AWS

AWS Identity and Access Management (IAM) announces a new dual-stack public endpoint, enabling customers to connect to IAM over the public internet using IPv6, IPv4, or dual-stack clients. Dual-stack support is also available when customers access the new IAM endpoint privately from their Amazon Virtual Private Cloud (VPC) using AWS PrivateLink. With simultaneous support for both IPv4 and IPv6 clients on IAM endpoint, customers can gradually transition from IPv4 to IPv6-based systems and applications.

Support for dual-stack IAM endpoint is available in all commercial AWS Regions, the AWS GovCloud (US) Regions, and the China Regions. For more information about IAM dual-stack public endpoint, please see the IAM User Guide.

Read More for the details.

Amazon Bedrock Guardrails announces the general availability of image content filters – offering industry-leading text and image content safeguards that help customers block up to 88% of harmful multi modal content. This new capability removes the heavy lifting required by customers to build their own safeguards for image content or spend cycles with manual content moderation that can be error-prone and tedious. Bedrock Guardrails provides configurable safeguards to detect and block harmful content and prompt attacks, define topics to deny and disallow specific topics, redact personally identifiable information (PII) such as personal data, block specific words, along with contextual grounding checks to detect and block model hallucinations and to identify the relevance of model responses and claims, and identify, correct, and explain factual claims in model responses using Automated Reasoning checks. Guardrails can be applied across any foundation model including those hosted with Amazon Bedrock, self-hosted models, and third-party models outside Bedrock using the ApplyGuardrail API, providing a consistent user experience and helping to standardize safety and privacy controls.

Image content filters can be applied to all categories within the content filter policy of Bedrock Guardrails including hate, insults, sexual, violence, misconduct, and prompt attack. With this new capability, customers have the flexibility to choose either image or text content, or both, and build safe generative AI applications adhering to their responsible AI policies.

This new capability is generally available in US East (N. Virginia), US West (Oregon), Europe (Frankfurt), and Asia Pacific (Tokyo) AWS regions.

To learn more, see the blog, technical documentation, and the Bedrock Guardrails product page.

Read More for the details.

Amazon EC2 now supports up to the full EC2 instance bandwidth for inter-region VPC peering traffic and to AWS Direct Connect. Additionally, EC2 supports jumbo frames up to 8500 Bytes for cross region VPC peering. Before today, the egress bandwidth for EC2 instances was limited to 50% of the aggregate bandwidth limit for instances with 32 or more vCPUs, and 5 Gbps for smaller instances. Cross region peering supported up to 1500 bytes. Now, customers can send bandwidth from EC2 between regions or towards AWS Direct Connect at the full instance baseline specification or 5Gbps, whichever is greater and customers can use jumbo frames across regions for peered VPCs.

Customers transferring data between regions or from EC2 to their on-premises network via AWS Direct Connect now have access to the full instance bandwidth capabilities. Before today, customers sending traffic to any destination not in the same region had a lower bandwidth limit. With this change, the lower limit has been removed for destinations between AWS regions and to on-premises through AWS Direct Connect, allowing for faster transfers. Additionally, supporting jumbo frames for peering makes sending large volumes of data faster than before.

This capability is available in all AWS commercial regions, the AWS GovCloud (US) Regions, and the Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD. Customers can take advantage of this capability without any additional changes. To learn more about EC2 bandwidth capabilities, please review our user guide.

Read More for the details.

Amazon DataZone is a data management service that makes it faster and easier for customers to catalog, discover, share, and govern data stored across AWS, on premises, and third-party sources. Amazon DataZone now supports metadata rules for data publishing workflows, in addition to existing support for subscription workflows. This enhancement allows organizations to enforce metadata standards consistently across both producer and consumer workflows. By standardizing metadata practices, organizations can improve compliance, enhance audit readiness, and streamline workflows for greater efficiency and control.

With metadata rules, domain owners can define mandatory metadata fields that data users must complete when publishing assets to the catalog or requesting access to data. For example, a financial services organization can require producers to classify data before publication, and consumers to provide project details and compliance evidence as part of an access request. Healthcare providers can use metadata rules to enforce metadata standards to align with patient data regulations.
Metadata rules also enable the creation of custom approval workflows for subscriptions to assets, using collected metadata to facilitate access decisions or auto-fulfillment—outside of Amazon DataZone.

To get started with metadata rules—

• Read the user guide for creating rules in the publishing workflow
• Read the user guide for creating rules in subscription requests

Read More for the details.

The next generation of SageMaker brings together widely adopted AWS machine learning and analytics capabilities, delivering an integrated experience with unified access to all data. Amazon SageMaker Lakehouse supports unified data access, and Amazon SageMaker Catalog, built on Amazon DataZone, offers catalog and governance features to meet enterprise security needs.

