All news with #aws tag

AWS Fault Injection Service launches in Zurich Region

🧪 AWS announced that Fault Injection Service (FIS) is now available in the Europe (Zurich) Region. FIS is a fully managed service for running controlled fault injection experiments to validate application performance, observability, and resilience under scenarios such as AZ power interruptions and cross-region connectivity failures. Customers can create reusable experiment templates, integrate them into CI/CD pipelines, and generate detailed experiment reports stored in Amazon S3 for audit and compliance needs. This launch expands FIS to 24 regions globally.

Amazon Managed Service for Prometheus Now in GovCloud

🔔 Amazon Managed Service for Prometheus is now available in the AWS GovCloud (US) Regions, providing a fully managed, Prometheus-compatible monitoring solution for government and regulated workloads. The service supports high-scale ingestion—customers can send up to 1 billion active metrics to a single workspace—and allows multiple workspaces per account for isolation and organization. It simplifies metric storage, querying, and alerting while reducing operational overhead. Customers should consult the user guide for the full list of supported regions.

AWS Backup adds option to exclude ACLs and ObjectTags

🔒 AWS Backup now lets you choose whether to include Access Control Lists (ACLs) and ObjectTags when backing up Amazon S3 buckets. Previously, these metadata elements were included for all objects by default; the new option lets administrators include only the metadata required for their recovery or compliance needs. This capability is available in all Regions where AWS Backup for Amazon S3 is offered; review pricing and regional availability on the AWS Backup pricing page.

AWS Elastic Beanstalk Adds IPv6 Dual-Stack Load Balancers

🌐 AWS Elastic Beanstalk now supports dual-stack configuration for Application Load Balancers (ALB) and Network Load Balancers (NLB). By setting the IpAddressType option to dualstack, Elastic Beanstalk automatically configures your load balancer to serve both IPv4 and IPv6 and creates corresponding A and AAAA DNS records. Existing IPv4 environments can be upgraded to dual-stack or reverted back as needed. The feature is available in all AWS regions that support Elastic Beanstalk and ALB/NLB and simplifies deployment to IPv6-only networks while retaining IPv4 compatibility.

TwelveLabs Marengo 2.7 Embeddings Now Synchronous in Bedrock

⚡ Amazon Bedrock now supports synchronous inference for TwelveLabs Marengo Embed 2.7, delivering low-latency text and image embeddings directly in API responses. Previously optimized for asynchronous processing of large video, audio, and image files, Marengo 2.7’s new mode enables responsive search and retrieval features—such as instant natural-language video search and image similarity discovery—while retaining advanced video understanding via asynchronous workflows.

Amazon MSK Connect Now Available in Malaysia Region

🚀 Amazon has launched MSK Connect in the Asia Pacific (Malaysia) Region, offering a fully managed service for running Kafka Connect clusters alongside Amazon MSK. The service simplifies deploying, monitoring, and scaling connectors that move data between Apache Kafka and external systems, without provisioning infrastructure. It supports both Amazon MSK-managed and self-managed Kafka clusters and can be used via the console or CLI.

Amazon CloudFront Adds ECDSA Support for Signed URLs

🔐 Amazon CloudFront now supports ECDSA for signed URLs and signed cookies, giving customers an alternative to RSA with improved performance and significantly smaller signature sizes. This reduces URL length and accelerates signature generation and verification, benefiting high-volume, mobile, and IoT workloads where CPU and bandwidth are constrained. ECDSA is available at all edge locations except the AWS China (Beijing and Ningxia) regions, with no additional charge to use the feature.

AWS Managed Microsoft AD Adds LDAPS and Smart Card CA

🔐 AWS Managed Microsoft AD now supports certificate auto-enrollment for LDAPS and Smart Card authentication by integrating with AWS Private CA through the AWS Private CA Connector for AD. The integration automates issuance, renewal, and lifecycle management of domain controller certificates, removing the need to maintain CA infrastructure on Amazon EC2. This capability is available in all Regions offering the connector and can be configured via the console or API.

Tor-based Cryptojacking Campaign Shows Botnet Potential

🔒 Security researchers uncovered a variant of a campaign that abuses the TOR network and exposed Docker APIs to deploy cryptojacking and reconnaissance tooling. Akamai, which identified the activity last month, says attackers create Alpine containers, mount the host filesystem, and execute a Base64 payload that downloads a shell script from a .onion domain. The downloader alters SSH for persistence and installs utilities like masscan, torsocks and zstd while a Go-based dropper and compressed binary enable scanning and propagation.

Salesloft: GitHub Compromise Led to Drift OAuth Theft

🔒 Salesloft confirmed that a threat actor gained access to its GitHub account between March and June 2025, using that access to download repositories, add a guest user and create workflows. The attacker then moved into the Drift app environment, obtained OAuth tokens and used Drift integrations to access customers’ Salesforce instances and exfiltrate secrets. Affected customers include security vendors such as Tenable, Qualys, Palo Alto Networks, Cloudflare and Zscaler. Google Mandiant performed containment, rotated credentials and validated segmentation; the incident is now in forensic review.

