All news with #aws tag

🔒 AWS announced that AWS Payment Cryptography successfully completed the PCI PIN audit and received an Attestation of Compliance with zero findings. The updated compliance package includes the PCI PIN AOC and a PCI PIN Responsibility Summary that clarifies shared responsibilities for developing and operating secure PIN-handling environments. The attestation confirms use of PCI PTS HSM-certified, fully managed hardware and PCI PIN-compliant key management; reports validated by the QSA Coalfire are available through AWS Artifact.

🔒 Amazon Web Services (AWS) announced completion of the 2025 C5 Type 2 attestation cycle covering 183 services, reaffirming its alignment with the German BSI-backed C5 security criteria. Independent auditors assessed AWS for the period from October 1, 2024, through September 30, 2025, and the report documents both basic and additional C5 criteria. AWS added five services to the C5 scope and lists nine Europe and Asia Pacific regions in scope. Customers can retrieve the full attestation via AWS Artifact.

🔒 AWS has expanded GSMA Security Accreditation Scheme for Subscription Management (GSMA SAS-SM) certification to four additional Regions — US West (Oregon), Europe (Frankfurt), Asia Pacific (Tokyo), and Asia Pacific (Singapore) — and recertified US East (Ohio) and Europe (Paris). All Region certifications cover Data Centre Operations and Management (DCOM) and were validated by GSMA-selected independent auditors, with compliance valid through October 2026. The certification helps ISVs and startups inherit controls to build compliant eSIM and subscription management services, enabling faster time to market and geo-redundant deployments.

🌐 Amazon Route 53 Domains now supports registration and management of ten new top-level domains, including .ai, .shop, .bot and others. Customers can register these TLDs via the Route 53 console, AWS CLI, or SDKs and use integrated DNS management and automatic renewal to administer domains alongside existing hosted zones. The expansion gives businesses and individuals more industry- and region-specific naming options directly within AWS. See the Route 53 product and pricing pages for additional details and costs.

🔐 This post compares centralized and decentralized approaches to secrets management across four lifecycle domains: creation, storage, rotation, and monitoring. It explains how platform engineering and golden paths can centralize creation to enforce naming, tagging, and least-privilege checks while acknowledging the resource cost and maintenance burden. The article contrasts centralized storage (simplified monitoring but higher cross-account complexity and KMS costs) with storing secrets in workload accounts (better isolation, delegated ownership). Finally, it recommends centralizing auditing and observability while allowing hybrid architectures that balance control, speed, and operational scale.

🔒 EC2 Auto Scaling introduces the condition key autoscaling:ForceDelete and group-level deletion protection to reduce accidental Auto Scaling group (ASG) deletions. Use the new autoscaling:ForceDelete condition in IAM policies to control whether the ForceDelete parameter can be used with DeleteAutoScalingGroup. Set deletion protection on ASGs at creation or update to add layered safeguards for critical workloads. Available in all AWS Regions and AWS GovCloud (US).

🌐 Amazon EVS now supports deploying multiple VMware NSX Tier-0 Gateways inside an SDDC, enabling enhanced network segmentation and more flexible routing. Multiple Tier‑0 gateways distribute traffic across NSX Edge Clusters to improve performance and scale. Customers can isolate workloads, maintain separate security policies, and conduct upgrades or testing with minimal production impact.

🚀 Amazon Web Services announced general availability of Amazon EC2 M4 Max Mac instances, powered by the latest Mac Studio hardware. These next‑generation Mac instances deliver up to 25% better application build performance versus Amazon EC2 M1 Ultra Mac and target demanding build and test workloads for Apple platforms. They run on Apple M4 Max silicon (16‑core CPU, 40‑core GPU, 16‑core Neural Engine, 128 GB unified memory), use the AWS Nitro System, and offer up to 10 Gbps network and 8 Gbps EBS bandwidth; availability begins in US East (N. Virginia) and US West (Oregon).

🔁 Amazon RDS for Oracle now supports database replicas for instances configured in Oracle multi-tenant (CDB/PDB) environments. You can create replicas in mounted or read-only modes via the AWS Management Console, CLI, or SDK, with Amazon RDS managing asynchronous physical replication using Oracle Data Guard. Replicas can scale read workloads, be promoted for disaster recovery, or be configured as cross-Region copies; licensing requirements differ by mode and should be reviewed before deployment.

🚀 Managers can now build dynamic, adaptive guided experiences with Amazon Connect Step-by-Step Guides. Conditional interface logic lets supervisors show or hide fields, change default values, and adjust which inputs are required based on prior responses to create scenario-specific workflows. Guides can also auto-refresh data from Connect resources such as flow modules at configurable intervals so agents work with current information. The feature is available across multiple AWS regions.

