AWS

AWS customers can now access Amazon Lightsail from within the AWS Console Mobile App to monitor and manage Lightsail instances, containers, databases, network, storage, snapshots, domains and DNS while on the go. Visit the Services tab in the AWS Console Mobile App and select Lightsail to get started.

The AWS Console Mobile App enables AWS customers monitor and manage a select set of resources and receive push notifications to stay informed and connected with their AWS resources while on-the-go. The sign-in process supports biometrics authentication, making access to AWS resources simple, secure, and quick. Lightsail offers easy-to-use virtual private server (VPS) instances, storage, databases, and more for a cost-effective monthly price. For AWS services not available natively, customers can access the AWS Management Console via an in-app browser to access service pages without additional authentication, manual navigation, or need to switch from the app to a browser.

Visit the AWS Console Mobile App product page for more information about the AWS Console Mobile App, including a full list of supported services and regions. Visit the Amazon Lightsail product page for more information about Amazon Lightsail, including supported regions.

Read More for the details.

AWS announces AWS Security Incident Response with AWS PrivateLink integration, enabling customers to manage their service membership directly from their Amazon Virtual Private Cloud (VPC). Now, together with AWS PrivateLink, customers can access AWS Security Incident Response APIs while keeping their traffic off the public internet, adding an extra layer of security when managing and recovering from sensitive security events.

This integration offers several benefits to AWS customers. First, it can improve the security perimeter of incident response processes by keeping all traffic within AWS-supported private networks. Second, it simplifies network architecture by removing the requirement for internet gateways, NAT devices, or firewall rules. Lastly, it helps meet compliance requirements that mandate private connectivity for sensitive security response and recovery, making it easier for organizations in regulated industries to adopt and use AWS Security Incident Response.

AWS Security Incident Response with AWS PrivateLink integration is now available in all service supported regions.

To get started with this new feature, visit the AWS Security Incident Response console or refer to the AWS Security Incident Response documentation. For more information about AWS PrivateLink, please visit the AWS PrivateLink page.

Read More for the details.

Amazon Connect Cases now provides capabilities to help contact centers track and meet service level agreements (SLAs) on cases. Using the Amazon Connect UI, admins can set up SLA rules based on case attributes and configure target statuses and resolution times. Agents and managers can view the real-time SLA status directly in their case list view to prioritize urgent work, while admins can create rules to automatically escalate or route cases to another team when SLAs are not met. For example, a company can use this feature to monitor whether high-priority cases are reviewed within 4 hours and closed within 24 hours, making it easier to meet case handling service commitments.

Amazon Connect Cases is available in the following AWS regions: US East (N. Virginia), US West (Oregon), Canada (Central), Europe (Frankfurt), Europe (London), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Tokyo) AWS regions. To learn more and get started, visit the Amazon Connect Cases webpage and documentation.

Read More for the details.

AWS Application Migration Service is now authorized for Department of Defense Cloud Computing Security Requirements Guide Impact Levels 4 and 5 (DoD CC SRG IL4 and IL5) in the AWS GovCloud (US-East and US-West) Regions.

This authorization builds on AWS Application Migration Service’s existing FedRAMP High categorization level in the AWS GovCloud (US-East and US-West) Regions as well as numerous compliance programs and standards, including HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry – Data Security Standard), ISO (International Organization for Standardization), SOC 1, 2, and 3 (System and Organization Controls). To learn more about AWS Application Migration Service compliance validation, visit the documentation here.

Application Migration Service minimizes time-intensive, error-prone manual processes by automating the conversion of your source servers to run natively on AWS. It also helps simplify modernization of your migrated applications by allowing you to select preconfigured and custom optimization options during migration.

To start using Application Migration Service for free, sign in through the AWS Management Console. For more information, visit the Application Migration Service product page.
 

Read More for the details.

AWS Lambda now supports IPv6-only and dual-stack PrivateLink interface VPC Endpoints, enabling you to access the Lambda API without traversing the public internet or being constrained by the limited number of IPv4 addresses in your VPC. AWS PrivateLink is a highly available, scalable service that allows you to privately connect your VPC to services and resources as if they were in your VPC.

