All news with #aws tag

📞 Amazon Connect now supports multi-user web, in-app, and video calling, allowing multiple participants to join the same session with an agent via browser or mobile app. Agents can dynamically add participants during live calls or host scheduled multi-party sessions, and attendees can use audio, video, and screen sharing. This feature enables richer, more inclusive interactions for scenarios such as joint financial planning, family medical consultations, and meetings with legal representatives or translators.

📹 TwelveLabs Pegasus 1.2 is now available in US East (N. Virginia) and Asia Pacific (Seoul) through Amazon Bedrock. The video-first language model is optimized for long-form content and combines visual, audio, and textual signals to deliver advanced video-to-text generation and temporal understanding. Regional availability reduces latency and simplifies architecture for enterprise video-intelligence applications. To begin, request model access via the Amazon Bedrock console.

📨 Amazon Connect now supports embedding Tasks and Emails directly into websites and applications via a new contact form option in the communication widget. Supervisors and managers can use a drag-and-drop editor to design customer-facing forms and generate code snippets for seamless site integration. These interactions continue to be managed through existing Amazon Connect workflows, enabling flexible callback requests and web-based email submissions.

📡AWS announced a new AWS Direct Connect location at the Equinix BA1 data center near Barcelona, Spain, enabling private, direct connectivity to all public AWS Regions (excluding China), AWS GovCloud Regions, and AWS Local Zones. This is the first Direct Connect site in Barcelona and the third in Spain, offering dedicated 10 Gbps and 100 Gbps circuits with MACsec encryption available. Direct Connect enables private physical connections between AWS and customer data centers or colocation facilities, delivering a more consistent network experience than the public internet.

🔎 Amazon QuickSight has increased calculated-field capacities: analyses can now include up to 2,000 calculated fields (previously 500) and datasets can include up to 500 calculated fields (previously 200). The expansion enables authors and data curators to build more transformations and extract richer, more complex insights from very large datasets and diverse end-user personas. In regions where Amazon Q is available, users can also construct calculations using natural language. The new limits are currently available across all supported QuickSight regions.

🔁 Amazon Connect now supports recurring activities in agent schedules, enabling managers to create repeating events such as daily stand-ups or weekly team meetings with a few clicks. You can configure recurring series for individual agents or share a single recurring series across multiple agents, removing the need to create each occurrence manually. This capability is available in all AWS Regions where Amazon Connect agent scheduling is offered and is designed to improve manager productivity and keep agent calendars up to date.

🚀 AWS Marketplace has introduced a streamlined fulfillment experience for Amazon Machine Image (AMI) and AMI with CloudFormation products across both the website and console. The update combines configuration and purchase steps on a single page, clearly presenting fulfillment options, related AWS services, and seller-provided guidance. It also brings a new in-console launch experience for container products, providing a consistent multi-region, multi-language workflow.

🆕 Amazon Athena now supports CREATE TABLE AS SELECT (CTAS) statements targeting S3 Tables, enabling creation and population of a managed S3 Table from a single SQL query. The capability supports source data in Parquet, CSV, JSON and lake formats such as Apache Iceberg, Hudi, and Delta Lake. CTAS lets you partition data on the fly and the resulting tables can be queried, JOINed, and updated in Athena. This feature is available in AWS Regions where both Athena and S3 Tables are supported.

🔔 Amazon DynamoDB now emits more granular throttling exceptions together with matching Amazon CloudWatch metrics. The enhanced exception payloads include a list of reasons for the throttle event and the Amazon Resource Name (ARN) of the table or index affected, helping teams pinpoint what was throttled. CloudWatch metrics are available immediately; to receive the richer exception details you must upgrade to the latest SDK. This capability is available in commercial, GovCloud (US), and China Regions.

📈 DynamoDB now supports selectively emitting events for throttled keys to CloudWatch Contributor Insights, enabling you to monitor only throttled items rather than all accessed keys. By emitting exclusively throttled-key events, you reduce monitoring costs and noise while maintaining visibility into throttling and usage hotspots. This mode is available in all commercial AWS Regions, GovCloud (US), and China Regions.

🔒 AWS Certificate Manager (ACM) now supports AWS PrivateLink, enabling access to ACM APIs from within an Amazon VPC without traversing the public internet. You can create interface endpoints to connect your VPC to ACM using the AWS Management Console, AWS CLI, or AWS CloudFormation. This private connectivity is available in all Regions where ACM and PrivateLink are supported, including AWS GovCloud (US) and China Regions, and helps meet compliance requirements by keeping API traffic inside the AWS network.