Amazon ElastiCache Adds Graviton3 M7g and R7g Node Families

🚀 Amazon Web Services has expanded Amazon ElastiCache to support Graviton3-based M7g and R7g node families across multiple regions including Canada (Calgary), Middle East & Africa, Europe, and Asia Pacific. Graviton3 nodes deliver improved price-performance over Graviton2, yielding up to 28% higher throughput, up to 21% better P99 latency, and up to 25% more networking bandwidth. To adopt the new instances, create a new cluster or upgrade existing clusters via the AWS Management Console and review the ElastiCache documentation for supported node types.

Amazon EC2 R8g Instances Expand to Osaka and Canada

🚀 Amazon EC2 R8g instances are now available in AWS Asia Pacific (Osaka) and AWS Canada (Central). Powered by AWS Graviton4 processors and the AWS Nitro System, R8g delivers up to 30% better performance than Graviton3-based instances for memory‑intensive workloads. The family includes 12 sizes (two bare‑metal options), scales up to 48xlarge with 1.5 TB RAM, and offers up to 50 Gbps enhanced networking and 40 Gbps to Amazon EBS. AWS recommends the Graviton Fast Start program and Porting Advisor to help migrate workloads.

Amazon Q in Connect Lets Admins Select LLMs in UI Console

🤖Amazon Q in Connect now lets contact center administrators select different LLM model families directly from the Amazon Connect web UI. This no-code configuration enables quick switching between models to optimize for latency, cost, or complex reasoning. Administrators can choose Amazon Nova Pro for faster responses or Anthropic Claude Sonnet for complex reasoning, tailoring AI Agents to specific customer interaction types.

Amazon Redshift Serverless Available in Milan, Cape Town

🚀 Amazon Redshift Serverless is now generally available in the AWS Europe (Milan) and Africa (Cape Town) regions. With Redshift Serverless, users—data analysts, developers, and data scientists—can run analytics without provisioning or managing clusters, benefiting from automatic provisioning, intelligent scaling, and per-second compute billing. You can query data via Query Editor V2 or existing BI tools, load data from Amazon S3 (including Apache Parquet), use Redshift data shares, restore provisioned snapshots, and take advantage of unified billing for queries across these sources.

GhostAction GitHub Supply Chain Attack Exposes 3,325 Secrets

🚨 A GitHub supply chain campaign dubbed GhostAction has exposed 3,325 secrets across multiple package ecosystems and repositories. GitGuardian says attackers abused compromised maintainer accounts to insert malicious GitHub Actions workflows that trigger on push or manual dispatch, read repository secrets, and exfiltrate them via HTTP POST to an external domain. Compromised credentials include PyPI, npm, DockerHub, Cloudflare, AWS keys and database credentials; vendors were notified and many repositories reverted the changes.

AWS WAF Now Available in Asia Pacific (Taipei) Region

🛡️ AWS WAF is now available in the AWS Asia Pacific (Taipei) Region, allowing customers to deploy web application firewall protections closer to their users. The service helps protect web applications from common exploits and automated bots that can affect availability, security, or resource consumption. Note that AWS WAF Bot Control with targeted inspection and the Anti-DDoS managed rule group are not currently available in this region.

AWS WAF Adds Free Vended Logs Based on Request Volume

📣 AWS WAF now includes a free allocation of Vended Logs ingestion to CloudWatch: 500 MB for every 1 million WAF requests processed, provided at no additional cost. The allocation is applied automatically across WAF vended logs to CloudWatch, S3, and Firehose and is reconciled on your AWS bill at month end. Usage beyond the included allowance is charged at standard AWS WAF Vended Logs CloudWatch rates. This change helps reduce logging costs while preserving comprehensive security visibility and analytics.

GitHub Account Compromise Led to Salesloft Drift Breach

🔒 Salesloft says the breach tied to its Drift application began after a threat actor compromised its GitHub account. Google-owned Mandiant traced the actor, tracked as UNC6395, accessing the account from March through June 2025 and downloading repository content, adding a guest user and establishing workflows. Attackers then accessed Drift's AWS environment and obtained OAuth tokens used to reach customer data via integrations, prompting Salesloft to isolate Drift infrastructure and take the application offline on September 5, 2025. Salesloft recommends revoking API keys for third-party apps integrated with Drift, and Salesforce has restored most Salesloft integrations while keeping Drift disabled pending further remediation.

Managed Tiered Checkpointing for Amazon SageMaker HyperPod

⚡ Amazon Web Services has announced general availability of managed tiered checkpointing for Amazon SageMaker HyperPod, a hybrid checkpointing capability that caches frequent checkpoints in CPU memory and periodically persists them to Amazon S3 for durability. The approach reduces model recovery time and minimizes training progress loss on large-scale clusters. It integrates with PyTorch Distributed Checkpoint (DCP) and is enabled via a CreateCluster/UpdateCluster API parameter; customers can use the sagemaker-checkpointing Python library to adopt it with minimal code changes. Currently available for HyperPod clusters using the EKS orchestrator.

Amazon Keyspaces supports now(), uuid(), and Duration types

🔧 Amazon Keyspaces (for Apache Cassandra) now supports the now() and uuid() functions in SELECT clauses, extending prior support in WHERE, INSERT, and UPDATE. It also introduces a native Duration data type to represent elapsed time between timestamps, removing the need to store intervals as strings or bytes. These updates improve Apache Cassandra compatibility and simplify time-based operations and identifier generation across AWS Commercial and GovCloud regions.