All news with #aws tag

🛡️ AWS Security Assurance Services has published a new compliance guide, ISO 31000:2018 Risk Management on AWS, offering practical guidance for building and operating risk management programs in AWS environments. The guide explains how to apply ISO 31000:2018 principles to establish context, perform risk assessments, implement treatments, and enable continuous monitoring. It highlights governance aligned with the AWS Shared Responsibility Model and recommends strategies for avoidance, mitigation, transfer, and acceptance to support scalable, automated security and compliance.

🔒 Amazon CloudFront now supports WebSockets through VPC origins, allowing customers to host real-time, bidirectional applications entirely in private subnets. You can place Application Load Balancers, Network Load Balancers, and EC2 instances inside private subnets and expose them via a CloudFront distribution as the single entry point. This reduces attack surface, simplifies security management, and brings built-in DDoS protection to WebSockets workloads. WebSockets via VPC origins is available in all AWS Commercial Regions that support VPC origins at no additional cost.

🔒 IAM Roles Anywhere now lets you include the CreateSession API in VPC endpoint policies, enabling explicit allow or deny controls for session creation through endpoints. If CreateSession isn't explicitly allowed (or you don't permit all operations, e.g., "rolesanywhere:*"), requests made via the VPC endpoint will not return temporary AWS credentials. This closes a prior gap and delivers consistent, fine‑grained access control across all IAM Roles Anywhere API operations, available in all regions including GovCloud, European Sovereign Cloud, and China.

📈 Amazon Redshift now supports concurrency scaling for auto-copy and zero-ETL, improving ingestion throughput for both S3-based loads and near real-time replication from operational databases. Enabled for Amazon Redshift Serverless and RA3 provisioned warehouses across all commercial and GovCloud regions, this feature automatically adds compute to handle spikes in reads and writes. Organizations can immediately enable it to maintain faster, consistent ingestion during peak loads.

🔁 AWS Transform customers can now use BI migration agents to convert Power BI and Tableau dashboards into Amazon QuickSight assets, reducing migration effort from months to days. Built by Wavicle Data Solutions and delivered through AWS Marketplace, the new offering includes Analyzer and Converter agents for each source and operates entirely within your AWS account so no data leaves your environment. After conversion, administrators assign dashboards to BI authors for validation and publishing.

🔧SDMA on AWS now supports custom transformation connectors and a unified desktop installer. Custom connectors enable submission of compute‑intensive jobs—such as format conversion, 3D rendering, image tiling, and metadata extraction—to AWS Deadline Cloud using Open Job Description templates, and can extend SDMA's built-in content analysis with bespoke verification or transformation logic. Connectors run in isolated compute environments and automatically ingest declared outputs back into SDMA's governed asset repository, allowing automated, chained processing across spatial data pipelines. The SDMA desktop application now offers a standalone installer that bundles required dependencies, removing the need to install the CLI or other components separately.

🚀Amazon EKS now supports Dynamic Resource Allocation (DRA) for Elastic Fabric Adapter (EFA), simplifying RDMA and high-performance inter-node communication for AI/ML and HPC workloads. The EFA DRA driver, based on the upstream DRANET project, enables topology-aware allocation and EFA interface sharing so network traffic uses the closest NIC to GPUs, Trainium, or Inferentia. It’s recommended for new EKS deployments on Kubernetes 1.34+ and is available in all AWS Regions; the existing EFA device plugin remains supported and is still recommended for use with Karpenter and Amazon EKS Auto Mode.

📈 Amazon MQ for RabbitMQ now includes the Prometheus plugin on RabbitMQ 4.2 brokers, providing a native Prometheus-compatible metrics endpoint. You can scrape broker, queue, and connection metrics from the /metrics, /metrics/detailed, and /metrics/memory-breakdown endpoints in Prometheus text format. AWS also publishes a curated subset of these metrics to CloudWatch. The plugin is enabled by default in all Regions where Amazon MQ is available.

🔧 AWS announced Neuron Agentic Development, an open-source set of agents and skills that bring agentic coding capabilities to development on AWS Trainium and AWS Inferentia. The initial release focuses on Neuron Kernel Interface (NKI) kernel development, enabling an agentic IDE to author, debug, profile, and analyze custom kernels. Developers can request kernels from natural-language descriptions, get automated fixes for compilation errors, and receive performance reports identifying bottleneck lines of code.

🔒 Amazon OpenSearch Service now supports index-level encryption using AWS Key Management Service (KMS) customer managed keys. This allows you to assign different customer managed keys to individual indexes on the same domain, enabling more granular, tenant-specific encryption policies and isolating encrypted data across indexes. The capability builds on existing domain-level encryption and is available at no additional cost for domains running OpenSearch 3.3 or later in select AWS Regions.

