All news with #infrastructure security tag

🌐 AWS has announced the general availability of AWS Cloud WAN Routing Policy, delivering fine-grained controls to optimize route management and traffic behavior across global wide-area networks. The feature supports route filtering, summarization, and advanced BGP attribute configuration to limit unnecessary route propagation, prevent asymmetric or sub‑optimal paths, and contain reachability blast radius. It also exposes enhanced routing database visibility for faster troubleshooting in complex multi‑path hybrid environments. Routing Policy is available in all Regions where Cloud WAN is offered and can be enabled via the Management Console, CLI, or SDK at no additional charge.

🔒 CISA, together with US and international partners, has published a joint guide addressing bulletproof hosting (BPH) services that enable ransomware, phishing, malware delivery and other attacks. The guidance explains how BPH providers lease or resell infrastructure to criminals, enabling fast-flux operations, command-and-control activity and data extortion while evading takedowns. It recommends concrete defensive actions — including curating a high confidence list of malicious internet resources, continuous traffic analysis, automated blocklist reviews, network-edge filters, threat intelligence sharing and feedback processes — to help ISPs and network defenders reduce abuse while limiting collateral impact.

🛡️ EC2 Auto Scaling introduces an instance lifecycle policy that lets you retain instances when lifecycle hooks fail or time out, enabling manual intervention for graceful shutdowns. Previously, the default continue or abandon outcomes both resulted in instance termination after a timeout; the new policy adds configurable retention triggers to keep instances in a retained state. This is particularly helpful for stateful applications that need to save local data, close database connections, deregister from discovery, or remove sensitive credentials before termination. The feature is available in US East (N. Virginia), US West (Oregon), Europe (Ireland), and Asia Pacific (Singapore).

🔁 Amazon EC2 Auto Scaling introduces the ReplaceRootVolume strategy for instance refresh, allowing replacement of an instance's root Amazon EBS volume without stopping or terminating the instance. The feature preserves attachments and metadata (network interfaces, elastic IPs) and reduces operational complexity for OS-level updates, patching, and recovery from corrupted root volumes. It is particularly valuable for specialized instance types such as Mac and GPU instances and for stateful applications where data and attachments must be preserved. ReplaceRootVolume is available in select regions at no additional cost beyond standard EC2 and EBS usage.

🚀 Amazon ECS Managed Instances now lets you configure a scale-in delay so you can better align instance terminations with workload patterns and business requirements. You can set the scaleInAfter parameter to any value up to 60 minutes, or set it to -1 to disable automatic infrastructure optimization and allow instances to remain until they are patched after 14 days. Configure scaleInAfter when creating or updating an ECS Managed Instances capacity provider via the ECS API, console, SDKs, CDK, or CloudFormation. This capability is available in all commercial AWS Regions and helps teams balance cost optimization against availability.

🔁 AWS CloudFormation now offers drift-aware change sets to detect and reconcile configuration drift by comparing a new template, the last-deployed template, and the live infrastructure state. The feature lets you preview deployment impacts on drifted resources, avoid unintended overwrites, and revert out-of-band changes. Create a change set in the console as “Drift-aware” or call CreateChangeSet with --deployment-mode REVERT_DRIFT. Available in Regions where CloudFormation is offered.

☁️ AWS Transform for VMware can now automatically convert VMware network environments into Landing Zone Accelerator (LZA)-compatible YAML network configurations that can be directly imported and deployed via LZA. Building on existing IaC output formats such as CloudFormation, AWS CDK, and Terraform, this capability reduces manual re-creation of network settings, lowers the risk of configuration errors, and accelerates migration timelines while aligning deployments with enterprise security and compliance standards.

🚀 Google Cloud previewed its HPC and AI innovations for SC25, emphasizing a shift to cloud-native HPC that lets researchers and engineers provision purpose-built clusters in minutes. Key highlights include H4D and A4X VMs with low-latency Cloud RDMA, plus the Dynamic Workload Scheduler with Flex Start to enable flexible, cost-effective access to high-demand compute. The Cluster Toolkit and Google Managed Lustre simplify cluster deployment and high-throughput storage, while the latest TPUs and AI tools accelerate scientific workflows. Attendees are invited to booth #3724 for demos, talks, and community events.

🔒 AWS Network Firewall is now available in the AWS New Zealand (Auckland) Region, enabling customers to deploy essential network protections across all Amazon VPCs. As a managed firewall service, it automatically scales with traffic volume and delivers high availability without requiring customers to provision or maintain infrastructure. It integrates with AWS Firewall Manager to provide centralized visibility and policy control across multiple AWS accounts, simplifying governance and enforcement.

🚀 Amazon Web Services has expanded availability of Amazon EC2 I7i Storage Optimized instances to AWS Europe (Ireland) and Asia Pacific (Seoul, Hong Kong). Powered by 5th‑generation Intel Xeon Scalable processors and 3rd‑generation AWS Nitro SSDs, I7i delivers up to 23% better compute and notable storage-performance and latency improvements versus I4i. Available in eleven sizes, including bare metal, these instances are aimed at I/O‑intensive, latency‑sensitive workloads that require very high random IOPS and multi‑TB dataset access.

