5/13/2025, 12:00:00 AM ~ 5/14/2025, 12:00:00 AM (UTC)

Recent Announcements

Amazon ECR expands registry policy to all ECR actions in AWS GovCloud (US) Regions

Amazon Elastic Container Registry (Amazon ECR) now supports registry policy v2 in AWS GovCloud (US) Regions, allowing customers to manage IAM permissions for all ECR API actions and simplify ECR permission management.\n ECR registry policy allows customers to control usage of ECR private registries by granting permissions to perform registry-level actions to an AWS IAM principal. Registry policy version 1 (v1), only supported three actions: ReplicateImage, BatchImportUpstreamImage, and CreateRepository. Now, the new registry policy version 2 (v2) supports every ECR action. Using registry policy v2 makes it easier for customers to control permissions across all repositories in an ECR registry, allowing customers to improve security posture and save time versus configuring permissions individually across multiple repositories. To get started, customers can migrate from registry policy v1 to v2 using the ECR management console or with the new ECR put-account-setting API. New ECR accounts automatically use registry policy v2. To learn more about ECR’s registry policy and permissions, see our Amazon ECR User Guide.

Amazon VPC adds CloudTrail logging for VPC resources created by default

Amazon VPC has enhanced CloudTrail logging to include VPC resources created by default during a VPC creation. This enhancement offers improved visibility of VPC resources and aids in auditing and governance.\n Prior to this, CloudTrail logs only included resources that were explicitly created by the customer. Customers had to manually curate list of default resources across their environment to comply with auditing requirements. With this launch, customers can view events that trigger the creation or deletion of default resources such as Security Group, Network ACL, Route Table, at the time of creation or deletion of the VPC. These events are logged under CloudTrail in the AWS Management Console. CloudTrail logging for default VPC resources is available in all AWS commercial and the AWS GovCloud (US) Regions at no additional cost. To learn more about this feature, please refer to our documentation.

AWS Deadline Cloud service-managed fleets now support configuration scripts

AWS Deadline Cloud now supports specifying a configuration script on both Linux and Windows service-managed fleets. The provided configuration script will be run with elevated privileges on each worker. AWS Deadline Cloud is a fully managed service that simplifies render management for teams creating computer-generated graphics and visual effects, for films, television and broadcasting, web content, and design.\n Configuration scripts make it easy to install additional software, like plugins and dependencies, on a worker in a service-managed fleet as part of customizing the job environment. Configuration scripts can also be used to install telemetry collectors for monitoring, and tools like Docker for running containers on service-managed fleets. Configuration scripts for service-managed fleets are available in all AWS Regions where Deadline Cloud is available. To learn more about configuration scripts, visit the AWS Deadline Cloud documentation.

Amazon Elastic Container Registry (ECR) supports image replication between the AWS GovCloud (US) Region

Amazon Elastic Container Registry (ECR) now supports the ability to replicate images in private ECR repositories across accounts and/or regions, between the AWS GovCloud (US) Regions. Storing images helps applications start up faster as image download time is reduced due to lower latency from in-region pulls. Geographically dispersed images also help you meet backup and disaster recovery requirements for your applications. Amazon ECR Replication feature provides a simple and reliable way to replicate images, and eliminates the operational burden of manually pushing images across multiple regions and accounts.\n With a few clicks in the Amazon ECR Console, or using the Amazon CLI, you can specify the destination account and/or region for a source repository. Once replication is turned on, ECR will automatically replicate all new images pushed in source repository to the destination region. Additionally, ECR offers granular control to replicate specific repositories. You can use repository name prefixes as filters to specify which repositories to replicate. To learn more about using replication in ECR, see our documentation.

