All news with #infrastructure security tag

🔁 Amazon ECS now supports defining weekly event windows to control when Fargate task retirements occur. This capability lets teams schedule infrastructure updates and automatic task replacements during off-peak periods, reducing disruption to mission-critical services. To use it, enable the account setting fargateEventWindows, create EC2 event windows with time ranges, and associate them to tasks using Amazon ECS-managed tags.

🔔 Amazon Managed Streaming for Apache Kafka (MSK) Express Brokers now support Apache Kafka v3.9, introducing KRaft (Kafka Raft) for metadata management. New Express Broker clusters created with Kafka v3.9 will default to KRaft, moving metadata storage and replication into broker-managed topics and removing the dependency on ZooKeeper. The ability to upgrade existing clusters to v3.9 is planned for a future release. Kafka v3.9 for Express Brokers is available in all regions where MSK Express is supported; create a new cluster via the AWS Management Console, CLI, or SDKs to get started.

📊 Administrators and support teams can now monitor the health and performance of Amazon WorkSpaces Applications fleets, sessions, instances, and users through a new set of Amazon CloudWatch metrics. These metrics can be enabled across fleets from the CloudWatch console and dynamically update to reflect current state, simplifying troubleshooting of end-user streaming sessions and performance investigations. To receive the metrics, fleets must use a WorkSpaces Applications image with the agent released on or after December 06, 2025, or be updated via Managed WorkSpaces Applications image updates released on or after December 05, 2025; metrics are available in AWS commercial and AWS GovCloud (US) Regions where the service operates.

🚀 Starting today, Amazon EC2 R8g instances powered by AWS Graviton4 are available in AWS Europe (Paris) and Asia Pacific (Hyderabad). These memory-optimized instances deliver up to 30% better performance compared to Graviton3-based R7g instances and offer larger sizes—up to 48xlarge and 1.5 TB of memory. R8g provides up to 50 Gbps enhanced networking and up to 40 Gbps EBS bandwidth, and is built on the AWS Nitro System to improve performance and platform-level security; it is ideal for databases, in-memory caches, and real-time big data analytics.

🌐 Amazon Redshift Serverless is now generally available in a dual-stack mode that supports IPv6 alongside IPv4. Administrators can create new workgroups or modify existing workgroups to enable IPv6 addressing or choose IPv4-only configurations within AWS VPCs. This capability allows Redshift warehouses to be deployed in IPv6-enabled subnets and lets applications communicate using either protocol. The feature is available in all AWS commercial regions.

🚀 Amazon EC2 M8g instances are now available in Asia Pacific (Thailand, Jakarta, Melbourne) and AWS Middle East (UAE) regions. Powered by AWS Graviton4, they deliver up to 30% better performance compared to Graviton3-based instances and offer larger sizes with up to 3× more vCPUs and memory than M7g. M8g provides up to 50 Gbps enhanced networking and up to 40 Gbps EBS bandwidth across 12 instance sizes, including two bare metal options. Built on the AWS Nitro System, these general-purpose instances target application servers, microservices, gaming servers, midsize data stores, and caching fleets.

🚀 Amazon EC2 C8i and C8i-flex instances are now available in the Asia Pacific (Singapore) region, powered by custom Intel Xeon 6 processors built exclusively for AWS. These instances provide up to 15% better price-performance and 2.5x the memory bandwidth compared with previous Intel-based EC2 generations, and up to 20% higher performance versus C7i instances. AWS highlights workload-specific improvements — up to 60% faster for NGINX, 40% for deep learning recommendation models, and 35% for Memcached — and positions C8i-flex for many compute-intensive, partially utilized workloads while C8i targets memory-intensive, sustained-CPU use with sizes up to a new 96xlarge and two bare-metal variants. Instances can be purchased On-Demand, via Savings Plans, or Spot.

🌐 AWS Application Migration Service (MGN) now supports IPv6 for both service communication and application migrations. Organizations can use dual-stack service endpoints that handle IPv4 and IPv6, replicate data over either protocol, and preserve network connections and security during migration. During testing and cutover you can launch target servers in IPv4, IPv6, or dual-stack configurations. This capability is available in Regions that support AWS MGN and Amazon EC2 dual-stack endpoints.

🔔 Amazon Web Services has expanded availability of its High Memory U7i instances to additional regions: Frankfurt now supports the 24TiB u7in-24tb.224xlarge, Mumbai supports the 16TiB u7in-16tb.224xlarge, and Paris supports the 6TiB u7i-6tb.112xlarge. These instances use custom 4th‑generation Intel Xeon Scalable processors (Sapphire Rapids) and DDR5 memory, offering up to 896 vCPUs, up to 200Gbps networking, 100Gbps EBS throughput, and ENA Express. They target mission‑critical in‑memory databases such as SAP HANA, Oracle, and SQL Server.

🚀 Amazon Web Services has made Storage Optimized EC2 I7i instances available in Asia Pacific (Singapore, Jakarta) and Europe (Stockholm). Powered by 5th generation Intel Xeon Scalable processors (3.2 GHz all‑core turbo) and 3rd generation AWS Nitro SSDs, I7i delivers up to 23% better compute and over 10% improved price performance versus I4i, plus up to 45 TB NVMe with significant gains in real‑time storage performance and lower latency. The family spans eleven sizes (nine virtual up to 48xlarge, two bare metal), offers up to 100 Gbps network and 60 Gbps EBS bandwidth, and includes a torn write prevention feature supporting 16 KB block sizes.

