All news with #aws tag

Amazon RDS Proxy Adds End-to-End IAM Authentication

🔐 Amazon RDS Proxy now supports end-to-end IAM authentication for Amazon Aurora and RDS database instances, allowing applications to authenticate through the proxy using AWS IAM without storing credentials in Secrets Manager. This reduces credential rotation overhead and simplifies credential management. The capability is available for MySQL and PostgreSQL in all Regions where RDS Proxy is supported.

AWS GuardDuty S3 Malware Scanning Now Handles Larger Files

🛡️ AWS has expanded GuardDuty Malware Protection for S3 scanning limits, raising the maximum file size from 5 GB to 100 GB and increasing archive processing to 10,000 files per archive (previously 1,000). These enhancements are automatically enabled in all supported AWS Regions. Customers gain broader coverage for large objects and dense archives stored in S3, improving pre-ingestion threat detection. This update strengthens protection for workloads and downstream processes.

AWS Adds Deadline Cloud Availability in Seoul and London

🎬 AWS Deadline Cloud is now available in Asia Pacific (Seoul) and Europe (London). This fully managed service simplifies render management for teams producing computer-generated graphics and visual effects, enabling them to scale render farms near creative teams. Customers gain improved integration with existing AWS services and creative pipelines, and can now deploy Deadline Cloud across 10 AWS regions worldwide. Bringing the service closer reduces latency and streamlines collaboration across distributed production workflows.

SageMaker Unified Studio Connects Remotely to VS Code

🔗 AWS now enables remote connections from local VS Code to Amazon SageMaker Unified Studio, allowing developers to use their personalized VS Code setups while running workloads on SageMaker-managed compute and accessing cloud-resident data. Authentication is provided via the AWS Toolkit extension for secure, streamlined access. The integration preserves existing development workflows for data processing, SQL analytics, and ML.

Amazon ECS adds Amazon Q Developer task definition AI

🤖 Amazon ECS now offers generative AI assistance from Amazon Q Developer to streamline task definition creation and updates in the AWS Management Console. Developers can use an inline chat to generate, explain, or refactor task definition JSON, inject suggestions at any point, and accept or reject proposed edits. Inline suggestions are enhanced to let Amazon Q Developer autocomplete whole blocks of sample code in addition to property-based hints. The capability is available where Amazon Q Developer is offered and can be enabled or disabled via the console code editor settings or controlled with IAM permissions.

AWS CloudWatch OAM Adds VPC Endpoints for Private Traffic

🔒 AWS now offers VPC endpoints for Amazon CloudWatch Observability Access Manager (OAM), enabling private, in-region connectivity between your VPCs and CloudWatch OAM without traversing the public internet. The endpoints support both IPv4 and IPv6 and leverage AWS PrivateLink controls such as security groups and VPC endpoint policies. Available in all commercial regions, AWS GovCloud (US), and China Regions, this lets teams manage cross-account observability links and sinks from VPCs that have no internet access.

Managed Service for Prometheus: Collector Logs GA Now

🔍The Amazon Managed Service for Prometheus collector — an agentless, fully managed Prometheus metrics collector — now vends logs to Amazon CloudWatch Logs, improving visibility into target discovery, authentication, scraping, and ingestion. These logs surface details such as timeouts, remote-write failures, and other errors to aid troubleshooting. The feature is generally available in all regions where the service is offered; review CloudWatch logs pricing and the collector monitoring user guide to get started.

AWS Adds LocalStack Integration to VS Code Toolkit Extension

🧰 AWS has added a LocalStack integration for Visual Studio Code that enables developers to test and debug serverless applications locally from the IDE. The integration connects VS Code to a LocalStack-emulated environment without manual port configuration or code changes, exposing emulated services such as AWS Lambda, Amazon SQS, Amazon API Gateway, and DynamoDB. Available through the AWS Toolkit for VS Code (v3.74.0+), a guided walkthrough installs the LocalStack CLI, creates a LocalStack profile, and lets developers switch profiles and deploy to the LocalStack environment at no additional AWS cost.

Amazon EventBridge API Destinations Reach Melbourne Thailand

🔔 Amazon EventBridge now provides its API destinations capability in the AWS Asia Pacific (Melbourne) and AWS Asia Pacific (Thailand) Regions. API destinations allow event buses to invoke HTTPS endpoints as rule targets and support flexible authentication methods such as API key and OAuth, while storing credentials securely in AWS Secrets Manager. This expansion reduces call latency for local workloads and simplifies secure, managed integrations. To get started, consult the EventBridge documentation for configuration guidance.

Amazon Athena adds SSO support for JDBC and ODBC drivers

🔐 Amazon Athena now supports single sign-on for its JDBC and ODBC drivers using AWS IAM Identity Center’s trusted identity propagation. With updated drivers (JDBC 3.6.0 and ODBC 2.0.5.0), analysts can connect from third‑party BI tools and SQL clients using corporate credentials while Lake Formation permissions are enforced and actions are logged. This removes the need for embedded credentials, simplifies identity‑based data governance, and streamlines access management across tools.

Security Services Available in AWS Dedicated Local Zones

🛡️ This post explains how organizations can use AWS security services while keeping data within Dedicated Local Zones. It describes the AWS Nitro System for hardware-enforced isolation, AWS KMS with an external key store option, and continuous protection from Amazon Inspector and GuardDuty. It also covers certificate management via ACM, DDoS mitigation with AWS Shield, and centralized auditing through CloudTrail.

