All news with #aws tag

Secure Network Architectures for Generative AI on AWS

🔐 This post explains how to design defense-in-depth network architectures for generative AI workloads using AWS services. It outlines common external threats — including layer 4 and layer 7 DDoS, web request floods, application-specific exploits, and malicious bots — and maps mitigations to AWS capabilities. The guidance recommends private connectivity via Amazon Bedrock and AWS PrivateLink, edge protections with AWS WAF and AWS Shield, subnet-level controls using AWS Network Firewall, and continuous detection and response with GuardDuty, Inspector, and CloudWatch.

Amazon EC2 Auto Scaling Adds IPv6 Dual-Stack Support

🌐 Amazon EC2 Auto Scaling (ASG) now supports IPv6, enabling dual‑stack (IPv4 and IPv6) configurations for Auto Scaling groups. IPv6 provides a vastly larger address space, letting you assign contiguous ranges to microservices and achieve near‑unlimited scale. Support is available in all commercial AWS regions (except New Zealand) and in GovCloud regions where ASG is offered. Configure networks and addressing via AWS documentation.

Amazon ECS Adds Native IPv6-Only Task and Service Support

🚀 Amazon Elastic Container Service (Amazon ECS) now supports running tasks and services in IPv6-only subnets, eliminating the prior requirement for IPv4 addresses. This enables containerized applications to scale without IPv4 address constraints and helps organizations meet IPv6 compliance mandates. The capability works across all ECS launch types and networking modes; create IPv6-only VPC subnets and ECS will provision networking automatically. See the task networking documentation and a blog walkthrough for launch-specific details and migration guidance.

Amazon EC2 Auto Scaling Adds FIPS PrivateLink Endpoints

🔒 Amazon EC2 Auto Scaling now supports FIPS 140-3 validated VPC endpoints via AWS PrivateLink, enabling regulated workloads to use cryptographic modules that meet federal requirements. This update allows customers to create FIPS-compliant VPC endpoints in select US and Canada regions to satisfy government and regulated-industry encryption mandates. Refer to AWS guidance for setting up VPC endpoints and integrating AWS PrivateLink with EC2 Auto Scaling.

Amazon Connect Dashboards: Compare Any Time Range Easily

📊 Amazon Connect dashboards now let you select and compare arbitrary time ranges — up to 35 days within the past three months — and include Week to Date and Month to Date presets. This makes it easier for contact center teams to focus on specific periods and run side-by-side comparisons of metrics such as handle time or contact volume. For example, managers can compare a current campaign’s metrics to the same range last week to decide if additional staffing is required. Amazon Connect Contact Lens dashboards are available in all AWS commercial regions and AWS GovCloud (US-West).

Amazon Bedrock Now Available in Israel (Tel Aviv) Region

🚀 Beginning today, Amazon Bedrock is available in the Israel (Tel Aviv) region, enabling customers to build and scale generative AI applications with local infrastructure. The managed service connects organizations to a variety of foundation models (FMs) and provides tools to deploy and operate agents, reducing time-to-production. Local availability can lower latency, support regional compliance needs, and help move projects from experimentation to real-world deployment.

AWS Backup Launches in Asia Pacific (New Zealand) Region

🔔 AWS Backup is now available in the AWS Asia Pacific (New Zealand) Region, offering centrally managed, policy-driven protection for compute, storage, and database resources. The fully managed service supports immutable recovery points and vaults to guard against accidental or malicious deletions and to enable reliable restores after data loss. Customers can set up protection via the console, SDKs, or CLI and assign resources using tags or Resource IDs.

Amazon Bedrock Launches in Middle East (UAE) Region

🚀 Amazon Bedrock is now available in the Middle East (UAE) Region, enabling customers to build, experiment with, and scale generative AI applications using a broad selection of foundation models (FMs) and integrated developer tools. The managed service provides capabilities to deploy and operate agents and production workloads with built-in controls for security and operational management. Customers in the region can begin using Bedrock today and should consult the documentation for supported models, APIs, and recommended practices.

AWS Network Firewall Adds Reject and Alert for Domain Rules

🔒 AWS Network Firewall now supports Reject and Alert actions for stateful domain list rule groups via the console, enabling more granular control over domain-based traffic. The Reject action blocks specified domains, while the Alert action logs and monitors traffic without disrupting flows. This feature is available in all Regions and supports TLS inspection configuration through the VPC Console or the Network Firewall API, helping organizations refine policy enforcement and observability.

Amazon Bedrock Available in Thailand, Malaysia, and Taipei

🚀 Amazon has launched Amazon Bedrock in the Asia Pacific (Thailand), Asia Pacific (Malaysia), and Asia Pacific (Taipei) regions, enabling local customers to build and scale generative AI applications using a range of foundation models and developer tools. The managed service supports deploying agents and productionizing models to shorten the path from experimentation to real-world deployment. Customers can expect improved latency, regional data residency options, and integration with AWS operational and security services.

Amazon RDS for PostgreSQL Extended Support Updates

🔒 Amazon RDS for PostgreSQL now provides Extended Support minor versions 12.22-rds.20250814 and 11.22-rds.20250814, delivering critical security patches and bug fixes for affected instances. We recommend upgrading RDS instances to these releases to maintain security and performance. Extended Support offers up to three years of additional fixes after community support ends. Use automatic minor upgrades or RDS Blue/Green deployments to apply updates during maintenance windows.

