All news with #aws tag

Amazon GameLift Servers: Dallas Local Zone Launches

🎮 Amazon GameLift Servers now supports the new AWS Local Zone in Dallas, Texas (us-east-1-dfw-2), enabling fleets to deploy EC2 C6gn, C6i, C6in, M6g, M6i, M6in, M8g, and R6i instances. From the GameLift Servers Console you can enable the Dallas Local Zone and add it to your fleets like any other Region or Local Zone. This launch lets studios run latency-sensitive multiplayer, AR/VR, and tournament workloads closer to Dallas-area players for single-digit millisecond latency and improved responsiveness.

Amazon EC2 Auto Scaling — Forced Immediate Cancel Feature

⚡ Amazon EC2 Auto Scaling now allows customers to force-cancel ongoing instance refreshes immediately by setting WaitForTransitioningInstances to false when calling the CancelInstanceRefresh API. The change bypasses waiting for in-progress launches, terminations, or instance lifecycle hooks, enabling rapid aborts of deployments during incidents or to roll forward to corrected releases. The capability is available in all AWS regions, including AWS GovCloud (US).

AWS removes network burst limits for I7i and I8g instances

🚀 Today AWS removed networking bandwidth burst duration limits for Amazon EC2 I7i and I8g instances larger than 4xlarge, doubling the network bandwidth available at all times for those sizes. Where instances previously relied on a network I/O credit mechanism to burst above a baseline, larger I7i and I8g instances can now sustain their maximum network performance indefinitely. The change delivers more predictable, uninterrupted throughput for memory- and network‑intensive workloads such as distributed databases, real‑time analytics and AI preprocessing; smaller sizes retain existing baseline-and-burst behavior.

Optimize Security Operations with AWS Incident Response

🔒 AWS Security Incident Response provides an AWS-native incident management capability that combines automated triage, threat intelligence, and customer metadata to surface and prioritize genuine threats. The service integrates with Amazon GuardDuty, AWS Security Hub, and select third-party detections, and offers a unified console with 24/7 access to the AWS Customer Incident Response Team (CIRT). It supports delegated administration, organization-wide coverage, and immutable case timelines. Included with Amazon Managed Services (AMS), it accelerates investigation and containment to reduce mean time to resolution.

Amazon DataZone Now Available in Three Additional Regions

🔔 Amazon DataZone is now available in AWS Asia Pacific (Hong Kong), Asia Pacific (Malaysia), and Europe (Zurich) Regions. The fully managed Amazon DataZone service catalogs, discovers, analyzes, shares, and governs organizational data, integrating with AWS Glue Data Catalog and Amazon Redshift. Consumers can search, subscribe, and analyze assets using tools like Amazon Redshift and Amazon Athena from the DataZone portal. The service also underpins governance in the next generation of Amazon SageMaker to simplify discovery and secure access to data and models.

Defense-in-Depth: Building an AWS Control Framework

🔒 This post outlines a practical, layered approach to reduce risk in AWS by moving beyond detective-only controls to a comprehensive defense‑in‑depth control framework. It recommends combining preventative, proactive, detective, and responsive controls across the resource lifecycle and illustrates how AWS services such as AWS Control Tower, AWS Organizations, Security Hub, and AWS Config enable that strategy. The guidance covers concrete patterns—from SCPs, RCPs and policy‑as‑code in CI/CD to automated remediation via Lambda and Systems Manager—to scale governance, reduce findings, and shorten remediation time.

AWS License Manager Adds Shared Managed Active Directory

🔁 AWS License Manager now supports shared AWS Managed Active Directory across multiple AWS accounts, enabling centralized management of Microsoft product subscriptions. Customers can subscribe once in a single admin account and extend those subscriptions to directory consumer accounts across their AWS Organization. This reduces duplicate directories and IT overhead and is available in all commercial regions where License Manager user subscription is supported.

npm Supply-Chain Worm 'Shai-Hulud' Compromises Packages

🛡️ CISA released an alert about a widespread software supply chain compromise affecting the npm registry: a self-replicating worm called 'Shai-Hulud' has compromised over 500 packages. The actor harvested GitHub Personal Access Tokens and cloud API keys for AWS, Google Cloud, and Azure, exfiltrating them to a public repository and using them to publish malicious package updates. CISA recommends immediate dependency reviews, credential rotation, enforcing phishing-resistant MFA, pinning package versions to releases before Sept. 16, 2025, hardening GitHub settings, and monitoring for anomalous outbound connections.

ShadowV2 Botnet Targets Misconfigured AWS Docker Containers

⚠️ Researchers at Darktrace disclosed ShadowV2, a DDoS-focused botnet that exploits misconfigured Docker daemons on AWS EC2 instances to deploy a Go-based RAT and enlist hosts as attack nodes. The campaign uses a Python spreader to spawn an Ubuntu setup container, build a custom image, and run an ELF payload that checks in with a Codespaces-hosted C2. Operators leverage HTTP/2 Rapid Reset floods, a Cloudflare UAM bypass via ChromeDP, and a FastAPI/Pydantic operator API, signaling a modular DDoS-for-hire service.

Amazon Connect: Custom Attributes for Interaction Segments

📞 Amazon Connect now lets administrators associate custom, predefined attributes with individual interaction segments. Attributes such as business unit, account type, or contact reason can be centrally managed and applied through contact flows or the UpdateContact API, ensuring each segment retains accurate business context during transfers and multi-party interactions. For example, engagements that start in Support and move to Sales keep distinct business unit names per segment. This capability strengthens reporting and analytics across the customer journey and is available in all AWS regions.

