4/17/2025, 12:00:00 AM ~ 4/18/2025, 12:00:00 AM (UTC)
Recent Announcements
AWS Security Incident Response now supports integration with AWS PrivateLink
AWS announces AWS Security Incident Response with AWS PrivateLink integration, enabling customers to manage their service membership directly from their Amazon Virtual Private Cloud (VPC). Now, together with AWS PrivateLink, customers can access AWS Security Incident Response APIs while keeping their traffic off the public internet, adding an extra layer of security when managing and recovering from sensitive security events.\n This integration offers several benefits to AWS customers. First, it can improve the security perimeter of incident response processes by keeping all traffic within AWS-supported private networks. Second, it simplifies network architecture by removing the requirement for internet gateways, NAT devices, or firewall rules. Lastly, it helps meet compliance requirements that mandate private connectivity for sensitive security response and recovery, making it easier for organizations in regulated industries to adopt and use AWS Security Incident Response. AWS Security Incident Response with AWS PrivateLink integration is now available in all service supported regions. To get started with this new feature, visit the AWS Security Incident Response console or refer to the AWS Security Incident Response documentation. For more information about AWS PrivateLink, please visit the AWS PrivateLink page.
Amazon Connect Cases adds support for managing service level agreements on cases
Amazon Connect Cases now provides capabilities to help contact centers track and meet service level agreements (SLAs) on cases. Using the Amazon Connect UI, admins can set up SLA rules based on case attributes and configure target statuses and resolution times. Agents and managers can view the real-time SLA status directly in their case list view to prioritize urgent work, while admins can create rules to automatically escalate or route cases to another team when SLAs are not met. For example, a company can use this feature to monitor whether high-priority cases are reviewed within 4 hours and closed within 24 hours, making it easier to meet case handling service commitments.\n Amazon Connect Cases is available in the following AWS regions: US East (N. Virginia), US West (Oregon), Canada (Central), Europe (Frankfurt), Europe (London), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Tokyo) AWS regions. To learn more and get started, visit the Amazon Connect Cases webpage and documentation.
Amazon MemoryDB now supports Internet Protocol Version 6 (IPv6)
Amazon MemoryDB clusters now support the IPv6 protocol, allowing clients to connect to MemoryDB clusters using IPv6. You can now configure your cluster to accept only IPv6 connections or to accept both IPv4 and IPv6 connections. This allows you to work to meet IPv6 compliance requirements and more efficiently integrate with existing IPv6-based applications.\n The continued growth of the internet is rapidly depleting available Internet Protocol version 4 (IPv4) addresses. By supporting IPv6, MemoryDB helps customers simplify their network architecture by providing a significantly larger address space and eliminating the need to manage overlapping address spaces in their VPCs. Customers can now standardize their applications on IPv6 and future-proof their infrastructure while maintaining compatibility with existing IPv4 systems through dual-stack support. To get started, create your new MemoryDB cluster using the Amazon Web Services Management Console, CLI, or SDKs and choose which protocol(s) it supports by setting its network type. IPv6 is supported when using Valkey 7 and above, Redis OSS version 6.2 and above, in all AWS global regions and at no additional cost. To learn more about MemoryDB, visit the Amazon MemoryDB product page.
AWS Application Migration Service authorized for DoD Impact Level 4 and 5
AWS Application Migration Service is now authorized for Department of Defense Cloud Computing Security Requirements Guide Impact Levels 4 and 5 (DoD CC SRG IL4 and IL5) in the AWS GovCloud (US-East and US-West) Regions.\n This authorization builds on AWS Application Migration Service’s existing FedRAMP High categorization level in the AWS GovCloud (US-East and US-West) Regions as well as numerous compliance programs and standards, including HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry – Data Security Standard), ISO (International Organization for Standardization), SOC 1, 2, and 3 (System and Organization Controls). To learn more about AWS Application Migration Service compliance validation, visit the documentation here. Application Migration Service minimizes time-intensive, error-prone manual processes by automating the conversion of your source servers to run natively on AWS. It also helps simplify modernization of your migrated applications by allowing you to select preconfigured and custom optimization options during migration. To start using Application Migration Service for free, sign in through the AWS Management Console. For more information, visit the Application Migration Service product page.
