skilled agents faster. Administrators can use the enhanced visibility for resource planning and workload balancing across multiple queues. This capability is available in all AWS regions where Amazon Connect is offered.

🔒 Amazon SageMaker Unified Studio can now be accessed through AWS PrivateLink, enabling customers to route traffic between their VPC and Unified Studio without traversing the public internet. Network administrators can onboard SageMaker service endpoints to a VPC and combine them with IAM policies to enforce that customer data remains on the AWS network. The capability is available in all Regions that support Unified Studio, giving customers a built-in option for stronger network isolation.

🔍 AWS announced enhanced observability for AWS Lambda Kafka event source mappings (ESM), introducing configurable Amazon CloudWatch Logs and metrics to monitor event polling setup, scaling behavior, and processing state. The capability supports both Amazon MSK and self-managed Kafka, and offers selectable log levels plus metric groups (EventCount, ErrorCount, KafkaMetrics). Customers can view data on a dedicated ESM monitoring page and enable logs and metrics via the Console, Create/Update ESM APIs, AWS CLI, SDKs, CloudFormation, or AWS SAM; standard CloudWatch pricing applies.

📈 Amazon Elastic Container Service now publishes container health status as a new CloudWatch Container Insights metric. When a task defines a container health check, Container Insights emits UnHealthyContainerHealthStatus (0 = HEALTHY, 1 = UNHEALTHY) and includes health-state details in EMF logs during UNKNOWN evaluations. The metric is available at cluster, service, task, and container dimensions, and customers can create CloudWatch alarms to notify teams of unhealthy containers.

📈 AWS announced Partner Revenue Measurement, a capability that gives AWS Partners visibility into how their solutions drive AWS service consumption across partner-managed and customer-managed accounts. Partners tag resources with aws-apn-id and values like pc: to attribute service usage to a Marketplace listing. The feature is generally available in all commercial regions and AWS provides an onboarding guide with implementation and tagging best practices.

🎮 Amazon GameLift Streams is expanding streaming availability to six additional AWS regions—London (eu-west-2), Stockholm (eu-north-1), São Paulo (sa-east-1), Mumbai (ap-south-1), Seoul (ap-northeast-2), and Sydney (ap-southeast-2). This expansion, effective Jan 30, 2026, supports all stream classes and increases GPU capacity for game streaming. Developers can add these locations to existing or new stream groups by updating Location and capacity configurations via the console or CLI.

🛡️ AWS outlines core concepts and a hands-on walkthrough for implementing security response automation to detect and remediate threats across AWS environments. The post maps automation to the NIST Cybersecurity Framework and demonstrates a CloudFormation deployment using EventBridge, Lambda, GuardDuty, and Security Hub to automatically restart CloudTrail and notify operators. It also highlights the Automated Security Response library, testing guidance, and cost and cleanup considerations.

🚀 Amazon EventBridge now supports event payloads up to 1 MB, up from the prior 256 KB limit. This enables developers to send richer JSON, telemetry, and large-language-model prompts in a single event without chunking, compression, or external storage. The feature is available in most commercial AWS Regions, with a small set of regional exceptions. Review regional availability and update event-driven architectures to simplify data flows.

🔧 Amazon Bedrock now supports server-side tools in the Responses API using OpenAI API–compatible service endpoints. With Bedrock invoking tools directly rather than relying on client orchestration, AI applications can perform real-time, multi-step actions—searching the web, executing code, and updating databases—within the governance, compliance, and security boundaries of your AWS accounts. Developers may supply custom Lambda functions or use AWS-provided tools such as notes and tasks. Server-side tool use is available today for OpenAI's GPT OSS 20B and GPT OSS 120B in multiple AWS regions, with broader model and region support coming soon.

🔐 Amazon Cognito introduces inbound federation Lambda triggers that let you transform and customize federated user attributes during authentication. You can modify responses from external SAML and OIDC providers — adding, overriding, or suppressing attributes — before they are stored in your user pool to avoid issues such as Cognito's 2,048-character limit per attribute. The trigger is available via hosted UI (classic) and managed login in all AWS Regions and is configurable through the Console, CLI, SDKs, CDK, or CloudFormation.

🚀 Amazon Keyspaces (for Apache Cassandra) now supports pre-warming of tables so customers can proactively prepare new and existing tables for anticipated traffic peaks. The capability works for both provisioned and on-demand capacity modes, including multi-Region replicated tables, and is applied during create or update operations. Pre-warming runs non-disruptively and asynchronously, incurs a one-time charge based on the difference from baseline capacity, and is available in all AWS Commercial and AWS GovCloud (US) Regions where Keyspaces is offered.