Previously, Lambda supported inbound private connectivity over PrivateLink using IPv4-only VPC endpoints. With today’s launch, we are expanding Lambda’s inbound private connectivity to include IPv6-only and dual-stack VPC endpoints, enabling you to invoke and manage Lambda functions over IPv6 from dual-stack or IPv6-only VPCs. This launch combines the benefits of private connectivity with the larger address space and simpler network configuration of the IPv6 protocol.

AWS Lambda supports inbound IPv6 connectivity over PrivateLink in all AWS Regions. For more information, see the AWS Region table. Please refer to PrivateLink Pricing for price of using VPC endpoints. You can get started by creating a VPC endpoint for Lambda using the AWS Management Console, AWS CLI, AWS CDK, AWS CloudFormation, and the AWS SDK. To learn more, visit the Lambda developer guide.

Read More for the details.

You can now activate deletion protection for your Amazon Verified Permissions policy stores. When you configure a policy store with deletion protection, the policy store cannot be deleted by any user. This provides your applications resiliency as you can ensure that production policy stores are not accidentally deleted during deployments. Deletion protection is active by default for new policy stores created through the AWS Console. You can activate or deactivate deletion protection for an policy store in the AWS Console, the AWS Command Line Interface, and API. Deletion protection prevents you from requesting the deletion of a policy store unless you first explicitly deactivate deletion protection.

Amazon Verified Permissions is a scalable permissions management and fine-grained authorization service for the applications that you build. Using Cedar, an expressive and analyzable open-source policy language, developers and admins can define policy-based access controls using roles and attributes for more granular, context-aware access control. For example, an HR application might call Amazon Verified Permissions to determine if Alice is permitted access to Bob’s performance evaluation, given that she is in the HR Managers group.

Read more in the Deletion Protection section of the Amazon Verified Permissions user guide. This feature is available in all regions where Verified permissions is available. For more information visit the product page.
 

Read More for the details.

Starting today, customers can use Amazon Managed Service for Apache Flink in Asia Pacific (Thailand) Region to build real-time stream processing applications.

Amazon Managed Service for Apache Flink makes it easier to transform and analyze streaming data in real time with Apache Flink. Apache Flink is an open source framework and engine for processing data streams. Amazon Managed Service for Apache Flink reduces the complexity of building and managing Apache Flink applications and integrates with Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Kinesis Data Streams, Amazon OpenSearch Service, Amazon DynamoDB streams, Amazon Simple Storage Service (Amazon S3), custom integrations, and more using built-in connectors.

You can learn more about Amazon Managed Service for Apache Flink here. For Amazon Managed Service for Apache Flink region availability, refer to the AWS Region Table.
 

Read More for the details.

Amazon MemoryDB clusters now support the IPv6 protocol, allowing clients to connect to MemoryDB clusters using IPv6. You can now configure your cluster to accept only IPv6 connections or to accept both IPv4 and IPv6 connections. This allows you to work to meet IPv6 compliance requirements and more efficiently integrate with existing IPv6-based applications.

The continued growth of the internet is rapidly depleting available Internet Protocol version 4 (IPv4) addresses. By supporting IPv6, MemoryDB helps customers simplify their network architecture by providing a significantly larger address space and eliminating the need to manage overlapping address spaces in their VPCs. Customers can now standardize their applications on IPv6 and future-proof their infrastructure while maintaining compatibility with existing IPv4 systems through dual-stack support.

To get started, create your new MemoryDB cluster using the Amazon Web Services Management Console, CLI, or SDKs and choose which protocol(s) it supports by setting its network type. IPv6 is supported when using Valkey 7 and above, Redis OSS version 6.2 and above, in all AWS global regions and at no additional cost.

To learn more about MemoryDB, visit the Amazon MemoryDB product page.
 

Read More for the details.

Amazon Elastic Container Services (Amazon ECS) is introducing a new account setting, defaultLogDriverMode, allowing you to define whether tasks in your account use “blocking” or “non-blocking” log driver mode by default, when you do not specify or omit it in your applications’ Task Definitions.

