7/1/2026, 12:00:00 AM ~ 7/2/2026, 12:00:00 AM (UTC)

Recent Announcements

Amazon Bedrock AgentCore increases default runtime quota limits

Amazon Bedrock AgentCore has increased the default runtime quota limits, giving customers greater capacity to scale their agent-based workloads. AgentCore is the platform for developers to build, connect, and optimize AI agents.\n The new default limits support up to 5,000 active concurrent sessions in US East (N. Virginia) and US West (Oregon), and 2,500 in all other supported Regions. All AWS Regions where AgentCore is available now support 200 agent interactions per second and 25 new sessions created per second. This means customers can run more AI agents simultaneously while handling high-throughput workloads out of the box.

To learn more, visit the AgentCore product page or see the AgentCore Developer Guide. For all quota limits, see the AgentCore Quotas documentation.

Amazon CloudWatch supports creating alarms from log queries

Amazon CloudWatch allows you to create alarms on log data using log queries, and get alerted on anomalies without leaving your log analysis workflow.\n With today’s launch, you can configure an alarm on log query and specify the alarm threshold directly, thereby eliminating the need to first create metric filters or custom metrics as intermediate steps. This streamlines the path to actively monitoring the data in your logs, and monitoring and alerting on it. For example, you can write a query to count error rates by service, set a threshold, and receive an alarm notification with log context when errors spike - all in a single workflow. Alarms created from log queries support all standard CloudWatch Alarm actions, including Amazon SNS notifications, and Amazon EventBridge integrations.

This feature is available in all commercial AWS Regions except Middle East (UAE), and Middle East (Bahrain). You can create log query-based alarms using the Amazon CloudWatch console, AWS Command Line Interface (AWS CLI), AWS CloudFormation, and AWS SDKs. For pricing details and documentation, see the Amazon CloudWatch pricing and visit the Amazon CloudWatch documentation.

AWS Artifact now includes Assurance Assistant for compliance inquiries

AWS Artifact now includes Assurance Assistant, an AI-powered capability that generates citation-backed responses to security and compliance questions about AWS services. AWS Artifact is the service through which AWS provides compliance reports, certifications, and agreements to customers. Assurance Assistant helps third-party risk managers, compliance officers, security engineers, and auditors accelerate vendor assessments and due diligence questionnaire (DDQ) completion by providing sourced answers grounded in verified AWS compliance documentation.\n Assurance Assistant offers two modes: single-question mode for immediate on-screen responses, and questionnaire upload mode for bulk processing of XLSX files including industry-standard formats such as CAIQ, SIG, and custom DDQs. All responses include citations from AWS compliance documentation — including SOC reports, ISO certifications, and C5 attestation packages — so customers can independently verify information against source materials. Responses can be exported selectively or in full, with or without citations, in the original file format. To control access, two new IAM managed policies are available: AWSArtifactComplianceInquiriesReadOnlyAccess and AWSArtifactComplianceInquiriesFullAccess. Assurance Assistant is available at no additional charge through the AWS Artifact console in all commercial AWS Regions. AWS Artifact is a globally accessible service; customers do not need to select a specific Region to use Assurance Assistant. To learn more about Assurance Assistant, see Managing compliance inquiries in the AWS Artifact User Guide. For general information about AWS Artifact, see the AWS Artifact product page.

AWS Partner Central now supports AWS Marketplace listings for co-selling

Today, AWS announces that partners can associate one or more AWS Marketplace solutions and product listings from their AWS Marketplace catalog directly to co-sell opportunities in AWS Partner Central. Previously, opportunities required partners to use solutions specially created for co-selling, which meant partners managed their solutions for the AWS Marketplace catalog and solutions for co-selling separately. Partners can now associate their existing AWS Marketplace listings with opportunities to track fulfillment more effectively.\n When creating or editing an opportunity in AWS Partner Central in the AWS Console, Partners can select one of the following options: (1) AWS Marketplace solutions and products, (2) AWS Marketplace solutions only, (3) AWS Marketplace products only, or (4) Other. Partners can associate up to 10 AWS Marketplace Solutions and up to 10 AWS Marketplace Products with a single opportunity. This includes AWS Marketplace listings within AWS accounts that have an established subsidiary account connection. The same capability is available programmatically through the AWS Partner Central Selling API. To progress an opportunity to the Committed or Launched stage, an AWS Marketplace Solution, AWS Marketplace Product, or Partner Solution must be associated.

This capability is generally available in AWS Partner Central in the AWS Console. To learn more, review creating an opportunity and attach AWS Marketplace listings to ACE opportunities guides, or explore how to leverage the programmatic implementation option with the AWS Partner Central Selling API.

