All news with #aws tag

Protect AI Development Using Falcon Cloud Security

🔒 Falcon Cloud Security provides end-to-end protection for AI development pipelines by embedding AI detection into CI/CD workflows, scanning container images, and surfacing AI-related packages and CVEs in real time. It extends visibility to cloud model services — including AWS SageMaker and Bedrock, Azure AI, and Google Vertex AI — revealing model provenance, dependencies, and API usage. Runtime inventory ties build-time detections to live containers so teams can prioritize fixes, govern models, and maintain delivery velocity without compromising security.

AWS Organizations SCPs Now Support Full IAM Language

🔐 AWS announced that AWS Organizations service control policies (SCPs) now support the full IAM policy language, adding features such as NotAction, NotResource, resource-level Allow statements, conditions in Allow, and more flexible action wildcards. The update is available across AWS commercial and GovCloud (US) Regions. These changes simplify permission models, reduce prior workarounds (such as tagging-based exceptions), and make SCPs more expressive and concise. AWS recommends careful wildcard use and continuing to prefer explicit Deny statements for robust controls.

Amazon OpenSearch Ingestion Adds Cross-Account Ingestion

🔁 Amazon OpenSearch Ingestion now supports cross-account ingestion for push-based sources such as HTTP and OpenTelemetry (OTel). This capability lets teams share ingestion pipelines across AWS accounts without relying on VPC peering or AWS Transit Gateway, simplifying centralized observability and analytics workflows. The feature is available today in all regions where OpenSearch Ingestion is offered; customers can configure resource policies in the AWS Management Console or CLI and enable pipeline endpoints from their VPCs to begin ingesting data.

AWS Summer 2025 SOC 1 Report Covers 183 Services In Scope

🔒 AWS has published its Summer 2025 SOC 1 report covering 183 services for the period July 1, 2024 through June 30, 2025. The report provides independent assurance on controls relevant to customer financial reporting. Customers can download the report via AWS Artifact in the AWS Management Console for on-demand access. AWS says it will continue to expand service coverage and invites customers to contact their account team or the Compliance team with questions.

Amazon RDS supports MySQL Innovation Release 9.4 Preview

🚀 Amazon RDS for MySQL now supports MySQL Innovation Release 9.4 in the Amazon RDS Database Preview Environment, enabling customers to evaluate the latest community Innovation Release on managed RDS instances. The Preview Environment supports Single‑AZ and Multi‑AZ deployments on current instance classes and retains preview instances for up to 60 days. Snapshots created in the Preview Environment are restricted to the Preview Environment, and preview instances are billed at the same rates as production RDS instances in the US East (Ohio) Region.

AWS Neuron SDK 2.26 Adds Trn2, PyTorch 2.8, JAX 0.6.2

🚀 AWS has released Neuron SDK 2.26.0 as generally available, delivering framework and runtime improvements for Inferentia and Trainium-based instances. The update adds support for PyTorch 2.8 and JAX 0.6.2, enhances inference on Trainium2 (Trn2) instances, and enables deployment of models such as FLUX.1-dev and beta Llama 4 Scout/Maverick. It also introduces expert parallelism (beta) for MoE models, new Neuron Kernel Interface APIs, and an improved Neuron Profiler with system profile grouping for distributed workloads.

AWS Organizations Adds Full IAM Policy Language to SCPs

🔐 AWS Organizations now supports the full IAM policy language for service control policies (SCPs), allowing administrators to use conditions, individual resource ARNs, and the NotAction element with Allow statements. You can also apply wildcards at the beginning or middle of Action strings and use the NotResource element for finer scoping. These enhancements let teams create more concise and precise organizational guardrails to enforce least-privilege across accounts. The change is backward compatible and available in all AWS commercial and AWS GovCloud (US) Regions.

Amazon Redshift Multidimensional Data Layouts GA for Queries

🚀 Amazon Redshift announces general availability of Multidimensional Data Layouts (MDDL), a dynamic sorting feature that reorganizes data according to actual query filters to accelerate analytics. MDDL creates a multidimensional virtual sort key that co-locates rows typically accessed together, enabling block-level and predicate-column skipping during execution. For tables using the default AUTO sort key, Redshift analyzes query history and automatically selects MDDL or an optimal single-column sort key based on expected benefits. AWS reports up to 10x end-to-end performance improvements for workloads with repetitive filters; MDDL is available in all AWS commercial regions.

AWS SiteWise MCP Server Accelerates Industrial Modeling

⚙️ AWS published a Model Context Protocol (MCP) server for AWS IoT SiteWise in the AWS Labs open-source MCP repository to simplify industrial data modeling. The server embeds domain validation and automated modeling, applying correct units, data types, and quality indicators so models are production-ready. It maintains compatibility with existing SiteWise tools and APIs while adding conversational interfaces to streamline model authoring, asset onboarding, and downstream analytics enablement.

Source-of-Truth Authorization for RAG Knowledge Bases

🔒 This post presents an architecture to enforce strong, source-of-truth authorization for Retrieval-Augmented Generation (RAG) knowledge bases using Amazon S3 Access Grants with Amazon Bedrock. It explains why vector DB metadata filtering is insufficient—permission changes can be delayed and complex identity memberships are hard to represent—and recommends validating permissions at the data source before returning chunks to an LLM. The blog includes a practical Python walkthrough for exchanging identity tokens, retrieving caller grant scopes, filtering returned chunks, and logging withheld items to reduce the risk of sensitive data leaking into LLM prompts.