AWS Lambda now supports inbound IPv6 connectivity over AWS PrivateLink
AWS Lambda now supports IPv6-only and dual-stack PrivateLink interface VPC Endpoints, enabling you to access the Lambda API without traversing the public internet or being constrained by the limited number of IPv4 addresses in your VPC. AWS PrivateLink is a highly available, scalable service that allows you to privately connect your VPC to services and resources as if they were in your VPC.\n Previously, Lambda supported inbound private connectivity over PrivateLink using IPv4-only VPC endpoints. With today’s launch, we are expanding Lambda’s inbound private connectivity to include IPv6-only and dual-stack VPC endpoints, enabling you to invoke and manage Lambda functions over IPv6 from dual-stack or IPv6-only VPCs. This launch combines the benefits of private connectivity with the larger address space and simpler network configuration of the IPv6 protocol.
AWS Lambda supports inbound IPv6 connectivity over PrivateLink in all AWS Regions. For more information, see the AWS Region table. Please refer to PrivateLink Pricing for price of using VPC endpoints. You can get started by creating a VPC endpoint for Lambda using the AWS Management Console, AWS CLI, AWS CDK, AWS CloudFormation, and the AWS SDK. To learn more, visit the Lambda developer guide.
Amazon Verified Permissions now supports policy store deletion protection
You can now activate deletion protection for your Amazon Verified Permissions policy stores. When you configure a policy store with deletion protection, the policy store cannot be deleted by any user. This provides your applications resiliency as you can ensure that production policy stores are not accidentally deleted during deployments. Deletion protection is active by default for new policy stores created through the AWS Console. You can activate or deactivate deletion protection for an policy store in the AWS Console, the AWS Command Line Interface, and API. Deletion protection prevents you from requesting the deletion of a policy store unless you first explicitly deactivate deletion protection.\n Amazon Verified Permissions is a scalable permissions management and fine-grained authorization service for the applications that you build. Using Cedar, an expressive and analyzable open-source policy language, developers and admins can define policy-based access controls using roles and attributes for more granular, context-aware access control. For example, an HR application might call Amazon Verified Permissions to determine if Alice is permitted access to Bob’s performance evaluation, given that she is in the HR Managers group. Read more in the Deletion Protection section of the Amazon Verified Permissions user guide. This feature is available in all regions where Verified permissions is available. For more information visit the product page.
AWS now allows customers in Europe to pay For their usage in advance
AWS customers in Europe can now use Advance Pay, which allows them to pay for their AWS usage in advance and automate future invoice payments. With Advance Pay, customers can add funds to their account, which AWS will automatically use to pay invoices as they become due. This feature provides customers in Europe with more flexibility in managing their AWS expenses and simplifies the payment process for ongoing cloud services.\n Advance Pay offers several benefits to AWS customers in Europe. It allows for better financial planning and budgeting by enabling upfront payments for anticipated usage. This feature can be particularly useful for organizations that prefer to pay in advance for services or need to manage their cloud spending more proactively. Additionally, the automatic payment of invoices reduces administrative overhead and ensures timely payments, helping customers maintain good standing with AWS. With the launch, Advance Pay is now available for both AWS Europe and AWS Inc customers. Getting started with Advance Pay is straightforward. Customers can register for the service from the Payments page in the AWS Billing and Cost Management console. To add funds, users can generate a funding document and submit an advance payment through electronic fund transfer. For more information on managing Advance Pay, including viewing funding history and setting up recurring payments, customers can refer to the “Managing your Advance Pay” section in the AWS Billing and Cost Management user guide. To learn more about Advance Pay or to get started, visit the AWS Billing and Cost Management console.
Amazon OpenSearch Service supports SAML single sign-on for OpenSearch UI
Amazon OpenSearch Service now supports SAML (Security Assertion Markup Language) via IAM federation for the next-generation OpenSearch UI. OpenSearch UI is a modernized operational analytics experience that enables users to gain insights cross data spanning managed domains and serverless collections from a single endpoint. OpenSearch UI already supports authentication via AWS Identity & Access Management (IAM) and IAM Identity Center (IDC). With this feature, you can now configure the SAML identity federation between your identity provider and IAM, so that your end-users can have a Single Sign-On (SSO) experience, to login from your Identity Providers and land directly in OpenSearch UI.\n With SAML support, you can define a Default Relay State URL so that your end-users can click on the URL to open the login page from your Identity Provider, complete the SSO, and then land directly on the page you defined in OpenSearch UI. You can also define fine-grained access control (FGAC) by mapping Identity Provider users and roles to IAM roles with different permissions in OpenSearch, so that you can easily manage user permissions as well as to track user activities from the Identity Provider. OpenSearch UI supports SAML in all regions that OpenSearch UI is available. To get started, create an OpenSearch UI application and follow the instructions to complete the SAML configuration. Learn more at Amazon OpenSearch Service Developer Guide.
