All news with #cloud security tag

🔒 AWS announced that AWS IoT Core now supports customer managed domains in the AWS GovCloud (US) Regions. Customer managed domains let you configure custom domain names, use server certificates stored in AWS Certificate Manager, attach custom authorizers, and create multiple data endpoints. This provides stable TLS behavior and simplifies migration of existing devices without changing device credentials or CA certificates.

🔒 Google Cloud explains how the BSI's new C3A framework validates and shapes its approach to digital sovereignty in Germany. The post presents a tiered Sovereign Cloud portfolio—Data Boundary, Google Cloud Dedicated, Google Distributed Cloud, and Sovereign Workspace by StackIT—designed to deliver graduated isolation, local control and compliance with European rules. It highlights collaboration with German partners and the direct integration of C3A criteria into product design to give public-sector and enterprise customers choice without vendor lock-in.

🤖 Amazon Redshift Serverless now enables AI-driven scaling and optimization by default for all new workgroups, using machine learning to predict compute needs and automatically adjust resources before queries queue. The update expands support to workloads with a Base RPU range of 8–512 RPU, lowering the entry cost. Use the price-performance slider to prioritize cost, performance, or a balance; Amazon Redshift also applies automatic materialized views and table design optimizations. Configure targets via the AWS Management Console or the Amazon Redshift API; settings can be modified after workgroup creation and are available in all Regions where Serverless is offered.

🔍 Amazon CloudWatch RUM now provides an improved App Monitors overview that surfaces fleet-wide health, SLO breaches, and distributed tracing coverage on a single page. The new view groups monitors into four summary cards — Needs attention, Trending worse, Setup and coverage, and SLOs and Alarms — and offers quick filters, per-row SLI and tracing links, and a selectable side panel for deeper context. The enhancement is available in all AWS commercial Regions where CloudWatch RUM is offered at no additional cost.

🚀 Amazon Elastic VMware Service (Amazon EVS) now supports the i7i.metal-24xl Amazon EC2 bare-metal instance, providing a lower-core-count option with a 5th-generation Intel Xeon processor. This delivers improved cost-performance and scaling flexibility for VMware-based workloads on EVS. Customers can expect up to 23% better compute performance and over 10% better price performance versus i4i for x86 storage-optimized use cases. The release is available in Regions that offer both Amazon EVS and EC2 i7i.

🚀 Amazon Redshift Serverless is now generally available in the AWS Asia Pacific (Melbourne) and Canada West (Calgary) regions. The serverless offering removes the need to provision or manage clusters by automatically provisioning and scaling compute for analytics workloads. Users can query data directly in S3 in open formats (Parquet, Iceberg), access data shares, restore snapshots, and use Query Editor V2 or existing BI tools, with per-second compute billing and unified query cost reporting.

📎 Amazon Connect now supports attachment file sizes up to 100 MB for chat, cases, and tasks, increased from the previous 20 MB limit. Administrators can enable the higher limits and configure custom file extensions for attachments across chat, email, cases, and tasks via the Amazon Connect admin website or APIs. This reduces back-and-forth by allowing customers to upload diagnostic bundles, log archives, signed contracts, and other larger documents directly during interactions; the feature is available in multiple AWS Regions.

💳 AWS Billing Conductor now supports the new Passthrough Pricing Plan for Billing Transfer users. Customers can select this AWS-managed plan when configuring a new transfer in the Billing Transfer page or apply it to existing billing groups via the AWS Billing Conductor console. Under the plan, accounts in a billing group see billable data that reflects the AWS invoice value in both My View and Showback/Chargeback views. The feature is available in US East (N. Virginia) and is offered free of charge for qualifying Direct Customers and Channel Partners.

🔒 Microsoft announced that Azure Local now supports deployments of up to thousands of servers within a single sovereign environment. The platform extends the Azure operating model to customer-owned datacenters, edge sites and industrial facilities with local policy enforcement, role-based access control, auditing and compliance capabilities even when disconnected. Validated compute and storage partners, plus Intel® Xeon® 6 and GPU support, let organizations run large-scale, latency-sensitive AI and regulated workloads entirely within their sovereign boundary while retaining lifecycle management through Azure.

🔒This AWS Security Blog post explains how to use the AWS Service Authorization Reference to determine what IAM policies can and cannot control. It introduces the PARC (Principal, Action, Resource, Condition) authorization context and shows how condition keys drive policy decisions. Through practical examples — S3 server-side encryption, EC2 instance-type restrictions, and DynamoDB leading keys — the article explains when to rely on policies and when to layer detective or policy-as-code controls.

🛰️ Google has extended geospatial analytics in BigQuery, integrating Google Earth AI models and new datasets to enable richer planetary and community insights. Announced at Google Cloud Next '26 and with recent March updates, the release includes Street View Insights (GA) with upcoming LiDAR, experimental Aerial and Satellite Insights, and licenseable Aerial & Satellite Models in Model Garden. These capabilities aim to accelerate infrastructure assessment, logistics planning, renewable-energy siting, and public-sector decision-making by bringing multi-perspective imagery and derived datasets directly into analytics workflows.

