All news with #cross-account access tag

AWS Backup Adds Delegated Admin Support in 17 Regions

🔔 AWS Backup now supports delegated administrators in 17 additional AWS Regions, allowing designated accounts to manage backup operations and administrative tasks across member accounts. The expansion includes regions in Africa, Asia Pacific, Canada, Europe, Israel, Mexico, and the Middle East. AWS Backup Audit Manager also supports cross-Region and cross-account delegated admin reports for jobs and backup plan compliance. Visit the AWS Backup console to get started.

AWS Backup Adds Native Support for Amazon EKS Across Regions

🔒 AWS Backup now supports Amazon EKS, providing a fully managed, centralized solution for backing up cluster state and persistent application data. The agent-free integration replaces custom scripts and third-party tools with a native, policy-driven service that offers automated scheduling, retention management, immutable vaults, and cross-Region and cross-account copies. You can restore entire clusters, specific namespaces, or individual persistent volumes to support disaster recovery, compliance, or pre-upgrade protection.

AWS Cloud Map Adds Cross-Account Support in GovCloud

🔁 AWS Cloud Map now supports cross-account service discovery in AWS GovCloud (US) Regions through integration with AWS Resource Access Manager (AWS RAM). By sharing namespaces, you can allow individual accounts, Organizational Units, or an entire AWS Organization to discover resources such as Amazon ECS tasks, EC2 instances, and DynamoDB tables across accounts. The capability is available now in GovCloud (US-East) and GovCloud (US-West) via Console, API, SDK, CLI, and CloudFormation.

AWS Backup: Single-step Cross-Region Snapshot Copy

🔁 AWS Backup now supports a single-action copy of database snapshots across AWS Regions and accounts for Amazon RDS, Amazon Aurora, Amazon Neptune, and Amazon DocumentDB. This eliminates the previous two-step process and removes the need for intermediate copies, custom scripts, or Lambda automation. The change reduces operational complexity and helps achieve faster RPOs while removing costs associated with intermediate snapshot storage. You can use the feature today via the AWS Management Console, AWS CLI, or AWS SDKs.

Amazon RDS supports cross-Region and cross-account snapshots

🔁 Amazon RDS now supports single-step cross-Region and cross-account copying of snapshots for Amazon RDS and Amazon Aurora. This new capability eliminates the prior two-step process and removes the need for an intermediate snapshot, helping customers achieve tighter recovery point objectives while reducing storage and operational costs. The feature is available in all AWS Regions, including AWS China and AWS GovCloud (US), and can be used today via the AWS Management Console, AWS CLI, or AWS SDKs.

AWS Lambda: Cross-Account Container Images in GovCloud

🚀 AWS Lambda now supports creating or updating functions using container images stored in an Amazon ECR repository in a different AWS account within GovCloud Regions. This removes the previous need to copy images into a local ECR repo and streamlines centralized image management and CI/CD workflows. Administrators must grant the Lambda resource and the Lambda service principal the necessary cross-account permissions.

Cloud CISO Perspectives: Fighting Cyber-Enabled Fraud

🔒 David Stone and Marina Kaganovich from Google Cloud’s Office of the CISO warn that cyber-enabled fraud (CEF) is scaling rapidly and presents severe financial and reputational risk. The post cites FBI data — $13.7 billion in losses in 2024 — and highlights common tactics such as phishing, ransomware, account takeover, and business email compromise. It urges CISOs and boards to shift from siloed defenses to a proactive, enterprise-wide posture using frameworks like FS-ISAC’s Cyber Fraud Prevention Framework and Google Cloud detection and protection capabilities.

Amazon Managed Service for Prometheus Adds Resource Policies

🔒 Amazon Managed Service for Prometheus now supports resource-based policies on workspaces, allowing owners to specify which IAM principals can ingest metrics or run PromQL queries from other accounts. This removes the previous need to assume an IAM role in the workspace owner account for cross-account access. Workspace owners can attach policies to allow-list non-owner principals for Prometheus-compatible API actions, and the capability is available in all regions where the service is generally available.