11/19/2025, 12:00:00 AM ~ 11/20/2025, 12:00:00 AM (UTC)

Recent Announcements

Amazon Connect now provides conversational analytics for voice and chat bots

Amazon Connect now provides conversational analytics for end-customer self-service interactions across voice and digital channels, helping you better understand and improve your customers’ self-service experiences. This includes across PSTN/telephony, in-app and web-calling, web and mobile chat, SMS, WhatsApp Business messaging, and Apple Messages for Business. \n With this launch, Connect now provides rich conversational analytics across both human-agent interactions and end-customer self-service interactions. You can now automatically analyze the quality of automated self-service interactions including customer sentiment, redact sensitive data, discover top contact drivers and themes, identify compliance risks, and proactively identify areas for improvement through easy-to-customize dashboards. Connect’s conversational analytics also enables you to use semantic matching rules to categorize interactions based on customer behavior, keywords, sentiment, or issue types, such as billing inquiries or agent escalation requests. Amazon Connect is an AI-powered application that provides one seamless experience for your contact center customers, agents, and supervisors. To learn more about Amazon Connect and its conversational analytics capabilities, refer to the following resources:

Amazon Connect website and pricing

Conversational analytics in the Administrator Guide

Supported languages and Regions

Amazon Bedrock is now available in additional Regions

Beginning today, customers can use Amazon Bedrock in the Africa (Cape Town), Canada West (Calgary), Mexico (Central), and Middle East (Bahrain) regions to easily build and scale generative AI applications using a variety of foundation models (FMs) as well as powerful tools to build generative AI applications.\n Amazon Bedrock is a comprehensive and secure service for building generative AI applications and agents. Amazon Bedrock connects you to leading foundation models (FMs) and services to deploy and operate agents, enabling you to quickly move from experimentation to real-world deployment. To get started, visit the Amazon Bedrock page and see the Amazon Bedrock documentation for more details.

Amazon OpenSearch Serverless now supports backup and restore through the AWS Management Console

Amazon OpenSearch Serverless now supports backup and restore through the AWS Management Console. OpenSearch Serverless automatically backs up all collections and indexes in your account every hour and retains backups for 14 days. You can restore backups using either the API or the AWS Console. This feature is enabled by default and requires no configuration. For more information, see Working with snapshots in the Amazon OpenSearch Serverless Developer Guide.\n Please refer to the AWS Regional Services List for more information about Amazon OpenSearch Service availability. To learn more about OpenSearch Serverless, see the documentation.

AWS Channel Partners can now resell using Billing Transfer

AWS Channel Partners who are part of AWS Solution Provider or Distribution program can now resell AWS services using Billing Transfer. Billing Transfer enables Partners to assume financial responsibility for customer AWS Organizations while customers retain full control of their management accounts. Using Billing Transfer with AWS Partner Central channel management, Partners receive eligible program benefits applied to AWS bills delivered to their AWS Organization, while end customers view their costs at Partner-configured rates within their separate AWS Organization.\n Billing Transfer helps all AWS Channel Partners simplify operations by centrally managing billing and payments across many customer AWS Organizations from a single partner management account. Partners can also now use new APIs for Partner Central to manage channel program reporting and incentive qualification from their own systems. End customers gain autonomy to independently manage their AWS Organizations while benefiting from Partner value-added services such as cost optimization and service management. Billing Transfer is available to all AWS Channel Partners and their end customers operating in public AWS Regions, excluding the AWS GovCloud (US), China (Beijing), and China (Ningxia) Regions. Channel Partners can get started today through AWS Partner Central channel management. To learn more, see the Channel management user guide in Partner Central documentation and read the AWS Blog.

Get Invoice PDF API is now generally available.

Today, AWS announces the general availability of the Get Invoice PDF API, enabling customers to programmatically download AWS invoices via SDK calls.\n Customers can retrieve individual invoice PDF artifacts by invoking API calls with AWS Invoice ID as input and receives pre-signed Amazon S3 URL for immediate download of AWS invoice and supplemental documents in PDF format. For bulk invoice retrieval, customers can first call the List Invoice Summaries API to get Invoice IDs for a specific billing period, then use the Invoice IDs as input to Get Invoice API to download each Invoice PDF artifact. The Get Invoice PDF API is available in the US East (N. Virginia) Region. Customers from any commercial regions (except China Regions) can use the service. To get started with Get Invoice PDF API please visit the API Documentation.

AWS NAT Gateway now supports regional availability

Amazon Web Services (AWS) announces regional availability mode for NAT Gateways. With this launch, you can create a single NAT Gateway that automatically expands and contracts across availability zones (AZs) in your Virtual Private Cloud (VPC) based on your workload presence, to maintain high availability while offering simplified setup and management.\n A NAT Gateway enables instances in a private subnet to connect to services outside your VPC using the NAT Gateway’s IP address. With this launch, you can create a NAT Gateway and set its availability to regional. You do not need a public subnet to host a regional NAT Gateway. You also do not have to create and delete NAT Gateways, and edit your route tables every time your workloads expand to new availability zones. You simply create a NAT Gateway with regional mode, choose your VPC, and it automatically expands and contracts across all availability zones based on your workload’s presence, maintaining high availability. You can use this feature with Amazon provided IP addresses or bring your own IP addresses. This capability is available in all commercial AWS Regions, except the AWS GovCloud (US) Regions and the China Regions. To learn more about VPC NAT Gateway and this feature, please visit our documentation.