Amazon SageMaker Catalog now supports metadata rules, allowing organizations to enforce metadata standards across data publishing and subscription workflows. By standardizing metadata practices, organizations can improve compliance, enhance audit readiness, and streamline access workflows for greater efficiency and control.

With metadata rules, domain owners can define mandatory metadata fields that data users must complete when publishing assets to the catalog or requesting access to data. For example, a financial services organization can require producers to classify data before publication, and consumers to provide project details and compliance evidence as part of an access request. Healthcare providers can use metadata rules to enforce metadata standards to align with patient data regulations.
Metadata rules also enable the creation of custom approval workflows for subscriptions to assets, using collected metadata to facilitate access decisions or auto-fulfillment—outside of Amazon SageMaker.

To get started with metadata rules—

• Read the user guide for creating rules in the publishing workflow
• Read the user guide for creating rules in subscription requests

Read More for the details.

You can now use AWS PrivateLink to privately access Amazon ElastiCache from your Amazon Virtual Private Cloud (Amazon VPC). AWS PrivateLink provides private connectivity between VPCs, AWS services, and on-premises networks, without exposing traffic to the public internet and securing your network traffic. The Amazon ElastiCache API supports AWS PrivateLink in AWS Asia Pacific (Jakarta) and Asia Pacific (Hyderabad) Regions.

To use AWS PrivateLink with Amazon ElastiCache, you create an interface VPC endpoint for Amazon ElastiCache in your VPC using the Amazon VPC console, AWS SDK, or AWS CLI. With an interface VPC endpoint, you can privately access the Amazon ElastiCache APIs from applications inside your Amazon VPC. You can also access the VPC endpoint from other VPCs using VPC Peering or your on-premises environments using AWS VPN or AWS Direct Connect. To learn more, read the documentation, or get started in the Amazon VPC Console.

Read More for the details.

AWS CodeBuild now supports an enhanced S3 caching experience. You can now define custom cache keys for more granular cache management and improved cache persistence across your builds. You can also share the cache keys across projects to use a common dependency cache to speed up your builds. AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages ready for deployment.

Additionally, CodeBuild added support for fallback keys, which allows partial matches when an exact cache key is not found. This capability enables efficient caching sharing between similar builds, such as builds with common dependencies, without needing to rebuild everything. You can also specify an optional action to skip the cache save or restore step for a more flexible cache management.

These caching enhancements are available in all AWS Regions where CodeBuild is offered. To learn more, please visit our documentation. To get started with CodeBuild, visit the AWS CodeBuild product page.

Read More for the details.

You can now use Amazon EBS gp3 and io1 volumes in AWS Dedicated Local Zones. Dedicated Local Zones are a type of AWS infrastructure that are fully managed by AWS, built for exclusive use by you or your community, and placed in a location or data center specified by you to help you comply with regulatory requirements. In Dedicated Local Zones, these volumes are purpose-built to store data in a specific data perimeter, helping to support your data isolation and data residency use cases.

The latest generation of General Purpose SSD volumes (gp3) enable customers to provision performance independently of storage capacity, providing up to 20% lower price point per GB than existing gp2 volumes. Provisioned IOPS SSD (io1) volumes are designed to meet the needs of I/O-intensive and latency-sensitive transactional workloads like databases.

You can manage gp3 and io1 volumes using the AWS Management Console, the AWS Command Line Interface (CLI), or the AWS SDKs. For more information on gp3 and io1 volumes, see the product overview page.
 

Read More for the details.

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) C8g instances are available in AWS Asia Pacific (Tokyo) region. These instances are powered by AWS Graviton4 processors and deliver up to 30% better performance compared to AWS Graviton3-based instances. Amazon EC2 C8g instances are built for compute-intensive workloads, such as high performance computing (HPC), batch processing, gaming, video encoding, scientific modeling, distributed analytics, CPU-based machine learning (ML) inference, and ad serving. These instances are built on the AWS Nitro System, which offloads CPU virtualization, storage, and networking functions to dedicated hardware and software to enhance the performance and security of your workloads.

AWS Graviton4-based Amazon EC2 instances deliver the best performance and energy efficiency for a broad range of workloads running on Amazon EC2. These instances offer larger instance sizes with up to 3x more vCPUs and memory compared to Graviton3-based Amazon C7g instances. AWS Graviton4 processors are up to 40% faster for databases, 30% faster for web applications, and 45% faster for large Java applications than AWS Graviton3 processors. C8g instances are available in 12 different instance sizes, including two bare metal sizes. They offer up to 50 Gbps enhanced networking bandwidth and up to 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS).

To learn more, see Amazon EC2 C8g Instances. To explore how to migrate your workloads to Graviton-based instances, see AWS Graviton Fast Start program and Porting Advisor for Graviton. To get started, see the AWS Management Console.
 

Read More for the details.

Starting today, you can build, train, and deploy machine learning (ML) models in Asia Pacific (Thailand).