A “non-blocking” log driver mode allows your applications to continue operating when log routing destinations become unavailable, therefore increasing availability if getting logs is not critical to your application, whereas “blocking” log driver mode signifies you do not want your applications to continue running if you cannot route logs to their intended destination, e.g. to record business-critical transactions or mandated by regulation. You can override this account setting for each application using the “mode” log configuration parameter in its Task Definition.

The new defaultLogDriverMode Account Setting is enabled in all AWS Regions. Click here and here for more details on how to set the new account setting.

Read More for the details.

Amazon Connect Contact Lens dashboards now supports the ability for contact center administrators to enforce granular access control based on a specific agent hierarchy. Assigning hierarchies to a user allows you to define organizational groups that a user belongs to and you can enable granular access controls by allowing users to only view metrics for agents within their hierarchy or a specific assigned hierarchy. For example, you can configure hierarchy groups and levels for a team, and only agents assigned to a hierarchy group within that team will be able to see metrics for those agents.

Amazon Connect Contact Lens dashboards are available in all commercial AWS regions where Amazon Connect is offered. To learn more about dashboards, see the Amazon Connect Administrator Guide. To learn more about Amazon Connect, the AWS cloud-based contact center, please visit the Amazon Connect website.
 

Read More for the details.

Amazon Bedrock Evaluations allows you to evaluate foundation models and retrieval-augmented generation (RAG) systems, whether hosted on Amazon Bedrock or multicloud and on-prem deployments. Bedrock Evaluations offers human-based evals, programmatic evals such as BERTScore, F1 and other exact match metrics, as well as LLM-as-a-judge for both model and RAG evaluation. For both model and RAG evaluation with LLM-as-a-judge, customers can select from an extensive list of built-in metrics such as correctness, completeness, faithfulness (hallucination detection), as well as responsible AI metrics such as answer refusal, harmfulness, and stereotyping. But, there are times when they want to define these metrics differently, or make new metrics that are relevant to their needs. For example, customers may define a metric that evaluates an application response’s adherence to their specific brand voice, or they want to classify responses according to a custom categorical rubric.

Now, Amazon Bedrock Evaluations offers customers the ability to create and re-use custom metrics for both model and RAG evaluation powered by LLM-as-a-judge. Customers can write their own judge prompts, define their own categorical or numerical rating scales, and use built-in variables to inject data from their dataset or GenAI responses into the judge prompt during runtime to fully customize the data flow in their evaluations. Customers can be inspired to create new judge prompt templates/rubrics with provided quickstart templates or they can make their own from scratch.

To get started, visit the Amazon Bedrock console or use the Bedrock APIs. For more information, see the user guide.
 

Read More for the details.

AWS customers in Europe can now use Advance Pay, which allows them to pay for their AWS usage in advance and automate future invoice payments. With Advance Pay, customers can add funds to their account, which AWS will automatically use to pay invoices as they become due. This feature provides customers in Europe with more flexibility in managing their AWS expenses and simplifies the payment process for ongoing cloud services.

Advance Pay offers several benefits to AWS customers in Europe. It allows for better financial planning and budgeting by enabling upfront payments for anticipated usage. This feature can be particularly useful for organizations that prefer to pay in advance for services or need to manage their cloud spending more proactively. Additionally, the automatic payment of invoices reduces administrative overhead and ensures timely payments, helping customers maintain good standing with AWS.

With the launch, Advance Pay is now available for both AWS Europe and AWS Inc customers.

Getting started with Advance Pay is straightforward. Customers can register for the service from the Payments page in the AWS Billing and Cost Management console. To add funds, users can generate a funding document and submit an advance payment through electronic fund transfer. For more information on managing Advance Pay, including viewing funding history and setting up recurring payments, customers can refer to the “Managing your Advance Pay” section in the AWS Billing and Cost Management user guide. To learn more about Advance Pay or to get started, visit the AWS Billing and Cost Management console.
 

Read More for the details.

Amazon OpenSearch Service now supports SAML (Security Assertion Markup Language) via IAM federation for the next-generation OpenSearch UI. OpenSearch UI is a modernized operational analytics experience that enables users to gain insights cross data spanning managed domains and serverless collections from a single endpoint. OpenSearch UI already supports authentication via AWS Identity & Access Management (IAM) and IAM Identity Center (IDC). With this feature, you can now configure the SAML identity federation between your identity provider and IAM, so that your end-users can have a Single Sign-On (SSO) experience, to login from your Identity Providers and land directly in OpenSearch UI.