Amazon Inspector supports organization-wide management through AWS Organizations policies

Amazon Inspector can now be enabled, configured and managed across your organization using AWS Org policies. With this new capability, you can centrally configure and manage scan types—such as Amazon EC2 scanning, ECR scanning, Lambda standard and Code Scanning, and Code Security — across all the accounts in your organization, selected organizational units (OUs), or individual accounts. The new Inspector policy type within AWS Organization simplifies your service onboarding, management, and ensures consistent, organization-wide vulnerability scanning coverage.\n This feature helps you maintain a uniform security baseline by automating Inspector enablement through a single AWS Organization policy. To get started, designate a delegated admin within Amazon Inspector, enable the “Inspector policies” policy type in the AWS Organizations console, and create a policy that specifies the desired scan types and Regions. Once attached to your organization root or OUs, Inspector will automatically be enabled for all the specified scan-types across covered accounts . When the Inspector policy is created and attached, all in-scope accounts automatically are aligned with your Organization-wide policy definition. New accounts that join the organization or are moved into an OU with an attached policy, inherit Inspector enablement automatically—reducing operational overhead and eliminating coverage gaps. Amazon Inspector is a vulnerability management service that continuously scans AWS workloads including Amazon EC2 instances, container images, AWS Lambda functions, and code repositories for software vulnerabilities, code vulnerabilities, and unintended network exposure across your entire AWS organization. The AWS Organizations Inspector policy for organization-wide enablement is available at no additional cost to Amazon Inspector customers in all AWS commercial, China, and AWS GovCloud (US) Regions where Amazon Inspector is available. To learn more about Amazon Inspector policies within AWS Organization, visit:

Getting started with Amazon Inspector

Managing organization policies with AWS Organizations

AWS Secrets Manager announces managed external secrets

Today, AWS Secrets Manager announces the launch of managed external secrets, a feature that offers default enabled automatic rotation for your third party Software-as-a-service (SaaS) secrets. You also get an option to choose from multiple different rotation strategies that are supported by your SaaS provider, without the overhead of rotation Lambda function creation, or management. With this launch, you can secure your SaaS secrets with AWS Secrets Manager with a pre-defined secret format, as prescribed by your SaaS provider.\n This launch also includes an onboarding guide, for any SaaS provider to be listed as a partner. This would allow partners to offer their customers prescriptive guidance around managing their secrets, reducing the customer overhead for managing secrets. At launch, managed external secrets feature is available for 3 listed partners — Salesforce, BigID and Snowflake. To get started with the feature, refer to the technical documentation. The feature is available in all AWS Regions where AWS Secrets Manager is available. For a list of regions where Secrets Manager is available, see the AWS Region table.

Savings Plans and Reserved Instances Group Sharing is now generally available

AWS today announced the general availability of Reserved Instances and Savings Plans (RISP) Group Sharing, a new Billing and Cost Management feature that gives customers granular control over how AWS commitments are shared across their organization. This capability allows customers to define how Reserved Instances and Savings Plans benefits are distributed among specific groups of accounts within their AWS organization, ensuring cost savings align with their business structure and accountability requirements.\n RISP Group Sharing addresses a common challenge faced by enterprise customers managing AWS costs across multiple business units: for example, Reserved Instances and Savings Plans don’t always benefit the teams that purchased them. With this feature, customers can create groups using AWS Cost Categories that reflect their organizational hierarchy—whether by business units, projects, geographical regions, or funding sources. The feature offers two sharing options: the Prioritized Group Sharing applies commitments to defined groups first, then shares unused capacity organization-wide, while the Restricted Group Sharing keeps commitments exclusively within defined groups for complete isolation when strict boundaries are required. RISP Group Sharing is available now in all AWS Regions, except AWS GovCloud (US) Regions and the China Regions. To get started with RISP Group Sharing, visit the Billing preferences from the AWS Billing and Cost Management Console and follow the guided setup to create your first Cost Category and configure sharing preferences. For detailed implementation guidance, see the user guide and announcement blog.

Amazon EKS introduces enhanced container network observability

Today, we’re announcing new network observability features in Amazon Elastic Kubernetes Service (EKS) that provide deeper insights into your container networking environment. These new capabilities help you better understand, monitor, and troubleshoot your Kubernetes network landscape in AWS.\n Customers are increasingly deploying microservices to expand and incrementally innovate with software in the AWS cloud, while using Amazon EKS as the underlying platform to run their applications. With enhanced container network observability, customers can leverage granular, network-related metrics for better proactive anomaly detection across cluster traffic, cross-AZ flows, and AWS services. Using these metrics, customers can better measure system performance and visualize the underlying metrics using their preferred observability stack. Additionally, EKS now provides network monitoring visualizations in the AWS console that accelerate and enhance precise troubleshooting for faster root cause analysis. Customers can also leverage these visual capabilities to pinpoint top-talkers and network flows causing retransmissions and retransmission timeouts, eliminating blind spots during incidents. These network monitoring features in EKS are powered by Amazon CloudWatch Network Flow Monitor. Enhanced container network observability for EKS is available in all commercial AWS Regions where CloudWatch Network Flow Monitor is available. To learn more, visit the Amazon EKS documentation and AWS News Launch Blog.

Accelerate infrastructure development with AWS CloudFormation intelligent authoring in IDEs

Today, AWS CloudFormation announces the launch of the AWS CloudFormation Language Server, a new capability that brings intelligent authoring, early validation, troubleshooting, and drift management directly into Integrated Development Environment (IDE) through the AWS Toolkit. This new feature empowers developers to build infrastructure faster and deploy safely.\n With this launch, developers using Visual Studio, Kiro, and other compatible IDEs can now benefit from context-aware authoring powered by the Language Server. It offers built-in auto-complete, schema validation, policy checks using CloudFormation Guard, and deployment validation directly within the IDE. For example, it immediately flags invalid resource properties or missing IAM permission requirements, while the drift-aware deployment view highlights differences between your template and deployed infrastructure, helping you spot configuration changes made outside of CloudFormation. These capabilities help developers identify issues, such as syntax errors, missing permissions, or configuration mismatches before deployment. It also provides a drift view that highlights differences between the current template and the deployed stack configuration. By integrating validation and real-time feedback directly into the authoring experience, the CloudFormation Language Server keeps developers in their flow state, turning infrastructure coding into a seamless experience, and improves infrastructure safety. This unified experience enables developers to move from design to deployment faster while maintaining compliance and best practices, spending more time building and less time troubleshooting. The AWS CloudFormation Language Server is available in all AWS Commercial Regions where AWS CloudFormation is supported. To get started, install or upgrade the AWS Toolkit. To learn more, refer to AWS CloudFormation Language Server.