🔔 Starting today, AWS has made C7i EC2 instances available in the Asia Pacific (Hyderabad) Region. These instances use custom 4th Gen Intel Xeon Scalable (Sapphire Rapids) processors and deliver up to 15% better price-performance versus C6i, with sizes up to 48xlarge and two bare-metal options. Features include Intel AMX support, built-in accelerators and the ability to attach up to 128 EBS volumes to scale and speed compute-intensive workloads.

🚀 AWS has announced general availability of the new Amazon EC2 C8gb instances, EBS-optimized and powered by AWS Graviton4 processors. These sizes deliver up to 30% better compute performance than Graviton3 and offer up to 150 Gbps of EBS bandwidth and up to 200 Gbps networking. Available in US East (N. Virginia) and US West (Oregon), metal sizes are limited to N. Virginia. They support EFA on larger sizes to improve cluster latency for tightly coupled workloads. Customers can use these instances to scale high-performance file systems and throughput-focused workloads while optimizing cost.

🔐 Cloudflare describes how its Customer Zero team moved internal production account management from manual dashboard changes to a centralized Infrastructure as Code model to reduce human error and accelerate secure change. The effort uses Terraform, an Atlantis-driven CI/CD pipeline, and a custom tfstate-butler backend to securely manage state at scale. Policy enforcement relies on Open Policy Agent Rego policies executed through Conftest on every merge request, with warnings or deny gates and a formal exceptions workflow.

🚀 Amazon Web Services announced the general availability of Amazon EC2 C8a instances powered by 5th Gen AMD EPYC (Turin) processors with up to 4.5 GHz frequency. AWS says C8a delivers up to 30% higher performance, up to 19% better price-performance versus C7a, 33% more memory bandwidth, and up to 57% faster GroovyJVM performance for Java workloads. The family includes 12 sizes, two bare-metal options, and is built on the AWS Nitro System for high-performance compute use cases such as HPC, batch processing, ad serving, multiplayer gaming, and video encoding. C8a instances are initially available in US East (N. Virginia), US East (Ohio), and US West (Oregon) and can be purchased via Savings Plans, On-Demand, or Spot.

🧟 In episode 445 of the Smashing Security podcast, Graham Cluley and guest Dan Raywood review a decade of insecure broadcast infrastructure that has allowed attackers to hijack TV and radio, issue fake emergency alerts, and even replace sermons with explicit content. They also examine an alleged insider leak at a cybersecurity firm that raises urgent questions about trusted access and internal controls. The discussion highlights persistent vulnerabilities in broadcast hardware and the broader implications for public safety and incident response.

⚙️ Amazon SageMaker AI's Flexible Training Plans (FTP) now support inference endpoints, allowing customers to reserve guaranteed GPU capacity for planned evaluations and production peaks. You choose instance types, compute requirements, reservation length, and start date, then reference the reservation ARN when creating an endpoint. SageMaker AI automatically provisions and runs the endpoint on the reserved capacity for the plan duration, removing much of the infrastructure scheduling overhead. FTP for inference is initially available in US East (N. Virginia), US West (Oregon), and US East (Ohio).

🌐 Today Google is announcing TalayLink, a new subsea cable that will extend the previously announced interlink cable from the Australia Connect initiative to establish a diverse path between Australia and Thailand via the Indian Ocean. The project includes planned connectivity hubs in Mandurah (Western Australia) and South Thailand, the latter in partnership with AIS, plus local landing support from IGC. These investments are designed to integrate Google Cloud’s upcoming Thailand region and data center into its global network, improving resilience, routing diversity, and onward connectivity across the Indian Ocean.

🚀 Amazon EKS introduced Provisioned Control Plane, letting customers select pre-defined control plane capacity tiers for new or existing clusters via APIs, the AWS Console, or infrastructure-as-code. The feature pre-provisions capacity to deliver predictable, low-latency control plane performance during traffic spikes and unpredictable bursts. It unlocks higher cluster scalability for ultra-scale workloads such as AI training, high-performance computing, and large data processing, and helps align development, staging, production, and disaster recovery behavior.

🧭 AWS CloudFormation StackSets now supports deployment ordering in auto-deployment mode, allowing you to define the sequence in which stack instances deploy across accounts and regions. You can specify up to 10 dependencies per stack instance using the new DependsOn parameter in AutoDeployment to orchestrate foundational and dependent stacks. StackSets performs cycle detection to prevent circular dependencies and returns clear error messages to aid troubleshooting. This capability is available in all Regions where StackSets is offered and can be configured via the CLI, SDK, or CloudFormation Console at no extra charge.

🔒 AWS Organizations Tag Policies introduces Reporting for Required Tags, a validation check that ensures IaC deployments include mandatory tags. You define a tag policy specifying required keys and enable validation for CloudFormation, Terraform, or Pulumi workflows. Validation is implemented by activating the AWS::TagPolicies::TaggingComplianceValidator Hook in CloudFormation, adding plan-time checks in Terraform, or enabling the aws-organizations-tag-policies policy pack in Pulumi. The feature is available via the AWS Management Console, AWS CLI, and AWS SDK in supported Regions.