5/15/2024, 12:00:00 AM ~ 5/16/2024, 12:00:00 AM (UTC)
Recent Announcements
Amazon Detective adds support for EKS audit logs in Security Lake integration
Amazon Detective now supports retrieving Amazon Elastic Kubernetes Service (Amazon EKS) audit logs from Amazon Security Lake. With this launch, Detective customers leveraging the Security Lake integration can query and analyze Amazon EKS audit logs in addition to AWS CloudTrail and Amazon VPC Flow Logs. This enhancement enables more comprehensive investigations into potential security issues involving Amazon EKS workloads. By integrating Amazon EKS audit logs, Detective provides security analysts with deeper visibility into Kubernetes API calls and activities within EKS clusters. Amazon Detective is a managed security service that simplifies the investigation process by building data aggregations, summaries, and visualizations based on security findings and activity logs. Alongside EKS support, Detective now supports OCSF v1.1.0, enchancing query performance for your security analytics. This allows for more effective threat detection, incident response, and compliance auditing for containerized applications. The integration seamlessly surfaces relevant Amazon EKS logs during investigations, accelerating the analysis process without the need to switch between multiple tools. This new capability is available in all AWS Regions where both Amazon Detective and Amazon Security Lake are available. For the list of supported Regions, refer to the AWS Regional Services list. To get started, visit the Detective console and enable the Security Lake integration. You can find guidance on querying Amazon EKS audit logs in the Amazon Detective User Guide. For more information about Amazon Detective, visit the service page.
AWS Shield Advanced is now available in Canada West (Calgary) Region
Starting today, you can use AWS Shield Advanced in the AWS Canada West (Calgary) Region. AWS Shield Advanced is a managed application security service that safeguards applications running on AWS from distributed denial of service (DDoS) attacks. Shield Advanced provides always-on detection and automatic inline mitigations that minimize application downtime and latency. Also, it provides protections against more sophisticated and larger attacks for your applications running on Amazon Elastic Compute Cloud (EC2), Amazon Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53. To learn more visit, the AWS Shield Advanced product page. For a full list of AWS regions where AWS Shield Advanced is available, visit the AWS Regional Services page. AWS Shield Advanced pricing may vary between regions. For more information about pricing, visit the AWS Shield Pricing page.
Amazon Managed Grafana now supports Grafana version 10.4
Customers can now run Amazon Managed Grafana workspaces with Grafana version 10.4. This release includes features that were launched as a part of open source Grafana versions 9.5 to 10.4, including Correlations, Subfolders, and new visualization panels such as Data Grid, XY chart and Trend panel. This release also introduces new configuration APIs to manage service accounts and tokens for Amazon Managed Grafana workspaces. Service Accounts, replace API keys as the primary way to authenticate applications with Grafana APIs using Service Account Tokens. These new APIs eliminate the need to manually create Service accounts, enabling customers to fully automate their provisioning workflows. With correlations, customers can define relationships between different data sources, rendered as interactive links in Explore visualizations that trigger queries on the related data source; carrying forward data like namespace, host, or label values, enabling root cause analysis with a diverse set of data sources. Subfolders enable nested hierarchy of folders with nested layers of permissions, allowing customers to organize their dashboards to reflect their organization’s hierarchy. To explore the complete list of new features, please refer to our user documentation. Grafana version 10.4 is supported in all AWS regions where Amazon Managed Grafana is generally available. You can create a new Amazon Managed Grafana workspace or upgrade your existing 9.4 workspace to 10.4 from the AWS Console, SDK, or CLI. Check out the Amazon Managed Grafana user guide and Amazon Managed Grafana API Reference for detailed documentation.
