All news with #aws tag

🔒 This post outlines an automation-first approach to implementing data governance on AWS, aimed at teams starting new or improving existing frameworks. Part 1 focuses on strategy, a practical data classification framework, and tag governance as foundational elements. It details prerequisites (Organizations, CloudTrail, Config, IAM), organizational roles, KPIs, and recommended mandatory and optional tags to enable automated controls and continuous monitoring.

🚀 Amazon Managed Workflows for Apache Airflow (MWAA) is now available in the AWS Region Asia Pacific (Thailand). The managed service delivers the familiar Apache Airflow orchestration platform with AWS-managed infrastructure, offering improved scalability, availability, and security while removing the operational burden of maintaining clusters. Customers in Thailand can deploy workflows closer to their data, helping reduce latency and address data residency needs. Consult the documentation and AWS region table to plan deployments and verify service limits.

🖧 AWS now supports multiple local gateway (LGW) routing domains on Outposts racks, allowing you to create up to 10 isolated routing domains per Outpost. Each domain has independent route tables, its own LGW VIF Group, and dedicated BGP sessions to on‑premises networks, enabling traffic separation and simultaneous use of Customer-owned IP (CoIP) and Direct VPC Routing (DVR). The capability is available on second‑generation Outposts racks at no additional charge and can be configured through the AWS Management Console or the AWS CLI.

🔁 AWS Outposts racks now support up to 10 isolated local gateway (LGW) routing domains per Outpost. Each domain has independent route tables, LGW VIF Groups, and BGP sessions, enabling traffic separation and preventing cross-domain routing while allowing both Customer-owned IP (CoIP) and Direct VPC Routing (DVR) on the same hardware. You can configure multiple LGW routing domains via the AWS Management Console or AWS CLI. This capability is available on second-generation Outposts racks at no additional charge.

🚀Second-generation AWS Outposts racks are now supported in the South America (São Paulo) and Europe (Stockholm) Regions. Outposts racks extend AWS infrastructure, services, APIs, and tools into on-premises data centers and colocation facilities to provide a consistent hybrid experience. Customers can order racks connected to these Regions to optimize for latency and data residency requirements while maintaining centralized application management.

🔍 Amazon S3 Storage Lens is now available in AWS GovCloud (US) Regions, providing organization-wide visibility into object storage usage and activity. S3 Storage Lens delivers cost, data protection, and performance metrics to identify inefficient access patterns, incomplete multipart uploads, and buckets with non-current object versions. Free basic metrics include 14 days of history while advanced metrics offer extended retention and greater detail.

🔒 Researchers at Wiz found a subtle misconfiguration in AWS CodeBuild build-trigger handling that could let unauthenticated actors infiltrate build environments and leak credentials. A two-character mistake in an unanchored regex filter allowed threat actor ID bypasses, putting public repositories such as the AWS JavaScript SDK at risk. AWS patched the issue within 48 hours, hardening CodeBuild and auditing public build logs. Wiz recommends anchored regexes, fine-grained PATs, and stricter build gates to reduce exposure.

📦 Amazon S3 on Outposts is now supported on second-generation AWS Outposts racks, offering 196 TB, 490 TB, and 786 TB storage tiers for on‑premises workloads. The update enables customers to use the same S3 APIs, security controls, and access management for local data residency, low-latency access, and on-site processing. It is available in all Regions and countries where second-generation racks are offered. Customers can select tiers optimized for production, backup, or archival use cases while maintaining familiar S3 management and features.

🚀 AWS Deadline Cloud integrates with Foundry Nuke CopyCat, enabling machine learning training jobs for visual effects to run directly on cloud render farms. Artists can submit CopyCat training jobs to scale workloads, run multiple trainings in parallel, and free local workstations for creative work. Training and render jobs are tracked together in the Deadline Cloud interface for unified project monitoring. The integration is available in all AWS Regions where Deadline Cloud is supported.

⚠️ A critical CodeBuild misconfiguration, dubbed CodeBreach by Wiz, could have allowed attackers to take over several AWS-managed GitHub repositories, including aws-sdk-js-v3, by bypassing webhook actor ID filters. The flaw—missing ^ and $ anchors in regex filters—enabled unauthorized build triggers and potential leakage of privileged GitHub tokens. AWS fixed the issue in September 2025, rotated credentials, implemented mitigations, and reported no evidence of exploitation.

🧩 AWS Clean Rooms now supports parameters in PySpark analysis templates, allowing template authors to define input values that collaborators supply at job submission time without editing the template code. When a collaborator is approved to run an analysis, they submit parameter values directly to the PySpark job, enabling reusable templates and faster iteration. This feature lets partners vary time windows, geographic regions, and other inputs dynamically to adapt analyses. It supports collaboration across companies on AWS or Snowflake and helps accelerate time-to-insights for use cases like advertising attribution.

