All news with #aws tag

Amazon S3 adds compute checksum to verify datasets

🔒 Amazon Web Services has added a compute checksum operation to S3 Batch Operations, enabling large-scale verification of stored datasets without restoring or downloading objects. You can submit a manifest or target a bucket with prefix/suffix filters, select algorithms such as SHA-256, MD5, CRC32C and others, and receive a detailed integrity report when the job completes. This capability complements S3's built-in validation and simplifies compliance, preservation, and accuracy checks across all storage classes and object sizes.

Bedrock Batch Inference: Claude Sonnet 4 and GPT-OSS

🚀 Amazon Bedrock now supports Batch inference for Anthropic Claude Sonnet 4 and OpenAI GPT-OSS (120B, 20B), enabling asynchronous processing of large workloads at approximately 50% of on-demand inference cost. The update targets bulk scenarios such as document analysis, large-scale summarization, content generation, and structured data extraction, and is optimized to deliver higher overall batch throughput on these newer models. Batch progress and workload metrics — including pending and processed records, tokens per minute, and Claude-specific pending tokens — are exposed at the AWS account level via Amazon CloudWatch.

AWS Marketplace Launches Streamlined AMI Fulfillment

🚀 AWS Marketplace has introduced a streamlined fulfillment experience for Amazon Machine Image (AMI) and AMI with CloudFormation products across both the website and console. The update combines configuration and purchase steps on a single page, clearly presenting fulfillment options, related AWS services, and seller-provided guidance. It also brings a new in-console launch experience for container products, providing a consistent multi-region, multi-language workflow.

Amazon S3 Express One Zone adds FIS resilience testing

🛠 AWS now supports resilience testing for S3 Express One Zone using AWS Fault Injection Service (FIS), enabling simulated network disruptions that cause data plane requests to timeout for directory buckets. The FIS network disruption action is included in the AZ Availability: Power Interruption scenario and is available in all Regions where the storage class is offered. You can run experiments via the AWS Management Console, AWS CLI, or the FIS API to validate monitoring, recovery procedures, and improve application resilience; consult FIS pricing for cost details.

Amazon Athena Adds CTAS Support for S3 Tables and Iceberg

🆕 Amazon Athena now supports CREATE TABLE AS SELECT (CTAS) statements targeting S3 Tables, enabling creation and population of a managed S3 Table from a single SQL query. The capability supports source data in Parquet, CSV, JSON and lake formats such as Apache Iceberg, Hudi, and Delta Lake. CTAS lets you partition data on the fly and the resulting tables can be queried, JOINed, and updated in Athena. This feature is available in AWS Regions where both Athena and S3 Tables are supported.

Amazon EC2 R8g Instances Now in AWS Asia Pacific (Jakarta)

🚀 Amazon EC2 R8g instances powered by AWS Graviton4 are now available in the AWS Asia Pacific (Jakarta) region. R8g delivers up to 30% better performance versus Graviton3, offers larger sizes—up to 48xlarge and 1.5 TB memory across 12 sizes including two bare-metal options—and targets memory‑intensive workloads. Built on the AWS Nitro System, these instances provide up to 50 Gbps networking and up to 40 Gbps to EBS for databases, in‑memory caches, and real‑time analytics.

DynamoDB: Emit Only Throttled Key Events to CloudWatch

📈 DynamoDB now supports selectively emitting events for throttled keys to CloudWatch Contributor Insights, enabling you to monitor only throttled items rather than all accessed keys. By emitting exclusively throttled-key events, you reduce monitoring costs and noise while maintaining visibility into throttling and usage hotspots. This mode is available in all commercial AWS Regions, GovCloud (US), and China Regions.

Amazon DynamoDB Adds Granular Throttle Error Exceptions

🔔 Amazon DynamoDB now emits more granular throttling exceptions together with matching Amazon CloudWatch metrics. The enhanced exception payloads include a list of reasons for the throttle event and the Amazon Resource Name (ARN) of the table or index affected, helping teams pinpoint what was throttled. CloudWatch metrics are available immediately; to receive the richer exception details you must upgrade to the latest SDK. This capability is available in commercial, GovCloud (US), and China Regions.

AWS Certificate Manager Adds PrivateLink Access for ACM

🔒 AWS Certificate Manager (ACM) now supports AWS PrivateLink, enabling access to ACM APIs from within an Amazon VPC without traversing the public internet. You can create interface endpoints to connect your VPC to ACM using the AWS Management Console, AWS CLI, or AWS CloudFormation. This private connectivity is available in all Regions where ACM and PrivateLink are supported, including AWS GovCloud (US) and China Regions, and helps meet compliance requirements by keeping API traffic inside the AWS network.

Amazon Managed Service for Prometheus Adds Resource Policies

🔒 Amazon Managed Service for Prometheus now supports resource-based policies on workspaces, allowing owners to specify which IAM principals can ingest metrics or run PromQL queries from other accounts. This removes the previous need to assume an IAM role in the workspace owner account for cross-account access. Workspace owners can attach policies to allow-list non-owner principals for Prometheus-compatible API actions, and the capability is available in all regions where the service is generally available.

Amazon Neptune integrates with Cognee for GenAI memory

🧠 Amazon Neptune now integrates with Cognee to provide graph-native memory for agentic generative AI applications. The integration enables developers to use Amazon Neptune Analytics as the persistent graph and vector store behind Cognee’s memory layer, supporting large-scale memory graphs, long-term memory, and multi-hop reasoning. Hybrid retrieval across graph, vector, and keyword modalities helps agents deliver more personalized, cost-efficient, and context-aware experiences; documentation and a sample notebook are available to accelerate adoption.

