2/6/2025, 12:00:00 AM ~ 2/7/2025, 12:00:00 AM (UTC)
Recent Announcements
AWS WAF Console adds new top insights visualizations in additional regions
AWS WAF’s console dashboard now includes richer visualizations that give you insights into the top sources of traffic in the AWS GovCloud (US). With this feature, customers with CloudWatch logging destinations can view a new top insights section within the all traffic dashboard.\n Customers previously used the all traffic dashboard, a default dashboard that populates visualizations based on CloudWatch metrics. As customers strive to continue gaining additional visibility into their traffic, they have requested richer visualizations based on logs in addition to visualizations based on CloudWatch metrics. Starting today, customers with CloudWatch logging destinations will have access to this new top insights section within the all traffic dashboard, which includes richer visualizations based on terminating rules, client IPs, URI path, and more. These top insights will enable customers to better understand their security posture, quickly identify anomalies, and optimize their WAF configurations accordingly. For example, if a customer sees more than expected traffic from an suspicious IP address, they can take steps to create a IP-blocking rule to address this anomaly. Standard CloudWatch pricing applies to metrics and logs queried through the dashboard. For more information about pricing, visit the AWS CloudWatch Pricing page. The feature is now available in the AWS GovCloud (US) for all origin types supported by WAF. For more information about the all traffic dashboard, visit the Developer Guide.
AWS IAM Identity Center now provides improved error messages to simplify troubleshooting when syncing users and groups. You can also build automated monitoring and auditing for these errors using the AWS CloudTrail logs.\n IAM Identity Center helps you securely connect your workforce identities and manage their access centrally across AWS accounts and applications. With improved error messaging, IAM Identity Center provides actionable information to troubleshoot provisioning issues as you sync your users and groups using SCIM or configurable AD sync. CloudTrail logs enable automated monitoring of synchronization processes and provide audit trails of provisioning issues. IAM Identity Center is available at no additional cost in all AWS Regions where it is supported. To learn more, see the AWS IAM Identity Center User Guide.
AWS Elemental MediaTailor now supports delivering logs to Amazon S3 and Amazon Data Firehose, in addition to Amazon CloudWatch Logs. Additionally, customers now receive 50 KB of MediaTailor logs per ad inserted (50,000 KB per 1,000 ads inserted) for free when delivering to supported destinations.\n Customers delivering MediaTailor logs to CloudWatch logs benefit from advanced log analytics features such as Live Tailing, Anomaly Detection, and Logs Insights as well as metrics and dashboards to monitor ad monetization. Delivery to S3 or Firehose enables offline analysis and real-time streaming to other AWS services and third-party tools. Usage over the free 50 KB per ad insert will be charged as per MediaTailor logs pricing. For details, please refer to the pricing section of the MediaTailor product page. Visit the AWS region table for a full list of AWS Regions where AWS Elemental MediaTailor is available. To learn more about MediaTailor, please visit the product page.
Amazon RDS for Oracle now supports January 2025 Release Update
Amazon Relational Database Service (Amazon RDS) for Oracle now supports the January 2025 Release Update (RU) for Oracle Database versions 19c and 21c.\n To learn more about Oracle RUs supported on Amazon RDS for each engine version, see the Amazon RDS for Oracle Release notes. If the auto minor version upgrade (AmVU) option is enabled, your DB instance is upgraded to the latest quarterly RU six to eight weeks after it is made available by Amazon RDS for Oracle in your AWS Region. These upgrades will happen during the maintenance window. To learn more, see the Amazon RDS maintenance window documentation. For more information about the AWS Regions where Amazon RDS for Oracle is available, see the AWS Region table.