Amazon Bedrock Guardrails adds support for coding use cases

AWS announced expanded capabilities in Amazon Bedrock Guardrails for code-related use cases, enabling customers to protect against harmful content in code while building generative AI applications. This new capability allows customers to leverage existing safeguards offered by Bedrock Guardrails including content filters, denied topics, and sensitive information filters to detect intent to inject malicious code, detect and prevent prompt leakages, and help protect against introducing personally identifiable information (PII) within code.\n With expanded support for code-related use cases, Amazon Bedrock Guardrails now provides customers with safeguards against harmful content introduced within code elements, including comments, variable and function names, and string literals. Content filters (with standard tier) in Bedrock Guardrails now detect and filter such harmful content in code in the same way as text and image content protection. Additionally, Bedrock Guardrails offers enhanced protection with prompt leakage detection with standard tier, helping detect and prevent unintended disclosure of information from system prompts in model responses that could compromise intellectual property. Furthermore, denied topics (with standard tier) and sensitive information filters with Bedrock Guardrails now help safeguard against vulnerabilities using code within topics and help prevent inclusion of PII within code structures. The expanded capabilities for code-related cases is available in all AWS Regions where Amazon Bedrock Guardrails is supported. Customers can access the service through the Amazon Bedrock console, as well as the supported APIs. To learn more, read the launch blog, technical documentation, and the Bedrock Guardrails product page.

Amazon DynamoDB now supports multi-attribute composite keys in global secondary indexes

Amazon DynamoDB now supports primary keys composed of up to eight attributes in global secondary indexes (GSIs). While previously, partition and sort keys were limited to one attribute each, DynamoDB now supports up to four attributes each for the partition and sort keys. With multi-attribute keys, you no longer need to manually concatenate values into synthetic keys, which sometimes result in the need to backfill data before adding new indexes. Instead, you can create primary keys using up to eight existing attributes, making it easier to model diverse access patterns and adapt to new query requirements.\n Multi-attribute partition keys improve data distribution and uniqueness. Multi-attribute sort keys enable flexible querying by letting you specify conditions on sort key attributes from left to right. For example, an index with partition key UserId and sort key attributes Country, State, and City lets you query all locations for a user, then narrow results by Country, State, or City. Multi-attribute partition and sort keys are available at no additional charge in all AWS Regions where DynamoDB is available. You can create them using the AWS Management Console, AWS CLI, AWS SDKs, or DynamoDB API. To learn more, see Global Secondary Indexes in the Amazon DynamoDB Developer Guide.

AWS Cost Optimization Hub introduces Cost Efficiency metric to measure and track cloud cost efficiency

AWS Cost Optimization Hub, a feature within the Billing and Cost Management Console, now supports a Cost Efficiency metric that helps you measure and track cloud cost efficiency over time across your organization. This metric automatically calculates the percentage of your cloud spend that can be optimized by considering rightsizing, idle, and commitment recommendations, allowing you to establish consistent cost savings benchmarks, set performance goals, and track progress to maximize your return on cloud investments.\n AWS Cost Optimization Hub provides you with a measure of your cost efficiency by dividing aggregated estimated monthly savings of your cost optimization opportunities by your optimizable spend. You can track this metric over time across your organization to understand and benchmark your cost efficiency. With daily refreshes, the metric provides daily insights into optimization progress, showing score improvements when you implement cost-saving recommendations and score decreases when inefficient resources are provisioned. Cost efficiency is now available in AWS Cost Optimization Hub across all AWS Regions where AWS Cost Optimization Hub is supported. To get started with cost efficiency metric, please visit the user guide and blog.

AWS Network Firewall Now Supports Managed Rules from AWS Partners available in AWS Marketplace

AWS Network Firewall now supports managed rules from AWS Partners, enabling you to deploy expert-curated, automatically updated security rules from AWS Partners directly within your network firewall policies. This new capability allows you to integrate pre-configured rule groups into your AWS Network Firewall with just a few clicks through the AWS Network Firewall console. Managed rules are maintained by AWS Partners who continuously update them to address emerging threats, providing comprehensive protection without the operational overhead of managing custom rules.\n You can subscribe to managed rules from AWS Partners either from the AWS Network Firewall console, or from the AWS Marketplace website. Subscriptions to these rules will provide you the same benefits as any other product in AWS Marketplace, including consolidated billing and lower pricing for long-term contracts. You can simplify security operations by deploying specialized rule groups tailored to different industry needs, compliance requirements, and threat landscapes. This reduces the time your security teams spend researching, creating, and maintaining custom security rules, while ensuring your protections stay current against evolving threats. Managed rules for AWS Network Firewall are available from AWS Marketplace sellers of Check Point, Fortinet, Infoblox, Lumen, Rapid7, ThreatSTOP, and Trend Micro, in all AWS commercial regions where AWS Network Firewall and AWS Marketplace is available. To get started, visit the AWS Network Firewall console or browse available managed rules in AWS Marketplace. For more information, see the AWS Network Firewall product page and the service documentation.

Amazon ECS Managed Instances adds configurable scale-in delay

Amazon ECS Managed Instances (ECS Managed Instances) now gives you greater control over infrastructure optimization with configurable scale-in delay. This enhancement allows you to fine-tune instance management based on your specific workload patterns and business requirements, helping you better balance cost optimization with operational needs.\n ECS Managed Instances is a fully managed compute option that automatically provisions right-sized Amazon EC2 instances based on your workload requirements. Over time, your compute resources may drift from workload requirements due to changing traffic patterns or dynamic scaling. ECS Managed Instances continuously monitors and proactively optimizes costs by terminating idle Amazon EC2 instances not running any tasks, and consolidating tasks from underutilized instances onto other, right-sized instances, provisioning new instances if required. ECS uses a heuristic based delay for scaling-in your instances to deliver a balance of high availability and cost optimization. However, your workloads or business may have unique requirements. For example, you might need to retain instances for a longer time period to accommodate incoming batch jobs and minimize instance churn. Starting today, you can set the scaleInAfter configuration parameter to up to 60 minutes to align with your specific infrastructure optimization needs. You can also set the scaleInAfter to -1 to disable infrastructure optimization workflows, which will allow your instances to run until they are patched after 14 days. You can use ECS API, console, SDK, CDK, CloudFormation to configure scaleInAfter parameter when creating or updating an ECS Managed Instances capacity provider. This feature is available in all commercial AWS Regions. To learn more, review documentation and deep dive blog post.

