4/20/2026, 12:00:00 AM ~ 4/21/2026, 12:00:00 AM (UTC)
Recent Announcements
Amazon EBS expands volume modification enhancement to AWS European Sovereign Cloud Region
Amazon Elastic Block Store (Amazon EBS) now supports up to four Elastic Volumes modifications per volume within a rolling 24-hour window in AWS European Sovereign Cloud (Germany) Region. Elastic Volumes modifications allow you to increase the size, change the type, and adjust the performance of your EBS volumes. With this update, you can start a new modification immediately after the previous one completes, as long as you have initiated fewer than four modifications in the past 24 hours.\n This enhancement improves your operational agility to immediately scale storage capacity or adjust performance in response to sudden data growth or unanticipated workload spikes. With Elastic Volumes modifications, you can modify your volumes without detaching them or restarting your instances, allowing your application to continue running with minimal performance impact.
The Elastic Volumes modifications enhancement is automatically available in the Region without requiring changes to your existing workflows. To learn more, see Modify an Amazon EBS volume using Elastic Volumes operations in the Amazon EBS User Guide.
Amazon EVS now offers Microsoft Windows Server Licensing
Today, we’re announcing that Amazon Elastic VMware Service (Amazon EVS) now offers Microsoft Windows Server licensing entitlements. You can now migrate or create new virtual machines (VMs) running Windows Server OS in EVS and obtain Windows Server licensing entitlements for those VMs from AWS.\n Amazon EVS lets you run VMware Cloud Foundation (VCF) directly within your Amazon Virtual Private Cloud (VPC) on EC2 bare-metal instances, powered by AWS Nitro. Using either our step-by-step configuration workflow or the AWS Command Line Interface (CLI), you can set up a complete VCF environment in just a few hours. This rapid deployment enables faster workload migration to AWS, helping you eliminate aging infrastructure, reduce operational risks, and meet critical timelines for exiting your data center.
With this latest functionality, you can now entitle your Windows Server VMs on Amazon EVS with Microsoft Windows Server. You can configure an EVS connector to your VMware vCenter Server and provide the VM IDs for those Window Server VMs you want to entitle through the Amazon EVS console or AWS CLI. Pay for only what your VMs use, on a per vCPU-hour basis. Add or remove entitlement for your VMs at any time, giving you flexibility to manage costs as your environment evolves. This newest release provides you with greater flexibility when migrating to AWS, helping meet critical data center exit timelines while maintaining your familiar VMware environment.
This feature is available in all AWS Regions where Amazon EVS is available.
For more details, read the step-by-step walkthrough on the blog post. Visit the Amazon EVS product detail page and user guide. to learn more about Amazon EVS.
AWS IoT Greengrass v2.17 is now available, enabling you to run the edge runtime as a non-root user on Linux systems and deploy lighter-weight components that use significantly less memory. AWS IoT Greengrass is an Internet of Things (IoT) edge runtime and cloud service that helps customers build, deploy, and manage device software at the edge. With this release, you can install and run AWS IoT Greengrass v2.17 as a non-root user, making it easy for you to meet security requirements in enterprise and regulated environments where root access is prohibited. The release also adds an uninstall life cycle capability that automatically activates when you remove a component from a device, simplifying dependency management.\n Moreover, the release introduces the following new nucleus lite capabilities to reduce resource consumption at the edge:
Secure Tunneling lite component that uses just 4MB of memory, down from 36MB in the standard component.
Updated Fleet Provisioning component that supports Trusted Platform Module (TPM) 2.0 for cryptographic operations and secure device identity management.
PKCS#11 (Public Key Cryptographic Standard) interface that enables AWS IoT Greengrass nucleus lite component to easily authenticate with AWS IoT Core using keys and certificates stored in a Hardware Security Module (HSM).
AWS IoT Greengrass v2.17 is available in all AWS Regions where AWS IoT Greengrass is offered. To learn more about AWS IoT Greengrass v2.17 and its new features, visit the AWS IoT Greengrass documentation. Follow the Getting Started guide for a quick introduction to AWS IoT Greengrass.
Amazon DocumentDB (with MongoDB compatibility) now supports in-place upgrade from version 5.0 to 8.0
Amazon DocumentDB (with MongoDB compatibility) supports in-place major version upgrade (MVU) from version 5.0 to 8.0. You can upgrade with just a few clicks in the AWS Management Console or via the AWS SDK or AWS CLI — no new clusters, no endpoint changes, and no index rebuilds required.\n Upgrading to version 8.0 delivers performance and cost improvements: query latency improves by up to 7x and storage compression improves by up to 5x, so your applications run faster on less storage, reducing your costs. Version 8.0 also adds new capabilities including collation, views, new aggregation stages and operators, enhanced text search with text index v2, and vector index builds that are up to 30x faster.
In-place MVU from version 5.0 to 8.0 is available in all AWS Regions where Amazon DocumentDB 8.0 is available, at no additional cost.
To get started, see the in-place MVU documentation. To learn more about Amazon DocumentDB 8.0, visit the documentation.