Amazon MSK expands Express Brokers to 10 more AWS Regions
Amazon MSK has added support for Express brokers in all AWS Regions where Amazon MSK offers Graviton3 based M7g instances. You can now benefit from Amazon MSK Express brokers in ten additional AWS Regions: Asia Pacific (Mumbai), Europe (Paris), South America (Sao Paulo), Asia Pacific (Hyderabad), Asia Pacific (Seoul), Asia Pacific (Malaysia), Europe (London), Canada (Central), Europe (Spain), and Middle East (Bahrain).\n Express brokers are a new broker type for Amazon MSK Provisioned designed to deliver up to 3x more throughput per broker, scale up to 20x faster, and reduce recovery time by 90% as compared to standard Apache Kafka brokers. Express brokers come pre-configured with Kafka best practices by default, support all Kafka APIs, and provide the same low-latency performance that Amazon MSK customers expect, so they can continue using existing client applications without any changes. You can now create an MSK cluster with Express brokers in these AWS Regions from the Amazon MSK console. To learn more, check out this blog.
AWS Verified Access launches Zero Trust access to resources over non-HTTP(S) protocols
Today, AWS announces the general availability of AWS Verified Access’ support for secure access to resources that connect over protocols such as TCP, SSH, and RDP. With this launch, you can use Verified Access to provide secure VPN-less access to all your corporate applications and resources using AWS zero trust principles. This feature eliminates the need to manage separate access, and connectivity solutions for non-HTTP(S) resources on AWS and simplifies security operations.\n Verified Access allows admins to set access policies based on user identity and device posture. It evaluates access for new connections and continuously monitors active connections, terminating connections when security requirements specified in the access policies aren’t met. Now you can extend your existing Verified Access policies to enable secure access to non-HTTP(S) applications and resources such as databases, and SAP and git-repositories running on EC2 instances. For example, you can centrally define access policies granting product database access only to authenticated database administrators using compliant, managed devices. This simplifies your security operations by allowing you to centrally create, group, and manage access policies for all applications and resources with similar security requirements from a single interface. This feature is generally available in 18 AWS regions: US East (Ohio), US East (Northern Virginia), US West (N California), US West (Oregon), Canada (Central), Asia Pacific (Sydney), Asia Pacific (Jakarta), Asia Pacific (Tokyo), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Europe (Ireland), Europe (London), Europe (Frankfurt), Europe (Milan), Europe (Stockholm), South America (São Paulo), and Israel (Tel Aviv). To learn more, visit the product page, pricing page, and documentation.
AWS AppSync releases CDK L2 constructs to simplify creating WebSocket APIs
AWS AppSync Events allows developers to create serverless WebSocket APIs that can broadcast real-time data to millions of subscribers without managing infrastructure or connection state. Developers simply create their API, and publish events without having the worry about scale and handling fan-out. Today, AWS AppSync announces the release of AWS Cloud Development Kit (CDK) L2 constructs for AWS AppSync Events, enabling developers to programmatically create and manage Event APIs and channel namespaces using infrastructure as code. These new constructs simplify the process of creating Event APIs and managing access controls, reducing the complexity of integrating real-time capabilities into applications.\n The new L2 constructs provide a higher-level abstraction that makes it easier for developers to define AppSync Event APIs and their associated channel namespaces using familiar programming languages. Developers can now easily grant access to specific channel namespaces to AWS resources such as AWS Lambda functions, streamlining the integration between services. This eliminates the need to manually configure complex IAM permissions and reduces the potential for security misconfigurations. These CDK L2 constructs are available in all AWS Regions where AWS AppSync is available. To get started with the new AWS AppSync Events CDK L2 constructs, visit the AWS CDK API Reference documentation.