AWS PrivateLink now supports cross-region connectivity for AWS Services

AWS PrivateLink now supports native cross-region connectivity to AWS services. Until now, Interface VPC endpoints only supported connectivity to AWS services in the same Region. This launch enables customers to connect to select AWS services hosted in other Regions of the same AWS partition over Interface endpoints.\n As a service consumer, you can access Amazon S3, Route53, Elastic Container Registry (ECR) and other services, privately without the need to setup cross-region peering or exposing your data over the public internet. These services can be accessed through Interface endpoints at a private IP address in your VPC, enabling simpler and more secure inter-region connectivity. This feature helps you build globally distributed private networks that comply with data residency requirements, while accessing supported AWS Services through PrivateLink To learn about pricing for this feature, please see the AWS PrivateLink pricing page. For a complete list of supported AWS services and Regions, please refer to our documentation and launch blog. To learn more, visit AWS PrivateLink in the Amazon VPC Developer Guide.

AWS Introduces E-Invoice delivery for AWS customers using SAP Ariba and Coupa procurement portals

Today, AWS announces the general availability of AWS E-Invoice delivery, a new capability that enables AWS customers to connect their SAP Ariba and Coupa procurement portal accounts with AWS and retrieve POs. AWS customers can also use AWS E-Invoice delivery to deliver PO-matched AWS invoices back to their procurement portal on the same day.\n AWS customers can now onboard to the AWS E-Invoice delivery feature through the AWS Billing and Cost Management console. After onboarding onto the AWS E-Invoice delivery feature, AWS customers can track AWS Invoice delivery status in both the AWS Billing and Cost Management console and their procurement portal. AWS E-Invoice delivery enables AWS customers to streamline the invoice processing workflow. AWS E-Invoice delivery feature is generally available in all AWS Regions, excluding GovCloud (US) Regions and China (Beijing) and China (Ningxia) Regions. To get started with AWS self-service invoice correction feature, please visit the user guide and blog.

Amazon SageMaker Catalog enforces metadata rules for glossary terms for asset publishing

Amazon SageMaker Catalog now supports metadata enforcement rules for glossary terms, requiring data producers to apply approved business vocabulary when publishing assets. This helps consistent data classification and improves discoverability across organizational catalogs.\n This new capability allows administrators to define mandatory glossary term requirements for data assets during the publishing workflow. Data producers must now classify their assets with approved business terms from organizational glossaries before publication, ensuring consistent metadata standards and improving data discoverability. The enforcement rules validate that required glossary terms are applied, preventing assets from being published without proper business context. By standardizing metadata and aligning technical data schemas with business language, this capability enhances data governance, improves search relevance, and helps business users more easily understand and trust published data assets. Metadata enforcement rules for glossary terms are available in all AWS regions where Amazon SageMaker Catalog operates. To get started, visit the Amazon SageMaker console and navigate to the Catalog governance section to configure glossary term enforcement policies. You can also use the AWS CLI or SDKs to programmatically manage metadata rules for asset publishing. 

To learn more about Amazon SageMaker Catalog, visit the Amazon Sagemaker documentation.

Amazon SageMaker Catalog introduces column-level metadata forms and rich descriptions

Amazon SageMaker Catalog now supports custom metadata forms and rich text descriptions at the column level, extending existing curation capabilities for business names, descriptions, and glossary term classifications. Data stewards can create custom metadata forms to capture business-specific information directly on individual columns. Columns also support markdown-enabled rich text descriptions for comprehensive data documentation and business context. Custom metadata form field values and rich text content are indexed in real-time and become immediately discoverable through search.\n This enhancement enables organizations to curate columns with comprehensive business context using customer-defined metadata schemas and formatted documentation. Asset owners can define custom key-value metadata forms and rich text descriptions to provide detailed column documentation that improves data discovery across enterprise teams. Data analysts can search using custom form field values and rich text content alongside existing column names, descriptions, and glossary terms. This capability is available in all AWS Regions where Amazon SageMaker is supported. To learn more about Amazon SageMaker Catalog, visit the Amazon SageMaker documentation.

AWS Lambda announces new tenant isolation mode to simplify building tenant-aware applications

Today, AWS Lambda announced a new tenant isolation mode, enabling customers to isolate request processing for individual tenants or end-users invoking a Lambda function. This launch simplifies building multi-tenant applications on Lambda, such as SaaS platforms for workflow automation or code execution.\n Customers building multi-tenant applications have strict isolation requirements when running code or processing data for individual tenants or end-users. Previously, customers met these requirements by implementing custom solutions, such as creating dedicated Lambda functions per tenant and routing requests from individual tenants to their associated functions. Today’s launch enables you to isolate request processing for each tenant invoking a Lambda function, helping you meet strict tenant isolation requirements without the need to build and operate custom solutions. This launch extends Lambda’s isolation boundary from a single function to each tenant invoking that function. To use the new tenant isolation mode, customers specify a unique tenant identifier when invoking their Lambda function. Lambda uses this identifier to route invocation requests to a function’s underlying execution environments and ensures that execution environments associated with a particular tenant are never used to serve requests from other tenants invoking the function. The new tenant isolation mode for AWS Lambda is available in all AWS Regions, except Asia Pacific (New Zealand), AWS GovCloud (US), and China. To learn more, visit Lambda documentation and the launch blog post. For tenant isolation mode pricing information, visit AWS Lambda Pricing.

Streamline integration with Amazon and AWS Partner products using AWS IAM temporary delegation

AWS Identity and Access Management (IAM) is launching temporary delegation, a new capability that helps you accelerate onboarding and simplify management for products from Amazon and AWS Partners that integrate with your AWS accounts.\n With today’s launch, you can safely delegate limited, temporary access to these product providers to perform initial deployments, ad-hoc maintenance, or feature upgrades on your behalf. This approach provides a more secure and streamlined experience by eliminating the need for you to create persistent IAM roles for such tasks, or perform them manually. It reduces your setup time and lowers your operational burden, while giving you complete control and auditability over delegated access and actions. This feature is available in all AWS commercial Regions. Amazon products and AWS Partners such as Amazon Leo (coming soon), Archera, Aviatrix, CrowdStrike (coming soon), Databricks, HashiCorp, Qumulo, Rapid7, and SentinelOne are already implementing AWS IAM temporary delegation. To get started,

Customers: See the AWS IAM user guide or AWS blog

AWS Partners: Refer to the partner integration guide for onboarding details

AWS launches Billing Transfer for multi-organization billing and cost management

Today AWS announces Billing Transfer, a new feature that allows customers to centrally manage and pay bills across multiple AWS organizations.\n With Billing Transfer, customers operating in multi-organization environments can designate a single management account to centrally manage and pay for bills for multiple organizations, including invoice collection, payment processing, and detailed cost analysis.

