All news with #aws tag

📊 AWS Budgets now supports custom time periods, letting teams define flexible start and end dates for a budget rather than relying on calendar-based cycles. This enables single-budget tracking for time-bound projects (for example, a three-month development sprint starting mid-month) and triggers alerts as spend approaches thresholds. The feature is available today in all AWS commercial Regions except the AWS GovCloud (US) and China Regions.

🪱 Researchers have identified a self-propagating npm worm dubbed Shai-Hulud that injects a 3MB+ JavaScript bundle into packages published from compromised developer accounts. A postinstall action executes the bundle to harvest npm, GitHub, AWS and GCP tokens and to run TruffleHog for broader secret discovery. The worm creates public GitHub repositories to dump secrets, pushes malicious Actions to exfiltrate tokens, and has exposed at least 700 repositories; vendors urge rotation of affected tokens.

🔒 AWS Network Firewall now delivers expanded console monitoring and enhanced TLS inspection capabilities to improve outbound security. The monitoring dashboard adds visibility into traffic to AWS services such as Amazon S3, Amazon DynamoDB, and AWS Backup, including traffic sent over PrivateLink, and surfaces top source and destination IPs by packets and bytes. Customers can filter views by IP and protocol for targeted analysis. A new session holding feature for TLS Inspection prevents TCP/TLS establishment from reaching servers until SNI-based rules are evaluated, strengthening controls against malicious endpoints.

🔧 Amazon Web Services has added native support for EC2 Capacity Blocks in the Parallel Computing Service (PCS), enabling use of reserved EC2 instances directly within PCS Slurm clusters. This integration lets Capacity Blocks be associated with PCS compute node groups via an EC2 Launch Template, simplifying capacity planning for GPU‑based ML workloads. The feature is available in all Regions where both services are offered and aims to improve availability and predictability for cutting‑edge GPU jobs.

📩 AWS End User Messaging SMS now supports AWS CloudFormation, enabling customers to deploy and manage SMS resources using templates. Phone numbers, sender IDs, configuration sets, protection configurations, opt-out lists, resource policies, and phone pools can be provisioned and managed declaratively alongside other AWS resources. This support is available in all Regions where End User Messaging is offered, simplifying deployments and delivery pipelines.

🔒 CrowdStrike describes how the Falcon platform delivers unified visibility and lifecycle defense across the full AI stack, from GPUs and training data to inference pipelines and SaaS agents. The post highlights integrations with NVIDIA, AWS, Intel, Dell, Meta, and Salesforce to extend protection into infrastructure, data, models, and applications. It also introduces agentic defense via Charlotte AI for autonomous triage and rapid response, and emphasizes governance controls to prevent data leaks and adversarial manipulation.

🔁 This AWS blog demonstrates how to automate OIDC client secret rotation for Application Load Balancer authentication using AWS Secrets Manager, AWS Lambda, and Amazon EventBridge. The solution securely stores IdP credentials (Auth0 in the example), schedules a Lambda handler to fetch and compare tokens, and updates Secrets Manager and ALB listener rules when changes occur. It reduces manual effort, limits plaintext credential exposure, and adds monitoring via CloudWatch alarms.

🛡️ Researchers disclosed a campaign that trojanized more than 40 npm packages, including the popular tinycolor, embedding self-replicating credential-stealing code. The malware harvested AWS, GCP and Azure credentials, used TruffleHog for secrets discovery, and established persistence via GitHub Actions backdoors. Affected packages were removed, but developers are urged to remove compromised versions, rebuild from clean caches, and rotate any exposed credentials.

🔐 AWS introduces Multi-Region keys for AWS Payment Cryptography, a built-in option to automatically synchronize exportable symmetric payment keys from a primary Region to one or more replica Regions. You can choose account-level defaults or per-key replication targets, keep consistent key IDs across Regions, and rely on asynchronous replication with monitoring via new CloudTrail events. The feature improves availability and disaster recovery for global payment operations while preserving granular control over replication.

🚀 Amazon Lex now leverages large language models to augment the natural language understanding of deterministic conversational bots in eight additional languages: Chinese, Japanese, Korean, Portuguese, Catalan, French, Italian, and German. The enhancement helps voice and chat bots parse complex utterances, tolerate spelling errors, and extract key details from verbose inputs so bots can fulfill customer requests. The capability is available in 10 commercial AWS Regions where Amazon Connect operates.