Amazon GuardDuty Malware Protection for S3 announces price reduction
Amazon GuardDuty Malware Protection for Amazon S3 provides a fully-managed offering to scan new object uploads to S3 bucket for malware. Starting February 1, 2025, we are lowering the price for the data scanned dimension by 85%. Over the past few months we have made improvements to our scanning infrastructure and data processing efficiencies, enabling us to reduce the price as part of our commitment to pass savings back to customers.\n GuardDuty Malware Protection for S3 is priced based on two dimensions: the number of objects evaluated and the amount of data scanned. We are lowering the price for the data scanned dimension, for example in US East (N. Virginia) from $0.60 to $0.09 per GB. The price for objects evaluated remains unchanged. With this price reduction, you will be more capable of building secure and cost-effective data pipelines on Amazon S3 for applications with untrusted uploads across the enterprise. The price reduction applies automatically to all AWS Regions where GuardDuty Malware Protection for S3 is available, requiring no action from customers. For additional information visit Amazon GuardDuty pricing page. To receive programmatic updates on new GuardDuty features and threat detections, subscribe to the Amazon GuardDuty AWS Simple Notification Service (SNS) topic.
Amazon Keyspaces is now available in Africa (Cape Town) Region
Amazon Keyspaces (for Apache Cassandra), a scalable, highly available, and fully managed Cassandra-compatible database service, is now available in the Africa (Cape Town) Region.\n With Amazon Keyspaces, you can run your Cassandra workloads on AWS using the same Cassandra application code and developer tools that you use today. The service is completely serverless, eliminating the need to provision, patch, or manage servers, or handle software installation and maintenance. You pay only for the resources you use, and tables automatically scale up and down based on application traffic. Amazon Keyspaces supports applications serving thousands of requests per second with virtually unlimited throughput and storage. The service includes built-in security features with encryption by default and continuous data backup capabilities through point-in-time recovery. For pricing information in the Africa (Cape Town) Region, visit Amazon Keyspaces (for Apache Cassandra) pricing. To see the complete list of AWS Regions where Amazon Keyspaces is available, check AWS Regional Services. To begin using Amazon Keyspaces in the Africa (Cape Town) Region, refer to Getting Started with Amazon Keyspaces (for Apache Cassandra) in the Amazon Keyspaces Developer Guide.
AWS Toolkit for Visual Studio Code now supports Amazon DocumentDB (with MongoDB compatibility)
AWS Toolkit for Visual Studio Code (VSCode) now includes Amazon DocumentDB (with MongoDB compatibility). This integration allows customers to use VS Code to view, create and manage Amazon DocumentDB resources.\n To get started, you can download the latest AWS-Toolkit extension from VSCode marketplace or update your AWS-Toolkit extension if you already have it installed in your VSCode environment. Then you can configure the extension with credentials for your AWS account and connect to AWS explorer in VSCode. Once connected, you can interact with the DocumentDB menu item to create DocumentDB clusters or manage your existing DocumentDB clusters. To learn more, see Amazon DocumentDB support in VSCode. Amazon DocumentDB is a fully managed, native JSON database that makes it simple and cost-effective to operate critical document workloads at virtually any scale without managing infrastructure. To learn more about Amazon DocumentDB, please visit the Amazon DocumentDB product page, pricing page and documentation.
Cost Optimization Hub supports more EC2 Auto Scaling group recommendations
Cost Optimization Hub now supports idle EC2 Auto Scaling group recommendations and rightsizing recommendations for EC2 Auto Scaling groups with scaling policies and multiple instance types. It also allows you to easily filter and aggregate EC2 Auto Scaling group cost optimization opportunities separately from standalone EC2 instances, making it easier to identify EC2 Auto Scaling groups with the highest cost-saving opportunities.\n With this launch, you can view, consolidate, and prioritize cost optimization opportunities for EC2 Auto Scaling groups across your organization’s member accounts and AWS Regions through a single dashboard. Cost Optimization Hub helps you quantify estimated savings from these recommendations, taking into account your specific discounts, such as Reserved Instances and Savings Plans, enabling you to easily compare and prioritize recommendations.
The new EC2 Auto Scaling group experience and recommendations are available in Cost Optimization Hub across all AWS Regions where Cost Optimization Hub and AWS Organizations are supported.
