All news with #aws tag

AWS Extends VPC Traffic Mirroring to Nitro v4 Instances

🛡️ Amazon Web Services announced expanded support for VPC Traffic Mirroring, enabling the feature on a broader set of EC2 instance types. With this update, Traffic Mirroring can now be enabled on all Nitro v4 instances and is available across all regions. The capability replicates instance network traffic to security and monitoring appliances for use cases such as content inspection, threat monitoring, and troubleshooting; consult the AWS documentation for the complete supported instance lists and Nitro system mappings.

Amazon OpenSearch Service Adds i8g Storage Instances

🚀 Amazon OpenSearch Service now supports i8g instances, the latest generation of storage-optimized instances powered by AWS Graviton4 processors. i8g delivers up to 60% better compute and uses third-generation Nitro NVMe SSDs for up to 65% better storage performance per TB, lower latency, and reduced latency variability. Supported for OpenSearch and Elasticsearch 7.9/7.10 across multiple regions.

EC2 Mac Dedicated Hosts: Host Recovery & Maintenance

🔧 AWS now offers two new capabilities for EC2 Mac Dedicated Hosts: Host Recovery and Reboot-based Host Maintenance. Host Recovery detects potential hardware issues and transparently migrates Mac instances to replacement hosts to minimize disruption. Reboot-based Host Maintenance automates instance stop and restart on replacement hosts during scheduled maintenance, eliminating manual intervention. These features support all EC2 Mac instance families on both Intel and Apple silicon and are available in regions that support EC2 Mac instances.

Amazon CloudWatch RUM GA Now in US GovCloud Regions

📣 Amazon has made CloudWatch RUM generally available in AWS GovCloud (US-East) and AWS GovCloud (US-West). The service collects client-side performance and error telemetry in real time and provides curated dashboards showing page load steps, core web vitals, JavaScript and HTTP errors across geolocations, browsers, and devices. It integrates with CloudWatch Application Signals to correlate front-end telemetry with backend metrics, and usage is billed per collected RUM event.

Amazon EC2 C8gn Instances Now in US West (N. California)

🚀 Amazon EC2 C8gn instances, powered by AWS Graviton4 processors, are now available in US West (N. California). These instances deliver up to 30% better compute performance than Graviton3-based C7gn, include 6th-generation AWS Nitro Cards, and offer up to 600 Gbps of network bandwidth. C8gn scales to 48xlarge (up to 384 GiB memory) with up to 60 Gbps to EBS, and selected large/metal sizes support EFA for lower-latency clusters. They are optimized for network-intensive workloads, high-throughput analytics, network virtual appliances, and CPU-based AI/ML inference.

Amazon EKS adds on-demand cluster insights refresh

🔁 Amazon EKS now supports on-demand refresh of cluster insights, enabling operators to retrieve the latest detection results immediately after making changes. The capability complements existing periodic checks that identify upgrade warnings and configuration recommendations. By allowing immediate verification, teams can accelerate upgrade testing, confirm that remediations took effect, and shorten the feedback loop for cluster configuration changes.

AWS Client VPN adds Windows Arm64 support in v5.3.0

🔐 AWS announced that AWS Client VPN version 5.3.0 adds official support for Windows Arm64, enabling the AWS-supplied desktop VPN client to run on the latest Arm64-based Windows devices. The client remains free of charge and is available in all regions where the service is generally available. Client VPN is a managed service that connects remote users securely to AWS and on-premises networks and continues to support macOS 13–15, Windows 10 (x64), Windows 11 (Arm64 and x64), and Ubuntu Linux 22.04 and 24.04 LTS. Administrators can download and deploy the updated client to bring Arm64 Windows endpoints into supported VPN configurations.

AWS Transfer Family Adds Terraform SFTP Connector Support

🚀 The AWS Transfer Family Terraform module now supports provisioning SFTP connectors to transfer files between Amazon S3 and remote SFTP servers. Announced 2025-08-27, the addition builds on existing Terraform support for SFTP server endpoints and enables programmatic provisioning of connectors, dependencies, and customizations in a single IaC deployment. The module includes end-to-end examples to automate transfers on schedules or event triggers, reducing manual configuration and improving repeatability, security, and scale.

AWS Network Firewall adds ReceivedBytes metric in CloudWatch

🔍 AWS has added the new ReceivedBytes metric for AWS Network Firewall to Amazon CloudWatch, giving customers per-firewall visibility into total incoming bytes inspected. The metric differentiates counts for the stateless and stateful engines, enabling more granular analysis of processing and performance. Available in all Regions where Network Firewall is supported, the data can be integrated into existing monitoring, alerting, and optimization workflows to support capacity planning and cost reduction.

SageMaker HyperPod Supports Customer-Managed KMS for EBS

🔐 Amazon SageMaker HyperPod now supports customer-managed AWS KMS keys (CMKs) to encrypt EBS volumes, giving enterprises direct control over encryption for root and secondary storage. This enables integration with existing key management and compliance workflows and uses a grants-based approach for secure cross-account access. Customers can specify CMKs via the CreateCluster and UpdateCluster APIs for clusters in continuous provisioning mode. The capability is available in all Regions where HyperPod runs.

