All news with #aws tag

Amazon MSK Expands Express Brokers to 8 Additional Regions

🚀 Amazon Managed Streaming for Apache Kafka (Amazon MSK) now supports Express brokers in eight additional AWS Regions: AWS GovCloud (US-West), AWS GovCloud (US-East), Jakarta, Melbourne, Osaka, Zurich, Tel Aviv, and Hong Kong. Express brokers are a Provisioned broker type that deliver up to 3x more throughput per broker, scale up to 20x faster, and reduce recovery time by 90% versus standard Apache Kafka brokers. They arrive pre-configured with Kafka best practices, support all Kafka APIs, and maintain low-latency performance so existing client applications require no changes.

Adapting Enterprise Risk Management for Generative AI

🛡️ This post explains how to adapt enterprise risk management frameworks to safely scale cloud-based generative AI, combining governance foundations with practical controls. It emphasizes the cloud as the foundational infrastructure and identifies differences from on‑premises models that change risk profiles and vendor relationships. The guidance maps traditional ERMF elements to AI-specific controls across fairness, explainability, privacy/security, safety, controllability, veracity/robustness, governance, and transparency, and references tools such as Amazon Bedrock Guardrails, SageMaker Clarify, and the ISO/IEC 42001 standard to operationalize those controls.

Enabling Enterprise Risk Management for Generative AI

🔒 This article frames responsible generative AI adoption as a core enterprise concern and urges business leaders, CROs, and CIAs to embed controls across the ERM lifecycle. It highlights unique risks—non‑deterministic outputs, deepfakes, and layered opacity—and maps mitigation approaches using AWS CAF for AI, ISO/IEC 42001, and the NIST AI RMF. The post advocates enterprise‑level governance rather than project‑by‑project fixes to sustain innovation while managing harm.

AgentCore Supports VPC, PrivateLink, CloudFormation

🔒 Amazon Web Services announced that Amazon Bedrock AgentCore Runtime, AgentCore Browser, and AgentCore Code Interpreter now support VPC connectivity, AWS PrivateLink, CloudFormation, and resource tagging. These additions let developers deploy AI agents that access private resources such as databases and internal APIs without internet exposure. CloudFormation integration enables infrastructure-as-code provisioning, while tagging provides cost allocation and access-control organization. AgentCore is in preview in US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), and Europe (Frankfurt).

AWS Research and Engineering Studio 2025.09 Update

🧪 Research and Engineering Studio (RES) 2025.09 on AWS delivers fractional GPU support, simplified AMI handling, and greater deployment flexibility for research and engineering teams. The update adds support for Amazon EC2 g6f instances to enable GPU fractionalization, Systems Manager Parameter Alias support for AMI IDs to streamline image management, and optional integration with existing Amazon Cognito user pools to simplify authentication during deployment. Administrators can now customize CIDR ranges in the CloudFormation external resources template, and regional availability expands to Asia Pacific (Osaka), Asia Pacific (Jakarta), Middle East (UAE), and South America (São Paulo).

Amazon EC2 I7i Instances Now in Milan and N. California

🚀 Amazon EC2 I7i instances are now available in AWS Europe (Milan) and AWS US West (N. California). Powered by 5th Gen Intel Xeon processors with a 3.2 GHz all-core turbo and 3rd-generation AWS Nitro SSDs, I7i delivers up to 23% better compute and more than 10% improved price-performance versus I4i. Storage scales to 45 TB of NVMe with up to 50% better real-time storage performance, up to 50% lower storage I/O latency, and up to 60% lower latency variability, and includes a torn write prevention feature supporting up to 16 KB block sizes. The family offers eleven sizes — nine virtual sizes up to 48xlarge plus two bare metal options — with up to 100 Gbps networking and 60 Gbps EBS bandwidth.

Amazon Redshift Concurrency Scaling Adds More Regions

🚀 Amazon Redshift Concurrency Scaling is now available in ten additional AWS regions, including Africa (Cape Town), several Asia Pacific locations, Europe (Milan), Middle East (Bahrain), Mexico (Central) and AWS GovCloud (US‑West). The feature elastically adds query processing capacity in seconds to maintain fast performance for thousands of concurrent users and hundreds of simultaneous queries. Customers with an active Redshift cluster earn up to one hour of free Concurrency Scaling credits and can control allocation, set cluster limits, and monitor usage through Amazon CloudWatch; enable it by setting the Concurrency Scaling Mode to Auto in the AWS Management Console.

Research and Engineering Studio on AWS 2025.09 Release

🚀 Research and Engineering Studio (RES) on AWS 2025.09 introduces fractional GPU support, simplified AMI management, and broader deployment flexibility to help teams run graphics‑intensive and compute workloads more efficiently. The release adds Amazon EC2 g6f support for GPU fractionalization and Systems Manager Parameter Alias support for AMI IDs. Integration with Amazon Cognito user pools and customizable CIDR ranges in the CloudFormation template streamline authentication and network planning, while regional expansion improves accessibility.

AWS Network Firewall Enhances Application-Layer Controls

🔐 AWS released enhanced default application-layer rules for AWS Network Firewall to better handle TLS client hellos and HTTP requests that are split across multiple packets. The update adds new default stateful actions — drop and alert established — enabling security teams to enforce controls without complex custom rules while supporting modern TLS implementations and large HTTP requests. Detailed logging preserves visibility. Available in all supported AWS Regions.