Reshape your AWS CloudFormation stacks seamlessly with stack refactoring
AWS CloudFormation introduces a new capability called stack refactoring that makes it easy to reorganize cloud resources across your CloudFormation stacks. Stack refactoring enables you to move resources from one stack to another, split monolithic stacks into smaller components, and rename the logical name of resources within a stack. This enables you to adapt your stacks to meet architectural patterns, operational needs, or business requirements.\n As your workloads scale and requirements evolve, re-architecting resources into a new stack structure can become necessary. For example, you may need to split a monolithic stack for easier resource lifecycle management or rename resource logical IDs to align with new naming conventions. Previously, refactoring a stack required multiple manual steps, such as updating templates to retain targeted resources, removing them from current stacks, and then importing them into new stacks. Stack refactoring improves the speed and safety of this process. To refactor a stack, you first provide the CloudFormation templates that reflect the desired stack structure. Then, you generate a preview of the refactor operation, allowing you to confirm that the refactoring changes align with your requirements. If the planned changes meet your expectations, you can execute the refactor operation through an atomic workflow. This new capability enables seamless and continuous adaptation to evolving architectural patterns. Stack refactor is available in all AWS Regions where CloudFormation is supported. To get started, update your CloudFormation templates to reflect the desired stack structure, then use the AWS CLI or SDK to perform the refactor operation. Visit our user guide to learn more about this feature.
Amazon Q Developer introduces a new, simplified setup experience for Pro tier subscriptions
Today, we are excited to announce a new onboarding experience that makes it easy to set up and manage Amazon Q Developer Pro tier subscriptions. The workflow on Amazon Q console has been redesigned to provide a friendlier 2-step setup for users or teams that are looking to try out Amazon Q Developer in their Integrated Development Environment (IDE).\n AWS account administrators can create subscriptions using the Amazon Q console for their standalone or AWS Organizations member accounts using a guided setup to create local users and configure Amazon Q Developer managed applications. Once the setup is complete, subscribed users will receive details on setting up credentials to start using Amazon Q Developer. After installation of the Amazon Q Developer plugin in their preferred IDE, users can leverage context-aware code recommendations and enhanced development capabilities to accelerate their software development. Administrators in the Organizations management accounts will continue to maintain their existing IAM Identity Center capabilities to manage workforce access to Amazon Q Developer. To learn more about the new getting started experience, visit Amazon Q Developer User Guide. To get started with Amazon Q Developer, visit the AWS Console.
Amazon Personalize now supports Internet Protocol Version 6 (IPv6)
Amazon Personalize introduces dual stack support for the Personalize API endpoints, enabling you to connect using Internet Protocol Version 6 (IPv6), Internet Protocol Version 4 (IPv4), or dual stack clients. Dual stack support is also available when you privately access the Personalize API endpoint from your Amazon Virtual Private Cloud (VPC) using AWS PrivateLink.\n The urgency to transition to Internet Protocol version 6 (IPv6) is driven by the continued growth of internet, which is exhausting available Internet Protocol version 4 (IPv4) addresses. With simultaneous support for both IPv4 and IPv6 clients on Personalize endpoints, you are able to gradually transition from IPv4 to IPv6 based systems and applications, without needing to switch all over at once. This enables you to help meet IPv6 compliance requirements and removes the need for expensive networking equipment to handle the address translation between IPv4 and IPv6. Support for IPv6 on Amazon Personalize in all supported regions. To learn more on best practices for configuring IPv6, see the whitepaper on IPv6 in AWS.
AWS Blogs
AWS Japan Blog (Japanese)
AWS Big Data Blog
AWS DevOps & Developer Productivity Blog
AWS Machine Learning Blog
- Fine-tune and host SDXL models cost-effectively with AWS Inferentia2
- How Aetion is using generative AI and Amazon Bedrock to translate scientific intent to results
AWS for M&E Blog
AWS Security Blog
- 2024 PiTuKri ISAE 3000 Type II attestation report available with 179 services in scope
- 2024 FINMA ISAE 3000 Type II attestation report available with 179 services in scope