3/12/2025, 12:00:00 AM ~ 3/13/2025, 12:00:00 AM (UTC)
Recent Announcements
AWS CloudFormation Hooks now supports three new invocation points for stacks, change sets, and AWS Cloud Control API (CCAPI) in the AWS GovCloud (US) Regions. You can now evaluate CloudFormation create/update/delete stack and change set operations, and CCAPI create/update operations. With this launch, you can standardize your proactive evaluations beyond CloudFormation resource properties by enabling safety checks that consider the entire context of a stack, a CloudFormation change set, and/or a CCAPI resource configuration.\n CloudFormation Hooks also extended two new managed hooks to the AWS GovCloud (US) Regions. The managed Lambda and Guard Hook simplify your hooks authoring experience by pointing to an AWS Lambda function or an S3 bucket containing AWS CloudFormation Guard domain specific language rules. Today’s launch allows GovCloud customers and partners to leverage the new invocation points and the new managed hooks to help enforce organizational best practices easily and minimize the risk of non-compliant resources being provisioned. With this launch, all CloudFormation Hooks’ features are available in 32 AWS regions globally: US East (Ohio, N. Virginia), US West (N. California, Oregon), Canada (Central, Calgary), Asia Pacific (Singapore, Tokyo, Seoul, Mumbai, Hong Kong, Osaka, Jakarta, Hyderabad, Malaysia, Sydney, Melbourne), Europe (Ireland, Stockholm, Frankfurt, Milan, London, Zurich, Paris, Spain), Middle East (UAE, Bahrain, Tel Aviv), South America (São Paulo), Africa (Cape Town), and the AWS GovCloud (US-East, US-West) Regions. To get started, you can use the new Hooks console workflow within the CloudFormation console, AWS CLI, or new CloudFormation Hooks resources. To learn more, refer to Hooks User Guide.
Amazon Nova is now available in AWS GovCloud (US-West) Region
Today, Amazon announces the expansion of Amazon Nova understanding models (Amazon Nova Lite, Amazon Nova Micro, Amazon Nova Pro) to AWS GovCloud (US-West) - an isolated U.S. sovereign region for managing sensitive data and controlled unclassified information.\n Government customers, technology partners, and entities with highly-regulated enterprise requirements now have access to Amazon Nova’s powerful AI capabilities including: Amazon Nova Micro, a text-only model that delivers the lowest latency responses at a very low cost; Amazon Nova Lite, a very low-cost multimodal model that is lightning fast for processing image, video, and text inputs to generate text outputs; and Amazon Nova Pro, a highly capable multimodal model with the best combination of accuracy, speed, and cost for a wide range of tasks. These models support over 200 languages, text and vision fine-tuning, and easy integration with proprietary data and applications through Amazon Bedrock features such as Amazon Bedrock Knowledge Bases and Amazon Bedrock Agents. To learn more about Amazon Nova foundation models, see the Amazon Nova models page and to learn about the AWS GovCloud (US-West) Region, see the AWS GovCloud (US) page. To get started with Amazon Nova on Amazon Bedrock, visit the Amazon Bedrock console.
AWS Glue now available in two new regions
AWS Glue, a serverless data integration service, is now available in the Asia Pacific (Thailand) and Mexico (Central) Regions, enabling customers to build and run their ETL workloads closer to their data sources in these regions.\n AWS Glue is a serverless data integration service that makes it simple to discover, prepare, and combine data for analytics, machine learning, and application development. AWS Glue provides both visual and code-based interfaces to make data integration simpler so you can analyze your data and put it to use in minutes instead of months. To learn more, visit the AWS Glue product page and our documentation. For AWS Glue region availability, please see the AWS Region table.
AWS CodeBuild now supports organization and enterprise level GitHub self-hosted runners
AWS CodeBuild now supports registering self-hosted runners at GitHub organization or enterprise level. Additionally, you can assign your self-hosted runners to specific runner groups for enhanced security and access control. AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages ready for deployment.\n Organization and enterprise level runners provide centralized management across multiple repositories. Runner groups offer additional security control with granular repository access policies. You can also configure webhook filters on your CodeBuild projects to allow or deny workflow jobs from specific GitHub organizations or repositories. This feature is available in all regions where CodeBuild is offered. For more information about the AWS Regions where CodeBuild is available, see the AWS Regions page. To get started, configure runner scope and group in your CodeBuild projects. CodeBuild will automatically register your runners to the correct destination. To learn more about using CodeBuild self-hosted runners, visit the CodeBuild runner tutorial.
