All news with #aws tag

Amazon EMR S3A Connector: Faster S3 Access for Analytics

🚀 Amazon Web Services announced the Amazon EMR S3A connector, an AWS-optimized S3 interface for Apache Hadoop, Spark, and Hive on EMR. It extends open-source S3A with AWS-specific enhancements including MagicCommitter V2, improved credentials resolution, accelerated prefix listing, and Spark fine-grained access control. The connector is pre-configured in EMR release 7.10 and later and is available in all Regions where EMR runs.

Amazon EMR Adds Spark FGAC and Glue Data Catalog Views

🔒 Amazon EMR on EC2 now supports Apache Spark native fine-grained access control (FGAC) through AWS Lake Formation and adds support for AWS Glue Data Catalog views. These capabilities let administrators define and enforce granular Lake Formation policies once and apply them consistently to Spark jobs and interactive sessions, reducing administrative overhead and security risk. Access checks support named resource grants, data filters, and tag-based controls and are logged in AWS CloudTrail for auditing.

Amazon Disrupts APT29 Watering Hole Campaign Targeting Users

🔒 Amazon's threat intelligence team identified and disrupted a watering hole campaign conducted by APT29, a group linked to Russia’s SVR. The actor compromised legitimate websites and injected obfuscated JavaScript to redirect a subset of visitors to attacker-controlled pages that mimicked Cloudflare verification. The campaign aimed to abuse Microsoft's device code authentication flow to trick users into authorizing attacker-controlled devices; Amazon isolated affected EC2 instances and coordinated with partners to disrupt infrastructure and share intelligence.

Amazon SageMaker Lakehouse Adds Tag-Based Access Control

🏷️ Amazon SageMaker lakehouse now supports tag-based access control (TBAC) across federated catalogs, extending capability beyond the default AWS Glue Data Catalog to Amazon S3 Tables, Amazon Redshift, and federated sources such as DynamoDB, PostgreSQL, and SQL Server. TBAC lets administrators group resources with tags, grant access based on those tags, and rely on tag inheritance so new tables automatically receive fine-grained controls. Administrators can create and apply tags via the AWS Lake Formation console and grant tag-based permissions to principals; tagged resources are then usable through Amazon Athena, Amazon Redshift, Amazon EMR, and SageMaker Unified Studio. The feature is available in all commercial AWS Regions via the Console, AWS CLI, and SDKs, with supporting Lake Formation Tags documentation and a blog post.

AWS Adds VPC Endpoint Organization-Based Policy Keys

🔐 AWS introduced three new global IAM condition keys—aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID—to simplify network-origin access controls across multiple accounts and OUs. These keys let administrators restrict resource access based on the account, organizational unit path, or organization that owns the VPC endpoint used for a request, reducing the need to enumerate VPC or VPC endpoint IDs. Example use cases include S3 bucket policies and centrally applied RCPs or SCPs to enforce corporate network perimeters and intra-organization segmentation; adoption depends on service support and testing prior to production rollout.

Amazon Q Developer adds MCP admin control in AWS Console

🔒 Administrators can now manage the Model Context Protocol (MCP) servers used by Amazon Q Developer clients from the AWS console. Admins can enable or disable MCP functionality across their organization; when disabled, users cannot add MCP servers and previously defined servers are not initialized. Q Developer enforces admin settings at session start and every 24 hours. The control covers the CLI and IDE plugins (VSCode, JetBrains, Visual Studio, Eclipse).

AWS HealthOmics Adds Nextflow Task-Level Timeout Support

🕒 AWS HealthOmics now supports the Nextflow time directive, enabling task-level timeout controls to limit runtime for specific Nextflow tasks. Customers can automatically cancel tasks that exceed defined durations to prevent wasted compute and downstream delays. AWS HealthOmics is HIPAA-eligible, and this capability is available in all regions where the service operates.

Amazon EBS Adds Snapshot Copy Support for Local Zones

🔁 Amazon Elastic Block Store (EBS) now supports snapshot copy for AWS Local Zones, enabling point-in-time local snapshots to be copied to the parent Region or another Local Zone. The feature is generally available and accessible via the AWS Console, CLI, and SDKs. This capability helps customers meet disaster recovery, data migration, and compliance requirements by storing snapshots in Amazon S3 within the chosen Region or Local Zone.

AWS IoT ExpressLink Technical Specification v1.3 Released

🔧 AWS IoT ExpressLink technical specification v1.3 introduces expanded Bluetooth Low Energy (BLE) capabilities and a new set of I/O control commands that enable host processors to manage module pins. The BLE enhancements make it easier for devices to advertise presence and capabilities and to pair securely within a local Personal Area Network (PAN). The I/O control commands allow an ExpressLink-powered module to act as a flexible digital and analog I/O expander. AWS Partners including Espressif and u‑blox have adopted the update for their Wi‑Fi and BLE qualified modules.

Amazon EC2 U7i-12TB High Memory Instances in Seoul

🚀 Amazon EC2 High Memory U7i instances (u7i-12tb.224xlarge) with 12TiB of DDR5 memory are now available in the AWS Asia Pacific (Seoul) Region. Powered by custom fourth-generation Intel Xeon Scalable (Sapphire Rapids) processors, the U7i-12tb offers 896 vCPUs, ENA Express support, and up to 100 Gbps for both EBS and network throughput. These instances are designed for mission-critical in-memory databases and large transactional workloads such as SAP HANA, Oracle, and SQL Server, enabling faster data loading, backups, and higher transaction processing throughput.

