All news with #aws tag

DeepSeek-V3.1 Available as Fully Managed in Bedrock

🔍 DeepSeek-V3.1 is now available as a fully managed foundation model in Amazon Bedrock, offering an open-weight option designed for enterprise deployment. The model supports a selectable 'thinking' mode for step-by-step analysis and a faster non-thinking mode for quicker replies, with improved multilingual accuracy and reduced hallucinations. Enhanced tool-calling, transparent reasoning, and strong coding and analytical performance make it well suited for building AI agents, automating workflows, and tackling complex technical tasks. DeepSeek-V3.1 is available in US West (Oregon), Asia Pacific (Tokyo, Mumbai), and Europe (London, Stockholm).

Amazon EVS Adds HCX Migration Over Public Internet

🌐 Amazon EVS now supports VMware HCX migrations over the public internet using Elastic IP Addresses (EIPs) to provide stable endpoints and faster setup. This option supplements existing private connectivity methods such as AWS Direct Connect and VPN, enabling secure layer‑2 network stretch and workload migration when private links are unavailable. Public HCX connectivity is available in all AWS Regions where EVS is offered and can be a cost‑effective alternative for workloads that do not require private connection performance.

Amazon SageMaker HyperPod Adds Managed Karpenter Autoscaling

🛠️ Amazon SageMaker HyperPod now supports managed node autoscaling using Karpenter, enabling automated cluster scaling for both inference and training workloads. This managed capability removes the operational burden of installing and maintaining autoscaling infrastructure while providing integrated resilience and fault tolerance. Customers gain just-in-time GPU provisioning, scale-to-zero during low demand, workload-aware instance selection, and cost reductions through intelligent consolidation.

Amazon OpenSearch Serverless Adds Disk-Optimized Vectors

🔍 Amazon has added disk-optimized vector storage to OpenSearch Serverless, offering a lower-cost alternative to memory-optimized vectors while maintaining equivalent accuracy and recall. The disk-optimized option may introduce slightly higher latency, so it is best suited for semantic search, recommendation systems, and other AI search scenarios that do not require sub-millisecond responses. As a fully managed service, OpenSearch Serverless continues to automatically scale compute capacity (measured in OCUs) to match workload demands.

AWS Step Functions Adds IPv6 Dual-Stack Endpoint Support

🌐 AWS Step Functions now supports IPv6 via new dual-stack IPv4/IPv6 endpoints, enabling customers to send IPv6 traffic directly to the service. The enhancement preserves backwards compatibility with existing IPv4 endpoints and enables PrivateLink interface VPC endpoint connectivity so workloads can access Step Functions privately without traversing the public internet. IPv6 support is generally available in several US commercial and GovCloud regions.

AWS Network Firewall: SNI Session Holding for TLS Guide

🔒 AWS Network Firewall now offers SNI session holding to strengthen TLS inspection by validating the TLS SNI before initiating an outbound TCP connection. When enabled, the firewall holds TCP/TLS establishment until it receives the ClientHello SNI and evaluates it against Suricata-based TLS inspection rules, preventing any contact with disallowed endpoints. Administrators can enable this option in a TLS inspection configuration via the AWS Management Console, AWS CLI, or AWS SDK; it’s available in Regions including GovCloud and China and is billed as part of TLS advanced inspection.

How AWS Built a Flywheel to Improve Amazon RDS Security

🔒 As AWS implemented support for PL/Rust on Amazon RDS, engineers created a telemetry-driven 'flywheel' built around SELinux, monitoring, and incident response to safely enable compiled Rust functions. They developed mandatory access control policies, routed denials into telemetry with automated ticketing, and ran quarterly red/blue game days to refine playbooks and reduce noise. An October SELinux denial triggered an investigation that validated the controls and led to collaboration with Varonis Threat Labs.

AWS Lambda: Cross-Account Container Images in GovCloud

🚀 AWS Lambda now supports creating or updating functions using container images stored in an Amazon ECR repository in a different AWS account within GovCloud Regions. This removes the previous need to copy images into a local ECR repo and streamlines centralized image management and CI/CD workflows. Administrators must grant the Lambda resource and the Lambda service principal the necessary cross-account permissions.

Amazon EC2 I8ge Storage-Optimized Instances in Frankfurt

🚀 Amazon EC2 I8ge storage-optimized instances are now available in AWS Europe (Frankfurt). Powered by AWS Graviton4 processors, I8ge delivers up to 60% better compute performance versus prior Graviton2-based storage-optimized instances and uses third-generation AWS Nitro SSDs for up to 55% better real-time storage performance per TB with substantially lower latency and variability. Instances scale to 48xlarge (including metal), provide up to 1,536 GiB RAM, 120 TB local NVMe, and up to 300 Gbps networking, making them well suited for relational and non-relational databases, streaming databases, search and data analytics.

Amazon Connect introduces agent hierarchy filters for search

🔍 Amazon Connect now offers agent hierarchy filters on the contact search page in the UI, enabling contact center leaders and teams to drill into specific sites, departments, or teams to locate interactions. This capability helps quality management, regulatory compliance, and workforce optimization teams efficiently find and review contacts for assessment and auditing. The feature is available in all regions where Amazon Connect is offered, simplifying targeted reviews and reducing time-to-insight for investigations and performance evaluations.