🔒 Amazon announced VPC egress support for AgentCore Gateway targets and AgentCore Identity, available in managed and self‑managed configurations. The capability lets Gateways invoke private resources inside a customer VPC (for example, EKS-hosted MCP servers) and allows Identity to validate tokens from and fetch tokens for private IdPs. The release also adds private DNS resolution for managed egress resources and is available in fourteen AWS Regions.

🔗 AWS announced native integration between AWS Client VPN and AWS Transit Gateway, enabling centralized remote access across multiple VPCs and on-premises networks without an intermediate VPC. Client source IPs are preserved end-to-end, allowing authorization rules and forensic tracing to map traffic back to specific users. Transit Gateway flow logs capture connection-level details tied to those preserved client IPs, improving troubleshooting and auditability. The integration is available in all Regions where Client VPN is offered and incurs no additional charges beyond standard service pricing.

🚀 AWS Parallel Computing Service (AWS PCS) now supports Slurm 25.11, including an expedited re-queue feature that can automatically reschedule jobs affected by node issues at highest priority. You can enable a Prometheus-compatible OpenMetrics endpoint for real-time visibility into jobs, nodes, and scheduling using existing monitoring tools. AWS PCS can forward slurmdbd and slurmrestd logs to Amazon CloudWatch Logs, Amazon S3, or Amazon Data Firehose. Scheduler audit logs are now delivered as a dedicated log type to provide independent control over ingestion, retention, and storage costs.

🔧 Amazon SageMaker HyperPod now automatically selects and continuously maintains the optimal network topology for Slurm GPU clusters based on the instance types in the cluster. By choosing tree or block topology models that match instance interconnect characteristics, HyperPod reduces GPU-to-GPU latency, improves NCCL collective efficiency, and raises distributed training throughput. The topology adapts automatically during scale-up, scale-down, and node replacement events, so administrators no longer need to manually edit topology files or reconfigure Slurm. Topology-aware scheduling is enabled by default across supported AWS Regions.

🚀 Amazon SageMaker Unified Studio now supports serverless notebooks and a built-in data agent for AWS IAM Identity Center (IdC) domains, extending functionality that was previously available only in IAM domains. The serverless notebook provides a single interactive workspace for SQL, Python, large-scale data processing, ML workloads, and visualizations. A built-in AI data agent generates code and SQL from natural-language prompts and helps guide users through tasks. The environment is backed by Amazon Athena for Apache Spark, scaling from interactive queries to petabyte-scale processing, and is available in all Regions where Unified Studio is supported.

⚙️ AWS Compute Optimizer now supports the newest EC2 and RDS instance types, expanding recommendations to include Compute, General Purpose, Memory-optimized, Memory-intensive, and Storage-optimized families. The update covers EC2 families such as C8*, M8*, R8*, x8i, and i7i, and RDS classes including M7i, M8g, R8g, X1, and Z1d across MySQL, PostgreSQL, Amazon Aurora MySQL, and Aurora PostgreSQL. This capability is available in all standard AWS Regions where Compute Optimizer operates, excluding AWS GovCloud (US) and the two China regions.

🚀 Second-generation AWS Outposts racks are now supported in the AWS Asia Pacific (Seoul, Sydney) and Europe (Paris) Regions. Outposts racks bring AWS infrastructure, services, APIs, and tools into on‑premises data centers or colocation spaces to provide a consistent hybrid experience. Customers can order racks attached to these Regions to optimize latency, meet data residency requirements, run low-latency workloads locally, and manage applications from their home Region.

🔍 AWS has extended Elastic Beanstalk's AI-powered environment analysis to Windows Server platforms, enabling developers and operators to diagnose and resolve Windows-based environment issues more quickly. The feature collects recent events, instance health metrics, and logs from Windows instances and sends that telemetry to Amazon Bedrock for analysis. You can request an AI analysis from the Elastic Beanstalk console using the AI Analysis button or programmatically via the AWS CLI with the RequestEnvironmentInfo and RetrieveEnvironmentInfo operations. Results include step-by-step troubleshooting recommendations tailored to the environment's current state and are available in Regions where both services are offered.

🔒 Unit 42 demonstrates Zealot, a multi-agent LLM proof of concept that autonomously chained well-known cloud exploits in an isolated GCP sandbox. The system coordinated specialist agents to perform reconnaissance, exploit an SSRF vulnerability, steal metadata service credentials, impersonate service accounts and exfiltrate BigQuery data without step-by-step human prompts. The report emphasizes that AI acts as a force multiplier—accelerating exploitation of misconfigurations rather than inventing novel techniques—and urges defenders to harden metadata access, enforce least privilege and adopt machine-speed detection and response.