All news with #aws tag

📊 AWS now supports cost allocation using workforce user attributes imported into IAM Identity Center. Customers can enable attributes such as cost center, division, organization, and department as cost allocation tags to automatically attribute per-user subscription and on-demand application fees to internal business units. Costs are visible in AWS Cost Explorer and AWS CUR 2.0 and the capability is generally available in all Regions except GovCloud (US) and China (Beijing and Ningxia).

🔐 Amazon EKS now offers centralized network policy controls with ClusterNetworkPolicy and DNS-based egress filtering to improve protection for Kubernetes workloads and their external integrations. These enhancements build on existing Kubernetes NetworkPolicies in the Amazon VPC CNI and enable cluster-wide enforcement of access filters. The features are available for new EKS clusters running Kubernetes 1.29+ in all commercial AWS Regions; support for existing clusters will follow. ClusterNetworkPolicy requires VPC CNI v1.21.0+, while DNS-based policies are supported in EKS Auto Mode-launched EC2 instances.

📄 AWS now lets you export customized Billing and Cost Management Dashboards as formatted PDF reports and download individual widget data as CSV files. These features eliminate screenshots and manual formatting by preserving dashboard layouts for stakeholder reports and enabling granular analysis in spreadsheet tools. The exports are available at no additional cost in all AWS commercial Regions (excluding AWS China Regions). To begin, open the Billing and Cost Management console and select Dashboards.

🔒 Google's Threat Intelligence Group linked five additional China-aligned cyber-espionage groups to active exploitation of the maximum-severity CVE-2025-55182 React2Shell remote code execution flaw affecting React and Next.js server components. Attackers are executing commands and exfiltrating AWS configuration files and credentials from vulnerable hosts; Palo Alto and AWS reported widespread breaches. Shadowserver and GreyNoise are tracking tens of thousands of exposed systems and hundreds of exploit attempts. Organizations should urgently patch affected React 19.0–19.2.0 releases and apply mitigations.

🚀 Amazon EC2 M7a instances are now available in the AWS Europe (London) Region. Powered by 4th Gen AMD EPYC (Genoa) processors with up to 3.7 GHz, these general-purpose instances deliver up to 50% higher performance compared to M6a instances. M7a is offered across purchase models (Savings Plans, Reserved, On-Demand, Spot) and can be launched via the AWS Management Console, CLI, or SDKs. With London added, M7a is available in multiple global regions including US East (Ohio, N. Virginia), US West (Oregon), Asia Pacific (Sydney, Tokyo), and several other European regions.

🔐 AWS Certificate Manager (ACM) now automates provisioning and distribution of exportable public and private certificates directly to Kubernetes workloads via AWS Controllers for Kubernetes (ACK). The ACK controller handles the complete lifecycle — certificate request, validation, export, Kubernetes Secret creation, and automatic renewal updates. This removes the need to export certificates and rotate Secrets manually for pods, service meshes, and third-party ingress controllers. The feature supports Amazon EKS and hybrid or edge Kubernetes environments and is available in commercial, GovCloud (US), and China regions where ACM is offered.

🔒 This AWS Security Blog post explains how to implement HTTP Strict Transport Security (HSTS) consistently across distributed AWS architectures using Amazon API Gateway, Application Load Balancers, and Amazon CloudFront. It presents concrete, service-specific configuration steps, example mappings and code snippets, and recommended curl commands to validate header delivery. The guidance highlights centralized header enforcement options to reduce fragmentation and align with the AWS Well-Architected Framework security principles. Practical advice covers testing, header override behaviors, and phased rollout using conservative max-age values before enabling preload in production.

🔒 AWS has expanded service availability for Dedicated Local Zones, enhancing options for compute, storage, backup, and recovery to address strict data residency and digital sovereignty requirements. The announcement adds newer EC2 generation 7 instance types with accelerated computing, EBS gp3 and io1 volumes, and additional Amazon S3 One Zone storage classes. It also introduces EBS Local Snapshots and local AMI support to keep backups and images within customer-specified perimeters, helping regulated and government customers meet compliance needs.

🚀 Amazon has expanded MSK Replicator availability to ten additional AWS Regions: Bahrain, UAE, Jakarta, Hong Kong, Osaka, Melbourne, Cape Town, Milan, Zurich, and Tel Aviv. MSK Replicator enables automatic asynchronous replication of streaming data and Kafka metadata (topic configurations, ACLs, consumer group offsets) across MSK clusters without custom code or manual infrastructure. The service scales automatically and can be configured via the Amazon MSK console or AWS CLI, bringing coverage to 35 Regions to support regionally resilient streaming and failover.

