All news with #cloud security tag

🚀 Amazon has expanded Aurora DSQL single-Region clusters to five additional AWS Regions: Hong Kong, Mumbai, Singapore, Stockholm, and Sao Paulo. The service offers serverless, distributed SQL with virtually unlimited scalability, high availability, and minimal infrastructure management. Aurora DSQL provides fast distributed reads and writes to simplify resilience and scaling for always-available applications. It is now available across 18 AWS Regions and is eligible for the AWS Free Tier.

🔒 Amazon Quick now supports cross-account access to Amazon Athena data sources, enabling queries against Athena datasets that reside in different AWS accounts from your Quick deployment. Administrators create an Athena data source by specifying a RunAsRole in the Quick account and a ConsumerAccountRoleArn in the target account; Quick chains roles to assume the RunAsRole and then the consumer role to execute queries, with Athena query costs billed to the account where the data lives. The feature supports multiple roles per consumer account for fine-grained team segregation and is available in all supported Amazon Quick Sight regions.

🔒 Amazon OpenSearch Service now supports a VPC egress option that enables a domain to establish private, outbound network connections to resources in your VPC—such as ML models, other AWS services, and custom applications—without exposing traffic to the public internet. When enabled, OpenSearch Service adds network interfaces to the subnets you select and routes outbound traffic into your VPC. You can enable or disable VPC egress via the console, AWS CLI, or the CreateDomain and UpdateDomainConfig APIs. This option is available in all Regions where the service is offered.

🔷 Microsoft is expanding Azure capacity across Europe to meet surging cloud and AI demand. Azure regions and sovereign offerings enable organizations to run sensitive workloads with control over data residency, compliance, and performance. The investments cover new regions and upgrades across Northern, Southern, and Central Europe to support multi-region architectures, digital transformation, and sector-specific AI initiatives.

🔒 Organizations have long focused on cyber defenses against breaches and ransomware, but new geopolitical tensions show major disruptions can originate in the physical world and target cloud and network infrastructure. As cloud systems become integral to national economies, the network itself becomes an attack surface requiring resilient-by-design architecture. Enterprises must embrace operational resilience, redundancy, and distributed controls to mitigate physical and systemic risks.

🔒 AWS Elemental MediaTailor now automatically authenticates server-to-server connections with Google Ad Manager (GAM), Google Campaign Manager (GCM), and Display & Video 360 (DV360), streamlining SSAI integration for customers. The service auto-detects requests to Google's ad servers and establishes the required secure, authenticated connection — no support case or allow-listing needed. GAM ad requests are secured to support access to Authorized Buyers, and GCM/DV360 impression tracking is routed through Google's authenticated endpoints to improve reporting and reduce rejected impressions. The feature is available in all Regions where MediaTailor runs and incurs no additional charge.

🔁 Amazon Connect Cases now automatically reassociates cases when duplicate customer profiles are merged by Amazon Connect Customer Profiles Identity Resolution, ensuring agents see a consolidated interaction history. When customers have multiple profiles from different channels or with different contact details, Identity Resolution detects and merges those duplicates and Cases brings all associated cases together under the unified profile. This reduces manual searching and the risk of incomplete context. The capability is available in multiple AWS regions.

🔐 AWS security teams can accelerate triage and remediation using Kiro and Amazon Q Developer. The post outlines five techniques—embedding persistent security context, accelerating Security Hub triage, remediating infrastructure-as-code, performing Well-Architected security reviews, and drafting Service Control Policies—aligned to the AWS Well-Architected Security Pillar. It highlights steering files and .amazonq/rules to codify standards, recommends staged testing and human validation, and proposes measurable metrics to track reduced time-to-triage and improved compliance.

🔍 Amazon OpenSearch Service expanded Cluster Insights to support OpenSearch 1.0 and later and Elasticsearch 6.8 and later, providing proactive cluster health and performance visibility via the Console. A new Unused Index insight identifies indices with zero search or indexing activity in the last 30 days and recommends migrating them to warm or cold storage to reduce costs. These insights surface through the Console, OpenSearch UI, OpenSearch Service Notifications, and Amazon EventBridge, and are available at no additional cost in all Regions where the service runs.

🛡️ AWS Identity and Access Management (IAM) has raised maximum quotas for six resource types to help customers scale. Updated limits include customer managed policies, instance profiles, managed policies per role, role trust policy length, roles per account, and OpenID Connect providers. These changes give teams more flexibility to design IAM controls and support growing workloads. To request increases, use Service Quotas or AWS Support per region.