AWS Expands Second-Generation Outposts Racks Globally

🌍 AWS now ships second-generation Outposts racks to a broad list of countries, enabling customers to deploy AWS infrastructure and services directly in on‑premises data centers and colocation sites. These racks support the latest x86 Amazon EC2 families — C7i, M7i, and R7i — delivering up to 40% better performance versus prior racks, simplified network scaling, and a new class of accelerated networking instances for ultra-low latency and high throughput. They also help address local data residency and low-latency processing requirements while remaining connected to the nearest AWS Region for management.

AWS Expands ISO and CSA STAR Scope with Two Services

🔒 Amazon Web Services (AWS) announced that EY CertifyPoint completed an onboarding audit and reissued ISO and CSA STAR certificates on August 13, 2025, with no findings. The audit expanded the certified scope to include AWS Resource Explorer and AWS Security Incident Response alongside the other services covered under multiple ISO standards and CSA STAR CCM v4.0. Customers can retrieve certificates through AWS Artifact and view the full certified service list on the AWS ISO and CSA STAR Certified page.

CloudWatch Cross-Account Cross-Region Log Centralization

🔁 Amazon CloudWatch now supports cross-account, cross-region log centralization, allowing customers to copy log data from multiple AWS accounts and regions into a single destination account and integrate with AWS Organizations. Copied log events are enriched with new system fields (@aws.account and @aws.region) to preserve source context, and administrators can scope rules to the entire organization, selected OUs, or specific accounts. The feature supports selective log-group copying, automatic merging of same-named groups, optional backup-region copies, and includes one free centralized copy with additional copies billed at $0.05/GB.

Amazon EventBridge Adds Customer-Managed KMS Support

🔐 Amazon EventBridge now supports AWS KMS customer managed keys for event bus rule filter patterns and input transformers. This lets you encrypt the logic that selects and modifies events with your own keys to meet security and compliance requirements while retaining full key control. The feature is available in all commercial AWS Regions and can be audited via AWS CloudTrail. There is no additional EventBridge charge, though standard AWS KMS pricing applies.

AWS Budgets Adds Custom Time Periods for Project Funding

📊 AWS Budgets now supports custom time periods, letting teams define flexible start and end dates for a budget rather than relying on calendar-based cycles. This enables single-budget tracking for time-bound projects (for example, a three-month development sprint starting mid-month) and triggers alerts as spend approaches thresholds. The feature is available today in all AWS commercial Regions except the AWS GovCloud (US) and China Regions.

Scattered Spider Resurfaces, Targets Financial Sector Again

🔍 Cyber threat group Scattered Spider has been linked to a new campaign targeting financial services, according to ReliaQuest. The attackers gained access by socially engineering an executive and abusing Azure AD self-service password reset, then moved laterally via Citrix and VPN to compromise VMware ESXi. They escalated privileges by resetting a Veeam service account, assigning Azure Global Administrator rights, and attempted data extraction from Snowflake and AWS. The activity contradicts the group's retirement claims and suggests regrouping or rebranding.

AWS PCS Supports EC2 Capacity Blocks for ML Workloads

🔧 Amazon Web Services has added native support for EC2 Capacity Blocks in the Parallel Computing Service (PCS), enabling use of reserved EC2 instances directly within PCS Slurm clusters. This integration lets Capacity Blocks be associated with PCS compute node groups via an EC2 Launch Template, simplifying capacity planning for GPU‑based ML workloads. The feature is available in all Regions where both services are offered and aims to improve availability and predictability for cutting‑edge GPU jobs.

AWS End User Messaging: CloudFormation Support for SMS

📩 AWS End User Messaging SMS now supports AWS CloudFormation, enabling customers to deploy and manage SMS resources using templates. Phone numbers, sender IDs, configuration sets, protection configurations, opt-out lists, resource policies, and phone pools can be provisioned and managed declaratively alongside other AWS resources. This support is available in all Regions where End User Messaging is offered, simplifying deployments and delivery pipelines.

AWS Network Firewall Enhances Console Monitoring and TLS

🔒 AWS Network Firewall now delivers expanded console monitoring and enhanced TLS inspection capabilities to improve outbound security. The monitoring dashboard adds visibility into traffic to AWS services such as Amazon S3, Amazon DynamoDB, and AWS Backup, including traffic sent over PrivateLink, and surfaces top source and destination IPs by packets and bytes. Customers can filter views by IP and protocol for targeted analysis. A new session holding feature for TLS Inspection prevents TCP/TLS establishment from reaching servers until SNI-based rules are evaluated, strengthening controls against malicious endpoints.

Amazon RDS for MySQL: Extended Support minor 5.7.44

🔒 Amazon RDS for MySQL now supports the Extended Support minor release 5.7.44-RDS.20250818, and AWS recommends upgrading to this build to address known security vulnerabilities and bug fixes in earlier 5.7 releases. Extended Support provides up to three additional years of critical security and bug fixes after a major community end-of-support date. This coverage applies to MySQL databases running on both RDS and Aurora, and administrators can create or update instances in the Amazon RDS Management Console; see the Amazon RDS User Guide for upgrade details.