🚀 Amazon Neptune Analytics is now generally available in additional AWS regions, including US West (N. California), Asia Pacific (Seoul, Osaka, Hong Kong), Europe (Paris, Stockholm), and South America (São Paulo). The serverless Amazon Neptune graph database scales automatically and supports advanced graph analytics and fully managed GraphRAG capabilities. Neptune models data as a graph to capture context that improves accuracy and explainability for AI applications, and integrates with Amazon Bedrock, Strands AI Agents SDK, and common agentic memory tools. Create and manage Neptune Analytics graphs via the AWS Management Console or AWS CLI; refer to the Neptune pricing page and AWS Region Table for pricing and availability.

🖥️ Amazon WorkSpaces Personal and Core now include Microsoft Office, Visio, and Project 2024 applications in the managed applications catalog. The release covers Microsoft Office LTSC Professional Plus 2024, Office LTSC Standard 2024, Visio LTSC Professional and Standard 2024, and Project Professional and Standard 2024. Administrators can add these applications to eligible new or existing WorkSpaces using the existing Manage application workflow to standardize a modern, secure productivity desktop. Applications are available in all Regions that support WorkSpaces Personal and Core and will incur per-application charges.

🔔 Amazon MQ now enables RabbitMQ 4 brokers to connect directly with JMS applications via the RabbitMQ JMS Topic Exchange plugin and RabbitMQ JMS client. The plugin is enabled by default on all RabbitMQ 4 brokers and supports JMS 1.1, JMS 2.0, and JMS 3.1, allowing JMS apps to run without rewrites. The JMS client can also bridge JMS messages to AMQP exchanges and consume from AMQP queues to support interoperability or migration. To use it, select RabbitMQ 4.2 on an M7g instance when creating a broker via Console, CLI, or SDKs; the plugin is available in all regions where RabbitMQ 4 is offered.

🔒 AWS now supports connecting AWS Security Agent to GitHub Enterprise Cloud, allowing organizations to apply AI-powered security analysis to private repositories. Customers install the AWS Security Agent GitHub app with required permissions to enable automated code reviews on pull requests, use the agent during penetration testing, and optionally have the agent submit PRs with recommended fixes. This capability is available in US East (N. Virginia).

🔎 Amazon Connect now provides automated random sampling of agent contacts to simplify fair quality evaluations. Managers can specify how many contacts to review per agent and define a timeframe (for example, 3 contacts per agent from the last week). New filters let evaluators require audio, screen recordings, or transcripts and exclude previously evaluated interactions. The capability is available in all regions where Amazon Connect is offered.

🔧 AWS Clean Rooms now supports SQL join and partition hints to let analysts optimize join strategies and data distribution. Hints are applied using comment-style syntax in pre-approved analysis templates and ad hoc SQL queries. You can force a broadcast join for small lookup tables or add partition hints for better parallelism. These options improve query performance and can lower costs.

🔒 Amazon EMR Serverless now supports encrypting local disks with AWS KMS customer managed keys (CMKs), enabling customers to adopt CMKs instead of default AWS-owned keys for greater encryption control. You can use CMKs from the same account or from another account and apply them at the application level or per job run and interactive session. This capability is supported on new and existing EMR Serverless applications across all supported EMR release versions and is available in all Regions, including AWS GovCloud (US) and China.

🚀 Amazon Web Services has expanded availability of Amazon EC2 C8gn instances powered by AWS Graviton4 to additional regions including Asia Pacific (Mumbai), Africa (Cape Town), Europe (Ireland, London) and Canada West (Calgary). C8gn delivers up to 30% better compute performance versus C7gn and incorporates 6th-generation AWS Nitro Cards with up to 600 Gbps network bandwidth. Instances scale to 48xlarge with up to 384 GiB memory and 60 Gbps EBS bandwidth, and selected large sizes support Elastic Fabric Adapter for lower latency. These instances are aimed at network-intensive workloads such as network virtual appliances, data analytics, and CPU-based AI/ML inference.

🔍 AWS now includes the policy Amazon Resource Name (ARN) from AWS Identity and Access Management (IAM) and AWS Organizations in Access Denied error messages for same-account and same-organization scenarios. This change surfaces the exact policy causing the denial—covering Service Control Policies (SCPs), Resource Control Policies (RCPs), identity-based policies, session policies, and permission boundaries—so you can identify and remediate explicit denies more quickly. The update will be rolled out across services and regions; consult IAM documentation for details.

🔧Instance Scheduler on AWS now provides enhanced scheduling orchestration that tracks AWS tagging events, informational resource tags for self-service troubleshooting, an optional EC2 insufficient-capacity retry flow using alternate instance types, and automatic creation of a dedicated EventBridge EventBus. These changes re-architect orchestration and fan-out mechanisms to improve scaling performance and address cost-scaling concerns. The update reduces operational overhead and increases workload reliability by empowering distributed engineers to troubleshoot independently and by improving start success in capacity-constrained zones.