4/6/2026, 12:00:00 AM ~ 4/7/2026, 12:00:00 AM (UTC)

Recent Announcements

Amazon Verified Permissions now supports policy store aliases and named policies and policy templates

Today, AWS announces support for policy store aliases and named policies and policy templates in Amazon Verified Permissions, simplifying multi-tenant deployments and day-to-day policy management. Amazon Verified Permissions is a fine-grained authorization service that helps you manage and enforce permissions across your applications using Cedar policies. These new capabilities eliminate the need to maintain separate mapping tables for associating tenant identifiers with policy store IDs or tracking individual policy and template IDs.\n With policy store aliases, multi-tenant application developers can assign a human-readable alias based on a tenant identifier and use it in any API call, removing the need for a lookup table. Similarly, named policies and policy templates let you reference policies by meaningful names instead of system-generated IDs, making it easier to manage authorization logic as your application grows.

Amazon Verified Permissions policy store aliases and named policies and templates are available in all AWS Regions where Amazon Verified Permissions is available. For a full list of supported Regions, see Amazon Verified Permissions endpoints and quotas.

To get started, see Policy store aliases and Creating static policies in the Amazon Verified Permissions User Guide, or visit the Amazon Verified Permissions API Reference.

Amazon WorkSpaces Personal now supports unique DNS names for PrivateLink

Amazon WorkSpaces Personal now provides unique, publicly resolvable Domain Name System (DNS) names for each AWS PrivateLink Virtual Private Cloud (VPC) endpoint, enabling enterprise customers to deploy WorkSpaces across multiple AWS VPCs and accounts without DNS resolution conflicts. Each interface VPC endpoint now receives a globally unique AWS-managed DNS name in addition to the previous generic DNS name that was shared across all endpoints.\n This enhancement enables customers to route traffic appropriately in multi-account environments with centralized DNS infrastructure. Customers can now deploy WorkSpaces Personal directories across different VPCs and AWS accounts while maintaining proper security isolation, eliminating the DNS name collision that previously prevented customers from using separate interface VPC endpoints across accounts. The publicly resolvable DNS names simplify configuration while maintaining security, as they resolve to private IP addresses accessible only from within the respective VPC. The unique DNS names are automatically managed by AWS throughout their lifecycle, requiring no additional Route 53 configuration or custom DNS management. This feature is available in all AWS regions where PrivateLink is available in Amazon WorkSpaces Personal. To learn more, see Amazon WorkSpaces PrivateLink documentation. For configuration details, refer to the WorkSpaces Administration Guide. Existing customers will automatically benefit from this enhancement, as the system maintains backward compatibility with previous DNS configurations.

Amazon FSx for OpenZFS is now available in the AWS Asia Pacific (Melbourne) Region

Customers can now create Amazon FSx for OpenZFS file systems in the AWS Asia Pacific (Melbourne) Region, providing fully managed shared file storage built on the OpenZFS file system.\n Amazon FSx makes it easier and more cost effective to launch, run, and scale feature-rich, high-performance file systems in the cloud. It supports a wide range of workloads with its reliability, security, scalability, and broad set of capabilities. Amazon FSx for OpenZFS provides fully managed, cost-effective, shared file storage powered by the popular OpenZFS file system, and is designed to deliver sub-millisecond latencies and multi-GB/s throughput along with rich ZFS-powered data management capabilities (like snapshots, data cloning, and compression). To learn more about Amazon FSx for OpenZFS, visit our product page, and see the AWS Region Table for complete regional availability information.

AWS announces general availability of Smithy-Java client framework

AWS today announced the general availability of Smithy-Java, an open-source Java framework for generating type-safe clients and standalone classes from Smithy models. Smithy-Java addresses one of the most consistently requested capabilities from enterprise Smithy users: production-grade Java SDK generation. The framework allows you to generate clients from models and async patterns that increase cognitive load and maintenance burden for developers building modern Java applications.\n Built on Java 21’s virtual threads, Smithy-Java provides a blocking-style API that is both simpler to use and competitive in performance with complex async alternatives. Key benefits include auto-generated type-safe clients from Smithy, protocol flexibility with runtime protocol swapping for gradual migration paths. The GA release includes the Java client code generator, support for AWS SigV4 and all major AWS protocols (AWS JSON, REST-JSON, REST-XML, AWS Query, and Smithy RPCv2-CBOR), standalone type code generation for sharing types across multiple services or data modeling, and a dynamic client that can call Smithy services without a codegen step.