With SAML support, you can define a Default Relay State URL so that your end-users can click on the URL to open the login page from your Identity Provider, complete the SSO, and then land directly on the page you defined in OpenSearch UI. You can also define fine-grained access control (FGAC) by mapping Identity Provider users and roles to IAM roles with different permissions in OpenSearch, so that you can easily manage user permissions as well as to track user activities from the Identity Provider.

OpenSearch UI supports SAML in all regions that OpenSearch UI is available. To get started, create an OpenSearch UI application and follow the instructions to complete the SAML configuration. Learn more at Amazon OpenSearch Service Developer Guide.
 

Read More for the details.

The AWS Well-Architected Generative AI Lens is now available, offering a guidance document to optimize generative AI workloads in the cloud. This new lens is a powerful addition to the Well-Architected Framework, designed to guide organizations through the complexities of implementing generative AI workloads. It provides structured, prescriptive guidance covering the entire generative AI lifecycle – from initial impact scoping to model selection, customization, integration, deployment, and continuous iteration.

The lens offers several key benefits, including cloud-agnostic guidance applicable across various environments and AI tools, comprehensive coverage of all six Well-Architected pillars, and flexible application for organizations at any stage of their AI journey. It enables thorough assessment of architectures using large language models (LLMs) and helps business leaders and data scientists navigate critical decisions in generative AI implementation.

By addressing specific data architecture requirements for generative AI workloads and providing a framework for continuous improvement, this lens promotes a robust, secure, and efficient solutions. Whether you’re exploring your first generative AI project or scaling existing implementations, the Well-Architected Generative AI Lens offers insights to enhance your cloud-based AI initiatives.

The Generative AI Lens is available as an AWS-official lens in the Lens Catalog of the AWS Well-Architected Tool.
 

Read More for the details.

Amazon EventBridge announces support for Amazon Key Management Service (KMS) Customer Managed Keys (CMK) in API destinations connections. This enhancement enables you to encrypt your HTTPS endpoint authentication credentials managed by API destinations with your own keys instead of an AWS owned key (which is used by default). With CMK support, you now have more granular security control over your authentication credentials used in API destinations, helping you meet your organization’s security requirements and governance policies.

Customer managed Keys (CMK) are KMS keys that you create and manage by yourself. You can also audit and track usage of your keys via CloudTrail. EventBridge API destinations are private and public HTTPS endpoints that you can invoke as the target of an event bus rule or pipe, similar to how you invoke an AWS service or resource as a target. API destinations provides flexible authentication options for HTTPS endpoints, such as API key and OAuth, storing and managing credentials securely in AWS Secrets Manager on your behalf.

CMK support for EventBridge API destinations connections is now available across all AWS Regions where EventBridge API destinations is available. Please refer to the EventBridge user guide and KMS documentation for details.
 

Read More for the details.

GitLab Duo with Amazon Q is generally available for Self-Managed Ultimate customers, embedding advanced agent capabilities for software development, Java modernization, enhanced quality assurance, and code review optimization directly in GitLab’s enterprise DevSecOps platform. GitLab Duo with Amazon Q delivers a seamless development experience that accelerates the execution of complex, multistep tasks and collaborative workflows in the GitLab platform your developers already know.

Using GitLab Duo with Amazon Q, developers and teams can collaborate with Amazon Q agents to accelerate feature development, maximize code quality and security, detect and resolve vulnerabilities, automate testing coverage, troubleshoot failed pipeline jobs, and upgrade legacy Java code bases. GitLab’s unified data store across the software development lifecycle gives Amazon Q project context to accelerate software development and deployment, simplifying the complex toolchains historically required for collaboration across teams.