Amazon EKS enhances cluster governance with new IAM condition keys
Amazon Elastic Kubernetes Service (EKS) now supports seven additional IAM condition keys for cluster creation and configuration APIs, enhancing the governance controls available through IAM policies and Service Control Policies (SCPs). Organizations managing multi-account environments require centralized mechanisms to enforce security and compliance requirements consistently across all clusters without relying on manual processes or post-deployment checks. This expansion of EKS IAM condition keys further enables proactive policy enforcement, providing organizations with more granular control to establish guardrails for cluster configurations.\n Organizations can now enforce private-only API endpoints (eks:endpointPublicAccess, eks:endpointPrivateAccess), require customer-managed AWS KMS keys for secrets encryption (eks:encryptionConfigProviderKeyArns), restrict clusters to approved Kubernetes versions (eks:kubernetesVersion), mandate deletion protection for production workloads (eks:deletionProtection), specify control plane scaling tiers (eks:controlPlaneScalingTier), and enable zonal shift capabilities for high availability (eks:zonalShiftEnabled). These condition keys apply to CreateCluster, UpdateClusterConfig, UpdateClusterVersion, and AssociateEncryptionConfig APIs, integrating seamlessly with AWS Organizations SCPs for centralized governance across accounts. The new IAM condition keys are available in all AWS Regions where Amazon EKS is available at no additional charge. To learn more about Amazon EKS IAM condition keys, see the Amazon EKS User Guide and the Service Authorization Reference for Amazon EKS. For information about implementing Service Control Policies, see the AWS Organizations documentation.
Amazon MSK Replicator now supports log forwarding for replication visibility
Amazon MSK Replicator now delivers replicator logs to give you end-to-end visibility into replication health. Replicator logs surface critical replication events and errors along with guidance on how to resolve each issue, enabling you to troubleshoot faster without requiring AWS Support. \n MSK Replicator is a feature of Amazon MSK that automates data replication between Kafka clusters, eliminating the need to manage custom replication infrastructure or configure open-source tools. Until now, you could use Amazon CloudWatch metrics to track replication progress and get visibility into replication health. With this launch, MSK Replicator further simplifies diagnosing issues during replication with actionable log entries that surface the most common replication errors including insufficient permissions on source topics, partition quota exhaustion on target clusters, and records exceeding size limits, along with prescriptive guidance on how to resolve each issue. MSK Replicator also logs steady-state replication activity including offset commits, topic discovery events, and any errors or warnings from Kafka clients used internally by the replicator, giving you end-to-end visibility into replication health. You can enable log delivery when creating or updating a Replicator using the Amazon MSK console, AWS CLI, or AWS CloudFormation and forward logs to Amazon CloudWatch, Amazon S3, or Amazon Data Firehose.
This capability is supported in all AWS Regions where MSK Replicator is available. Log delivery costs depend on the destination service you choose, refer to the pricing pages for Amazon CloudWatch, Amazon S3, and Amazon Data Firehose.
To learn more, visit the MSK Replicator documentation, and product page.
Amazon MSK Replicator now provides enhanced consumer offset synchronization for bidirectional replication, enabling applications to resume processing from the correct position when moving across Kafka clusters. This capability enables you to move producer and consumer applications between clusters independently, in any order, without the risk of data loss. \n MSK Replicator is a feature of Amazon MSK that automates data replication between Kafka clusters, eliminating the need to manage custom replication infrastructure or configure open-source tools. Previously, while replicating bidirectionally with MSK Replicator, consumer group offsets were synchronized only when producers and consumers were active on the same cluster, requiring careful sequencing of application migrations between clusters and increasing the risk of duplicate message processing during rollbacks. With this launch, MSK Replicator synchronizes consumer group offsets across source and target clusters regardless of where producers are running, enabling applications to move between clusters without coordination constraints or data duplication risks.
You can enable enhanced consumer offset synchronization when creating a Replicator using the Amazon MSK console, AWS CLI, or AWS CloudFormation. This capability is supported in all AWS Regions where MSK Replicator is available.
To learn more, visit the MSK Replicator documentation, product page, pricing page, and this AWS blog post.
MSK Replicator now supports replication from external Apache Kafka clusters to MSK Express Brokers
Amazon MSK Replicator now supports data replication from external Apache Kafka clusters—including on-premises, self-managed on AWS, or other cloud providers—to Amazon MSK Express brokers. This capability simplifies workload migration to MSK Express Brokers, supports disaster recovery by using MSK Express-based clusters as a failover or backup target, and enables data distribution across hybrid and multi-cloud environments. \n MSK Replicator is a feature of Amazon MSK that automates data replication between Kafka clusters, eliminating the need to manage custom replication infrastructure or configure open-source tools. MSK Express brokers are designed to deliver up to 3 times more throughput per broker, scale up to 20 times faster, and reduce recovery time by 90 percent as compared to Standard brokers running Apache Kafka. With this launch, you can now use MSK Replicator to replicate data from external Kafka clusters to Express brokers on Amazon MSK. You can also use MSK Replicator to replicate data from Amazon MSK Express to external Kafka clusters for reliable failback or multi-cloud data distribution. Unlike self-managed replication tools, MSK Replicator lets you retain your original Kafka topic names during replication while automatically avoiding infinite replication loops. It also synchronizes consumer group offsets bidirectionally, enabling you to move producers and consumers across clusters independently, in any order, without coordination constraints or the risk of data loss.