Today, we are excited to announce that Amazon Aurora PostgreSQL zero-ETL integration with Amazon Redshift now supports up to five integrations from the same Aurora cluster. This enhancement allows customers to create multiple zero-ETL integrations between a single Amazon Aurora PostgreSQL cluster and same or different Amazon Redshift warehouses, providing greater flexibility and efficiency in data analytics workflows.\n With this new capability, customers can now seamlessly replicate data from a single Aurora PostgreSQL cluster to multiple Redshift environments without the need for complex extract, transform, and load (ETL) processes. This feature is particularly beneficial for organizations that require different data views or aggregations for various analytical purposes, such as departmental reporting, regional analysis, or specific project requirements. By supporting multiple integrations, customers can maintain a single source of truth in Aurora while distributing relevant data subsets to different Redshift warehouses, optimizing both storage and query performance. Amazon Aurora PostgreSQL zero-ETL integration with Amazon Redshift is available for Aurora PostgreSQL version 16.4 and higher in the regions listed here. To learn more and get started with zero-ETL integration, visit Amazon Aurora zero-ETL integration with Amazon Redshift and the getting started guides for Aurora and Amazon Redshift.
Amazon DynamoDB zero-ETL integration with Amazon Redshift now available in 3 additional regions
Amazon DynamoDB zero-ETL integration with Amazon Redshift is now supported in 3 additional regions: Asia Pacific (Thailand), Asia Pacific (Malaysia), and Mexico (Central). This expansion enables customers to run high-performance analytics on their DynamoDB data in Amazon Redshift with no impact on production workloads running on DynamoDB. With this launch, DynamoDB zero-ETL integration with Amazon Redshift is now supported in all AWS commercial regions where Amazon Redshift is available.\n Zero-ETL integrations help you derive holistic insights across many applications, break data silos in your organization, and gain significant cost savings and operational efficiencies. Now you can run enhanced analysis on your DynamoDB data with the rich capabilities of Amazon Redshift, such as high performance SQL, built-in ML and Spark integrations, materialized views with automatic and incremental refresh, and data sharing. Additionally, you can use history mode to easily run advanced analytics on historical data, build lookback reports, and build Type 2 Slowly Changing Dimension (SCD 2) tables on your historical data from DynamoDB, out-of-the-box in Amazon Redshift, without writing any code. The Amazon DynamoDB zero-ETL integration with Amazon Redshift is now available in Asia Pacific (Thailand), Asia Pacific (Malaysia), and Mexico (Central), in addition to previously supported regions. For a complete list of supported regions, please refer to the AWS Region Table where Amazon Redshift is available. To learn more, visit the getting started guides for DynamoDB and Amazon Redshift. For more information on using history mode, we encourage you to visit our recent blog post here.
Amazon Inspector expands ECR support for minimal container base images and enhanced detections
Today, we are excited to announce support for scratch, distroless (Debian/Ubuntu based), and Chainguard image scanning with Amazon Inspector. With the expanded support for ECR images, Amazon Inspector extends its security coverage to minimal and security-focused container bases, enabling teams to maintain robust security practices even with highly optimized container environments.\n For ECR scanning, Amazon Inspector expands scanning to additional ecosystems including Go toolchain, Oracle JDK & JRE, Amazon Corretto, Apache Tomcat, Apache httpd, Wordpress (core, themes, plugins), Google Puppeteer (Chrome embedding), and Node.js runtime. This enhancement helps customers identify vulnerabilities in ecosystem components and gain visibility into third party software. The same functionality is also available via the Amazon Inspector SBOM Scan API. Additionally, Amazon Inspector now supports identifying discontinued operating systems running on Amazon EC2 instances and Amazon ECR container images. Amazon Inspector will generate a finding on resources using a discontinued operating system solely for informational purposes, aiding in the prioritization of risk mitigation strategies. Amazon Inspector is a vulnerability management service that continually scans AWS workloads including Amazon EC2 instances, container images, and AWS Lambda functions for software vulnerabilities, code vulnerabilities, and unintended network exposure across your entire AWS organization. Enhanced detections, and support for additional operating systems for ECR scanning is available in all commercial and AWS GovCloud (US) Regions where Amazon Inspector is available.
Getting started with Amazon Inspector
Amazon Inspector free trial
Amazon ECR announces ECR to ECR pull through cache
Amazon ECR announces ECR to ECR pull through cache, a capability that allows customers to automatically sync container images between two ECR private registries, existing across AWS regions and/or accounts. This enables customers to benefit from the reduced latency of pulling cached images in-region. With today’s release, Amazon ECR makes it easier for customers to optimize storage costs by providing a simple and reliable way to store local copies of only the images that are pulled across regions/accounts.\n As customers grow, they often have container deployments spread across multiple AWS regions. Storing images within the region of deployment improves application start-up times due to lower latency of in-region pulls. To achieve this, customers have to maintain copies of all images in every region, which is not cost-effective as many of these images are not deployed. ECR to ECR pull through cache allows customers to sync images between ECR registries in a cost-effective way by caching only the images that are pulled. Customers can now push images to their primary registry and configure pull through cache rules to cache images into downstream registries. On an image pull, ECR automatically fetches the image from upstream registry, and caches it into an automatically created repository in downstream registry for future pulls. Additionally, this feature supports frequent syncs with upstream, helping keep the cached images up to date. ECR to ECR Pull through cache is available in all AWS regions, excluding GovCloud (US) and China regions. To learn more, please visit our user guide.