All news with #serverless security tag

📦 AWS introduces the Agent Plugin for AWS Serverless, which integrates AI coding assistants like Kiro, Claude Code, and Cursor to simplify building, deploying, troubleshooting, and managing serverless applications. The plugin packages reusable agent skills, sub-agents, hooks, and MCP servers to provide contextual guidance across the development lifecycle. It supports Lambda integrations with common event sources, IaC workflows via SAM and CDK, long‑running stateful patterns with durable functions, and API design with API Gateway. Skills are distributed in the open Agent Skills format and are available in AI tooling that supports agent plugins or skills.

🚀 Amazon Aurora PostgreSQL introduces an express configuration that creates serverless clusters and enables query execution in seconds. These clusters are provisioned outside a VPC with an internet access gateway that supports the full PostgreSQL wire protocol and multi‑AZ availability. IAM-based passwordless admin authentication is enabled by default, and the tier is available under the AWS Free Tier. Use the RDS Console, AWS CLI, or SDKs to deploy.

🚀 Cloudflare's Dynamic Worker Loader API enables Workers to instantiate isolated JavaScript sandboxes at runtime, letting LLM-generated code run securely and on-demand. Using lightweight V8 isolates rather than containers, Dynamic Workers start in milliseconds, are far more memory efficient, and scale across Cloudflare's edge. The feature supports TypeScript RPC interfaces, credential injection for outbound HTTP, and helper libraries for bundling, virtual filesystems, and Code Mode integration.

🔔 AWS has announced the developer preview of the Lambda Durable Execution SDK for Java, enabling Java 17+ developers to build resilient, multi-step serverless applications without custom progress tracking. The SDK adds automatic checkpointing, wait primitives that suspend execution for up to a year, and durable futures for callback-based flows. Paused on-demand functions are not billed for duration, and the preview includes samples and guidance to get started.

🛡️ This article presents a layered, AI-enhanced defense-in-depth architecture for protecting serverless microservices on AWS. It outlines seven security layers—from edge DDoS and WAF protections to identity, API gateway controls, network isolation, compute hardening, secrets management, and data encryption—integrating GuardDuty, Cognito, API Gateway, Secrets Manager, and DynamoDB. The guidance emphasizes continuous monitoring, automated incident response using Amazon Bedrock and EventBridge, and operational practices that balance security, compliance, and developer velocity.

🚀 Cloud Run now supports NVIDIA RTX PRO 6000 Blackwell GPUs in preview, enabling serverless deployment of large inference models such as Gemma 3 27B and Llama 3.1 70B. The GPUs provide 96GB vGPU memory, 1.6 TB/s bandwidth and support for FP4 and FP6 precision. Cloud Run pre-installs drivers, offers rapid GPU startup and autoscaling to zero, and integrates with Cloud Storage and IAP for production use.

🔒 Cloudflare describes a proof-of-concept Matrix homeserver implemented on Cloudflare Workers, porting core logic from Synapse to a TypeScript service. By mapping Postgres to D1, Redis to KV, filesystem to R2, and coordination to Durable Objects, the architecture removes much of the traditional operational burden. The Worker preserves full Matrix E2EE (Megolm) while TLS automatically negotiates a post-quantum hybrid key agreement (X25519MLKEM768), delivering lower latency, usage-based cost scaling, and global distribution.

🔒 Cloudflare ported a Matrix homeserver to Cloudflare Workers as a proof-of-concept, combining edge execution with built-in post-quantum TLS to reduce operational burden. The implementation remaps traditional components — Postgres to D1, Redis to KV, filesystem to R2, and coordination to Durable Objects — to provide strong consistency where needed and near-zero idle cost. End-to-end encryption remains client-side via Megolm, so Workers terminate TLS but only handle ciphertext. The result is a low-latency, easy-to-deploy homeserver with automatic DDoS protection and request-based pricing.

🚀 Cloudflare has significantly upgraded Python Workers to support any package compatible with Pyodide, delivering a more complete Python-native developer experience. Rather than shipping a limited set of built-ins, developers can install pure-Python and many dynamic-library packages using the integrated uv tooling and pywrangler. Cloudflare also uses dedicated memory snapshots and its isolate-based architecture to achieve markedly faster cold starts than competing serverless options while keeping easy, global deployment and free-tier options.