Amazon VPC Lattice now supports TLS Passthrough
Today, AWS announces the general availability of TLS Passthrough for Amazon VPC Lattice, which allows customers to enable end-to-end authentication and encryption using their existing TLS/mTLS implementations. Prior to this launch, VPC Lattice supported HTTP and HTTPS listener protocols only, which terminates TLS and performs request level routing and load balancing based on information in HTTP headers. With this launch, you can configure a TLS listener, which routes traffic based on the server name indicator (SNI) field of a TLS/mTLS connection, allowing you to perform end-to-end authentication and encryption between your TCP and HTTP services without terminating TLS in VPC Lattice. For more information, visit the Amazon VPC Lattice product detail page and TLS pass-through documentation. For details on pricing, please visit the VPC Lattice pricing page.
AWS HealthImaging supports cross account data imports
AWS HealthImaging now supports cross-account and cross-region import jobs. With this release, customers can directly import DICOM data from any S3 bucket owned by their organization, owned by collaborators, or from publicly available sources like the Registry of Open Data on AWS (RODA). Customers can import data from an S3 bucket in a different region than their data stores as long as that bucket is in a region where HealthImaging is available. To run cross-account DICOM import jobs, the S3 bucket owner must grant the data store owner list bucket and get object permissions, and the data store owner must add the bucket to their IAM ImportJobDataAccessRole. This makes it easy to load publicly available open data sets like the Imaging Data Commons (IDC) Collections. Medical imaging SaaS products can now easily import DICOM data from their customers’ accounts. Large organizations can populate one HealthImaging data store from many S3 input buckets distributed across their multi-account environment and researchers can easily and securely share data across multi-institution clinical studies. AWS HealthImaging is a HIPAA-eligible service that empowers healthcare providers and their software partners to store, analyze, and share medical images at petabyte scale. With AWS HealthImaging, you can run your medical imaging applications at scale from a single, authoritative copy of each medical image in the cloud, while reducing infrastructure costs. AWS HealthImaging is generally available in the following AWS Regions: US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), and Europe (Ireland). To learn more, visit AWS HealthImaging.
Amazon RDS for PostgreSQL announces Extended Support minor 11.22-RDS.20240418
Amazon Relational Database Service (RDS) for PostgreSQL announces Amazon RDS Extended Support minor version 11.22-RDS.20240418. We recommend that you upgrade to this version to fix known security vulnerabilities and bugs in prior versions of PostgreSQL. Amazon RDS Extended Support provides you more time, up to three years, to upgrade to a new major version to help you meet your business requirements. During Extended Support, Amazon RDS will provide critical security and bug fixes for your MySQL and PostgreSQL databases on Aurora and RDS after the community ends support for a major version. You can run your PostgreSQL databases on Amazon RDS with Extended Support for up to three years beyond a major version’s end of standard support date. Learn more about Extended Support in the Amazon RDS User Guide. You are able to leverage automatic minor version upgrades to automatically upgrade your databases to more recent minor versions during scheduled maintenance windows. Learn more about upgrading your database instances, including minor and major version upgrades, in the Amazon RDS User Guide. Amazon RDS for PostgreSQL makes it simple to set up, operate, and scale PostgreSQL deployments in the cloud. See Amazon RDS for PostgreSQL Pricing for pricing details and regional availability. Create or update a fully managed Amazon RDS database in the Amazon RDS Management Console.
AWS CodeBuild now supports connecting to an Amazon VPC from reserved capacity
AWS CodeBuild now supports connecting your fleet of reserved Linux hosts to your Amazon VPC. Reserved capacity allows you to provision a fleet of CodeBuild hosts that persist your build environment. These hosts remain available to receive subsequent build requests, which reduces build start-up latencies. With this feature, you can use reserved capacity to compile your software within your VPC and access resources such as Amazon Relational Database Service, Amazon ElastiCache, or any service endpoints that are only reachable from within a specific VPC. Configuring reserved capacity to connect to your VPC also secures your builds by applying the same network access controls as defined in your security groups. This feature is available in US East (N. Virginia), US East (Ohio), US West (Oregon), South America (Sao Paulo), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Mumbai), Europe (Ireland), and Europe (Frankfurt). To learn more about CodeBuild’s reserved capacity, see running builds on reserved capacity. To learn more about CodeBuild’s support for connecting to VPC, see configuring builds with VPC.