• Streamline software development: Delegate feature development to the Amazon Q agent from any issue. Detailed summaries, implementation plans, and commit messages keep developers informed on every change. Using feedback in comments, Amazon Q iterates to apply changes on the merge request.
• Maximize code quality and security with review and testing agents: Standardize code review best practices with agent-assisted security, quality, and deployment risk scanning on every merge request. Amazon Q can generate new tests to add complete coverage on code changes and apply fixes to merge requests, making QA seamless.
• Faster debugging, troubleshooting, and vulnerability resolution: During deployment, platform teams can quickly troubleshoot and resolve failed CI/CD jobs from context-aware web chat using analysis and suggested fixes powered by Amazon Q.
• Transform enterprise workloads: Upgrade Java 8 or 11 code bases to Java 17 directly from a GitLab project to improve application security and performance and remove technical debt.

Read the blog post or visit the Amazon Q Developer integrations page to learn more.

Read More for the details.

Amazon S3 Tables now support server-side encryption using AWS Key Management Service (SSE-KMS) with customer-managed keys. You can use your own KMS keys to encrypt the tables stored in table buckets to meet regulatory and governance requirements.

By default, S3 Tables encrypt all objects with server-side encryption using S3-managed keys (SSE-S3). With support for customer-managed keys, you have the option to set a default customer-managed key for all new tables in the table bucket, set a dedicated key per table, or implement a combination of both approaches. With SSE-KMS support, S3 Tables use S3 Bucket Keys by default for cost optimization, and provide AWS CloudTrail logging for auditing the usage of customer-managed keys.

S3 Tables support for SSE-KMS using customer-managed keys is available for all new tables in all AWS Regions where S3 Tables are available. To learn more, visit the product page and documentation.

Read More for the details.

Today, we are excited to announce throughput improvements to dynamic run storage for AWS HealthOmics. AWS HealthOmics is a HIPAA-eligible service that helps healthcare and life sciences customers accelerate scientific breakthroughs with fully managed biological data stores and workflows.

Dynamic run storage automatically scales storage capacity based on workflow needs. With this release, dynamic run storage now also scales throughput using Elastic Throughput mode on Amazon Elastic File System. This feature is recommended for runs requiring faster start times, workflows with unpredictable storage requirements, and iterative development cycles, helping research teams reduce time-to-insight for time-sensitive genomic analyses.

Dynamic run storage with elastic throughput is now available in all regions where AWS HealthOmics is available: US East (N. Virginia), US West (Oregon), Europe (Frankfurt, Ireland, London), Asia Pacific (Singapore) and Israel (Tel Aviv). To get started with dynamic run storage, see the documentation.

Read More for the details.

Amazon CloudWatch agent now supports Security-Enhanced Linux (SELinux) environments through a pre-configured security policy that allow monitoring in systems where security enforcement is required. This feature benefits customers in regulated industries and government sectors who maintain strict security controls across their Linux infrastructure. These security policies, when applied before CloudWatch Agent installation, help customers maintain their security posture while collecting essential monitoring data.

This launch enables organizations to deploy the CloudWatch agent in SELinux-enabled environments while maintaining their security posture. It addresses a critical need where enforcing access controls is essential. The pre-configured SELinux configurations allow customers to benefit from AWS monitoring and observability features while helping to adhering to their compliance requirements. This feature helps to simplify the deployment process and reduce the risk of security misconfigurations during agent installation.

Amazon CloudWatch agent is available in all public AWS Regions and GovCloud (US).

To get started with Amazon CloudWatch agent in Security-Enhanced Linux (SELinux) environments, see Installing the CloudWatch agent in the Amazon CloudWatch User Guide.
 

Read More for the details.

Customers in AWS Mexico (Central) Region can now use AWS Transfer Family for file transfers over Secure File Transfer Protocol (SFTP), File Transfer Protocol (FTP), FTP over SSL (FTPS) and Applicability Statement 2 (AS2).

AWS Transfer Family provides fully managed file transfers for Amazon Simple Storage Service (Amazon S3) and Amazon Elastic File System (Amazon EFS) over SFTP, FTP, FTPS and AS2 protocols. In addition to file transfers, Transfer Family enables common file processing and event-driven automation for managed file transfer (MFT) workflows, helping customers to modernize and migrate their business-to-business file transfers to AWS.

To learn more about AWS Transfer Family, visit our product page and user-guide. See the AWS Region Table for complete regional availability information.

Read More for the details.