🚀 Amazon EMR Serverless now provides fully managed serverless local storage for Apache Spark workloads, removing the need to provision disk type or size per application. The service offloads intermediate operations such as shuffle to an auto-scaling, encrypted serverless storage with job-level isolation, so customers pay only for compute and memory consumed. This reduces disk-related job failures and can lower costs by up to 20%. It is generally available for EMR release 7.12 and later.

🆕 AWS Lambda now supports creating serverless applications with Node.js 24, available as both a managed runtime and a container base image. AWS will automatically apply updates to the managed runtime and base image as they become available, and the runtime is offered in all Regions including GovCloud (US) and China. The release emphasizes modern async/await handlers and removes callback-based handlers; Lambda@Edge and Powertools for AWS Lambda (TypeScript) are also supported, and standard AWS deployment tools (Console, CLI, SAM, CDK, CloudFormation) can be used to deploy Node.js 24 functions.

🚀 Amazon launched MWAA Serverless, a managed, serverless deployment option for Apache Airflow that eliminates infrastructure management and bills only for actual task compute time. Workflows can be authored as YAML configurations or Python DAGs and leverage over 80 AWS Operators from Airflow v3.0. Each workflow runs in isolation with distinct IAM permissions while the service automatically provisions and scales resources across supported regions.

🌐 Cloudflare announced the open beta of Workers VPC Services, enabling Workers to securely reach APIs, containers, VMs, serverless functions and databases inside regional private networks via Cloudflare Tunnels. Developers register services by hostname or IP and bind them to Workers, with access verified at deploy time to restrict Workers to only the declared service. The model reduces cloud lock‑in, mitigates SSRF risk, and is available free during the beta.

🚀 Starting today, AWS lets you add warm pools to EC2 Auto Scaling groups (ASGs) that use mixed instances policies. Warm pools maintain a set of pre-initialized EC2 instances that can rapidly serve traffic, reducing scale‑out latency for workloads with lengthy initialization tasks like large disk writes or complex scripts. The capability supports manual instance type lists and attribute-based selection, and is available via the Console, SDKs, and CLI in all public AWS Regions and AWS GovCloud (US). Combining warm pools with instance type flexibility helps ASGs scale to their maximum size quickly while improving availability across multiple instance types.

🧰 Amazon Bedrock AgentCore Runtime now supports two deployment methods: direct code-zip upload and container-based deployment. Developers can use drag-and-drop code-zip uploads for rapid prototyping or opt for container images when they need custom runtime configurations and dependencies. The serverless, model-agnostic runtime is designed to scale for production while maintaining enterprise security. This capability is available across nine AWS Regions with consumption-based pricing and no upfront costs.

🔧 AWS Serverless Application Model CLI (SAM CLI) now supports Finch as an alternative to Docker for local container-based development and testing. Developers can continue to build, test, debug, and package serverless applications locally using the same SAM CLI workflows, including sam build, sam local invoke, sam local start-api, and sam local start-lambda. SAM CLI will automatically detect and use Finch when Docker is not available, and you can also set Finch explicitly as your preferred container tool. Finch is an open-source, AWS-supported project that offers an additional choice for local serverless tooling.

🧊 Cloudflare describes a new Worker sharding technique that uses a consistent hash ring to route requests to existing Worker instances across a data center, reducing cold starts. The approach trades a sub-millisecond proxy hop for far fewer expensive cold starts, improving memory efficiency and latency. The system leverages Cap'n Proto RPC to implement optimistic forwarding, lazy capabilities, and seamless context transfer for nested Worker invocations.

🚀 Eventarc Advanced is now generally available as a unified, serverless eventing platform that centralizes real-time filtering, transformation, management, and delivery for complex microservices environments. It extends Eventarc Standard with a Publish API and a central message bus built on Envoy, enabling per-message access control, multi-format payload handling (Avro, JSON, Protobuf), and built-in routing and observability. The platform is designed to simplify development with a single API while giving platform operators centralized governance, monitoring, and reliable delivery across hybrid and multi-cloud topologies.

🚀 Firestore with MongoDB compatibility is now generally available on Google Cloud. This launch lets developers run existing MongoDB drivers, code, and tools against a MongoDB-compatible API implemented on Firestore's serverless database, combining MongoDB ecosystem compatibility with Firestore’s multi-region replication, strong consistency, and pay-as-you-go pricing. New capabilities include over 200 API and query features (including $lookup and unique indexes), Firestore Studio enhancements, and Eventarc triggers for change data capture. Enterprise functions such as Point-in-Time Recovery, database cloning, and managed export/import support production and compliance workflows.