Billing Transfer makes billing and cost management operations more efficient and scalable, while ensuring individual management accounts maintain complete security autonomy over their organizations. To protect proprietary pricing information, Billing Transfer is integrated with AWS Billing Conductor. This integration enables billing administrators to control how the cost data will be seen by their AWS organizations and implement advanced cost allocation strategies across multiple AWS organizations. For AWS Billing Transfer customers, there is no cost to use AWS Billing Conductor when they choose an AWS managed pricing plan. If they choose a Customer managed pricing plan, there will be a fee of $50 per AWS Organization. AWS offers a free trial for Billing Transfer through May 31, 2026. During this period, both AWS managed and Customer managed pricing plans in Billing Conductor are available at no charge. Starting June 1, 2026, Billing Transfer customers will be charged by the number of AWS organizations with Customer managed pricing plan attached to it.

If you’re using Billing Conductor on its own without Billing Transfer, you will still follow the standard per-account pricing model regardless of the type of pricing plan used (see pricing details).

Billing Transfer is available today in all public AWS Regions, excluding the GovCloud, China (Beijing) and China (Ningxia) Regions. To learn more about using Billing Transfer to centralize billing and cost management across your multi-organization environment, visit Billing Transfer product page, AWS Billing documentation, AWS Cost Management documentation, and news blog.

Amazon VPC IPAM now supports policies to enforce IP allocation strategy

Amazon Virtual Private Cloud (VPC) IP Address Manager (IPAM) supports policies to centrally configure and enforce your desired IP allocation strategy. This ensures resources launch with public IPv4 addresses from specific IPAM pools, improving operational posture, and simplifying network and security management.\n Using IPAM policies, the IP administrator can centrally define public IP allocation rules for AWS resources, such as Network Address Translation (NAT) Gateways when used in regional availability mode and Elastic IP addresses. The IP allocation policy configured centrally cannot be superseded by individual application teams, ensuring compliance at all times. Before this feature, IP administrator had to educate application owners across their organization, and rely on them to always comply with IP allocation best practices. IPAM policies improve your operational model multi-fold. Now, you can add IP based filters in your networking and security constructs like access control lists, route tables, security groups, and firewalls, with confidence that public IPv4 addresses assignments to AWS resources always come from specific IPAM pools. The feature is available in all AWS commercial regions and the AWS GovCloud (US) Regions, in both Free Tier and Advanced Tier of VPC IPAM. When used with the Advanced Tier of VPC IPAM, customers can set policies across AWS accounts and AWS regions. To get started please see the IPAM policies documentation page. To learn more about IPAM, view the IPAM documentation. For details on pricing, refer to the IPAM tab on the Amazon VPC Pricing Page.

Announcing enhanced cost management capabilities in Amazon Q Developer

Amazon Q Developer now offers enhanced cost management capabilities, enabling customers to analyze costs across a wider range of Cloud Financial Management domains with more advanced analytical capabilities. Customers can now ask complex, open-ended questions about historical and forecasted costs and usage, optimization recommendations, commitment coverage and utilization, cost anomalies, budgets, free tier usage, product attributes, and cost estimation. Q can explore data, form hypotheses, and perform calculations to provide deeper insights with less time and expertise required.\n With these capabilities, FinOps practitioners, engineers, and Finance professionals can increase productivity by delegating more cost analysis and estimation tasks to Q. For example, customers can ask “Why did costs for this application increase last week?”. Q will explore the data by retrieving costs and usage quantities by service, account, or resource, form hypotheses, gather data from multiple sources, and perform calculations ranging from simple period-over-period cost changes to unit economic metrics like effective cost per instance-hour. Q provides transparency on each API call it makes to retrieve data, including specific parameters used, and provides matching console links where customers can verify the data or dive deeper. To get started, open the Amazon Q chat panel from anywhere in the AWS Management Console and ask a question about your costs. To learn more, see Managing your costs using generative AI with Amazon Q Developer in the AWS Cost Management user guide.

Amazon ECR introduces archive storage class for rarely accessed container images

Amazon ECR now offers a new archive storage class to reduce storage costs for large volumes of rarely accessed container images. The new archive storage class helps you meet your compliance and retention requirements while optimizing storage cost. As part of this launch, ECR lifecycle policies now support archiving images based on last pull time, allowing you to use lifecycle rules to automatically archive images based on usage patterns.\n To get started, you can archive images by configuring lifecycle rules to automatically archive images based on criteria such as image age, count, or last pull time, or using the ECR Console or API to archive images individually. You can archive an unlimited number of images. Archived images do not count against your image per repository limit. Once the images are archived, they are no longer accessible for pulls, but can be easily restored via ECR Console, CLI, or API within 20 minutes. Once restored, images can be pulled normally. All archival and restore operations are logged through CloudTrail for auditability. The new ECR archive storage class is available in all AWS Commercial and AWS GovCloud (US) Regions. For pricing, visit the pricing page. To learn more, visit the documentation.

Amazon CloudWatch now supports scheduled queries in Logs Insights

Amazon CloudWatch Logs now supports automatically running Logs Insights queries on a recurring schedule for your log analysis needs. With scheduled queries, you can now automate log analysis tasks and deliver query results to Amazon S3 and Amazon EventBridge.\n With today’s launch, you can track trends, monitor key operational metrics, and detect anomalies without needing to manually re-run queries or maintain custom automation. This feature makes it easier to maintain continuous visibility into your applications and infrastructure, streamline operational workflows, and ensure consistent insight generation at scale. For example, you can setup scheduled queries for your weekly audit reporting. The query results can also be stored in Amazon S3 for analysis, or trigger incident response workflows through Amazon EventBridge. The feature supports all CloudWatch Logs Insights query languages and helps teams improve operational efficiency by eliminating manual query executions.

Scheduled queries is available in US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), and South America (São Paulo).

You can configure a scheduled query using the Amazon CloudWatch console, AWS Command Line Interface (AWS CLI), AWS Cloud Development Kit (AWS CDK), and AWS SDKs. For more information, visit the Amazon CloudWatch documentation.