Amazon RDS announces Cross-Region Automated Backups in four additional AWS Regions

Cross-Region Automated Backup replication for Amazon RDS is now available in four additional AWS Regions. This launch allows you to setup automated backup replication between Mexico (Central) and Europe (Ireland) or US West (N. California); between Asia Pacific (Taipei) and Asia Pacific (Singapore) or Asia Pacific (Tokyo); between Asia Pacific (New Zealand) and Asia Pacific (Singapore), Asia Pacific (Sydney), or Asia Pacific (Melbourne); and between Asia Pacific (Thailand) and Asia Pacific (Singapore) or Asia Pacific (Jakarta) Regions.\n Automated Backups enable recovery capability for mission-critical databases by providing you the ability to restore your database to a specific point in time within your backup retention period. With Cross-Region Automated Backup replication, RDS will replicate snapshots and transaction logs to the chosen destination AWS Region. In the event that your primary AWS Region becomes unavailable, you can restore the automated backup to a point in time in the secondary AWS Region and quickly resume operations. As transaction logs are uploaded to the target AWS Region frequently, you can achieve a Recovery Point Objective (RPO) of within the last few minutes.

You can setup Cross-Region Automated Backup replication with just a few clicks on the Amazon RDS Management Console or using the AWS SDK or CLI. Cross-Region Automated Backup replication is available on Amazon RDS for PostgreSQL, Amazon RDS for MariaDB, Amazon RDS for MySQL, Amazon RDS for Db2, Amazon RDS for Oracle, and Amazon RDS for Microsoft SQL Server. For more information, including instructions on getting started, read the Amazon RDS documentation.

Amazon Bedrock AgentCore now available in four additional AWS Regions

Amazon Bedrock AgentCore is now available in four additional AWS Regions: Asia Pacific (Bangkok), Asia Pacific (Malaysia), Europe (Milan), and Europe (Spain). Amazon Bedrock AgentCore is the platform to build, connect, and optimize agents. It helps engineers ship agents fast with any framework and any model, connect them to enterprise systems and tools, and optimize them continuously, with security enforced at the infrastructure layer that agents can’t bypass.\n With this expansion, customers in these regions can build and run agents closer to their end users with lower latency. AgentCore capabilities including agent runtime, identity and access control, policy management, session persistence, tool connectivity, and observability are available in these regions at launch.

For more information on AgentCore, visit the AgentCore product page or the AgentCore Developer Guide. To learn about pricing, visit AgentCore pricing. For region availability, visit Supported AWS Regions.

Amazon ECS now supports configurable deployment circuit breaker settings

Amazon Elastic Container Service (Amazon ECS) now gives you more control over when a service deployment is considered failed and automatically rolled back. You can now customize deployment circuit breaker settings to match your application’s startup behavior, deployment needs, and tolerance for task failures, so rollback works the way you need across different applications and environments.\n The ECS deployment circuit breaker automatically detects failed deployments and rolls them back to the last successful deployment once a failure threshold is reached. With this launch, you can set the deployment circuit breaker threshold using either a fixed task failure count or a percentage of your service’s desired task count, and choose how failures are counted using either a consecutive model, where the counter resets when a healthy task starts, or a cumulative model, where failures keep adding up throughout the deployment. For example, you can set lower thresholds for faster rollbacks in development and test environments, or allow more tolerance for applications that experience expected startup failures before stabilizing. This feature is available in all AWS Regions where Amazon ECS is available. You can configure deployment circuit breaker settings for new and existing ECS services using the AWS Management Console, AWS CLI, AWS SDKs, AWS CloudFormation, AWS CDK, and Terraform. To learn more, see the ECS deployment circuit breaker documentation.

Amazon GuardDuty adds sensitive file modification threat detections

Amazon GuardDuty Runtime Monitoring now includes three new threat detections that alert security teams when sensitive files are modified on Amazon EC2 instances and container workloads running on Amazon EKS or Amazon ECS. These findings help identify post-compromise attacker activities by monitoring critical system files, including configuration files, authentication settings, and system logs. This capability is designed for security teams, DevSecOps professionals, and cloud security architects who need comprehensive threat visibility across their AWS compute environments.\n The new detections—Persistence:Runtime/SensitiveFileModified, PrivilegeEscalation:Runtime/SensitiveFileModified, and DefenseEvasion:Runtime/SensitiveFileModified—help identify attempts to maintain persistent access, escalate privileges, and evade detection after an initial system compromise. By monitoring five specific file operations (open-for-write, rename, symlink, link, and unlink) directly, these findings can detect threats even when attackers use obfuscated techniques that bypass traditional command-line monitoring. The correlation-based analysis distinguishes malicious behavior from legitimate administrative operations, helping reduce false positives while providing actionable intelligence with MITRE ATT&CK® tactics mapping and remediation recommendations. These sensitive file modification findings are now available to all customers who have enabled GuardDuty Runtime Monitoring for their Amazon EC2, Amazon EKS, or Amazon ECS workloads. A 30-day free trial is available for new users. To learn more, see Amazon GuardDuty Findings. To receive programmatic updates on new Amazon GuardDuty features and threat detections, please subscribe to the Amazon GuardDuty SNS topic.