🏷 CloudWatch Logs Insights now supports querying log groups by tags, allowing searches across all log groups that share key-value tags without listing them explicitly. Tags such as Environment:Production, Application:PaymentService, or Owner:TeamName let teams scope queries by environment, application, or ownership. As log group tags are added or removed, queries automatically reflect the matching log groups, reducing operational overhead as environments scale. This capability is available today in all commercial AWS Regions.

🔒 This AWS Security Blog post explains how to identify and secure open proxies in your AWS environment to prevent abuse, protect IP reputation, and control costs. It describes common proxy types—HTTP, SOCKS, transparent, and reverse—and the risks they introduce when misconfigured on EC2 instances, containers, and serverless functions. The guidance recommends strict access controls and authentication, deploying proxies in private subnets or via AWS PrivateLink, and restricting security groups and load balancers. It also emphasizes monitoring with VPC Flow Logs, CloudTrail, and GuardDuty, automated remediation, regular assessments with Amazon Inspector, and keeping incident response runbooks current.

📱 AWS has added expanded CloudWatch Alarm investigation tools to the AWS Console Mobile App. The update consolidates interactive metric graphs, AI-generated log summaries, and natural-language log search into a single alarm view to reduce time from notification to root cause. Engineers can zoom into specific time windows, adjust time zones, run voice or typed queries, and select pre-saved Logs Insights queries. Related metrics and resources are shown alongside alarms; the app is available in all AWS Commercial Regions at no additional cost.

🔄 AWS announces General Availability of AWS Entity Resolution incremental ML-based matching workflows. Customers can now process only newly added records rather than reprocessing entire datasets, cutting latency and infrastructure costs. The feature supports up to 50M incremental records against 1B historical records and processes 1M incremental records in under one hour.

🔒 AWS updated VPC Lattice to allow resource configurations to reference domain-name targets that are private to your VPC. You can share a resource configuration for a private FQDN across accounts by setting the Resource Config DNS Resolution property to IN_VPC, causing VPC Lattice to use the VPC's DNS to resolve targets. This enables secure cross-account access to privately hosted backends without public DNS entries. The capability is available via Console, CLI, SDKs and APIs at no additional cost in all regions where VPC Lattice is offered.

🔒 AWS outlines the Security Health Improvement Program (SHIP) as a no-cost, data-driven engagement to assess and prioritize fixes across 10 core cloud security use cases. The program uses actual environment data and AWS guidance to establish baselines needed for safe AI adoption and faster response to AI-accelerated vulnerability discovery. Customers can start via their account team or hands-on Activation Days.

🔒 Amazon CloudFront now supports WebSockets through VPC origins, allowing customers to host real-time, bidirectional applications entirely in private subnets. You can place Application Load Balancers, Network Load Balancers, and EC2 instances inside private subnets and expose them via a CloudFront distribution as the single entry point. This reduces attack surface, simplifies security management, and brings built-in DDoS protection to WebSockets workloads. WebSockets via VPC origins is available in all AWS Commercial Regions that support VPC origins at no additional cost.

🔒 IAM Roles Anywhere now lets you include the CreateSession API in VPC endpoint policies, enabling explicit allow or deny controls for session creation through endpoints. If CreateSession isn't explicitly allowed (or you don't permit all operations, e.g., "rolesanywhere:*"), requests made via the VPC endpoint will not return temporary AWS credentials. This closes a prior gap and delivers consistent, fine‑grained access control across all IAM Roles Anywhere API operations, available in all regions including GovCloud, European Sovereign Cloud, and China.

🔁 Amazon RDS for SQL Server now supports cross-account snapshot sharing for instances configured with additional storage volumes, allowing snapshots to preserve the original storage layout when shared, copied, or restored across accounts. This capability helps teams create isolated backup environments for compliance and to perform diagnostics by restoring snapshots in separate accounts. The feature is available today in all AWS commercial Regions via the Console, CLI, and SDKs.

🔁 Amazon RDS for SQL Server now supports creating read replicas for database instances that use additional storage volumes. Additional volumes let customers scale database storage up to 256 TiB by attaching up to three additional volumes of up to 64 TiB each, and replicas preserve the source instance's storage layout on creation. After the initial copy, administrators can manage additional volume configurations independently on source and replica instances. The feature is available in all AWS commercial Regions and AWS GovCloud (US) and can be accessed via the AWS Management Console, AWS CLI, or AWS SDKs.