This new capability is supported in all AWS Regions where MSK Express brokers are available.
Watch a demo on YouTube to see it in action, or visit the MSK Replicator documentation, product page, pricing page, and this AWS blog post to learn more.
Amazon S3 Express One Zone now supports S3 Inventory
Amazon S3 Express One Zone, a high-performance S3 storage class for latency-sensitive applications, now supports S3 Inventory. S3 Inventory provides a scheduled alternative to S3’s synchronous List API. You can configure S3 Inventory to generate reports on a daily or weekly basis that list your stored objects within an S3 directory bucket or with a specific prefix, and their respective metadata and encryption status. You can simplify and speed up business workflows and big data jobs with S3 Inventory, and verify encryption status of your objects to meet business, compliance, and regulatory needs.\n You can use the AWS CLI, AWS SDKs, or S3 API to configure a daily or weekly inventory report for all the objects within your S3 directory bucket or a subset of the objects under a shared prefix. As part of the configuration, you can specify a destination S3 bucket for your S3 Inventory report, the output file format (CSV, ORC, or Parquet), and specific object metadata necessary for your business application, such as object name, size, last modified date, storage class, multipart upload flag, and encryption status.
S3 Inventory for S3 Express One Zone is available in all AWS Regions where the storage class is available. For pricing information, visit the S3 pricing page. To learn more, visit the S3 Inventory documentation.
AWS Managed Microsoft AD is now available on Windows functional level 2016
Starting today, all AWS Directory Service for Microsoft AD (AWS Managed Microsoft AD) directories run on Windows functional level 2016. The upgrade to Windows functional level 2016 has been applied automatically to all existing AWS Managed Microsoft AD directories. The functional level upgrade includes enhanced authentication mechanisms and improved security for privileged access management, helping you better protect your Active Directory infrastructure in the cloud. \n This upgrade provides LAPS (Local Administrator Password Solution), which helps you manage local administrator passwords on domain-joined computers by automatically generating unique, complex passwords, and storing them securely in Active Directory.
This is enabled in all AWS Regions where AWS Managed Microsoft AD is available, except in the Middle East (UAE) and Middle East (Bahrain) Regions. To learn more, see the AWS Directory Service Administration Guide.
AWS Managed Microsoft AD now supports Kerberos Encryption audit event logs
Starting today, AWS Managed Microsoft AD supports forwarding Kerberos Encryption audit event logs (Event IDs 201–209) to Amazon CloudWatch Logs. These logs provide visibility into the encryption types used by your applications and services, helping you identify which resources are using RC4 encryption versus AES encryption. This visibility allows you to decide whether to upgrade clients to AES encryption (recommended for improved security) or maintain RC4 support based on your environment’s compatibility requirements.\n To get started, navigate to your AWS Managed Microsoft AD directory Network and Security tab in the AWS Directory Service console and enable log forwarding to Amazon CloudWatch Logs. You can then review the Kerberos Encryption audit events to understand your current encryption settings. To learn more, see Enabling Amazon CloudWatch Logs log forwarding for AWS Managed Microsoft AD.
This feature is available in all AWS Regions where AWS Managed Microsoft AD is available, except in the Middle East (UAE) and Middle East (Bahrain) Regions.
AWS Blogs
AWS Japan Blog (Japanese)
- How to securely connect an AWS DevOps Agent to private services within a VPC
- Building High Performance Applications with AWS Lambda Managed Instances
- Serverless Missed Information Q4 2025
- [Material Release & Event Report] A seminar for beginners “Using AWS Container Services from Now on” was held
- AWS Weekly — 2026/4/13
- From bottlenecks to breakthroughs: Dutchie’s database migration trajectory
- Improving storage with additional storage volumes in Amazon RDS for SQL Server
- Introducing Anthropic’s Claude Opus 4.7 model on Amazon Bedrock
- Opus 4.7 is now available on Kiro
- The future of development seen at AI-DLC Unicorn Gym with Fujitsu Limited
AWS News Blog
AWS Big Data Blog
- Migrate third-party and self-managed Apache Kafka clusters to Amazon MSK Express brokers with Amazon MSK Replicator
- Building unified data pipelines with Apache Iceberg and Apache Flink
- Securely connecting on-premises data systems to Amazon Redshift with IAM Roles Anywhere
AWS Database Blog
- Aurora Serverless: Faster performance, enhanced scaling, and still scales down to zero
- Getting started with the Oracle Database@AWS high performance networking
AWS for Industries
Artificial Intelligence
- Accelerate Generative AI Inference on Amazon SageMaker AI with G7e Instances
- ToolSimulator: scalable tool testing for AI agents
- Omnichannel ordering with Amazon Bedrock AgentCore and Amazon Nova 2 Sonic
AWS Security Blog
AWS Storage Blog
- Troubleshooting Amazon S3 access denied errors using Kiro CLI
- Accelerate Apache Hadoop and Apache Iceberg on Amazon S3 with the Analytics Accelerator Library