4/1/2026, 12:00:00 AM ~ 4/2/2026, 12:00:00 AM (UTC)
Recent Announcements
Amazon SES Mail Manager adds new features for enhanced security and email processing
Amazon Simple Email Service (SES) Mail Manager now offers enhancements to email security and processing while simplifying email infrastructure migrations. These enhancements include optional TLS and certificate-based authentication (mTLS) support in Ingress Endpoint, and two new rule actions: Invoke Lambda function and Bounce.\n These enhancements benefit organizations seeking to maintain compatibility with legacy systems while implementing stronger security controls, and advanced email routing capabilities. For example customers can now configure STARTTLS as an optional TLS configuration, enabling legacy systems that don’t support STARTTLS to connect to Mail Manager. With Mutual TLS (mTLS) in Ingress Endpoint customers can now used certificate-based authentication for enhanced security. The Invoke Lambda function rule action allows direct invocation of AWS Lambda functions from rule sets, enabling custom email processing workflows and the Bounce rule action provides RFC-compliant SMTP responses to sending servers.
These new enhancements are available today in all AWS Regions where Amazon SES Mail Manager is offered, except for the Middle East (UAE) and Middle East (Bahrain) regions. To learn more about Amazon SES Mail Manager and how these features can help streamline your email operations, visit https://aws.amazon.com/ses/.
Amazon SageMaker Data Agent now supports geo-specific inference for Japan and Australia
Amazon SageMaker Data Agent now supports cross-region inference profiles for Japan and Australia through Amazon Bedrock. With this update, inference requests from Data Agent in the Asia Pacific (Tokyo) and Asia Pacific (Sydney) regions are processed within their respective geographies, supporting data sovereignty requirements for customers in Japan and Australia.\n Data Agent provides an AI-powered conversational experience for data exploration, Python and SQL code generation, troubleshooting, and analytics directly within Amazon SageMaker Unified Studio Notebook and Query Editor. With geo-specific inference through JP-CRIS (Japan Cross-Region Inference) and AU-CRIS (Australia Cross-Region Inference), you can use Data Agent with confidence that your inference requests are routed exclusively within your geography over the AWS Global Network. Customers in regulated industries such as financial services, healthcare, and the public sector can meet data residency requirements while using the full set of Data Agent capabilities.
To get started, open a project in SageMaker Unified Studio in a supported region and use Data Agent in notebooks or Query Editor. For more information, see SageMaker Data Agent in the Amazon SageMaker Unified Studio User Guide.
AWS VPC Encryption Controls now available in AWS GovCloud (US) Regions
AWS launches VPC Encryption Controls in AWS GovCloud (US) Regions to make it easy to audit and enforce encryption in transit within and across Amazon Virtual Private Clouds (VPC), and demonstrate compliance with encryption standards. You can turn it on your existing VPCs to monitor encryption status of traffic flows and identify VPC resources that are unintentionally allowing plaintext traffic. This feature also makes it easy to enforce encryption across different network paths by automatically (and transparently) turning on hardware-based AES-256 encryption on traffic between multiple VPC resources including AWS Fargate, Network Load Balancers, and Application Load Balancers.\n To meet stringent compliance standards like HIPAA, PCI DSS, FedRAMP, and FIPS 140-2, government customers rely on both application layer encryption and the hardware-based encryption that AWS offers across different network paths. AWS provides hardware-based AES-256 encryption transparently between modern EC2 Nitro instances. AWS also encrypts all network traffic between AWS data centers in and across Availability Zones, and AWS Regions before the traffic leaves our secure facilities. All inter-region traffic that uses VPC Peering, Transit Gateway Peering, or AWS Cloud WAN receives an additional layer of transparent encryption before leaving AWS data centers. Prior to this release, customers had to track and confirm encryption across all network paths. With VPC Encryption Controls, customers can now monitor, enforce and demonstrate encryption within and across Virtual Private Clouds (VPCs) in just a few clicks. Your information security team can turn it on centrally to maintain a secure and compliant environment, and generate audit logs for compliance and reporting.