Amazon Connect Adds Generative Text-to-Speech Voices

🔊 Amazon Connect now provides generative text-to-speech voices—20 generative-enhanced voices across English, French, Spanish, German, and Italian. Use them for welcome messages, policy announcements, or dynamic conversational AI, configurable in the drag-and-drop flow designer via the “Set Voice” block or through public APIs. Available in US East (N. Virginia), Europe (Frankfurt), and US West (Oregon). Pricing options include unlimited AI or individual per-use pricing.

Amazon OpenSearch Serverless Adds ABAC and RCP Support

🔐 Amazon announced that OpenSearch Serverless now supports attribute-based authorization (ABAC) for Data Plane APIs, enabling identity policies in AWS IAM to control data read and write operations on collections. The release also introduces resource control policy (RCP), a new AWS Organizations–managed policy type that enforces organization-wide preventative controls centrally. Customers should check regional availability and consult the documentation for implementation guidance.

AWS launches M8i and M8i-flex EC2 instances, Xeon 6

🚀 AWS has made the new M8i and M8i-flex EC2 instances generally available, powered by custom Intel Xeon 6 processors exclusive to AWS. The instances offer up to 15% better price-performance and 2.5x the memory bandwidth versus previous Intel-based generations, and AWS reports up to 20% higher performance compared with M7i and M7i-flex with larger gains for specific workloads. Initial availability includes US East (N. Virginia), US East (Ohio), US West (Oregon), and Europe (Spain).

AWS Extends VPC Traffic Mirroring to Nitro v4 Instances

🛡️ Amazon Web Services announced expanded support for VPC Traffic Mirroring, enabling the feature on a broader set of EC2 instance types. With this update, Traffic Mirroring can now be enabled on all Nitro v4 instances and is available across all regions. The capability replicates instance network traffic to security and monitoring appliances for use cases such as content inspection, threat monitoring, and troubleshooting; consult the AWS documentation for the complete supported instance lists and Nitro system mappings.

Amazon OpenSearch Service Adds i8g Storage Instances

🚀 Amazon OpenSearch Service now supports i8g instances, the latest generation of storage-optimized instances powered by AWS Graviton4 processors. i8g delivers up to 60% better compute and uses third-generation Nitro NVMe SSDs for up to 65% better storage performance per TB, lower latency, and reduced latency variability. Supported for OpenSearch and Elasticsearch 7.9/7.10 across multiple regions.

EC2 Mac Dedicated Hosts: Host Recovery & Maintenance

🔧 AWS now offers two new capabilities for EC2 Mac Dedicated Hosts: Host Recovery and Reboot-based Host Maintenance. Host Recovery detects potential hardware issues and transparently migrates Mac instances to replacement hosts to minimize disruption. Reboot-based Host Maintenance automates instance stop and restart on replacement hosts during scheduled maintenance, eliminating manual intervention. These features support all EC2 Mac instance families on both Intel and Apple silicon and are available in regions that support EC2 Mac instances.

Amazon CloudWatch RUM GA Now in US GovCloud Regions

📣 Amazon has made CloudWatch RUM generally available in AWS GovCloud (US-East) and AWS GovCloud (US-West). The service collects client-side performance and error telemetry in real time and provides curated dashboards showing page load steps, core web vitals, JavaScript and HTTP errors across geolocations, browsers, and devices. It integrates with CloudWatch Application Signals to correlate front-end telemetry with backend metrics, and usage is billed per collected RUM event.

Amazon EC2 C8gn Instances Now in US West (N. California)

🚀 Amazon EC2 C8gn instances, powered by AWS Graviton4 processors, are now available in US West (N. California). These instances deliver up to 30% better compute performance than Graviton3-based C7gn, include 6th-generation AWS Nitro Cards, and offer up to 600 Gbps of network bandwidth. C8gn scales to 48xlarge (up to 384 GiB memory) with up to 60 Gbps to EBS, and selected large/metal sizes support EFA for lower-latency clusters. They are optimized for network-intensive workloads, high-throughput analytics, network virtual appliances, and CPU-based AI/ML inference.

Amazon EKS adds on-demand cluster insights refresh

🔁 Amazon EKS now supports on-demand refresh of cluster insights, enabling operators to retrieve the latest detection results immediately after making changes. The capability complements existing periodic checks that identify upgrade warnings and configuration recommendations. By allowing immediate verification, teams can accelerate upgrade testing, confirm that remediations took effect, and shorten the feedback loop for cluster configuration changes.

AWS Client VPN adds Windows Arm64 support in v5.3.0

🔐 AWS announced that AWS Client VPN version 5.3.0 adds official support for Windows Arm64, enabling the AWS-supplied desktop VPN client to run on the latest Arm64-based Windows devices. The client remains free of charge and is available in all regions where the service is generally available. Client VPN is a managed service that connects remote users securely to AWS and on-premises networks and continues to support macOS 13–15, Windows 10 (x64), Windows 11 (Arm64 and x64), and Ubuntu Linux 22.04 and 24.04 LTS. Administrators can download and deploy the updated client to bring Arm64 Windows endpoints into supported VPN configurations.