Amazon VPC Reachability and Network Access Analyzer Expand

🛰️ Amazon has expanded VPC Reachability Analyzer and VPC Network Access Analyzer to seven additional regions — New Zealand, Hyderabad, Melbourne, Taipei, Calgary, Tel Aviv, and Mexico Central. Reachability Analyzer diagnoses network reachability between source and destination resources, while Network Access Analyzer identifies unintended access paths that may bypass security controls. This regional launch improves troubleshooting, compliance checks, and multi-account network visibility; pricing and documentation are available through AWS resources.

AWS Kinesis Data Streams Adds IPv6 and FIPS in GovCloud

🌐 Amazon Web Services announced that Kinesis Data Streams now supports API requests over IPv6 in the AWS GovCloud (US) Regions, with optional dual-stack (IPv4/IPv6) public and VPC endpoints. The new endpoints have been validated under FIPS 140-3, enabling FIPS-compliant encryption for customers contracting with the US federal government. IPv6 support reduces address overlap and simplifies connectivity for devices and networks already using IPv6. This capability is available in all Regions where Kinesis Data Streams operates, including GovCloud and China Regions.

AWS Outposts expand to Canada (Central) and N California

📢 Second-generation AWS Outposts racks are now supported in the AWS Canada (Central) and US West (N. California) Regions. Outposts racks extend AWS infrastructure, services, APIs, and tools to on-premises data centers or colocation spaces, providing a consistent hybrid experience. Customers can order racks connected to these Regions to optimize for latency and data residency, run low-latency workloads locally, and maintain centralized management in their home Region.

Amazon Q Developer CLI Adds Remote MCP Server Support

🔒 Amazon Q Developer CLI now supports remote MCP servers to centralize tool integrations and OAuth-based authentication, enhancing scalability and security in development workflows. Administrators specify HTTP transport, the authentication URL, and optional headers in agent configuration or mcp.json. Upon successful OAuth authentication, the CLI enumerates tools on the MCP server and exposes them to the agent. This capability is available in both the CLI and the Amazon Q Developer IDE plugins.

Stability AI Image Services Now Available in Amazon Bedrock

🖼️ Amazon Bedrock now includes Stability AI Image Services, a suite of nine specialized image-editing tools available via the Bedrock API. The offering splits into Edit tools (Remove Background, Erase Object, Search and Replace, Search and Recolor, Inpaint) and Control tools (Structure, Sketch, Style Guide, Style Transfer). It is currently supported in US West (Oregon), US East (N. Virginia), and US East (Ohio), and is intended to accelerate professional creative workflows with granular edit control.

Step Functions: Data Sources and Metrics for Distributed Map

⚙️ AWS Step Functions now expands Distributed Map input sources and adds visibility metrics. Distributed Map can now iterate S3 objects via S3ListObjectsV2, read AWS Athena data manifests and Parquet files directly, and extract arrays from JSON stored in S3 or passed as state input. New observability metrics — Approximate Open Map Runs Count, Open Map Run Limit, and Approximate Map Runs Backlog Size — provide operational insight. These features are available in all commercial AWS Regions; enable Distributed Map mode in the Step Functions console and consult the developer guide for examples.

Amazon Bedrock Adds Four Qwen3 Open-Weight Models Now

🤖 Amazon Web Services added four Qwen3 open-weight foundation models to Amazon Bedrock as fully managed, serverless offerings. The lineup—Qwen3-Coder-480B-A35B-Instruct, Qwen3-Coder-30B-A3B-Instruct, Qwen3-235B-A22B-Instruct-2507, and Qwen3-32B—covers both dense and Mixture-of-Experts (MoE) architectures. The coder variants specialize in agentic coding, function calling, and tool use, while the 235B and 32B models provide general reasoning and efficient dense computation. These models are available now across multiple AWS regions, enabling developers to build advanced AI applications without managing infrastructure.

Amazon Lex: confirmation and currency slots in 10 languages

🤖 Amazon Lex now supports built-in confirmation and currency slot types in 10 additional languages: Portuguese, Catalan, French, Italian, German, Spanish, Mandarin, Cantonese, Japanese, and Korean. These built-in slots normalize varied user phrasing—mapping acknowledgements to 'Yes', 'No', 'Don't know', or 'Maybe' and converting currency expressions into structured formats such as 'USD 1.00'—to simplify multi-lingual conversational flows. The feature is available in all commercial AWS Regions where Amazon Lex operates and can improve chatbots and contact-center interactions.

OpenAI Open-Weight Models Now in Eight More AWS Regions

🚀 AWS has expanded availability of OpenAI open weight models on Amazon Bedrock to eight additional regions. The update adds US East (N. Virginia), Asia Pacific (Tokyo), Europe (Stockholm), Asia Pacific (Mumbai), Europe (Ireland), South America (São Paulo), Europe (London), and Europe (Milan) to the previously supported US West (Oregon). This broader regional coverage reduces network latency, helps meet data residency preferences, and makes it easier for customers to deploy AI-powered applications closer to their users. Customers can access the models through the Amazon Bedrock console and supporting documentation to get started.

AWS Bedrock Adds OpenAI Open‑Weight Models in Eight Regions

🚀 AWS has expanded availability of OpenAI open weight models on AWS Bedrock to eight additional AWS Regions worldwide. The update brings the models to US East (N. Virginia), Asia Pacific (Tokyo, Mumbai), Europe (Stockholm, Ireland, London, Milan) and South America (São Paulo), alongside existing US West (Oregon) support. This broader footprint aims to lower latency, improve model performance and help customers meet data residency requirements. To get started, use the Amazon Bedrock console or consult the documentation.