6/11/2024, 12:00:00 AM ~ 6/12/2024, 12:00:00 AM (UTC)
Recent Announcements
Amazon SES now provides custom values in the Feedback-ID header
Today, Amazon Simple Email Service (SES) released a new feature to give customers control over parts of the auto-generated Feedback-ID header in messages sent through SES. This feature provides additional details to help customers identify deliverability trends. Customers can use products like PostMaster Tools by Gmail to see complaint rates by identifiers of their choice, such as sender identity or campaign ID. This makes it easier to track deliverability performance associated with independent workloads and campaigns, and accelerates troubleshooting when diagnosing complaint rates.\n Previously, SES automatically generated a Feedback-ID header when sending emails on behalf of SES customers. This Feedback-ID helps customers track their deliverability performance, such as complaint rates, at the AWS account level. Now SES includes up to two custom values in the Feedback-ID header, which customers can pass to SES during sending. Customers specify message tag values for either “ses:feedback-id-a” or “ses:feedback-id-b” (or both), and SES automatically includes these values as the first and second fields in the Feedback-ID header (respectively). This gives even more granularity when viewing deliverability metrics in tools such as PostMaster Tools by Gmail. SES supports fine grained Feedback-ID in all AWS regions where SES is available. For more information, see the documentation for SES event publishing.
AWS CloudTrail Lake announces AI-powered natural language query generation (preview)
AWS announces generative AI-powered natural language query generation in AWS CloudTrail Lake (preview), enabling you to simply analyze your AWS activity events without having to write complex SQL queries. Now you can ask questions in plain English about your AWS API and user activity, such as “How many errors were logged during the past week for each service and what was the cause of each error?” or “Show me all users who logged in using console yesterday”, and AWS CloudTrail will generate a SQL query, which you can run as is or fine-tune to meet your use case.\n This new feature empowers users who are not experts in writing SQL queries or who don’t have a deep understanding of CloudTrail events. As a result, exploration and analysis of AWS activity in event data stores on CloudTrail Lake becomes simpler and quicker, accelerating compliance, security, and operational investigation. This feature is now available in preview in AWS US East (N. Virginia) at no additional cost. Please note that running the queries generated using this feature will result in CloudTrail Lake query charges. Refer to CloudTrail pricing for details. To learn more about this feature and get started, please refer to the documentation or the AWS News Blog.
Amazon Connect now provides color coding for shift activities in agent scheduling
Amazon Connect now provides color coding for shift activities in agent scheduling, enabling a simplified experience for contact center managers and agents. With this launch, you can now configure colors for agent shift activities, such as red for breaks and lunches, green for team meetings, and purple for trainings. With customizable colors, managers can quickly see how different activities are placed in agent schedules (e.g. is more than half the team doing a training at the same time, does the team meeting include everyone, etc.). This launch also simplifies the experience for agents as they can easily understand their schedule at-a-glance for the week without having to read through each scheduled activity. Customizable colors make day-to-day schedule management more efficient for managers and agents.
AWS Audit Manager generative AI best practices framework now includes Amazon SageMaker
Available today, the AWS Audit Manager generative AI best practices framework now includes Amazon SageMaker in addition to Amazon Bedrock. Customers can use this prebuilt standard framework to gain visibility into how their generative AI implementation on SageMaker or Amazon Bedrock follows AWS recommended best practices and start auditing their generative AI usage and automating evidence collection. The framework provides a consistent approach for tracking AI model usage and permissions, flagging sensitive data, and alerting on issues.\n This framework includes 110 controls across areas such as governance, data security, privacy, incident management, and business continuity planning. Customers can select and customize controls to structure automated assessments. For example, customers seeking to mitigate known biases before feeding data into their model can use the ‘Pre-processing Techniques’ control to require evidence of validation criteria including documentation of data augmentation, re-weighting, or re-sampling. Similarly, customers can use the ‘Bias and Ethics Training’ control to upload documentation demonstrating that their workforce is trained to address ethical considerations and AI bias in the model.