AWS Expands EC2 C8gn Graviton4 Instances to Regions

🚀 Amazon expanded availability of EC2 C8gn instances—powered by Graviton4—to Europe (Frankfurt, Stockholm) and Asia Pacific (Singapore), in addition to existing US Regions. C8gn delivers up to 30% better compute vs Graviton3-based C7gn, includes 6th-generation Nitro Cards, and offers up to 600 Gbps network bandwidth. Instances scale to 48xlarge with up to 384 GiB memory and 60 Gbps EBS bandwidth, and select sizes support Elastic Fabric Adapter (EFA) for lower-latency clusters optimized for network-intensive workloads.

AWS Billing: Consolidated Cost Views Across Organizations

🔔 AWS has announced general availability of new AWS Billing and Cost Management features that let customers create and share custom billing views across multiple AWS Organizations from a single account. Users can share views with accounts outside their organization and combine multiple custom views into consolidated perspectives. These consolidated views are accessible via AWS Cost Explorer and AWS Budgets, enabling cross-organization cost analysis and budgeting.

Amazon CloudWatch Adds Tag-Based Telemetry for Metrics

🔍 Amazon CloudWatch introduces tag-based telemetry so teams can monitor metrics and configure alarms using existing AWS resource tags. This lets DevOps and cloud administrators build dynamic monitoring views that follow organizational tagging, automatically adapting as resources change. Tag-based query filtering cuts manual dashboard and alarm updates, and can be enabled with one click or via the AWS CLI and SDKs.

AWS X-Ray Adds Adaptive Sampling for Error and Cost Control

🔍 AWS X-Ray now supports adaptive sampling to automatically adjust trace sampling within user-defined limits. This feature offers two modes—Sampling Boost to temporarily raise sampling when anomalies are detected and Anomaly Span Capture to retain spans tied to anomalies even if the full trace isn't sampled. Adaptive sampling aims to reduce MTTR by capturing critical traces during incidents while keeping observability costs low. It is available in all commercial regions where X‑Ray is offered.

Amazon EC2 Allowed AMIs: New Parameters for Governance

🔒 Amazon EC2’s account-wide Allowed AMIs setting now supports four new parameters — marketplace codes, deprecation time, creation date, and AMI names — to tighten AMI discovery and usage controls. Previously limited to account IDs and owner aliases, administrators can now define additional criteria to block Marketplace images, filter out outdated AMIs, and enforce naming patterns. These parameters integrate with Declarative Policies and are available in all regions, including AWS China and AWS GovCloud (US), enabling centralized AMI governance across your organization.

Amazon RDS: PostgreSQL 18.0 Available in Public Preview

🆕 Amazon RDS for PostgreSQL 18.0 is now available in the RDS Database Preview Environment, enabling evaluation of new PostgreSQL capabilities within a fully managed sandbox. PostgreSQL 18.0 introduces multicolumn B-tree skip scan, improved WHERE handling for OR/IN conditions, parallel GIN builds, updated join behavior, and UUIDv7 support. The preview preserves instances for up to 60 days, restricts snapshots to the preview environment, and supports database import/export via dump/load; pricing follows the US East (Ohio) Region.

Preview Amazon S3 Tables Directly in the S3 Console

🔍 You can now preview Amazon S3 Tables directly in the S3 console without writing SQL. The console preview displays table schema, column types, and sample rows so you can quickly inspect structure and key data points without additional setup. Previews are available in all AWS Regions where S3 Tables are offered. You are charged only for the S3 requests used to read the sampled rows; consult S3 pricing and the S3 User Guide for details.

AWS Lambda Code Signing Now Available in GovCloud Regions

🔐 AWS Lambda now supports code signing in AWS GovCloud (US-West and US-East) through the managed AWS Signer service. Lambda validates signatures at deployment to ensure code has not been altered and that it originates from trusted signers. Administrators can create Signing Profiles, bind allowed profiles to functions, and configure whether failed signature checks produce warnings or reject deployments. Access and permissions are controlled via IAM, and there is no additional charge to use this capability.

AWS ARC Region Switch Now Available in New Zealand

🔁 Amazon Web Services has made the Application Recovery Controller Region switch feature available in the Asia Pacific (New Zealand) Region. Region switch lets teams orchestrate and execute cross-account and cross-Region recovery steps while providing real-time dashboards and consolidated data collection to support regulator and compliance reporting. The feature supports failover/failback for active/passive designs and shift-away/return for active/active architectures, and automatically replicates plans to all Regions where the application runs.

Amazon Route 53 Resolver Query Logging Now in NZ Region

🛰️ Amazon Route 53 Resolver Query Logging is now available in Asia Pacific (New Zealand). You can log DNS queries originating in VPCs to capture queried domain names, the AWS resources that issued the queries (including source IP and instance ID), and the responses received. Logs can be delivered to Amazon S3, CloudWatch Logs, or Amazon Data Firehose, and query logging configurations may be shared across accounts via AWS RAM. There is no additional Route 53 charge for enabling query logging, though storage and ingestion on the chosen destination may incur costs.

Pandoc SSRF Exploited to Target AWS IMDS, Steal EC2 Keys

🔒 Wiz has observed in-the-wild exploitation attempts of CVE-2025-51591, an SSRF in Pandoc that renders iframe tags and can direct them at the AWS Instance Metadata Service (IMDS). Attackers submitted crafted HTML aiming to access 169.254.169.254 to exfiltrate temporary IAM metadata and EC2 credentials. Attempts seen from August and continuing for weeks were blocked where IMDSv2 was enforced. Administrators should mitigate by using Pandoc's -f html+raw_html or --sandbox options, enforce IMDSv2, and apply least-privilege roles.