Amazon EC2 M7i instances are now available in the Europe (Zurich) Region

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) M7i instances powered by custom 4th Gen Intel Xeon Scalable processors (code-named Sapphire Rapids) are available in the Europe (Zurich) region. These custom processors, available only on AWS, offer up to 15% better performance over comparable x86-based Intel processors utilized by other cloud providers.\n M7i deliver up to 15% better price-performance compared to M6i. M7i instances are a great choice for workloads that need the largest instance sizes or continuous high CPU usage, such as gaming servers, CPU-based machine learning (ML), and video-streaming. M7i offer larger instance sizes, up to 48xlarge, and two bare metal sizes (metal-24xl, metal-48xl). These bare-metal sizes support built-in Intel accelerators: Data Streaming Accelerator, In-Memory Analytics Accelerator, and QuickAssist Technology that are used to facilitate efficient offload and acceleration of data operations and optimize performance for workloads. To learn more, visit Amazon EC2 M7i Instances. To get started, see the AWS Management Console.

Amazon OpenSearch Service launches Cluster Insights for improved operational visibility

Amazon OpenSearch Service now includes Cluster Insights, a monitoring solution that provides comprehensive operational visibility of your clusters through a single dashboard. This eliminates the complexity of having to analyze and correlate various logs and metrics to identify potential risks to cluster availability or performance. The solution automates the consolidation of critical operational data across nodes, indices, and shards, transforming complex troubleshooting into a streamlined process.\n When investigating performance issues like slow search queries, Cluster Insights displays relevant performance metrics, affected cluster resources, top-N query analysis, and specific remediation steps in one comprehensive view. The solution operates through OpenSearch UI’s resilient architecture, maintaining monitoring capabilities even during cluster unavailability. Users gain immediate access to account-level cluster summaries, enabling efficient management of multiple deployments. Cluster Insights is available at no additional cost for OpenSearch version 2.17 or later in all Regions where OpenSearch UI is available. View the complete list of supported Regions here. To learn more about Cluster Insights, refer to our technical documentation.

AWS Organizations introduces direct account transfers between organizations

AWS Organizations now provides customers the ability to directly transfer an account to a different organization without first having to remove the account from their current organization. This new capability streamlines the process of transferring accounts between organizations, whether those transfers are part of ongoing operations or an acquisition integration project.\n Allowing direct transfers of accounts between organizations eliminates the previous requirement for the account to temporarily operate as a standalone account. With the standalone step removed, customers no longer need to manually configure the account’s payment method, contact information, and support plan as part of the transfer. Direct transfers of accounts also ensure the account maintains access to the governance features and consolidated billing benefits of the AWS organization they are in before and after the transfer process. The updated process is simpler and uses the same AWS Organizations console experience and APIs as before: an organization invites an account, and the account accepts the invite.

Direct account transfers between organizations are now available in all commercial AWS Regions and the AWS GovCloud (US) Regions.

To learn more about directly transferring accounts between AWS organizations, see Managing account invitations with AWS Organizations from the AWS user guide, or review the AWS Organizations API Reference.

AWS Announces Elemental MediaConnect Router

Today, AWS announces the general availability of AWS Elemental MediaConnect Router, a new capability that enables broadcasters and content providers to dynamically route live video between sources and destinations in the AWS network. This new capability transforms how you build and manage complex live video workflows in the cloud, eliminating the need to reconfigure infrastructure as routing needs change. The router enables complex scenarios like switching between primary and backup feeds, routing regional variants independently, and managing multiple feeds for comprehensive coverage.\n MediaConnect Router optimizes content delivery across the AWS network, reducing transport latency while improving packet delivery reliability when compared to standard transport technologies. This fully managed capability supports routing between inputs and outputs in any supported region as well as between private and public endpoints, and it eliminates operational overhead and unused capacity costs. You can start using MediaConnect Router through the MediaConnect console, via MediaConnect API, or AWS CDK. It works independently or alongside existing MediaConnect flows. It can also be part of a larger video workflow with AWS Elemental, a family of media services that help customers process, monetize, and deliver the highest quality video at global scale. MediaConnect Router is available in all standard AWS Regions. To learn more about MediaConnect, please visit here.

AWS Marketplace adds A2A server support for Amazon Bedrock AgentCore Runtime

AWS Marketplace now offers Agent-to-Agent (A2A) server support and streamlined deployment for third-party AI agents and tools built for Amazon Bedrock AgentCore Runtime. The new capabilities accelerate deployment by pre-populating required environment variables in the AgentCore console and AWS CLI instructions in AWS Marketplace. Customers can now also procure and deploy A2A servers on AgentCore Runtime through AWS Marketplace, making it easier for them to leverage AI agents from AWS Partners. The improvements reduce deployment complexity by leveraging vendor-defined launch configurations while adding protocol flexibility to meet diverse customer needs.\n AWS Partners can now offer A2A servers in addition to MCP servers and AI agents using AgentCore Runtime containers in the AWS Marketplace Management Portal. To accelerate customer onboarding, AWS Partners can define required environment variables for AgentCore Runtime supported products so that customers can quickly get started. AWS Partners can also enable free pricing for API-based SaaS products. These capabilities provide AWS Partners with the flexibility to bring new products to market and implement pricing strategies that align with their business models and customers’ needs. Customers can learn more in the buyer guide and start exploring AI agent solutions in AWS Marketplace on the solutions page. For AWS Partners interested in implementing the capabilities, visit the seller guide and complete the AWS Marketplace listing workshop.

AWS Directory Service now supports AWS PrivateLink for private VPC connectivity

AWS Directory Service now supports AWS PrivateLink, enabling you to ensure all API calls to AWS Directory Service are constrained to within the private networks that you specify. This new capability provides private connectivity to both the AWS Directory Service APIs and Directory Service Data APIs, delivering faster network paths, reduced latency, and eliminating public internet-based call patterns.\n With AWS PrivateLink support, your access to AWS Directory Service APIs can be constrained to the private network connectivity you specify and eliminate any requirements for an internet gateway or NAT device. This encompasses all essential operations such as creating directories, configuring trust relationships, managing user accounts, and adding users to groups. This capability is particularly valuable for organizations that must maintain strict isolation between their workloads and public network connectivity. To establish a private connection, you create an interface Amazon VPC endpoint powered by AWS PrivateLink, which creates requester-managed network interfaces in each enabled subnet to serve as entry points for Directory Service API traffic. This feature is available in all AWS Regions where AWS Directory Service is supported. To learn more, see the AWS Directory Service documentation.