Spring 2025 PCI 3DS Compliance Package Available Now

🔒 AWS has renewed its PCI 3DS certification for Spring 2025 and expanded scope to include three additional services—Amazon Verified Permissions, AWS B2B Data Interchange, and AWS Resource Explorer—and three Regions: Asia Pacific (Thailand), Asia Pacific (Malaysia), and Mexico (Central). The compliance package includes an Attestation of Compliance (AOC) and an AWS Responsibility Summary to clarify shared responsibilities for handling payment card data. Coalfire served as the third-party Qualified Security Assessor (QSA) for the renewal. Customers can retrieve the detailed reports via the AWS Artifact self-service portal to support their audits.

PAN-OS 12.1 Orion: Quantum-Ready Multicloud Security

🔐 PAN-OS 12.1 Orion delivers a framework for quantum-ready and multicloud security, combining automated asset discovery, continuous risk assessment and centralized management via Strata Cloud Manager. It introduces an industry-first cipher translation to make legacy applications quantum-safe, plus quantum-optimized fifth-generation NGFW hardware for high-scale PQC inspection. The release also expands AI-driven detections and one-click deployment across AWS/Azure/GCP.

AWS Achieves HITRUST Certification for 177 Services

🔒 Amazon Web Services announced that 177 AWS services achieved HITRUST certification for the 2025 assessment cycle, with five services certified for the first time: Amazon Verified Permissions, AWS B2B Data Interchange, AWS Payment Cryptography, AWS Resource Explorer, and AWS Security Incident Response. A third‑party assessor audited the services under the HITRUST CSF v11.5.1 framework. Customers can inherit the certification for validated assessments when they use in‑scope services and follow the AWS Shared Responsibility Model, and evidence is available through AWS Artifact.

Malware Analysis on AWS: Building Secure Isolated Sandboxes

🔒 This AWS blog explains how security teams can run malware analysis in the cloud while complying with AWS policies and minimizing risk. It recommends an architecture that uses an isolated VPC with no internet egress, ephemeral EC2 detonation hosts accessed via AWS Systems Manager Session Manager, and secure S3 storage via VPC gateway endpoints with encryption. The post emphasizes strong IAM and SCP guardrails, immutable hosts, automated teardown, centralized logging, and monitoring with CloudTrail and GuardDuty to maintain visibility and lifecycle control.

Implementing Defense-in-Depth for AWS CodeBuild Pipelines

🔒 This guide consolidates practical recommendations for securing AWS CodeBuild CI/CD pipelines, emphasizing webhook configuration, trust boundaries, and least-privilege access. It warns against automatic pull request builds from untrusted contributors and prescribes push-based, branch-based, and contributor-filtered webhook patterns, plus staged rollout using Infrastructure as Code. Additional safeguards include scoped GitHub tokens, per-build IAM roles, isolated build environments, CloudTrail logging, and manual approval gates for sensitive deployments.

Secure File Sharing on AWS: Security and Cost Options

🔐 This post by Swapnil Singh (updated July 28, 2025) compares AWS file-sharing options and explains security and cost trade-offs to help architects choose the right approach. Part 1 focuses on AWS Transfer Family, Transfer Family web apps, S3 pre-signed URLs, and a serverless pre-signed URL pattern (API Gateway + Lambda), outlining strengths, limitations, and pricing considerations. It emphasizes requirements gathering—access patterns, protocols, security, operations, and business constraints—and presents a decision matrix and high-level guidance for selecting a solution.

Migrating Oracle TDE Keystore on EC2 to AWS CloudHSM

🔐 This AWS Security Blog post, republished July 30, 2025, demonstrates how to migrate an Oracle 19c Transparent Data Encryption (TDE) keystore on Amazon EC2 from a file-based wallet to AWS CloudHSM using the CloudHSM Client SDK 5. It walks through prerequisites—CloudHSM cluster, CloudHSM admin and crypto users, network connectivity—and stepwise commands to install the client and PKCS#11 library, adjust Oracle WALLET_ROOT/TDE_CONFIGURATION, and run the ADMINISTER KEY MANAGEMENT migration. The guide also covers creating an auto-login keystore, verifying V$ENCRYPTION_WALLET status, and outlines benefits such as FIPS-validated hardware, centralized management, and improved compliance.

Automate Disabling AD Users from GuardDuty Findings

🔐 This AWS Security Blog post explains how to use Amazon GuardDuty to detect suspicious activity and automatically disable accounts in AWS Managed Microsoft AD. It walks through deploying a managed directory and a directory-administration EC2 instance, configuring AWS Systems Manager Run Command documents, and orchestrating those actions with AWS Step Functions triggered by Amazon EventBridge. The guide includes required permissions, testing steps using GuardDuty’s test domains, and notes on extending the automation to reset passwords or send notifications.

Neoclinical Database Exposed Sensitive Patient Profiles

🔒 UpGuard disclosed that an unsecured MongoDB instance belonging to Neoclinical, an Australia–New Zealand clinical-trial matching service, exposed a database of 37,170 user profiles. The records included names, contact details, geocoordinates, dates of birth and structured answers to trial-qualification questions that revealed sensitive health information and potential illicit drug use. A researcher found the database on July 1, attempted email and phone contact, escalated to AWS on July 25, and public access was removed on July 26. UpGuard secured the database to prevent further public exposure.