Amazon EKS announces native support for autoscaling CoreDNS Pods
Today, AWS announces general availability of CoreDNS autoscaling capabilities for Amazon EKS clusters. This feature allows you to scale capacity of DNS server instances to meet the ever-changing capacity needs of your services without the overhead of managing custom solutions. Organizations are standardizing on Kubernetes as their compute infrastructure platform to build scalable, containerized applications. Scaling CoreDNS Pods is key to ensure reliable DNS resolution by distributing the query load across multiple instances, and provide high availability for applications and services. With this launch, you no longer need to pre-configure the scaling parameters and deploy a client on each cluster to monitor the capacity and scale accordingly. EKS manages the autoscaling of DNS resources when you use the CoreDNS EKS add-on. This feature works for CoreDNS v1.9 and EKS release version 1.25 and later. For more information about which versions are compatible with CoreDNS autoscaling, visit Amazon EKS documentation. You can benefit from the simplified out-of-box managed option that requires minimal configuration and helps improve the resiliency of your applications. We recommend using this feature in conjunction with other EKS Cluster Autoscaling best practices to improve overall application availability and cluster scalability. Autoscaling capabilities for CoreDNS Pods are available in all regions where Amazon EKS is available. To get started, visit the Amazon EKS documentation.
Amazon Connect Contact Lens now provides analytics for Flows and Flow Modules
Amazon Connect Contact Lens now offers analytics for Flows and Flow Modules, enabling you to identify emergent issues (e.g., a spike in contacts unexpectedly dropping from a flow), monitor usage patterns (e.g., most used flows or modules, an increasing trend in duration), and measure the impact of configuration changes across your customer or agent experiences including guides and task automation. From the Flows performance dashboard, you can view and compare real-time and historical aggregated performance, trends, and insights over custom-defined time periods (e.g., week over week), helping you answer questions such as “how many contacts dropped out of my contact center before reaching a queue?” or “how long does it take for contacts to navigate through my end-customer self-service voice flow?” These metrics are also available programmatically via the existing GetMetricsDataV2 API. These features are available in all AWS regions where Amazon Connect is available. To learn more about flow analytics and the flows performance dashboard, see the Amazon Connect Administrator Guide and Amazon Connect API Reference. To learn more about Amazon Connect, the AWS contact center as a service solution on the cloud, please visit the Amazon Connect website.
AWS Blogs
AWS Japan Blog (Japanese)
- Meta’s Rama 3 model is now available on Amazon Bedrock
- Amazon Bedrock model evaluations are now generally available
- Running Generative AI Applications on AWS: Part 1 — LLMOps Solution Overview
- AWS Weekly Roundup: New features like Amazon Bedrock, AWS Amplify Gen 2, Amazon RDS, etc. (May 13, 2024)
- Implementing Health Information Guidelines on the Cloud — Network Part 2
- The benefits of content personalization in digital media
- Use AWS Lambda to filter and stream logs from an Amazon S3 log bucket to Splunk
AWS Cloud Operations & Migrations Blog
- Announcing the AWS Well-Architected Mergers and Acquisitions Lens
- Amazon Managed Grafana announces support for Grafana version 10.4
AWS Big Data Blog
AWS Database Blog
- Encrypt your database connection using SSL encryption to Amazon RDS Custom for SQL Server
- Data migration strategies to Amazon RDS for Db2
- Enforce row-level security with the RDS Data API
Integration & Automation
AWS for Industries
- Highly Resilient Affirm Checkout Architecture
- Announcing the AWS Well-Architected Financial Services Industry Lens
AWS Machine Learning Blog
- Build a serverless exam generator application from your own lecture content using Amazon Bedrock
- Accelerate NLP inference with ONNX Runtime on AWS Graviton processors
- Learn how Amazon Ads created a generative AI-powered image generation capability using Amazon SageMaker