With this launch, VPC Encryption Controls is now available in AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. To learn more about this feature and its use cases, please see our documentation.
Amazon CloudFront now supports SHA-256 for signed URLs and signed cookies
Amazon CloudFront now supports SHA-256 as a hash algorithm for creating signed URLs and signed cookies. SHA-256 provides an improved security posture with stronger collision detection and alignment with modern cryptographic standards, giving you stronger cryptographic signing when restricting access to content. Previously, CloudFront signed URLs and signed cookies used SHA-1 exclusively for signature generation. This feature helps you meet security and compliance requirements that mandate SHA-256 for digital signatures, while also future-proofing your content delivery workflows.\n To use SHA-256, include the Hash-Algorithm=SHA256 query parameter in your signed URLs, or the CloudFront-Hash-Algorithm=SHA256 cookie attribute for signed cookies. Existing signed URLs and signed cookies that don’t specify a hash algorithm continue to use SHA-1, so this change is fully backwards compatible.
This feature is available in all edge locations where Amazon CloudFront is available. There is no additional cost to use SHA-256 signing. To learn more, see Create a signed URL using a canned policy or Set signed cookies using a canned policy in the Amazon CloudFront Developer Guide.
Amazon RDS for Oracle now supports cross-account snapshot sharing with additional storage volumes
Amazon RDS for Oracle now supports cross-account snapshot sharing for database instances with additional storage volumes. Additional storage volumes allow customers to scale database storage up to 256 TiB by adding up to three storage volumes, each with up to 64 TiB, in addition to the primary storage volume. With this launch, customers can create, share, and copy a database snapshot across AWS accounts for database instances set up with additional storage volumes. Cross account snapshots enable customers to set up isolated backup environments in separate accounts for compliance requirements and to perform diagnostics, such as investigating production issues by restoring database snapshots in a separate account for development and testing.\n Cross account snapshots for database instances with additional storage volumes preserve the storage layout of the original database instance, including the configuration of additional storage volumes. When a snapshot is shared to a target AWS account, authorized users in the target account can restore it to another database instance, copy the snapshot within the same or different AWS Region, or create independent backups under different AWS Identity and Access Management (IAM) access permissions for backup and disaster recovery. Cross-account snapshot sharing with additional storage volumes is available in all AWS commercial Regions. Customers can start using this feature today through the AWS Management Console, AWS CLI, or AWS SDKs. To learn more, see Sharing a DB snapshot for Amazon RDS, Copying a DB snapshot for Amazon RDS, and Working with storage in RDS for Oracle in the Amazon RDS User Guide.
Amazon Bedrock now supports structured outputs to AWS GovCloud (US) Regions
Amazon Bedrock is a fully managed service that provides access to a wide selection of high-performing foundation models from leading AI companies through a single API. Today, Amazon Bedrock expands structured outputs support to AWS GovCloud (US) Regions. Structured outputs enables foundation models to return consistent, schema-compliant, machine-readable responses—making it well-suited for government and regulated workloads that must meet strict compliance and data handling requirements.\n Structured outputs helps with common production tasks, such as extracting key fields and powering workflows that use APIs or tools, where even minor formatting errors can break downstream systems. By ensuring schema compliance, it reduces the need for custom validation logic and lowers operational overhead by minimizing failed requests and retries—so you can confidently deploy AI applications that require predictable, machine-readable outputs. You can use structured outputs either by defining a JSON schema that describes your desired response format or by using strict tool definitions to ensure a model’s tool calls match your specifications.
Structured outputs is now generally available in all commercial AWS and AWS GovCloud (US) Regions where Amazon Bedrock is supported. To learn more about structured outputs and the supported models, visit the Amazon Bedrock documentation.