AWS CloudTrail adds data event aggregation to simplify security monitoring

AWS announces CloudTrail aggregated events, a new feature that simplifies how enterprises monitor and analyze their CloudTrail data events at scale. Aggregations are available for CloudTrail data events, which could generate thousands of events per minute as users access resources like Amazon S3 buckets or AWS Lambda functions. With this feature, security, compliance, and operations teams can efficiently monitor high-volume data access patterns without processing massive numbers of individual events.\n Aggregation for data events streamlines security monitoring by consolidating high-volume AWS API activity into 5-minute summaries. These summaries highlight key trends like access frequency, error rates, and most-used actions, allowing teams to quickly identify patterns while maintaining access to detailed events when needed. Security teams can easily answer questions like “How has this user’s activity changed over the past week?” or “What are the top actions being performed on this critical resource?” without having to scan through voluminous CloudTrail data events. You can enable aggregation in your trails capturing data events through the AWS console or CLI, and choose from pre-built aggregation templates for API activity, resource access, and user activity summaries. For more information, see the CloudTrail trail documentation. You are charged for aggregations based on the number of CloudTrail data events that are analyzed to create the aggregation. For more information, visit the CloudTrail pricing page. You can use CloudTrail aggregations for data in all commercial AWS Regions.

Amazon MSK Console now supports viewing Kafka topics with new public APIs

Amazon Managed Streaming for Apache Kafka (Amazon MSK) now supports viewing topics directly through the Amazon MSK console, making it easier to inspect all your Kafka topics without setting up Kafka admin clients. You can browse and search topics within a cluster, quickly review replication settings and partition counts, and drill into individual topics to examine detailed configuration, partition-level information, and metrics. These console capabilities are powered by three new MSK APIs, ListTopics, DescribeTopic, and DescribeTopicPartitions that you can also use directly for programmatic access. The ListTopics API returns the list of all topics in a cluster, while the DescribeTopic and DescribeTopicPartitions APIs provide detailed configuration and partition information for a topic. All three APIs are available through the AWS CLI and AWS SDKs.\n These MSK topic viewing capabilities are available for all Amazon MSK Provisioned clusters using Kafka version 3.6 and above across AWS regions where Amazon MSK is offered. To start using these features, you’ll need to set up the appropriate IAM permissions. To learn more on how to get started, see the Amazon MSK Developer Guide.

AWS Cost Explorer now provides 18-month forecasting and explainable AI-powered forecasts

Today, AWS announces that AWS Cost Explorer now empowers customers with three key improvements: two generally available enhancements, including an 18-month forecasting horizon extending from the previous 12-month limit, and improved machine learning models that analyze up to 36 months of historical data (vs. previous 6 months) to identify seasonal patterns and long-term growth trends, and plus a new public preview feature offering AI-powered explanations that provide transparency into forecast methodology. AWS Cost Explorer helps customers analyze and manage their cloud spending through detailed cost and usage reports with forecasting capabilities. These enhancements provide the extended visibility needed for annual budget planning cycles.\n These capabilities enable finance teams to account for seasonal patterns, holiday peaks, and business cycles with enhanced accuracy and present forecasts with greater stakeholder confidence. The AI explanations help teams understand and communicate the key drivers behind their cost projections, making it easier to identify optimization opportunities and build executive buy-in for cloud investments. You can access the 18-month forecasting horizon directly through the AWS Cost Explorer console or via the GetCostForecast API. AI-powered explanations are currently available in the console only during public preview. To learn more about this enhanced feature, see Cost Explorer details page, user guides, and the announcement blog.

AWS Data Exports for FOCUS 1.2 is now generally available

Today, AWS announces the general availability of AWS Data Exports for FOCUS 1.2. FOCUS 1.2 is an open cloud cost and usage specification that provides standardization to simplify Cloud Financial Management across multiple sources. AWS Data Exports for FOCUS 1.2 enables customers to export their AWS cost and usage data with the FOCUS 1.2 schema to Amazon S3.\n With AWS Data Exports for FOCUS 1.2, customers can streamline their financial close processes with invoice reconciliation capabilities, track capacity reservation status to identify unused reservations, and leverage virtual currency support for multi-cloud and SaaS cost management scenarios. The specification maintains the standardized four-cost-column structure (ListCost, ContractedCost, BilledCost, and EffectiveCost) from FOCUS 1.0 while extending support for additional enterprise use cases. This helps organizations standardize cost reporting across cloud providers and solution providers, and improve financial operations efficiency. AWS Data Exports for FOCUS 1.2 is available in the US East (N. Virginia) Region and includes cost and usage data covering all AWS Regions, except AWS GovCloud (US) Regions and AWS China (Beijing and Ningxia) Regions. Learn more about AWS Data Exports for FOCUS 1.2 in the User Guide, product details page, and the announcement blog. Get started by visiting the AWS Data Exports page in the AWS Billing and Cost Management console and creating an export named “FOCUS 1.2 with AWS columns”.

AWS Cost Anomaly Detection expands AWS managed monitoring

AWS Cost Anomaly Detection now enables you to monitor all linked accounts, cost allocation tags, or cost categories with a single managed monitor. Previously available only for AWS services, this capability helps you identify unusual spending patterns across your entire AWS organization without manual configuration.\n As organizations scale, you need visibility into costs for individual accounts, teams, or business units to maintain accountability and quickly identify anomalies. For example, if you track 500 application teams using a ’team’ cost allocation tag, you previously needed to create and maintain 500 individual monitors. Now, you can create a single managed monitor that automatically tracks each team’s spending separately. When your organization evolves—such as ’team-mobile’ splitting into ’team-ios’ and ’team-android’—both new teams are automatically monitored individually without any configuration changes, ensuring continuous anomaly detection as your organization grows. The extension of AWS managed monitors to linked accounts, cost allocation tags, and cost categories is available today in all commercial AWS Regions at no additional charge. To learn more, visit AWS Cost Anomaly Detection, or read our blog post. To get started, see the the user guide.