AWS Cloud WAN introduces Service Insertion to simplify security inspection at global scale
Today AWS announces Service Insertion, a new feature of AWS Cloud WAN that simplifies the integration of security and inspection services into the Cloud WAN based global networks. Using this feature, you can easily steer your global network traffic between Amazon VPCs (Virtual Private Cloud), AWS Regions, on-premises locations, and Internet via security appliances or inspection services using central Cloud WAN policy or the AWS management console.\n Customers deploy inspection services or security appliances such as firewalls, intrusion detection/protection systems (IDS/IPS) and secure web gateways to inspect and protect their global Cloud WAN traffic. With Service Insertion, customers can easily steer multi-region or multi-segment network traffic to security appliances or services without having to create and manage complex routing configurations or third-party automation tools. Using service insertion, you define your inspection and routing intent in a central policy document and your configuration is consistently deployed across your Cloud WAN network. Service insertion works with both AWS Network Firewall and third-party security solutions, and makes it easy to perform east-west (VPC-to-VPC) and north-south (Internet Ingress/Egress) security inspection across multiple AWS Regions and on-premises locations across the globe.
AWS IAM Access Analyzer now offers policy checks for public and critical resource access
AWS Identity and Access Management (IAM) Access Analyzer guides customers toward least privilege by providing tools to set, verify, and refine permissions. IAM Access Analyzer now extends custom policy checks to proactively detect nonconformant updates to policies that grant public access or grant access to critical AWS resources ahead of deployments. Security teams can use these checks to streamline their IAM policy reviews, automatically approving policies that conform with their security standards and inspecting more deeply when policies don’t conform. Custom policy checks use the power of automated reasoning to provide the highest levels of security assurance backed by mathematical proof.\n Security and development teams can innovate faster by automating and scaling their policy reviews for public and critical resource access. You can integrate these custom policy checks into the tools and environments where developers author their policies, such as their CI/CD pipelines, GitHub, and VSCode. Developers can create or modify an IAM policy, and then commit it to a code repository. If custom policy checks determine that the policy adheres to your security standards, your policy review automation lets the deployment process continue. If custom policy checks determine that the policy does not adhere to your security standards, developers can review and update the policy before deploying it to production.
AWS Identity and Access Management now supports passkey as a second authentication factor
AWS Identity and Access Management (IAM) now supports passkeys for multi-factor authentication to provide easy and secure sign-ins across your devices. Based on FIDO standards, passkeys use public key cryptography, which enables strong, phishing-resistant authentication that is more secure than passwords. IAM now allows you to secure access to AWS accounts using passkeys for multi-factor authentication (MFA) with support for built-in authenticators, such as Touch ID on Apple MacBooks and Windows Hello facial recognition on PCs. Passkeys can be created with a hardware security key or with your chosen passkey provider using your fingerprint, face, device PIN, and they are synced across your devices to sign-in with AWS.\n AWS Identity and Access Management helps you securely manage identities and control access to AWS services and resources. MFA is a security best practice in IAM that requires a second authentication factor in addition to the user name and password sign-in credentials. Passkey support in IAM is a new feature to further enhance MFA usability and recoverability. You can use a range of supported IAM MFA methods, including FIDO-certified security keys to harden access to your AWS accounts. This feature is available now in all AWS Regions, except in the China Regions. To learn more about using passkeys in IAM, get started by visiting the launch blog post and Using MFA in AWS documentation. To learn more:
Read more about how AWS will enhance MFA requirements in 2024
AWS IAM Access Analyzer now offers recommendations to refine unused access
AWS Identity and Access Management (IAM) Access Analyzer guides customers toward least privilege by providing tools to set, verify, and refine permissions. IAM Access Analyzer now offers actionable recommendations to guide you to remediate unused access. For unused roles, access keys, and passwords, IAM Access Analyzer provides quick links in the console to help you delete them. For unused permissions, IAM Access Analyzer reviews your existing policies and recommends a refined version tailored to your access activity.\n As a central security team member, you can use IAM Access Analyzer to gain visibility into unused access across your AWS organization and automate how you rightsize permissions. Security teams set up automated workflows to notify their developers about new IAM Access Analyzer findings. Now, you can include step-by-step recommendations provided by IAM Access Analyzer to notify and simplify how developers refine unused permissions. This feature is offered at no additional cost with unused access findings and is a part of the growing Cloud Infrastructure Entitlement Management capabilities at AWS. The recommendations are available in AWS Commercial Regions, excluding the AWS GovCloud (US) Regions and AWS China Regions. To learn more about IAM Access Analyzer unused access analysis:
Read a blog post to learn about setting up unused access analysis
Read more about utilizing unused access recommendations
Learn more in the documentation
Detect malware in new object uploads to Amazon S3 with Amazon GuardDuty
Today, Amazon Web Services (AWS) announces the general availability of Amazon GuardDuty Malware Protection for Amazon S3. This expansion of GuardDuty Malware Protection allows you to scan newly uploaded objects to Amazon S3 buckets for potential malware, viruses, and other suspicious uploads and take action to isolate them before they are ingested into downstream processes.\n GuardDuty helps customers protect millions of Amazon S3 buckets and AWS accounts. GuardDuty Malware Protection for Amazon S3 is fully managed by AWS, alleviating the operational complexity and overhead that normally comes with managing a data-scanning pipeline, with compute infrastructure operated on your behalf. This feature also gives application owners more control over the security of their organization’s S3 buckets; they can enable GuardDuty Malware Protection for S3 even if core GuardDuty is not enabled in the account. Application owners are automatically notified of the scan results using Amazon EventBridge to build downstream workflows, such as isolation to a quarantine bucket, or define bucket policies using tags that prevent users or applications from accessing certain objects.