AWS CDK Refactor (Preview) Enables Safe Infra Reorg

🔁 The AWS Cloud Development Kit (CDK) CLI introduces cdk refactor (Preview), a new command that enables safe renaming, moving, and reorganization of constructs while preserving the state of deployed resources. It leverages CloudFormation refactor capabilities and automated mapping computation to prevent unintended resource replacement during code changes. Typical use cases include breaking up monolithic stacks, moving resources between stacks, and upgrading to higher-level constructs. The feature is available in all regions where AWS CDK is supported.

Amazon IVS Adds Private Ingest via Interface VPC Endpoints

🔒 Amazon Interactive Video Service (Amazon IVS) now supports media ingest via interface VPC endpoints using AWS PrivateLink. This lets customers broadcast RTMP(S) streams privately to IVS Low-Latency channels and IVS Real-Time stages without traversing the public internet. Interface VPC endpoints can be created from within your VPC or from on-premises environments over AWS Direct Connect, providing private and reliable connectivity for live video workflows. The feature is available in US West (Oregon), Europe (Frankfurt), and Europe (Ireland); standard PrivateLink pricing applies.

AWS IoT SiteWise adds automated anomaly model retraining

🔁 AWS announced native anomaly detection enhancements for AWS IoT SiteWise, including automated model retraining, flexible promotion modes, and exposed model metrics. Retraining can be scheduled between 30 days and one year to keep models current with changing equipment conditions. Customers can choose automatic service-managed promotion or manual customer-managed promotion using exposed metrics such as precision, recall, and AUC. Multivariate detection is available in N. Virginia, Ireland, and Sydney.

Amazon Bedrock AgentCore Gateway gains PrivateLink, logs

🔒 AWS announced that Amazon Bedrock AgentCore Gateway now supports AWS PrivateLink for private VPC access and adds invocation logging to Amazon CloudWatch, Amazon S3, and Amazon Data Firehose. These updates allow agent traffic to avoid the public internet while sending per-invocation logs to common observability and storage services. The combination improves network isolation, governance, and operational visibility. AgentCore Gateway is currently in preview in US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), and Europe (Frankfurt).

AWS CloudTrail MCP Server Adds Natural-Language Security

🔒 AWS Labs published a Model Context Protocol (MCP) server for CloudTrail that enables AI assistants to perform security and compliance analysis via natural‑language queries. The server provides direct access to CloudTrail events and CloudTrail Lake, allowing searches of 90‑day management event histories and Trino SQL queries on Lake data spanning up to 10 years. By exposing these capabilities through a conversational interface, the MCP server removes the need for bespoke API integrations and streamlines investigation and compliance workflows. The component is available in regions that support CloudTrail LookupEvents or CloudTrail Lake and is available with code and documentation in the AWS Labs repository.

Amazon EC2 I8g Storage-Optimized Instances in Ohio

🚀 Amazon Web Services has announced general availability of Amazon EC2 I8g storage-optimized instances in the US East (Ohio) region. Powered by AWS Graviton4 processors and third-generation Nitro SSDs, I8g delivers up to 60% better compute and up to 65% improved real-time storage performance per TB, with lower I/O latency and variability. Built on the AWS Nitro System, these instances target I/O-intensive, low-latency workloads such as transactional databases, real-time analytics and AI pre-processing. Ten sizes, including a metal option, provide up to 45 TB local NVMe storage and high network and EBS bandwidth.

Amazon EC2 C6in Instances Now in Asia Pacific (Thailand)

🚀 Starting today, Amazon EC2 C6in instances are available in AWS Region Asia Pacific (Thailand). These sixth-generation, network-optimized instances use 3rd Gen Intel Xeon Scalable processors and the AWS Nitro System to deliver up to 200 Gbps of network bandwidth—about 2x the bandwidth of comparable fifth-generation instances. C6in offers up to 128 vCPUs across 10 sizes (including a bare metal option), up to 100 Gbps of EBS bandwidth, and up to 400K IOPS, with Elastic Fabric Adapter (EFA) supported on 32xlarge and metal sizes.

CloudWatch Flow Monitors Extend Cross-Region Visibility

🔍 With this update, Amazon CloudWatch Network Monitoring flow monitors can observe traffic between AWS Regions over the AWS global network. Flow monitors deliver near real-time metrics for compute instances such as Amazon EC2 and Amazon EKS, and for services like Amazon S3 and Amazon DynamoDB, to help detect and attribute network-driven impairments. The network health indicator now captures cross-Region path health including visibility into remote public IPs and private traffic over VPC and Transit Gateway peering.

AWS HealthImaging Adds OIDC for DICOMweb APIs Integration

🔐 AWS HealthImaging now supports OpenID Connect (OIDC) authentication for DICOMweb REST APIs, enabling OAuth 2.0–compatible identity providers to issue JWTs to authorize requests. You can integrate existing IdPs such as Amazon Cognito, Okta, or Auth0 to manage user accounts and access to DICOM resources. OIDC support is limited to DICOMweb REST API requests while native AWS IAM authentication remains available for all API calls and the feature is available in all regions where HealthImaging is generally available.