AWS AppConfig launches managed experimentation tools for A/B testing

Today, AWS announces the general availability of experimentation tools in AWS AppConfig, a new capability that enables you to run A/B tests and feature experiments without building or managing separate experimentation infrastructure. Built on 25+ years of Amazon experimentation best practices, AWS AppConfig experimentation tools use AI-driven guidance to help you build robust experiments while providing exposure control and locked treatment allocations so you can make confident, data-driven decisions about what to ship to your customers.\n Using AWS AppConfig experimentation tools, you can run A/B tests and multivariate experiments across your application stack, from UI changes and recommendation algorithms to AI model selections and prompt experiments. Define feature variations, target granular audiences using a rule builder, and set traffic allocation percentages through the AWS Management Console, CLI, API, or AWS CDK. AI-assisted experiment design can validate your setup against Amazon’s best practices, helping you build experiments with sufficient statistical power. Customers set up and run the experiment in AWS AppConfig, and then analyze results using Amazon CloudWatch or existing analytics tools. At the end of the experiment, you promote the winning treatment to production through a standard AWS AppConfig safe rollout. Experiments work across workloads on Amazon EC2, AWS Lambda, Amazon ECS, Amazon EKS, and on-premises servers through AWS AppConfig Agent.

Amazon ECS Express Mode now supports custom task definitions

Amazon Elastic Container Service (Amazon ECS) Express Mode now supports custom task definitions, giving you the flexibility to use existing ECS application configurations and advanced task-level customizations with Express Mode’s simplified deployment experience. This also enables you to reuse task definitions from your existing CI/CD pipelines and infrastructure-as-code workflows, allowing you to retain established operational practices while taking advantage of Express Mode’s streamlined application deployment and infrastructure automation.\n ECS Express Mode makes it easy to deploy containerized web applications and APIs by automatically handling load balancing, networking, auto scaling, monitoring, and deployments. Now you can get the same simplicity for your own custom task definitions. With this update, you can extend Express Mode services with advanced task definition capabilities, including observability and security sidecars, custom container health checks, ulimits and Linux runtime settings, and FireLens for custom log routing. Once you associate a custom task definition with an Express Mode service, you can continue managing your application either through task definition updates or directly through Express Mode, whichever you prefer.

This feature is available in all AWS Regions. To get started, create or update your ECS Express Mode service by passing your task definition using the AWS Management Console, AWS CLI, AWS SDKs, or infrastructure-as-code tools. To learn more, see the Amazon ECS Express Mode documentation and getting started walkthrough.

Amazon EKS now supports Kubernetes version rollback

Amazon Elastic Kubernetes Service (Amazon EKS) now supports Kubernetes version rollback, enabling you to revert to the previous Kubernetes minor version within 7 days if any issues arise after an upgrade. This provides an additional safety net for your upgrade workflow, allowing you to validate the new version under real production conditions and rollback if needed.\n You can initiate a rollback using the Amazon EKS console, AWS CLI, or AWS SDKs. Before proceeding, Amazon EKS evaluates your cluster rollback readiness insights that include automated checks covering API compatibility, version skew, add-on compatibility, cluster health, and more. For clusters running EKS Auto Mode, EKS automatically manages the rollback of worker nodes before reverting the control plane, honoring your configured disruption controls. Amazon EKS version rollback is available at no additional cost in all AWS Regions where Amazon EKS is available. To get started, see version rollback in the Amazon EKS User Guide.

Amazon Managed Service for Prometheus achieves FedRAMP High and DoD IL-4/5 authorization in AWS GovCloud (US)

Amazon Managed Service for Prometheus is now FedRAMP High and Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG) Impact Level (IL) 4 and 5 authorized in the AWS GovCloud (US) Regions.\n Federal agencies, public sector organizations, and other enterprises with FedRAMP High and DoD CC SRG IL-4/5 compliance requirements can now use Amazon Managed Service for Prometheus to monitor and alert on their workloads with confidence that it meets the security and compliance standards required for sensitive environments.

Amazon Managed Service for Prometheus is a fully managed, Prometheus-compatible monitoring service that makes it easy to monitor and alert on operational metrics at scale. It automatically scales ingestion and storage for high-cardinality workloads, and integrates with AWS security services for fast, secure access to data.