AWS Private CA introduces Connector for SCEP for mobile devices (Preview)
AWS Private Certificate Authority (AWS Private CA) launches the Connector for SCEP, which lets you use a managed and secure cloud certificate authority (CA) to enroll mobile devices securely and at scale. Simple Certificate Enrollment Protocol (SCEP) is a protocol widely adopted by mobile device management (MDM) solutions for getting digital identity certificates from a CA and enrolling corporate-issued and bring-your-own-device (BYOD) mobile devices. With the Connector for SCEP, you use a managed private CA with a managed SCEP solution to reduce operational costs, simplify processes, and optimize your public key infrastructure (PKI). Additionally, the Connector for SCEP lets you use AWS Private CA with industry-leading SCEP-compatible MDM solutions including Microsoft Intune and Jamf Pro.\n The Connector for SCEP is one of three connector types offered for AWS Private CA. Connectors allow you to replace your existing CAs with AWS Private CA in environments that have an established native certificate distribution solution. This means that instead of using multiple CA solutions, you can utilize a single private CA solution for your enterprise. You benefit from comprehensive support, extending to Kubernetes, Active Directory, and, now, mobile devices. During the preview period, Connector for SCEP is available in the following AWS Regions: US East (N. Virginia). This feature is offered at no additional charge, you only pay for the AWS Private CAs and the certificates issued from them. To get started, see the Getting started guide or go to the Connector for SCEP console.
AWS Blogs
AWS Japan Blog (Japanese)
- KDDI Agile Development Center’s Generative AI Development Initiatives: Deploying Amazon Bedrock Integrated Chatbots to 4 Group Companies
- Simplify risk and compliance assessments using AWS Audit Manager’s new common control library
- Meet the new AWS Heroes — June 2024
- Introducing First Trade’s AWS-generated AI case “Achieving automatic documentation of sea conditions with Amazon Bedrock and the Ocean Information API”
- AWS-Generated AI Case Study by Rare Job Technologies: Using Amazon Bedrock to Improve English Conversation Lesson Reports
- Accelerate development refresh cycles and optimize costs with Amazon FSx for NetApp ONTAP cloning
AWS Japan Startup Blog (Japanese)
AWS News Blog
- AWS Audit Manager extends generative AI best practices framework to Amazon SageMaker
- Simplify AWS CloudTrail log analysis with natural language query generation in CloudTrail Lake (preview)
- Introducing Amazon GuardDuty Malware Protection for Amazon S3
- IAM Access Analyzer Update: Extending custom policy checks & guided revocation
- AWS adds passkey multi-factor authentication (MFA) for root and IAM users
AWS Big Data Blog
AWS Database Blog
- Introducing the Advanced Python Wrapper Driver for Amazon Aurora
- Upgrade Amazon RDS for SQL Server 2014 to a newer supported version using the AWS CLI
- Near zero-downtime migrations from self-managed Db2 on AIX or Windows to Amazon RDS for Db2 using IBM Q Replication
AWS HPC Blog
- Call for participation: HPC tutorial series from the HPCIC
- Integrating Research and Engineering Studio with AWS ParallelCluster
AWS for Industries
AWS Machine Learning Blog
- Reimagining software development with the Amazon Q Developer Agent
- Get started quickly with AWS Trainium and AWS Inferentia using AWS Neuron DLAMI and AWS Neuron DLC
- Sprinklr improves performance by 20% and reduces cost by 25% for machine learning inference on AWS Graviton3
- How Wiz is empowering organizations to remediate security risks faster with Amazon Bedrock
AWS for M&E Blog
Networking & Content Delivery
AWS Security Blog
- AWS completes Police-Assured Secure Facilities (PASF) audit in the Europe (London) Region
- Implementing a compliance and reporting strategy for NIST SP 800-53 Rev. 5
- Passkeys enhance security and usability as AWS expands MFA requirements