🚀 Amazon announces that EMR Managed Scaling is now available to EMR on EC2 customers in Asia Pacific (Malaysia, New Zealand, Taipei, Thailand), Canada West (Calgary), Mexico (Central), and US Gameday Northeast (Illinois). The feature automatically resizes EC2 instances to optimize performance and cost; you set minimum and maximum compute limits and EMR adjusts capacity using workload-driven algorithms. It supports Apache Spark, Apache Hive and YARN-based workloads on EMR on EC2 versions 6.14 and above and can use EC2 Spot Instances for additional savings.

🔒 AWS Shield Network Security Director is now available in preview with multi-account network security management, allowing delegated administrator accounts to run continuous analysis across an AWS Organization. It centralizes per-account network topology, security findings, and recommended remediations for missing or misconfigured network security services. The capability can summarize and report misconfigurations from within Amazon Q Developer and chat applications, and it is now available in five additional AWS regions.

🚀 AWS has announced the general availability of Elastic Beanstalk in five additional regions: Asia Pacific (New Zealand) (Melbourne), Asia Pacific (Malaysia), Asia Pacific (Hyderabad), Canada West (Calgary), and Europe (Zurich). The managed application platform automates deployment, capacity provisioning, load balancing, auto-scaling, and health monitoring. This expansion gives developers more regional choices for lower latency and data residency compliance. Customers should verify regional service availability and update deployment configurations as needed.

🔍 AWS Systems Manager Configuration Manager can now automatically test SAP ABAP applications on AWS against best practices defined in the AWS Well-Architected Framework SAP Lens. Customers can schedule assessments or run checks on demand for SAP HANA and ABAP workloads. The service identifies misconfigurations and provides concrete remediation steps. SSM for SAP Configuration Manager is available in Regions where SSMSAP is offered.

🔒 The AWS European Sovereign Cloud introduces the Sovereign Reference Framework (ESC-SRF), an independently validated set of governance, technical, and operational controls to address strict European sovereignty requirements. The ESC-SRF aligns criteria such as governance independence, data residency, and technical isolation to concrete controls and will be available through AWS Artifact. Customers and partners can use the framework as an assurance model or adapt it to design their own sovereignty controls.

🚀 Amazon Aurora DSQL now provisions clusters in seconds, cutting setup time from minutes to near-instant. Developers can immediately use the integrated query editor in the AWS Console to prototype or build without configuring external clients or connecting through the Aurora DSQL Model Context Protocol (MCP) server. The change supports both prototyping and production workloads while preserving Aurora DSQL’s scalability, active-active high availability, zero infrastructure management, and pay-for-what-you-use pricing. The enhancement is available in all Regions where Aurora DSQL is offered and is accessible via the AWS Free Tier.

🔒 Amazon WorkSpaces Secure Browser now includes Web Content Filtering, allowing administrators to define granular access policies, block specific URLs or entire domain categories using 25+ predefined categories, and integrate with Session Logger for enhanced monitoring and compliance. While existing Chrome policies remain supported, this category-based approach delivers richer control, improved logging, and centralized policy management. The feature is available at no additional cost in 10 AWS Regions and supports pay-as-you-go pricing, with console enablement and automatic migration of URL blocklists and allowlists.

🤖 Microsoft announced a significant set of Azure Storage updates at Ignite 2025 and KubeCon to accelerate AI workloads, cloud-native applications, and migrations. Azure Blob Storage now targets exabyte-scale capacity and multi-tens of Tbps throughput, while Azure Managed Lustre (AMLFS 20 preview) offers 25 PiB namespaces, 512 GBps and HSM with auto-import/export. Additional enhancements — Premium Blob, Smart Tier, Azure Elastic SAN auto-scaling, Ultra Disk latency and cost improvements, Storage Discovery and Copilot, and expanded migration tooling — focus on low-latency inferencing, continuous GPU feeding for training, operational elasticity, and simplified data migrations.

🚀 AWS announces integration of Amazon Aurora PostgreSQL-Compatible Edition with Kiro powers, enabling agent-assisted database development using prepackaged MCP servers, steering files, and hooks. The Aurora PostgreSQL power bundles data plane (queries, schema) and control plane (cluster creation) capabilities with targeted best-practice guidance. Available via Kiro IDE and the Kiro powers catalog for one-click installation across AWS Regions.

🔒Amazon Cognito identity pools now support AWS PrivateLink, enabling private connectivity between your VPC and Cognito to exchange federated identities for temporary AWS credentials. This removes the need to route authentication traffic over the public internet and reduces exposure of auth flows. PrivateLink endpoints are available in all Regions where Cognito identity pools operate except AWS China (Beijing) and AWS GovCloud (US); standard PrivateLink charges apply.

🌐 AWS Application Migration Service (MGN) now supports IPv6 for both service communication and application migrations. Organizations can use dual-stack service endpoints that handle IPv4 and IPv6, replicate data over either protocol, and preserve network connections and security during migration. During testing and cutover you can launch target servers in IPv4, IPv6, or dual-stack configurations. This capability is available in Regions that support AWS MGN and Amazon EC2 dual-stack endpoints.