Amazon FSx for Windows File Server now supports File Server Resource Manager

Amazon FSx for Windows File Server, a fully-managed service that provides file storage built on Windows Server, now supports File Server Resource Manager (FSRM), a Windows Server feature that provides powerful capabilities to manage, govern, and monitor your file data. With FSRM, you can better control storage usage, strengthen compliance, and optimize costs across your FSx for Windows file systems.\n With this launch, you can now classify, identify, and control sensitive data using file classification and file screening, control storage usage and costs using folder-level quotas, and better understand and optimize your storage usage with storage reports. FSRM on FSx for Windows File Server is also deeply integrated with AWS observability services. You can publish FSRM events directly to Amazon CloudWatch Logs or stream events to Amazon Kinesis Data Firehose, allowing you to query, process, store, and archive logs, trigger AWS Lambda functions to take reactive actions based on file events, and perform advanced monitoring and analysis to automate administration of your file data. FSRM support is available today at no additional cost for new file systems in all AWS Regions where Amazon FSx for Windows File Server is available. Existing file systems will receive FSRM support during an upcoming maintenance window. To get started, visit File Server Resource Manager in the FSx for Windows User Guide and read the blog Using File Server Resource Manager (FSRM) on Amazon FSx for Windows File Server.

AWS Network Load Balancer simplifies deployments with support for Weighted Target Groups

Network Load Balancer now supports weighted target groups, allowing you to distribute traffic across multiple target groups with configurable weights for advanced deployment strategies.\n Weighted target groups enables key use cases like Blue-Green and Canary Deployments, Application Migration, and A/B Testing by allowing you to register multiple target groups with configurable weights ranging from 0 to 999, providing precise control over traffic distribution. Blue-Green and Canary Deployments allow you to gradually shift traffic between application versions, minimizing downtime during upgrades and patches; Application Migration enables seamless transitions from legacy stacks to new stacks without disrupting production traffic; and A/B Testing facilitates splitting incoming traffic across experimental environments. All target group types are supported, including instance, IP address, and Application Load Balancer (ALB) targets. Weighted Target Groups routing is available for all existing and new Network Load Balancers across AWS commercial and AWS GovCloud (US) regions at no additional charge. Standard Network Load Balancer Capacity Unit (LCU) pricing applies. To learn more, please refer to this AWS blog post, and the NLB User Guide.

Amazon GuardDuty Malware Protection for AWS Backup is now available

Amazon GuardDuty Malware Protection for AWS Backup is now available, extending malware detection to your Amazon EC2, Amazon EBS, and Amazon S3 backups. This capability automates malware detection in your backups without requiring additional security software or agents. You can identify your last known clean backup to minimize business disruption during recovery.\n Malware protection scans new backups automatically, runs on-demand scans of existing backups, and verifies backups are clean before restoration. You can enable this capability even if GuardDuty foundational data sources aren’t enabled in your account. You can also use incremental scanning which analyzes only changed data between backups, reducing costs compared to rescanning full backups.

Amazon GuardDuty Malware Protection for AWS Backup is available in the list of supported Regions. You can get started using the AWS Backup console, API, or CLI. To learn more, read the launch blog or visit the AWS Backup documentation and Amazon GuardDuty Malware Protection documentation.

Amazon Bedrock Custom Model Import now supports OpenAI GPT OSS models

Amazon Bedrock Custom Model Import now supports Open AI GPT OSS models. You can import custom weights for gpt-oss-120b and gpt-oss-20b models. This enables you to bring your own customized GPT OSS models into Amazon Bedrock and deploy them in a fully managed, serverless environment—without having to manage infrastructure or model serving.\n GPT OSS models are text-to-text models designed for reasoning, agentic, and developer tasks. The larger gpt-oss-120b model is optimized for production, general purpose, and high reasoning use cases, while the smaller gpt-oss-20b model is best suited for lower latency, or specialized used cases such as data processing or domain-specific summarization. Amazon Bedrock Custom Model Import for GPT OSS models is generally available in the US-East (N. Virginia) AWS Region. You can get started by importing your custom GPT OSS models in the custom models section of the Amazon Bedrock console. To learn more about OpenAI models in Amazon Bedrock visit the product page. To see what all architectures are supported visit the documentation.

Amazon Connect now supports enhanced Instance-to-Instance communication

Amazon Connect now routes calls between instances within the same account through the AWS global backbone, without relying on the Public Switched Telephony Network (PSTN) when both numbers are provisioned or ported into Amazon Connect.\n Customers calling between Amazon Connect instances - whether within the same region or across regions - now benefit from AWS’s global network infrastructure. Customers will enjoy higher call quality, simplified billing, and enhanced contact sharing capabilities that preserve call context across transfers. This feature is available in all commercial regions where Amazon Connect is offered except for Africa (Cape Town). To learn more about Amazon Connect, review the following resources:

Amazon Connect website and pricing

Amazon Connect Administrator Guide

AWS IAM launches aws:SourceVpcArn condition key for region-based access control

AWS Identity and Access Management (IAM) now supports a new global condition key, aws:SourceVpcArn, that enables customers to enforce region-based access controls for resources accessed through AWS PrivateLink. This condition key returns the ARN of the VPC where the VPC endpoint is attached, allowing customers to verify whether requests travel through a specific VPC and implement controls on private access to their resources in same-region or cross-region scenarios.\n Customers can use aws:SourceVpcArn in policies to ensure resources are only accessible from VPC endpoints in specific regions, helping enforce data residency requirements. For example, you can attach a policy to an Amazon S3 bucket that restricts access to requests made through VPC endpoints in designated regions only. The aws:SourceVpcArn condition key is available in all commercial AWS Regions. For a complete list of supported AWS services and to learn more, please refer to the IAM User Guide.

AWS Blogs

AWS Japan Blog (Japanese)

AWS Japan Startup Blog (Japanese)

AWS News Blog

AWS Architecture Blog

AWS Cloud Financial Management

AWS Big Data Blog

AWS Compute Blog

AWS Contact Center

AWS Database Blog

AWS DevOps & Developer Productivity Blog

AWS HPC Blog

AWS for Industries

Artificial Intelligence

AWS for M&E Blog

AWS Messaging Blog

Networking & Content Delivery

AWS Security Blog

AWS Storage Blog

Open Source Project

AWS CLI

Amplify for iOS

Bottlerocket OS