The framework pioneers two architectural innovations: schema-driven serialization that reduces SDK size while improving performance, and binary decision diagrams (BDD) for endpoint rules resolution delivering significant latency improvements. Internal Amazon teams have already built complete services in weeks rather than months using Smithy-Java, with service teams depending on it internally. The framework is ideal for organizations invested in the Smithy ecosystem, teams requiring protocol-agnostic development, and developers building new services with generated server stubs.

To learn more, visit our blog post and follow the Smithy Java Quickstart guide.

AWS IoT Greengrass component SDK for C, C++, and Rust applications

We’re excited to announce the launch of a new Greengrass component SDK for AWS IoT Greengrass applications. This new SDK addresses the challenge of deploying sophisticated applications on edge devices with limited resources, enabling industries such as automotive, industrial IoT, robotics, and smart buildings to run more complex AI and ML workloads at the edge. Moreover, the new SDK maintains full compatibility with both AWS IoT Greengrass nucleus and nucleus lite capabilities.\n The new Greengrass component SDK offers significant memory footprint reduction, with a footprint of less than 0.5MB compared to 30MB, enabling deployment on resource-constrained devices. It provides native C, C++, and Rust bindings, optimized for performance and cost-critical embedded applications. This SDK opens new possibilities for edge computing applications where memory constraints have previously been a limiting factor.

The new Greengrass component SDK is available in all AWS Regions where AWS IoT Greengrass is available.

Amazon S3 starts rolling out new security best practice to new and existing buckets by default

As announced on November 19, 2025, Amazon S3 is now deploying a new default bucket security setting which will automatically disable server-side encryption with customer-provided keys (SSE-C) for all new general purpose buckets. For existing buckets in AWS accounts with no SSE-C encrypted objects, S3 will also disable SSE-C for all new write requests. For AWS accounts with SSE-C usage, S3 will not change the bucket encryption configuration on any of the existing buckets in those accounts. To learn more about this change, visit the S3 User Guide.\n Amazon S3 will deploy this new default to both new and existing general purpose buckets in 37 AWS Regions including the AWS China and AWS GovCloud (US) Regions over the next few weeks.

Amazon RDS for Oracle now supports Oracle Management Agent version 24.1.0.0.v1 for Oracle Enterprise Manager Cloud Control 24aiR1

Amazon Relational Database Service (Amazon RDS) for Oracle now supports Oracle Management Agent (OMA) version 24.1.0.0.v1 for Oracle Enterprise Manager (OEM) Cloud Control 24ai Release 1. OEM 24ai offers web-based tools to monitor and manage your Oracle databases. Amazon RDS for Oracle installs OMA, which communicates with your Oracle Management Service (OMS) to provide monitoring information. Customers running OMS version 24.1 Release 1 or later can now manage databases by installing OMA 24.1.0.0.v1\n To enable the version 24.1.0.0.v1 of OMA for OEM 24aiR1 or later, navigate to “Option Groups” in the AWS Management Console and add the “OEM_AGENT” option to a new or existing option group and set AGENT_VERSION to “24.1.0.0.v1”. You will also need to configure option settings including OMS hostname (or IP), port, agent registration password, and minimum TLS version of TLSv1.2 to allow OMA on your Amazon RDS for Oracle database instances to communicate with your existing Oracle Management Service (OMS) stack. To learn more, please refer to Amazon RDS for Oracle documentation. For more information on enabling and configuring OEM agents, refer to the Amazon RDS for Oracle documentation.

AWS Blogs

AWS Japan Blog (Japanese)

AWS News Blog

AWS Architecture Blog

AWS Cloud Financial Management

AWS Big Data Blog

AWS Database Blog

AWS Developer Tools Blog

Artificial Intelligence

AWS for M&E Blog

Open Source Project

AWS CLI

AWS Load Balancer Controller

Karpenter

Amazon EKS Anywhere