Introducing the Well-Architected Generative AI Lens
The AWS Well-Architected Generative AI Lens is now available, offering a guidance document to optimize generative AI workloads in the cloud. This new lens is a powerful addition to the Well-Architected Framework, designed to guide organizations through the complexities of implementing generative AI workloads. It provides structured, prescriptive guidance covering the entire generative AI lifecycle - from initial impact scoping to model selection, customization, integration, deployment, and continuous iteration.\n The lens offers several key benefits, including cloud-agnostic guidance applicable across various environments and AI tools, comprehensive coverage of all six Well-Architected pillars, and flexible application for organizations at any stage of their AI journey. It enables thorough assessment of architectures using large language models (LLMs) and helps business leaders and data scientists navigate critical decisions in generative AI implementation. By addressing specific data architecture requirements for generative AI workloads and providing a framework for continuous improvement, this lens promotes a robust, secure, and efficient solutions. Whether you’re exploring your first generative AI project or scaling existing implementations, the Well-Architected Generative AI Lens offers insights to enhance your cloud-based AI initiatives. The Generative AI Lens is available as an AWS-official lens in the Lens Catalog of the AWS Well-Architected Tool.
Amazon EventBridge now supports Customer Managed Keys (CMK) in API destinations connections
Amazon EventBridge announces support for Amazon Key Management Service (KMS) Customer Managed Keys (CMK) in API destinations connections. This enhancement enables you to encrypt your HTTPS endpoint authentication credentials managed by API destinations with your own keys instead of an AWS owned key (which is used by default). With CMK support, you now have more granular security control over your authentication credentials used in API destinations, helping you meet your organization’s security requirements and governance policies.\n Customer managed Keys (CMK) are KMS keys that you create and manage by yourself. You can also audit and track usage of your keys via CloudTrail. EventBridge API destinations are private and public HTTPS endpoints that you can invoke as the target of an event bus rule or pipe, similar to how you invoke an AWS service or resource as a target. API destinations provides flexible authentication options for HTTPS endpoints, such as API key and OAuth, storing and managing credentials securely in AWS Secrets Manager on your behalf. CMK support for EventBridge API destinations connections is now available across all AWS Regions where EventBridge API destinations is available. Please refer to the EventBridge user guide and KMS documentation for details.
Amazon Managed Service for Apache Flink is now available in Asia Pacific (Thailand) Region
Starting today, customers can use Amazon Managed Service for Apache Flink in Asia Pacific (Thailand) Region to build real-time stream processing applications.\n Amazon Managed Service for Apache Flink makes it easier to transform and analyze streaming data in real time with Apache Flink. Apache Flink is an open source framework and engine for processing data streams. Amazon Managed Service for Apache Flink reduces the complexity of building and managing Apache Flink applications and integrates with Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Kinesis Data Streams, Amazon OpenSearch Service, Amazon DynamoDB streams, Amazon Simple Storage Service (Amazon S3), custom integrations, and more using built-in connectors. You can learn more about Amazon Managed Service for Apache Flink here. For Amazon Managed Service for Apache Flink region availability, refer to the AWS Region Table.
Amazon ECS adds the ability to set a default log driver blocking mode
Amazon Elastic Container Services (Amazon ECS) is introducing a new account setting, defaultLogDriverMode, allowing you to define whether tasks in your account use “blocking” or “non-blocking” log driver mode by default, when you do not specify or omit it in your applications’ Task Definitions.\n A “non-blocking” log driver mode allows your applications to continue operating when log routing destinations become unavailable, therefore increasing availability if getting logs is not critical to your application, whereas “blocking” log driver mode signifies you do not want your applications to continue running if you cannot route logs to their intended destination, e.g. to record business-critical transactions or mandated by regulation. You can override this account setting for each application using the “mode” log configuration parameter in its Task Definition. The new defaultLogDriverMode Account Setting is enabled in all AWS Regions. Click here and here for more details on how to set the new account setting.