🚀 Amazon RDS for MySQL now supports the community MySQL 9.6 Innovation Release in the Amazon RDS Database Preview Environment. You can deploy MySQL 9.6 as fully managed Single‑AZ or Multi‑AZ instances on the latest-generation instance classes to evaluate new features, bug fixes, and security patches. Preview instances are retained for a maximum of 60 days and snapshots created there can only be used within the Preview Environment. Pricing for preview instances aligns with production RDS in the US East (Ohio) Region.

🛡️ This article outlines AWS guidance for integrating trust, safety, and responsible-AI practices into applications built on Amazon Bedrock. It defines core responsible AI dimensions—such as safety, controllability, fairness, explainability, security and privacy, robustness, governance, and transparency—and maps them to lifecycle stages: design, deployment, and operations. It recommends observability and guardrail tools like Amazon CloudWatch and Bedrock Guardrails for monitoring, abuse detection, configurable content filters, and hallucination controls, and describes an abuse response process for coordination with AWS Trust & Safety.

🚀 Amazon DocumentDB (with MongoDB compatibility) is now available in the Canada West (Calgary) region. This fully managed, native JSON database delivers automatic storage scaling up to 128TiB, support for up to 15 low‑latency read replicas, and native integrations with AWS services such as AWS DMS, Amazon CloudWatch, AWS CloudTrail, AWS Lambda, and AWS Backup. You can create clusters via the AWS Management Console, CLI, or SDK to support mission‑critical document workloads at scale.

🚀 Amazon CloudFront now supports invalidation by cache tag, letting teams remove groups of related cached objects at edge locations with a single request. Developers add a configurable response header with comma-separated tag values and can assign multiple tags per object for precise control. This reduces reliance on URL lists or broad wildcards and helps preserve cache hit ratios while ensuring fresh content quickly.

🤖 AWS has added Google DeepMind's instruction‑tuned Gemma 4 E4B, Gemma 4 26B‑A4B, and Gemma 4 31B to SageMaker JumpStart, making multimodal foundation models directly accessible to AWS customers. The models offer configurable step‑by‑step reasoning, interleaved text and image inputs, video and image understanding, native function calling, and multilingual support across 140+ languages. Gemma 4 E4B also supports audio input for ASR and speech‑to‑translated‑text workflows. Customers can deploy these models via SageMaker Studio or the SageMaker Python SDK for rapid experimentation and production.

🆕 Amazon SageMaker JumpStart now includes paraphrase-multilingual-MiniLM-L12-v2, Microsoft Table Transformer Detection, and Bielik-11B-v3.0-Instruct. The MiniLM model maps sentences to 384-dimensional dense vectors across 50+ languages for cross-lingual semantic search, multilingual clustering, and sentence similarity scoring. The Microsoft Table Transformer is a DETR-based detector trained on PubTables-1M to locate tables in PDFs and scanned images for document digitization. Bielik-11B offers an 11B-parameter multilingual generative model focused on Polish and 32 European languages for dialogue, STEM reasoning, and enterprise NLP.

🔧 Amazon CloudWatch now provides a visual configuration editor for the CloudWatch agent directly in the Amazon EC2 console, eliminating the need to hand-edit JSON. You can graphically build agent configurations, select metrics, log sources, and deployment targets, then deploy with a single click. From the EC2 console you can install the agent on one or more instances, create tag-based policies for automated fleet-wide management, and view agent status and health from each instance detail page. The feature is available in all AWS Commercial Regions at no additional cost; standard CloudWatch pricing applies for collected telemetry.

🚀 Amazon Bedrock now includes OpenAI GPT OSS (120B and 20B) and NVIDIA Nemotron models (Nano 9B v2, Nano 12B v2, Nano 30B, Super 120B), enabling developers to access open-weight foundation models through a single API. The integration is powered by Mantle, a distributed inference engine that provides serverless, high-performance inference, unified capacity pools, automated quota management, and OpenAI API compatibility. These models are available on AWS GovCloud (US) for compliant, enterprise-grade deployments.

📊 Amazon QuickSight now supports custom sort for filter controls, letting authors control how dropdown and list values are ordered instead of relying on alphabetical sorting. Custom sort applies to dropdown and list controls in single- and multi-select modes and supports ascending, descending, or fully custom orders for manually entered values. For dataset-backed controls authors can sort by the bound column or by another field using aggregations like Sum, Average, Count, Min, and Max, enabling business-driven ordering such as priority levels or revenue-ranked categories.

🔧 AWS updated the Transfer Family Terraform module to include end-to-end examples demonstrating integration with Okta and Microsoft Entra ID as custom identity providers. Built on the open-source Custom IdP solution and example repositories, the module automates deployment of Transfer Family endpoints while leveraging existing identity infrastructure. Included security controls—MFA, audit logging, and per-user IP allowlisting—help organizations meet operational and compliance requirements; consult the Terraform Registry and the Transfer Family Custom IdP user guide for implementation details and regional availability.