Amazon Neptune Analytics Launches in Mumbai Region

📍 Amazon Neptune Analytics is now available in the Asia Pacific (Mumbai) Region, enabling customers to create and manage analytics graphs locally. Neptune Analytics is a memory-optimized graph engine designed for fast, in-memory processing of large graph datasets, supporting optimized analytic algorithms, low-latency graph queries, and vector search within traversals. It complements Amazon Neptune Database, and you can load data from a Neptune Database, snapshots, or Amazon S3. To get started, create a new Neptune Analytics graph via the AWS Management Console or AWS CLI; see the Neptune pricing page for region and cost details.

Planning and Running an AWS Security Hub POC Guide

🔒 This post explains how to plan and implement an AWS Security Hub proof of concept (POC) to evaluate unified cloud security operations. It outlines steps to define success criteria, configure integrations with GuardDuty, Amazon Inspector, Macie, and Security Hub CSPM, and to prepare, enable, and validate the deployment. The guidance recommends using overlapping trial periods, adopting the OCSF standard for normalized findings, and leveraging automation and ticketing integrations to measure operational impact.

AppStream 2.0 Enables Local File Redirection on Fleets

📁 Amazon AppStream 2.0 now supports local file redirection on multi-session fleets, extending a feature previously available only on single-session instances. Users can drag and drop local files directly into streamed applications, reducing manual uploads and improving productivity while preserving controlled access to local resources. This capability is available at no additional cost in all regions and requires the latest AppStream 2.0 agent or managed image updates released on or after September 05, 2025.

Amazon MSK Connect Expands to Five More AWS Regions

📢 Amazon has expanded MSK Connect availability to five additional AWS Regions: Asia Pacific (Thailand), Asia Pacific (Taipei), Mexico (Central), Canada West (Calgary), and Europe (Spain). MSK Connect provides fully managed Kafka Connect clusters to deploy, monitor, and scale connectors that move data between Apache Kafka/Amazon MSK and external systems without provisioning infrastructure. Connectors scale automatically and are compatible with Kafka Connect, supporting both MSK-managed and self-managed Kafka clusters. Customers can get started from the Amazon MSK console or the AWS CLI and pay only for the resources they use.

AWS Clean Rooms adds incremental ID mapping for sync

🔁 AWS Clean Rooms now supports incremental processing for rule-based ID mapping workflows using AWS Entity Resolution, enabling collaborators to populate ID mapping tables with only new, modified, or deleted records since the last analysis. This reduces the need for full-table reprocessing and enables near-real-time synchronization of matched identifiers across partners while preserving Clean Rooms’ privacy controls. Use cases include measurement providers keeping offline purchase data current with advertisers and publishers to enable always-on campaign measurement, lower costs, and maintain collaborator privacy.

Amazon RDS for Db2 Adds Reserved Instances, 47% Off

💰 Amazon RDS for Db2 now offers Reserved Instances with up to 47% cost savings versus On-Demand pricing. The offering is available for all supported instance types and supports both Bring Your Own License (BYOL) and Db2 licenses purchased through the AWS Marketplace. Reserved Instances include size flexibility so the discounted rate can automatically apply across sizes within the same instance family (for example, a db.r7i.2xlarge RI applying to two db.r7i.xlarge instances). Reserved Instances can be purchased via the AWS Management Console, AWS CLI, or AWS SDK; consult Amazon RDS for Db2 Pricing for details.

AWS WAF Bot, Fraud & DDoS Rule Group Expands Regions

🔒 AWS WAF's Targeted Bot Control, Fraud, and DDoS Prevention Rule Group are now available in Asia Pacific (Taipei), Asia Pacific (Bangkok), and Mexico (Central). These managed rule groups deliver detection and mitigations for sophisticated bots, application-layer DDoS, and account-takeover attacks at the web edge. Customers can deploy them to improve application resilience, reduce fraudulent activity, and limit resource consumption during attack campaigns.

AWS EBS gp3 volumes scale to 64 TiB, 80k IOPS, 2,000 MiB/s

🔧 Amazon Elastic Block Store (EBS) gp3 volumes now support up to 64 TiB, 80,000 IOPS, and 2,000 MiB/s throughput — raising previous limits of 16 TiB, 16,000 IOPS, and 1,000 MiB/s. This change simplifies storage architectures by allowing consolidation of striped volumes into a single gp3 volume, reducing operational complexity for storage-intensive and containerized workloads that struggle with multi-volume striping. Pricing remains based on storage plus any additional provisioned IOPS and throughput; the new limits are available in all AWS Commercial and GovCloud (US) regions.

AWS Compute Optimizer Adds Support for 99 EC2 Types

🔍Compute Optimizer now supports 99 additional Amazon EC2 instance types, including the latest Compute Optimized (C8gn, C8gd), General Purpose (M8i, M8i-flex, M8gd), Memory Optimized (R8i, R8i-flex, R8gd), and Storage Optimized (I8ge) families. This expansion helps customers identify additional savings and capture improved price-to-performance from newer instances without manual analysis. The update is available in all regions where Compute Optimizer operates except AWS GovCloud (US) and China, and can be accessed via Console, AWS CLI, or AWS SDK.