⚙️ Amazon EBS now provides a latency injection action in AWS Fault Injection Service (FIS) to simulate degraded I/O performance on EBS volumes as part of controlled fault injection experiments. The action reproduces real-world signals such as Amazon CloudWatch alarms and OS timeouts so teams can observe application behavior and validate recovery. Pre-defined templates are available in the EBS and FIS consoles, and experiments can be customized or combined with other actions to integrate into chaos engineering and CI workflows. The capability is available in all Regions where FIS is supported.

📊 Amazon announced detailed performance statistics for EC2 instance store NVMe volumes, providing real-time I/O visibility on Nitro-based instances. The capability exposes 11 metrics at one-second granularity, including IOPS, throughput, queue lengths, and latency histograms broken down by IO size. Available by default across AWS Commercial and China Regions at no extra charge, it aligns NVMe monitoring with EBS detailed metrics for a consistent operational experience.

🔒 AWS has completed its annual OSPAR 2025 audit cycle under the newly enhanced OSPAR v2.0 guidelines, becoming the first global cloud provider in Singapore to receive the report. The certification covers 170 services in the AWS Asia Pacific (Singapore) Region, including seven newly scoped services such as Amazon DynamoDB Accelerator (DAX) and AWS Payment Cryptography. Customers can retrieve the full report through AWS Artifact to support due diligence and compliance.

🖥️ Amazon AppStream 2.0 now supports Graphics G6 instances with fractionalized GPU sizes, enabling customers to provision GPU capacity in smaller fractions (for example 1/2, 1/4, or 1/8) instead of full GPU instances. The new G6f and Gr6f options are built on the EC2 G6 family and are designed to optimize shared GPU resources for graphics workloads that need less than a full GPU. These instances are available in 10 AWS Regions and use pay-as-you-go pricing; they can be launched from the AWS Management Console or via the AWS SDK when creating an image builder or fleet.

🌐 AWS Storage Gateway now supports IPv6 for endpoints, APIs, and gateway appliance interfaces, offering new dual‑stack access alongside IPv4. Existing IPv4-only endpoints remain available for backward compatibility. Customers can standardize on IPv6 or transition gradually using the dual‑stack appliances and APIs. Support is available in all AWS Regions where the service is offered.

🚀 Amazon Aurora PostgreSQL Limitless Database is now available in AWS GovCloud (US‑East, US‑West), providing a serverless endpoint that transparently distributes data and queries across multiple Aurora Serverless instances while preserving transactional consistency. The service supports PostgreSQL 16.6, 16.8, and 16.9 compatibility and includes distributed query planning and transaction management so you don’t need to build custom sharding or manage multiple databases. Compute automatically scales up and down within customer-specified budgets, reducing the need to provision for peak capacity.

🚀 AWS today expanded availability of EC2 R8i and R8i‑flex instances to Asia Pacific (Malaysia, Singapore) and Europe (Frankfurt). These instances use custom Intel Xeon 6 processors exclusive to AWS and deliver up to 15% better price‑performance and 2.5× more memory bandwidth versus prior Intel‑based generations. R8i targets large, memory‑intensive workloads with 13 sizes (including two bare‑metal and a new 96xlarge) and SAP certification at 142,100 aSAPS, while R8i‑flex offers common memory‑optimized sizes from large to 16xlarge for cost-efficient right‑sizing.

🚀 AWS announced that AWS Transfer Family is now available in the Asia Pacific (Taipei) Region, supporting SFTP, FTP, FTPS and AS2 for managed file transfers. The service delivers fully managed ingress and egress to Amazon S3 and Amazon EFS, and integrates with event-driven automation to streamline file-processing workflows. This regional availability helps customers modernize and migrate business-to-business file exchanges to AWS while reducing operational overhead.

📦 Amazon S3 Batch Operations now allows users to target all objects within an S3 bucket, or refine selection by prefix, suffix, creation date, or storage class directly from the AWS Management Console. Instead of providing a manifest, customers can specify these filters when creating a job and S3 will apply the chosen operation to every matching object and produce a detailed completion report. Typical use cases include copying between buckets, restoring archived data from Glacier classes, and computing checksums for datasets. The capability is available in all AWS Regions and can also be accessed via the AWS CLI or SDK.

🔐 Amazon GuardDuty centralizes continuous threat detection across AWS using AI/ML and integrated threat intelligence. It offers optional protection plans—S3, EKS, Runtime Monitoring, Malware Protection for EC2 and S3, RDS, and Lambda—that extend detections to service-specific telemetry and runtime behaviors. Built-in Extended Threat Detection correlates signals into high-confidence attack sequences and maps findings to MITRE ATT&CK, providing prioritized remediation guidance.