Amazon Connect Contact Lens dashboards now support access controls using agent hierarchies
Amazon Connect Contact Lens dashboards now supports the ability for contact center administrators to enforce granular access control based on a specific agent hierarchy. Assigning hierarchies to a user allows you to define organizational groups that a user belongs to and you can enable granular access controls by allowing users to only view metrics for agents within their hierarchy or a specific assigned hierarchy. For example, you can configure hierarchy groups and levels for a team, and only agents assigned to a hierarchy group within that team will be able to see metrics for those agents.\n Amazon Connect Contact Lens dashboards are available in all commercial AWS regions where Amazon Connect is offered. To learn more about dashboards, see the Amazon Connect Administrator Guide. To learn more about Amazon Connect, the AWS cloud-based contact center, please visit the Amazon Connect website.
Amazon Bedrock RAG and Model Evaluations now support custom metrics
Amazon Bedrock Evaluations allows you to evaluate foundation models and retrieval-augmented generation (RAG) systems, whether hosted on Amazon Bedrock or multicloud and on-prem deployments. Bedrock Evaluations offers human-based evals, programmatic evals such as BERTScore, F1 and other exact match metrics, as well as LLM-as-a-judge for both model and RAG evaluation. For both model and RAG evaluation with LLM-as-a-judge, customers can select from an extensive list of built-in metrics such as correctness, completeness, faithfulness (hallucination detection), as well as responsible AI metrics such as answer refusal, harmfulness, and stereotyping. But, there are times when they want to define these metrics differently, or make new metrics that are relevant to their needs. For example, customers may define a metric that evaluates an application response’s adherence to their specific brand voice, or they want to classify responses according to a custom categorical rubric.\n Now, Amazon Bedrock Evaluations offers customers the ability to create and re-use custom metrics for both model and RAG evaluation powered by LLM-as-a-judge. Customers can write their own judge prompts, define their own categorical or numerical rating scales, and use built-in variables to inject data from their dataset or GenAI responses into the judge prompt during runtime to fully customize the data flow in their evaluations. Customers can be inspired to create new judge prompt templates/rubrics with provided quickstart templates or they can make their own from scratch. To get started, visit the Amazon Bedrock console or use the Bedrock APIs. For more information, see the user guide.
GitLab Duo with Amazon Q is now generally available
GitLab Duo with Amazon Q is generally available for Self-Managed Ultimate customers, embedding advanced agent capabilities for software development, Java modernization, enhanced quality assurance, and code review optimization directly in GitLab’s enterprise DevSecOps platform. GitLab Duo with Amazon Q delivers a seamless development experience that accelerates the execution of complex, multistep tasks and collaborative workflows in the GitLab platform your developers already know.\n Using GitLab Duo with Amazon Q, developers and teams can collaborate with Amazon Q agents to accelerate feature development, maximize code quality and security, detect and resolve vulnerabilities, automate testing coverage, troubleshoot failed pipeline jobs, and upgrade legacy Java code bases. GitLab’s unified data store across the software development lifecycle gives Amazon Q project context to accelerate software development and deployment, simplifying the complex toolchains historically required for collaboration across teams.
Streamline software development: Delegate feature development to the Amazon Q agent from any issue. Detailed summaries, implementation plans, and commit messages keep developers informed on every change. Using feedback in comments, Amazon Q iterates to apply changes on the merge request.
Maximize code quality and security with review and testing agents: Standardize code review best practices with agent-assisted security, quality, and deployment risk scanning on every merge request. Amazon Q can generate new tests to add complete coverage on code changes and apply fixes to merge requests, making QA seamless.
Faster debugging, troubleshooting, and vulnerability resolution: During deployment, platform teams can quickly troubleshoot and resolve failed CI/CD jobs from context-aware web chat using analysis and suggested fixes powered by Amazon Q.
Transform enterprise workloads: Upgrade Java 8 or 11 code bases to Java 17 directly from a GitLab project to improve application security and performance and remove technical debt.
Read the blog post or visit the Amazon Q Developer integrations page to learn more.
AWS Blogs
AWS Japan Blog (Japanese)
AWS Architecture Blog
AWS Big Data Blog
AWS DevOps & Developer Productivity Blog
AWS for Industries
AWS Machine Learning Blog
- Add Zoom as a data accessor to your Amazon Q index
- The future of quality assurance: Shift-left testing with QyrusAI and Amazon Bedrock
- Automate video insights for contextual advertising using Amazon Bedrock Data Automation
- How Salesforce achieves high-performance model deployment with Amazon SageMaker AI
AWS Security Blog
- Announcing AWS Security Reference Architecture Code Examples for Generative AI
- How to help prevent hotlinking using referer checking, AWS WAF, and Amazon CloudFront