AWS Managed Microsoft AD adds Multi-Region replication for Opt-In regions
AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, now supports Multi-Region replication in AWS Opt-In regions. This expands the existing Multi-Region replication capability to additional AWS regions, eliminating the need to create and manually synchronize independent directories in each region and allowing domain-joined workloads in those regions to connect to AWS Managed Microsoft AD.\n With automated Multi-Region replication, AWS Managed Microsoft AD handles inter-region networking, deploys domain controllers in separate Availability Zones per region, and replicates all directory data including users, groups, Group Policy Objects, and schema. The service configures an Active Directory site per region to optimize authentication performance and minimize cross-region data transfer costs.
Multi-Region replication is available in AWS Opt-In regions where AWS Managed Microsoft AD is available, except the Middle East (UAE) and Middle East (Bahrain) Regions. You pay by the hour for the domain controllers in each region, plus the cross-region data transfer. To get started, see the Configure Multi-Region replication guide.
Oracle Database@AWS launches sub-millisecond network latency for high performance applications
Today, Oracle Database@AWS (ODB@AWS) announced high performance networking that provides customers consistent sub-millisecond roundtrip latency from their AWS applications to the database. Many applications such as payment processing, securities trading, and high volume transaction processing require predictable and consistent low-latency network connectivity to the application database. Customers who run such latency-sensitive applications on Oracle Exadata systems on-premises optimize their infrastructure to obtain the performance that these applications require. With high performance networking for ODB@AWS, customers can now seamlessly migrate these applications to an equivalent optimized environment on AWS.\n ODB@AWS automatically provides consistent and predictable low-latency network connectivity from Amazon EC2 instances to ODB@AWS databases through optimized placement of compute instances. When customers create an ODB@AWS network for their databases, they can now launch placement optimized Amazon EC2 instances with consistent, sub-millisecond latency network connectivity to their databases using existing Amazon EC2 APIs and workflows, such as launching new EC2 instances, or reserving compute capacity with EC2 On-Demand Capacity Reservations. There is no additional charge for EC2 instances using optimized placement for connectivity to ODB@AWS databases. The feature is available in the US-East-2 (Ohio), CA-Central-1 (Canada Central), EU-Central-1 (Frankfurt), EU-West-1 (Dublin), AP-Northeast-1 (Tokyo), and AP-Southeast-2 (Sydney) AWS Regions, with more Regions coming soon. For more information, see High performance networking for Oracle Database@AWS.
YouTube
AWS Black Belt Online Seminar (Japanese)
- AWS Re:Invent 2025 Re:Cap Industry Edition - Notable Services Seen from the Distribution Retail/Consumer Goods Industry [AWS Black Belt]
- AWS Re:Invent 2025 Re:Cap Industry Edition - Distribution and Retail Consumer Goods Industry Trends Seen from Case Sessions for the Distribution Retail/Consumer Goods Industry [AWS Black Belt]
- AWS Re:Invent 2025 Re:Cap Industry Edition - NRF 2026 Field Report for the Distribution Retail/Consumer Goods Industry [AWS Black Belt]
- AWS Organizations Basic Edition [AWS Black Belt]
- AWS Re:Invent 2025 Re:Cap HPC on AWS Edition [AWS Black Belt]
- Amazon SageMaker Basic Edition [AWS Black Belt]
- Realization of C360 using Amazon Connect Customer Profiles and utilization in marketing activities [AWS Black Belt]
AWS Blogs
AWS Japan Blog (Japanese)
- Operationalizing Agentic AI Part 1: A Guide for Stakeholders
- Introducing Taisei Co., Ltd.’s AWS-generated AI usage example “Building a Contract Management AI Agent Realized by Non-Engineers with Amazon Bedrock and Amazon Q Developer”
- Games Industry Lens update in the Well-Architected Framework
AWS Japan Startup Blog (Japanese)
AWS News Blog
AWS Architecture Blog
AWS Big Data Blog
- Navigating multi-account deployments in Amazon SageMaker Unified Studio: a governance-first approach
- Improve the discoverability of your unstructured data in Amazon SageMaker Catalog using generative AI