For more details about Amazon Managed Service for Prometheus in AWS GovCloud (US), visit the Amazon Managed Service for Prometheus GovCloud documentation or contact your AWS account team for more information. To learn more, visit the Amazon Managed Service for Prometheus product page.

AWS Security Agent now available in Asia Pacific (Mumbai), Asia Pacific (Singapore), and South America (São Paulo)

Starting today, AWS Security Agent (now part of AWS Continuum) is available in three additional AWS Regions: Asia Pacific (Mumbai), Asia Pacific (Singapore), and South America (São Paulo). Customers in these Regions can now access core capabilities of Security Agent to proactively secure their applications throughout the development lifecycle.\n With this expansion, customers gain access to STRIDE-based threat modeling (preview) that analyzes design documents and source code to surface risks early in the development lifecycle. Full-repo and PR-level code reviews (preview) are available across GitHub, GitLab, GitHub Enterprise Server, Bitbucket, and Confluence, with managed compliance packs and custom security requirements. They can trigger threat modeling, code reviews, and remediation directly from Kiro or Claude Code through the new IDE plugins and MCP integration. On-demand penetration testing delivers validated findings with reproducible attack paths and ready-to-implement fixes, and retesting confirms that applied remediations are effective. Simulated validation remains available only in US East (N. Virginia). AWS Security Agent scales security expertise across your applications to match development velocity while providing comprehensive security coverage. To learn more, visit the documentation or see our product page.

Amazon RDS for Db2 now supports self-managed Active Directory

Amazon Relational Database Service (Amazon RDS) for Db2 now allows customers to directly join their RDS for Db2 DB instances to the domains of self-managed Microsoft Active Directory (AD). Self-managed AD can be on-premises, on AWS, or in another cloud. Customers use Kerberos as the authentication protocol to enable single sign-on for their database users.\n Previously, to use Kerberos authentication against a self-managed AD with their RDS for Db2 instances, customers were required to deploy AWS Managed Microsoft AD and establish a trust between the AWS managed domain and the self-managed domain. Now, customers can use their existing self-managed AD directly to authenticate and authorize database users without the additional complexity of a managed directory or a directory trust — helping them meet compliance requirements with their existing identity infrastructure. Customers can domain-join their RDS for Db2 instance by either creating a new instance or modifying an existing one, supplying the credentials of a delegated AD service account stored in AWS Secrets Manager and encrypted with AWS KMS. Customers can use self-managed AD free of charge. Self-managed Active Directory with Amazon RDS for Db2 is now generally available in all AWS Regions where Amazon RDS for Db2 is available, including the AWS GovCloud (US) Regions. To learn more and get started with self-managed Active Directory, visit the Amazon RDS for Db2 User Guide and the Amazon RDS for Db2 product page.

Amazon OpenSearch Service optimized for log analytics

Today, Amazon OpenSearch Service introduces a new engine purpose-built for log analytics workloads, delivering up to 4x better price-performance on internal benchmarks. It combines this efficiency with the full-text search capabilities that OpenSearch is known for, so users can still run the ad hoc queries that incident investigation depends on.\n As log volumes grow with cloud-native architectures, AI workloads, and expanding compliance needs, teams spend more of their time on aggregations and trend analysis to uncover broader patterns — while incident investigations still call for precise text search. Amazon OpenSearch Service, with new optimized capability for log analytics, delivers both fast analytical queries and full-text search in one seamless service. Amazon OpenSearch Service’s new engine optimized for log analytics delivers up to 70% lower storage with a new columnar storage for aggregation workloads. Retain up to 3x more data at the same cost. The new engine also delivers up to 2x higher ingestion throughput on the same hardware and 2x faster analytical queries.

To get started, create a new domain on OpenSearch 3.5 or above using AWS console,  select the observability use case, and set the engine mode to optimized. You can build visualizations and explore data through PPL in OpenSearch UI, or query via SQL using the API, JDBC/ODBC drivers, and Query Workbench. The engine also supports combining full-text search predicates with analytical SQL in the same query. For more information, refer to the documentation.

Amazon OpenSearch Service optimized for log analytics is available across 12 regions globally: US East (N. Virginia, Ohio), US West (Oregon), Canada (Central), Asia Pacific (Mumbai, Singapore, Sydney, Tokyo), and Europe (Frankfurt, Ireland, London, Spain). There are no additional charges for the new engine.

YouTube

AWS Black Belt Online Seminar (Japanese)

AWS Blogs

AWS Japan Blog (Japanese)

AWS News Blog

AWS Big Data Blog

Containers

AWS Database Blog

Desktop and Application Streaming

AWS for Industries

Artificial Intelligence

AWS Security Blog

AWS Storage Blog

Open Source Project

AWS CLI

Amplify for Flutter