< ciso
brief />
Tag Banner

All news with #aws tag

2288 articles · page 6 of 115

AWS launches Lambda MicroVMs for isolated serverless

🚀 AWS announces Lambda MicroVMs, a new serverless compute primitive delivering VM-level isolation, near-instant launch and resume speeds, and up to 8 hours of state preservation. Built on Firecracker, MicroVMs let developers provide each user or job a dedicated, secure execution environment without managing virtualization infrastructure. MicroVM images are created from Dockerfiles and support HTTP/2, gRPC, and WebSockets, with regional availability and pay-for-use pricing.
read more →

AWS Transform expands migration target regions

🔁 AWS Transform for migrations now supports deployment to all AWS commercial regions as migration targets, enabling customers to select where migrated resources are provisioned, including landing zones and network infrastructure. The announcement lists newly supported regions such as US East (N. California), Africa (Cape Town), multiple Asia Pacific and European locations, Canada (Calgary), Mexico (Querétaro), and Middle East (Tel Aviv). Target region selection is integrated into the AWS Transform for migrations workflow and documentation lists the current supported target regions.
read more →

AWS Network Firewall changes default stateful action

🚨 AWS Network Firewall now sets the default stateful action for newly created firewall policies to Application drop established (server-directed only), replacing the previous Application drop established (bidirectional). This safer default prevents silent drops of legitimate server-to-client TCP packets (for example, window updates, keep-alives, and resets) that caused intermittent connection issues. No action is required for new policies; existing environments that rely on bidirectional behavior for post-quantum cryptography (PQC) fragmented TLS handshakes should consult the documentation for guidance on switching or adding the to_server flag to TCP drop rules.
read more →

AWS Continuum aims to streamline code security

🔒 AWS has introduced Continuum, a service to continuously discover, investigate, and remediate vulnerabilities across first-party and third-party codebases. The platform uses AI to validate exploitability, generate remediation recommendations, and propose fixes that integrate with existing development workflows. New capabilities include automatic threat modeling in STRIDE format, while more established features derive from the Security Agent product. Continuum supports graduated trust from human-in-the-loop review to an "enforce mode" for autonomous remediation.
read more →

AWS Batch adds ordered instance allocation strategies

🚀 AWS Batch introduces two new allocation strategies—Best Fit Progressive Ordered (BFPO) and Spot Capacity Optimized Prioritized (SCOP)—allowing customers to specify ordered instance type preferences for on‑demand and Spot compute environments. Use BEST_FIT_PROGRESSIVE_ORDERED for on‑demand and SPOT_CAPACITY_OPTIMIZED_PRIORITIZED for Spot environments, supplying an ordered list of instance types or families. These options are configurable via the AWS Batch API (CreateComputeEnvironment or UpdateComputeEnvironment) or the AWS Management Console and are available in all Regions where AWS Batch is offered.
read more →

Implementing Egress Controls to Prevent Data Exfiltration

🔒 This post outlines an architecture and controls for preventing data exfiltration from AWS environments by combining centralized network inspection, DNS filtering, and data perimeter policies. It explains a hub-and-spoke pattern using Transit Gateway, AWS Network Firewall, and Route 53 Resolver DNS Firewall to inspect and block unauthorized outbound traffic, including scenarios involving compromised workloads and agentic AI. The article details layered preventive, detective, and corrective measures using AWS services such as GuardDuty, Security Hub, IAM Access Analyzer, EventBridge, and Firewall Manager to automate detection and response.
read more →

Amazon MSK adds AI Agent Skills for operators

🤖 Amazon MSK now offers AI Agent Skills that provide AI coding assistants with expert, up-to-date guidance for operating Amazon MSK. The skills cover common operational tasks including troubleshooting, sizing, configuring, monitoring, and migration from external Kafka clusters. Teams can use these skills to keep clusters healthy, improve performance, and accelerate migration to MSK Express with higher throughput and faster scaling. Setup involves configuring the Agent Toolkit for AWS via the AWS CLI and using supported coding agents like Kiro, Claude Code, or Cursor.
read more →

Amazon MSK Replicator adds mTLS support for Express

🔒 Amazon MSK Replicator now supports mutual TLS (mTLS) authentication for replicating data from external Apache Kafka clusters — including on‑premises, self‑managed on AWS, or other cloud providers — to Amazon MSK Express brokers. This enables migrations, disaster recovery, and hybrid or multi‑cloud data distribution using mTLS‑configured external clusters. MSK Replicator automates replication while preserving topic names and avoiding infinite loops, and also synchronizes consumer group offsets bidirectionally to allow independent movement of producers and consumers.
read more →

AWS Outposts adds self-service lifecycle controls

🛠️ AWS Outposts introduces self-service lifecycle management allowing customers to configure, quote, order, manage subscriptions, renew, and decommission Outposts via the AWS Management Console, CLI, and API. A new configuration and quoting tool provides real-time cost estimates across payment options and term lengths, surfaces account and regional constraints, and converts quotes to orders for new deployments or capacity additions. Subscription details and term information are exposed programmatically, and guided workflows support renewal or decommissioning with resource cleanup. These capabilities are available in all commercial AWS Regions that support AWS Outposts.
read more →

AWS launches Continuum to manage code vulnerabilities

🛡️ AWS has introduced Continuum, a new platform that manages code vulnerabilities across discovery, prioritization, validation and remediation. Launched at AWS Summit New York on June 17, Continuum ingests both structured and unstructured data from an organization’s environment and begins in a human-supervised "learn mode." The platform includes the AWS Security Agent and features for pen testing, code scanning and threat modelling, with outputs in STRIDE format.
read more →