Amazon GuardDuty Malware Protection for EC2 now available in AWS GovCloud (US) Regions

Today, Amazon Web Services (AWS) announces the availability of Amazon GuardDuty Malware Protection for Amazon EC2 in AWS GovCloud (US) Regions, enabling GuardDuty customers to detect the potential presence of malware by scanning the Amazon Elastic Block Store (Amazon EBS) volumes attached to Amazon Elastic Compute Cloud (Amazon EC2) instances and container workloads running on Amazon EC2. Malware scanning in GuardDuty does not any additional security software to be deployed and is designed to have no performance impact to running workloads. When potential malware is identified, GuardDuty generates actionable security findings with information related to the resource and the detected threat. Malware Protection for EC2 supports two methods of scanning: 1/ GuardDuty-initiated scans, which automatically initiates a malware scan when GuardDuty detects suspicious behavior indicative of malware on the instance, and 2/ On-demand scans, where you can initiate scan by providing the Amazon Resource Name (ARN) of the Amazon EC2 instance.\n Tens of thousands of customers across many industries and geographies use GuardDuty. GuardDuty can identify unusual or unauthorized activity like cryptocurrency mining, access to data stored in Amazon Simple Storage Service (Amazon S3) from unusual locations, or unauthorized access to Amazon Elastic Kubernetes Service (Amazon EKS) clusters. If you’re new to GuardDuty, you can try it at no cost for 30 days on the AWS Free Tier. To learn more and get started:

Refer to the documentation to learn about the new capability

Get updates on new features and threat detections with the Amazon GuardDuty SNS topic

AWS announces new AWS Data Transfer Terminal location in the San Francisco Bay Area

Today, AWS announces the opening of a new AWS Data Transfer Terminal location within CoreSite SV8 in Santa Clara, California, marking the second location in California alongside existing locations in Los Angeles and New York City. AWS Data Transfer Terminal is a secure, physical location where you can bring your storage devices and upload data to AWS to AWS including Amazon Simple Storage Service (Amazon S3), Amazon Elastic File System (Amazon EFS), and others using a high throughput network connection.\n Data Transfer Terminals are ideal for customers who need to transfer large amounts of data to the AWS quickly and securely. Common use cases span various industries and applications, including video production data for processing in the media and entertainment industry, training data for Advanced Driver Assistance Systems (ADAS) in the automotive industry, migrating legacy data in the financial services industry, and uploading equipment sensor data in the industrial and agricultural sectors. Once uploaded, you can immediately leverage AWS services like Amazon Athena for analysis, Amazon SageMaker for machine learning, or Amazon Elastic Compute Cloud (Amazon EC2) for application development – reducing data processing time from weeks to minutes. To learn more, visit the Data Transfer Terminal product page and documentation. To get started, make a reservation at your nearby Data Transfer Terminal in the AWS Console.

Amazon ECS adds support for Amazon EBS Provisioned Rate for Volume Initialization

Amazon Elastic Container Service (Amazon ECS) today added support for Amazon EBS Provisioned Rate for Volume Initialization. This feature helps you provision and attach fully performant Amazon EBS volumes from Amazon EBS Snapshots to your Amazon ECS tasks, accelerating initialization for your ETL jobs, media transcoding, and ML inference workloads deployed on Amazon ECS.\n Amazon ECS allows you to use Amazon EBS volumes for your ECS tasks and services deployed on both AWS Fargate and Amazon Elastic Compute Cloud (EC2) instances by simply passing desired EBS volume attributes (e.g. size, type, IOPS, throughput). You could already initialize EBS volumes attached to your ECS tasks from an existing EBS snapshot by configuring the snapshot-id and with today’s release you can ensure that these attached volumes will be fully performant within a predictable amount of time by specifying a volume initialization rate for these volumes. For ECS services, ECS applies the same rate to volumes for all tasks in the service. This feature is available in all AWS commercial Regions through the AWS Console, AWS Command Line Interface (CLI), AWS SDKs, and AWS CloudFormation. For pricing information, please visit the EBS pricing page. To learn more, please refer to our documentation.

AWS Blogs

AWS Japan Blog (Japanese)

AWS Cloud Financial Management

AWS Big Data Blog

AWS Compute Blog

AWS Contact Center

AWS Database Blog

AWS HPC Blog

AWS for Industries

AWS Machine Learning Blog

AWS Messaging & Targeting Blog

AWS Security Blog

AWS Storage Blog

Open Source Project

AWS CLI

Amplify UI

AWS Load Balancer Controller