🔁 AWS now enables AWS Transform for VMware to automatically generate network configuration YAML files that are directly compatible with the Landing Zone Accelerator on AWS (LZA). Building on Transform’s existing infrastructure-as-code outputs for AWS CloudFormation, AWS CDK, and Terraform, the capability converts VMware network environments into LZA-ready YAML that can be imported into LZA’s deployment pipeline. The feature is available in all AWS Transform target Regions and is intended to reduce manual effort and deployment time while improving consistency across multi-account environments.

🔍 Cloudflare explains how they accelerated triage and reduced release delays for Salt-managed configuration changes across thousands of servers. They implemented a local job cache on minions to retain job results, built a Salt Blame execution module to correlate failed highstates with commits, releases and external outages, and automated hierarchical triage from chat. These changes removed repetitive SSH-and-log workflows, made root-cause attribution self-service for SREs, and yielded a measurable >5% reduction in time lost to Salt-related release delays while enabling ongoing analytics and feedback.

🛠️ AWS Parallel Computing Service (PCS) now supports Slurm CLI Filter plugins, letting administrators extend and modify how Slurm evaluates and schedules HPC jobs without changing Slurm source code. With CLI Filter plugins, you can enforce custom submission policies — validate required flags, reject submissions missing attributes, or adjust job parameters at submission. This capability is available in all Regions where PCS is offered.

📈 Amazon Web Services announced that the Amazon CloudWatch Agent can now collect shared memory utilization metrics from Linux hosts running on Amazon EC2 or in on‑premises environments. This complements existing memory metrics (free, used, cached) and captures memory used by large enterprise databases and in‑memory applications. Administrators can enable the feature in the agent configuration file to obtain accurate total memory usage for sizing and optimization. The capability is available in all commercial and AWS GovCloud (US) Regions; CloudWatch custom metrics pricing applies.

🌐 Amazon Web Services now supports IPv6 addresses for AWS PrivateLink Gateway and Interface VPC endpoints for Amazon S3. To enable IPv6 connectivity on new or existing S3 endpoints, set the IP address type to IPv6 or Dualstack; S3 will update route tables for gateway endpoints and provision ENIs with IPv6 for interface endpoints. IPv6 for S3 VPC endpoints is available in all AWS Commercial Regions and AWS GovCloud (US) Regions at no additional cost, and can be configured via the Console, CLI, SDK, or CloudFormation.

🚀Amazon Web Services has launched EC2 C7i-flex instances in the Middle East (UAE), offering up to 19% better price performance versus C6i. Powered by AWS-exclusive 4th generation Intel Xeon Scalable (Sapphire Rapids) custom processors and priced about 5% below C7i, these instances cover common sizes from large through 16xlarge. They target web and application servers, caches, databases, Apache Kafka, Elasticsearch and other compute-intensive workloads that don’t fully utilize all vCPUs. For sustained heavy-CPU needs or very large configurations, customers can continue to use standard C7i instances.

🚀 Amazon Web Services has added High Memory U7i instances to AWS GovCloud, offering 12TiB (u7i-12tb.224xlarge) and 16TiB (u7in-16tb.224xlarge) in GovCloud (US-West) and 24TiB (u7in-24tb.224xlarge) in GovCloud (US-East). These 7th‑generation instances use custom 4th‑generation Intel Xeon Scalable (Sapphire Rapids) processors, provide 896 vCPUs and DDR5 memory, and support ENA Express. The u7i-12tb delivers up to 100Gbps network and EBS throughput while the 16tb and 24tb variants deliver up to 200Gbps, making them well suited for mission‑critical in‑memory databases like SAP HANA, Oracle, and SQL Server.

🧠 Amazon RDS for Oracle now offers R7i memory-optimized preconfigured instances powered by custom 4th Gen Intel Xeon Scalable processors, the AWS Nitro System, and DDR5 memory. These instances provide up to a 64:1 memory-to-vCPU ratio and higher storage I/O per vCPU, enabling many Oracle workloads to reduce vCPU counts without performance loss. Available under BYOL for Oracle Database Enterprise Edition and Standard Edition 2, R7i can lower Oracle licensing and support costs while meeting high-performance requirements.

🚀 This post explains how an external KV Cache backed by Google Cloud Managed Lustre can accelerate transformer inference and lower costs by offloading expensive prefill compute to I/O. In experiments with a 50K token context and ~75% cache-hit, Managed Lustre increased inference throughput by 75% and cut mean time-to-first-token by 44%. The analysis projects a 35% TCO reduction and up to ~43% fewer GPUs for the same workload, and the article summarizes practical steps: provision Managed Lustre in the same zone, deploy an inference server that supports external caching (for example vLLM), enable o_direct, and tune I/O parallelism.

🧟 Cloudflare details 'BGP zombies' — routes that remain in the Default-Free Zone after a withdrawal due to path hunting, delayed processing, or MRAI timers. Through experiments and BYOIP on-demand tests, they show how more-specific withdrawals can trigger loops and long-lived reachability issues, often worse on IPv4. Cloudflare proposes graceful draining, a multi-step BYOIP failover using same-length native announcements, and vendor adoption of RFC9687 to reduce impact.