Whistleblower: DOGE Placed SSA NUMIDENT on Insecure Cloud

⚠️A protected whistleblower alleges that the Department of Government Efficiency (DOGE) copied the Social Security Administration's NUMIDENT database to an unsecured Amazon Web Services test environment, bypassing mandated oversight and authorization. The complaint names several DOGE-affiliated hires and documents approvals and risk assessments dated June 12, June 25, and July 25, 2025. It alleges the move circumvented required FISMA authorization and NIST SP 800-53 controls, exposing sensitive personal data for more than 300 million people and potentially violating the Privacy Act and the CFAA.

Amazon EC2 C7i Instances Now Available in Osaka Region

🚀 Amazon EC2 C7i instances powered by custom 4th Gen Intel Xeon Scalable processors are now available in the Asia Pacific (Osaka) Region. C7i delivers up to 15% better performance versus comparable x86-based Intel processors and up to 15% improved price-performance over C6i. Instances scale to 48xlarge and provide two bare-metal sizes with Intel accelerators, support Intel AMX, and allow up to 128 EBS volumes to better handle compute-intensive workloads.

Custom Metrics in Amazon CloudWatch Application Signals

🔍 Amazon CloudWatch Application Signals now supports Custom Metrics, enabling developers and operators to define and visualize application-specific telemetry alongside standard health metrics such as fault rates, errors, and latency. You can ingest metrics directly with OpenTelemetry Metrics or derive them from spans using the OpenTelemetry Traces SDK and Metrics Filters. The Application Signals console offers correlated views in the Related Metrics tab, interactive visualization, and quick navigation to correlated spans, top contributors, and related logs. Custom Metrics support is available in all regions where Application Signals is offered; see documentation and CloudWatch pricing for details.

AWS SageMaker Adds P5.4xlarge with NVIDIA H100 GPU

🚀 Amazon SageMaker Training and Processing Jobs now supports the new EC2 P5 instance size with a single NVIDIA H100 GPU, offering the P5.4xlarge configuration for cost‑effective ML and HPC workloads. The instance enables fine-grained scaling so customers can begin with smaller configurations and expand incrementally, improving cost management and infrastructure flexibility. P5.4xlarge is available via SageMaker Flexible Training Plans and in select regions through On‑Demand and Spot.

AWS App Runner Adds IPv6 for Inbound and Outbound Traffic

🌐 AWS App Runner now supports IPv6 for both inbound and outbound traffic on public and private service endpoints. This removes the need for IPv4/IPv6 address translation and helps customers meet IPv6 compliance requirements. You enable the capability by selecting the dual-stack option in the networking configuration for new or existing services. IPv6 support is available in all Regions where App Runner is offered.

AWS Console Adds Account Color Settings for Quick ID

🎨 Today AWS announced general availability of account color settings in the AWS Management Console across all Public Regions. Account administrators can assign a persistent color (for example, red for production or yellow for testing) that appears in the Console navigation bar for all authorized users, enabling quick visual identification of accounts. The default color is grey; viewing the color requires AWSManagementConsoleBasicUserAccess or the custom permission uxc:getaccountcolor.

Amazon Braket local device emulator for verbatim circuits

🔬 Amazon Braket now offers a local device emulator to test verbatim circuits with device-specific constraints and realistic noise models before running on quantum hardware. The emulator validates qubit connectivity, native gate sets, and topology while applying depolarizing channels to one- and two-qubit gates using device calibration data and local density-matrix simulation. It supports both real-time and historical calibration snapshots and can be instantiated from AWS quantum devices or custom device properties via the Amazon Braket SDK, integrating into existing workflows so developers can catch compatibility and performance issues early without incurring hardware costs.

AWS Client VPN Adds Connectivity for IPv6 Resources

🔒 AWS Client VPN now supports secure remote access to IPv6-enabled VPC resources, allowing administrators to connect remote users and devices directly to IPv6 workloads. Administrators can deploy IPv6-only or dual-stack Client VPN endpoints to preserve end-to-end IPv6 connectivity and simplify network design for organizations adopting IPv6. This capability expands prior IPv4-only support and helps meet IPv6 adoption and compliance goals. The feature is generally available in all Client VPN regions except Middle East (Bahrain) and is provided at no additional cost, with IPv6 and dual-stack endpoints billed at the existing per-hour endpoint rate.

Amazon GameLift Streams Adds Default Application Controls

🚀 Amazon GameLift Streams now gives developers finer control over default applications for stream groups. You can create stream groups without assigning a default, change which linked application serves as the default, or unlink a default without deleting the group. The service console and APIs — including UpdateStreamGroup, AssociateApplications, and DisassociateApplications — have been updated to manage default application configurations.

Amazon RDS for Oracle adds ECC384 CA and ECDSA ciphers

🔒 Amazon RDS for Oracle now supports an ECC384 Certificate Authority and two new ECDSA cipher suites for SSL and OEM Agent options on Oracle Database 19c and 21c. The added cipher suites — TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 — offer security comparable to RSA with shorter keys and lower CPU usage. To enable them, select rds-ca-ecc384-g1 as the CA for your DB instances and follow the documented steps to add SSL or modify OEM Agent settings.