AWS Announces Hanoi Local Zone with Local Storage

📢 AWS today announced general availability of a new Local Zone in Hanoi, Vietnam, bringing infrastructure closer to end users. The Hanoi Local Zone supports Amazon EC2 with C7i, M7i, and R7i instances, Amazon S3 including One Zone-IA, and Amazon EBS with Local Snapshots and multiple volume types. Customers can enable the zone (ap-southeast-1-han-1a) via AWS Global View or the ModifyAvailabilityZoneGroup API.
read more →

CloudWatch Synthetics adds multilocation canaries

🛰️ Amazon CloudWatch Synthetics now supports multilocation canaries, enabling teams to run a single canary across multiple AWS Regions from one management point. This eliminates the need to create separate regional canaries, reducing operational overhead and configuration drift. Replica canaries run independently while consolidating run data, metrics, and artifacts in the primary Region, and alarms can be configured to trigger only on multi-region issues. Multilocation canaries are available in all commercial AWS Regions that support CloudWatch Synthetics.
read more →

Amazon MSK Express Adds Intelligent Rebalancing

🔥 Amazon MSK Provisioned clusters with Express brokers now support Intelligent Rebalancing on all existing clusters at no extra cost. This feature, previously limited to newly created clusters, automates optimal partition balancing when scaling Express-based clusters up or down. Intelligent Rebalancing improves capacity utilization and performs rebalances up to 180× faster than Standard brokers while maintaining availability for producers and consumers.
read more →

Amazon ECS adds faster service auto scaling

🚀 Amazon ECS service auto scaling now detects and responds to load changes faster by supporting high-resolution (20-second) metrics and metric publishing optimizations. AWS benchmarking shows time to trigger scale-out improved from 363s to 86s and total time to scale and provision tasks improved from 386s to 109s. Configure 20-second CPU or memory metrics via the AWS Console, CLI, CloudFormation, or SDKs; feature is available in all commercial and GovCloud (US) Regions and across Fargate, managed instances, and EC2. High-resolution metrics incur standard CloudWatch charges.
read more →

AWS launches EC2 G7 instances with RTX PRO 4500

🚀 Today AWS announces the general availability of Amazon EC2 G7 instances, powered by NVIDIA RTX PRO 4500 Blackwell Server Edition GPUs. G7 delivers up to 4.6x AI inference and 2.1x graphics performance versus G6 and supports AI inference, real-time cinematic graphics, game streaming, and large-scale data analytics. Instances offer up to 8 GPUs with 32 GB each, custom Intel Xeon 6 CPUs, and up to 700 Gbps EFA; available now in US East (Ohio) and US West (Oregon) as On-Demand, Savings Plans, or Spot.
read more →

Amazon MQ for RabbitMQ adds private networking support

🔒 Amazon MQ for RabbitMQ now supports private networking connectivity, allowing brokers to connect to private resources in your VPC without exposing them publicly. This simplifies secure access to private identity providers (such as LDAP and OAuth 2.0), other Amazon MQ brokers, or self-hosted RabbitMQ brokers. AWS manages the underlying infrastructure using Amazon VPC Lattice, AWS RAM, and AWS PrivateLink, replacing prior NLB and NAT Gateway workarounds. Private networking is available in Regions where VPC Lattice is supported.
read more →

Accelerating AWS security investigations with Kiro CLI

🔐 This post shows how Kiro CLI, an AI-powered command line assistant, speeds AWS security investigations by proposing, explaining, and optionally executing AWS CLI commands while documenting each step. It demonstrates a GuardDuty-driven investigation following the AWS Security Incident Response Guide: triage, EC2 and IAM assessment, CloudTrail analysis, containment, and remediation. The walkthrough highlights benefits like faster triage, automated CloudTrail queries, and guided remediation, while advising human validation and forensic preservation.
read more →

AWS PCS adds support for P6e-GB200 and P6e-GB300

🚀 AWS Parallel Computing Service (PCS) now supports Amazon EC2 P6e-GB200 and P6e-GB300 UltraServer instances, enabling large-scale GPU workloads using the NVIDIA Blackwell architecture within Slurm-managed clusters. You can reserve UltraServers via EC2 Capacity Blocks for ML and associate them with a PCS compute node group using an EC2 launch template, while PCS configures Slurm topology automatically. P6e-GB200 offers up to 72 GPUs, 360 petaflops FP8 (no sparsity), and 13.4 TB HBM3e; P6e-GB300 delivers 1.5x GPU memory and FP4 compute versus the GB200. PCS remains a managed Slurm-based service that simplifies building elastic HPC environments with integrated compute, storage, networking, visualization, managed updates, and observability.
read more →

AWS adds nested virtualization on more Intel instances

🖥️ Starting today, AWS has expanded nested virtualization support to additional Intel-based instance families and US GovCloud regions. The feature is now available on C7i, R7i, M7i and their "-id" and "-flex" variants, plus I7i, C8i-flex, R8i-flex, M8i-flex and X8i, complementing earlier C8i, M8i and R8i support. US GovCloud (US-East) and US GovCloud (US-West) now also support nested virtualization in addition to all commercial regions. Customers can run KVM or Hyper-V inside EC2 instances for emulation, simulation, or WSL workloads.
read more →

Amazon Connect: Interrupt Agent for Urgent Contacts

🔔 Amazon Connect Customer now lets administrators interrupt an agent with an urgent contact, overriding normal routing so the agent can accept time-sensitive calls even while on another call. The capability can also target specific agents when they are in custom statuses that would otherwise prevent queued contacts, enabling personal extension or high-priority calls to ring through. This feature is available in all AWS regions where Amazon Connect Customer is offered and is documented in the Amazon Connect Customer Administrator Guide.
read more →