🔒 Amazon Managed Service for Prometheus now supports resource-based policies on workspaces, allowing owners to specify which IAM principals can ingest metrics or run PromQL queries from other accounts. This removes the previous need to assume an IAM role in the workspace owner account for cross-account access. Workspace owners can attach policies to allow-list non-owner principals for Prometheus-compatible API actions, and the capability is available in all regions where the service is generally available.

🔒 AWS has renewed its PCI 3DS certification for Spring 2025 and expanded scope to include three additional services—Amazon Verified Permissions, AWS B2B Data Interchange, and AWS Resource Explorer—and three Regions: Asia Pacific (Thailand), Asia Pacific (Malaysia), and Mexico (Central). The compliance package includes an Attestation of Compliance (AOC) and an AWS Responsibility Summary to clarify shared responsibilities for handling payment card data. Coalfire served as the third-party Qualified Security Assessor (QSA) for the renewal. Customers can retrieve the detailed reports via the AWS Artifact self-service portal to support their audits.

🔒 Amazon Web Services announced that 177 AWS services achieved HITRUST certification for the 2025 assessment cycle, with five services certified for the first time: Amazon Verified Permissions, AWS B2B Data Interchange, AWS Payment Cryptography, AWS Resource Explorer, and AWS Security Incident Response. A third‑party assessor audited the services under the HITRUST CSF v11.5.1 framework. Customers can inherit the certification for validated assessments when they use in‑scope services and follow the AWS Shared Responsibility Model, and evidence is available through AWS Artifact.

🔒 This AWS blog explains how security teams can run malware analysis in the cloud while complying with AWS policies and minimizing risk. It recommends an architecture that uses an isolated VPC with no internet egress, ephemeral EC2 detonation hosts accessed via AWS Systems Manager Session Manager, and secure S3 storage via VPC gateway endpoints with encryption. The post emphasizes strong IAM and SCP guardrails, immutable hosts, automated teardown, centralized logging, and monitoring with CloudTrail and GuardDuty to maintain visibility and lifecycle control.

🔒 AWS confirms that guest data on instances running on the Nitro System and Nitro Hypervisor is not at risk from the research known as L1TF Reloaded, and no additional customer action is required. The researchers demonstrate that the technique chains half-Spectre gadgets with L1 Terminal Fault (L1TF) to transiently leak data on some hypervisors, but Nitro’s security-first architecture prevented data extraction. Nitro’s design relies on eXclusive Page Frame Ownership (XFPO) secret hiding, a minimal hypervisor footprint, and layered mitigations; AWS also notes coordinated disclosure and that it sponsored part of the research.

🔒 This guide consolidates practical recommendations for securing AWS CodeBuild CI/CD pipelines, emphasizing webhook configuration, trust boundaries, and least-privilege access. It warns against automatic pull request builds from untrusted contributors and prescribes push-based, branch-based, and contributor-filtered webhook patterns, plus staged rollout using Infrastructure as Code. Additional safeguards include scoped GitHub tokens, per-build IAM roles, isolated build environments, CloudTrail logging, and manual approval gates for sensitive deployments.

🔒 This second part of the guide examines three AWS file‑sharing mechanisms — CloudFront signed URLs, an Amazon VPC endpoint service backed by a custom application, and S3 Access Points — contrasting their security, cost, protocol, and operational trade‑offs. It highlights CloudFront’s edge caching and WAF/Shield integration for low‑latency public delivery, PrivateLink for fully private TCP connectivity, and Access Points for scalable IAM‑based S3 access control. The post emphasizes choosing or combining solutions based on access patterns, compliance, and budget.

🔐 This post by Swapnil Singh (updated July 28, 2025) compares AWS file-sharing options and explains security and cost trade-offs to help architects choose the right approach. Part 1 focuses on AWS Transfer Family, Transfer Family web apps, S3 pre-signed URLs, and a serverless pre-signed URL pattern (API Gateway + Lambda), outlining strengths, limitations, and pricing considerations. It emphasizes requirements gathering—access patterns, protocols, security, operations, and business constraints—and presents a decision matrix and high-level guidance for selecting a solution.

🔐 This AWS Security Blog post, republished July 30, 2025, demonstrates how to migrate an Oracle 19c Transparent Data Encryption (TDE) keystore on Amazon EC2 from a file-based wallet to AWS CloudHSM using the CloudHSM Client SDK 5. It walks through prerequisites—CloudHSM cluster, CloudHSM admin and crypto users, network connectivity—and stepwise commands to install the client and PKCS#11 library, adjust Oracle WALLET_ROOT/TDE_CONFIGURATION, and run the ADMINISTER KEY MANAGEMENT migration. The guide also covers creating an auto-login keystore, verifying V$ENCRYPTION_WALLET status, and outlines benefits such as FIPS-validated hardware, centralized management, and improved compliance.