AWS IAM Identity Center Adds Customer-Managed KMS Keys

🔐 IAM Identity Center now supports customer-managed AWS KMS keys to encrypt workforce identity data, including user and group attributes. While AWS-owned keys remain the default, a customer-managed key (CMK) lets organizations control key lifecycle, policies, and usage permissions for stronger security and compliance. CMKs can be set when enabling a new organization instance or added to existing ones, and their usage is auditable via AWS CloudTrail. Support is available for access to accounts and select AWS applications across all IAM Identity Center regions; standard KMS charges apply.

Amazon Nova Act IDE Extension for Agent Development and Testing

🤖 Amazon Web Services announced the Nova Act extension, embedding the agent development workflow directly into popular IDEs such as Visual Studio Code, Kiro, and Cursor. The extension unifies natural-language script creation, fine-grained scripting controls, and integrated browser testing into a single interface, reducing context switching across tools. Built on the Nova Act SDK (research preview since March 2025), the extension is available today from IDE extension marketplaces and the project’s GitHub repository includes documentation and examples to get started.

Amazon RDS supports cross-Region and cross-account snapshots

🔁 Amazon RDS now supports single-step cross-Region and cross-account copying of snapshots for Amazon RDS and Amazon Aurora. This new capability eliminates the prior two-step process and removes the need for an intermediate snapshot, helping customers achieve tighter recovery point objectives while reducing storage and operational costs. The feature is available in all AWS Regions, including AWS China and AWS GovCloud (US), and can be used today via the AWS Management Console, AWS CLI, or AWS SDKs.

AWS Launches EC2 Instance Attestation for Trusted Instances

🔒 AWS announced general availability of EC2 instance attestation in September 2025, enabling customers to cryptographically verify that only trusted software and configurations run on EC2 instances, including those with AI chips and GPUs. The feature uses NitroTPM and Attestable AMIs to create and compare cryptographic measurements of AMI contents. It integrates with AWS KMS so key operations can be restricted to instances that pass attestation. EC2 instance attestation is available in all AWS Commercial Regions, including AWS GovCloud (US).

Amazon EC2 R8gb: EBS-optimized Graviton4 instances

🚀 Amazon EC2 R8gb instances are now generally available as EBS-optimized compute powered by AWS Graviton4. AWS reports up to 30% better compute performance versus Graviton3 and up to 150 Gbps of EBS bandwidth, delivering higher block storage throughput than same-sized Graviton4 counterparts. Sizes scale to 24xlarge (including a metal option) with up to 768 GiB memory and 200 Gbps networking; select large sizes support EFA. Initially available in US East (N. Virginia) and US West (Oregon).

Amazon Redshift Serverless Now Available in Taipei

🚀 Amazon Redshift Serverless is now generally available in the AWS Asia Pacific (Taipei) region, enabling analysts, developers, and data scientists to run and scale analytics without provisioning or managing clusters. The service automatically provisions and intelligently scales compute, with per-second billing for workload duration. Users can query data via Query Editor V2 or existing BI tools, load data from Amazon S3, restore snapshots, and directly query open formats like Apache Parquet, while benefiting from unified billing across data sources.

Automating Security Hub Exceptions with Business Context

🔒 This post describes an automated approach to validate and document exceptions to AWS Security Hub findings, enabling security teams to enforce governance while developers request and implement compensating controls. The solution leverages EventBridge, SQS, Lambda, and DynamoDB to validate controls, collect evidence, and maintain an immutable audit trail. It preserves segregation of duties, supports multiple validation types, and includes deployment scripts and CloudFormation templates. The authors emphasize the reference architecture is a starting point and must be reviewed and adapted before production use.

Amazon Connect Contact Lens Adds Redaction in 7 Languages

🔒 Amazon Connect Contact Lens now provides automatic sensitive data redaction for voice and chat conversational analytics in French (France, Canada), Portuguese (Portugal, Brazil), Italian, German, and Spanish (Spain). You can remove PII, financial account numbers and PINs, and Internet access details from transcripts and audio files, choosing to redact selected entities or all detected sensitive data. Redacted values can be replaced with a generic placeholder (e.g., [PII]) or an entity-specific placeholder (e.g., [NAME]). Sensitive data redaction is available in all AWS Regions where Amazon Connect is offered.

Amazon Connect Flow Designer: New Analytics Mode Now

📊 Amazon Connect's Flow Designer now includes an analytics mode that surfaces aggregate metrics across drag-and-drop flows to help teams build and optimize customer journeys. You can visualize step-level behavior, including where users abandon, encounter errors, or are transferred to agent queues, enabling targeted troubleshooting and configuration fixes. This capability is included with Amazon Connect (with unlimited AI) pricing and is available in all AWS regions.

Regaining Control of AI Agents and Non-Human Identities

🔐 Enterprises are struggling to secure thousands of non-human identities—service accounts, API tokens, and increasingly autonomous AI agents—that proliferate across cloud and CI/CD environments without clear ownership. These NHIs often use long-lived credentials, lack contextual signals for adaptive controls, and become over-permissioned or orphaned, creating major lateral-movement and compliance risks. The article recommends an identity security fabric—including discovery, risk-based privilege management, automated lifecycle policies, and integrations such as Okta with AWS—to regain visibility and enforce least-privilege at scale.