🚀 Amazon Aurora PostgreSQL, Amazon Aurora DSQL, and Amazon DynamoDB serverless databases are now accessible directly from v0 by Vercel, letting developers build full-stack applications and connect to AWS databases using natural language prompts. v0 provides an end-to-end setup experience to create or link AWS accounts, with new accounts receiving access to all three databases and $100 USD in credits. Serverless options scale to zero and are available in seven AWS Regions, reducing operational overhead for prototypes and production AI-driven applications.

🔔 Amazon Connect now delivers agent scheduling metrics directly into the Connect analytics data lake, making interval-level (15- or 30-minute) schedule data available for analysis. You can access forecasted headcount, scheduled headcount, and projected service level aggregated by forecast groups or broken down by demand groups. The data can be visualized in Amazon QuickSight or other BI tools to identify over- and under-staffing and reduce manual schedule reviews.

🚀 AWS has announced general availability of Amazon EC2 X8i instances, a new family of memory-optimized instances built on custom Intel Xeon 6 processors exclusive to AWS. X8i offers up to 43% higher overall performance, 1.5x more memory capacity (up to 6 TB) and 3.4x greater memory bandwidth compared to prior X2i instances. Designed for SAP HANA, large databases, data analytics and EDA, X8i is SAP-certified and available in 14 sizes including two bare-metal options. Instances are initially available in US East (N. Virginia), US East (Ohio), US West (Oregon) and Europe (Frankfurt) and can be purchased via Savings Plans, On-Demand or Spot.

🔔 Amazon RDS for SQL Server now supports Microsoft SQL Server GDR updates for 2016 SP3, 2017 CU31, 2019 CU32 and 2022 CU22 (RDS versions 13.00.6475.1.v1, 14.00.3515.1.v1, 15.00.4455.2.1.v1, 16.00.4225.2.1.v1). These GDRs address vulnerabilities tracked as CVE-2025-59499. We recommend upgrading instances via the Amazon RDS Console, SDK, or CLI and consult the RDS SQL Server upgrade guide to plan and apply the updates.

🔁 AWS Lambda now supports cross-account access for DynamoDB Streams event-source mappings, enabling streams in one account to trigger Lambda functions in another. By attaching a resource-based policy to a DynamoDB stream, owners can grant functions in other accounts permission to consume change events without replicating data. The capability is generally available across AWS Commercial and AWS GovCloud (US) Regions and can be configured via the Console, CLI, SDKs, CloudFormation, or APIs. This reduces operational overhead and simplifies multi-account event-driven architectures.

⚠️ A critical CodeBuild misconfiguration discovered by Wiz Research allowed untrusted pull requests to run privileged builds, enabling potential injection of malicious code into core AWS repositories—including the AWS SDK for JavaScript that underpins the AWS Console. The flaw was an unanchored regex in an ACTOR_ID webhook filter that let attacker-controlled GitHub IDs bypass restrictions and access credentials stored in build memory. AWS patched the issue within 48 hours, revoked exposed credentials, added protections to block memory-based credential theft and introduced a Pull Request Comment Approval build gate. Wiz advises blocking untrusted PRs, using fine‑grained tokens and anchoring webhook regexes.

🔒 Amazon RDS Custom for SQL Server now supports the latest General Distribution Release (GDR) updates, enabling SQL Server 2019 CU32+GDR (KB5068404) and SQL Server 2022 CU21+GDR (KB5068406) on managed instances. These releases correspond to RDS builds 15.00.4455.2.1.v1 and 16.00.4222.2.1.v1 and address vulnerabilities referenced by CVE-2025-59499. We recommend that you upgrade affected RDS Custom instances using the Amazon RDS Management Console, AWS SDK, or CLI and consult the Amazon RDS Custom User Guide for upgrade procedures. Before applying updates in production, review release notes and test the patches in non-production environments to validate application compatibility and backups.

🔧 Amazon Redshift Serverless introduces queue-based query resource management. You can create dedicated query queues with customized monitoring rules and metrics-based predicates to control workload behavior, including automated responses such as aborting long-running or resource-heavy queries. Queues are assignable to user roles and query groups and operate independently, replacing prior workgroup-wide QMR. The feature is available in all regions that support Redshift Serverless and can be managed via the AWS Console and Redshift APIs.

📦 Amazon EBS now permits up to four Elastic Volumes modifications per volume within a rolling 24-hour window. Elastic Volumes lets you increase size, change volume type, and adjust performance without detaching volumes or restarting instances, and you may start a new modification immediately after the previous one completes so long as fewer than four modifications were initiated in the prior 24 hours. This capability is automatically enabled in all commercial AWS Regions, AWS GovCloud (US) Regions, and China Regions.