Amazon SageMaker AI is a fully managed platform that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. SageMaker AI removes the heavy lifting from each step of the machine learning process to make it easier to develop high quality models.

To learn more and get started, see SageMaker AI documentation and pricing page.
 

Read More for the details.

Starting today, you can build, train, and deploy machine learning (ML) models in Mexico (Central).

Amazon SageMaker AI is a fully managed platform that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. SageMaker AI removes the heavy lifting from each step of the machine learning process to make it easier to develop high quality models.

To learn more and get started, see SageMaker AI documentation and pricing page.
 

Read More for the details.

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) R8g instances are available in AWS US West (N. California) region. These instances are powered by AWS Graviton4 processors and deliver up to 30% better performance compared to AWS Graviton3-based instances. Amazon EC2 R8g instances are ideal for memory-intensive workloads such as databases, in-memory caches, and real-time big data analytics. These instances are built on the AWS Nitro System, which offloads CPU virtualization, storage, and networking functions to dedicated hardware and software to enhance the performance and security of your workloads.

AWS Graviton4-based Amazon EC2 instances deliver the best performance and energy efficiency for a broad range of workloads running on Amazon EC2. AWS Graviton4-based R8g instances offer larger instance sizes with up to 3x more vCPU (up to 48xlarge) and memory (up to 1.5TB) than Graviton3-based R7g instances. These instances are up to 30% faster for web applications, 40% faster for databases, and 45% faster for large Java applications compared to AWS Graviton3-based R7g instances. R8g instances are available in 12 different instance sizes, including two bare metal sizes. They offer up to 50 Gbps enhanced networking bandwidth and up to 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS).

To learn more, see Amazon EC2 R8g Instances. To explore how to migrate your workloads to Graviton-based instances, see AWS Graviton Fast Start program and Porting Advisor for Graviton. To get started, see the AWS Management Console.
 

Read More for the details.

Amazon GameLift Servers now supports Amazon EC2 5th through 8th generation instances, offering enhanced price-performance, efficiency, and flexibility for game server hosting. This update allows developers to leverage the latest advancements in EC2 compute, memory, and networking across three main instance families:

1. General Purpose (M-series): Balanced CPU, memory, and networking for a wide range of game workloads.
2. Compute Optimized (C-series): High-performance compute instances with a 2:1 memory ratio, ideal for CPU-intensive game servers.
3. Memory Optimized (R-Series): Optimized for high-memory workloads with an 8:1 memory ratio, supporting complex simulations and large player sessions.

Each new EC2 generation brings significant improvements:

• 5th Gen: Proven reliability with Intel processors with balanced performance
• 6th Gen: Includes AWS Graviton2 ARM-based options alongside Intel and AMD variants offering enhanced price-performance efficiency.
• 7th Gen: The latest evolution featuring DDR5 memory, enhanced networking, and offering significant performance gains over previous generations.
• 8th Gen: Cutting-edge AWS Graviton4 and Intel Xeon-based instances for demanding workloads

Customers can also choose variants with local storage (d), enhanced networking (n), and different processor architectures (Intel, AMD, Graviton – i/a/g).

This update empowers developers with greater flexibility, scalability, and cost efficiency to optimize game server performance. Customers can now seamlessly transition workloads to newer EC2 generations, leveraging AWS’s continuous innovation for building, scaling, and operating multiplayer games globally.

These next-generation instances are available in Amazon GameLift Servers supported regions, except AWS China. For more information on launching fleets with next-generation EC2 instances, visit the Amazon GameLift Servers documentation and EC2 Instance Types overview.

Read More for the details.

AWS Network Manager and AWS Cloud WAN now support AWS PrivateLink and IPv6 based connectivity to the management endpoint of these services. Using PrivateLink, customers can now access AWS Network Manager or AWS Cloud WAN privately on the AWS network, without going through the public Internet. Additionally, customers can now access these services over IPv6 using dual-stack endpoints.

With AWS Cloud WAN, you can use a central dashboard and network policies to create a global network that spans multiple locations and networks, allowing you to configure and manage different networks using the same technology. The Cloud WAN central dashboard, powered by AWS Network Manager, generates a complete view of the network to help you monitor network health, security, and performance. AWS Network Manager reduces the operational complexity of managing global networks across AWS and on-premises locations. Previously, you could access AWS Cloud WAN and AWS Network Manager using public IPv4 endpoints only. With this launch, you can now access these services’ APIs/CLI privately, without going through the public Internet. Additionally, these services now support IPv6 endpoints.

To learn more about AWS Network Manager, refer documentation, and for AWS Cloud WAN, refer documentation.

Read More for the details.

Today, AWS announces new features for AWS Network Firewall: The ability to generate alerts on traffic that matches pass action rules and JA4 fingerprinting support in firewall rules. AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC). These new capabilities enhance the security and visibility of your network traffic, allowing for more granular control and improved threat detection.

The ability to generate alert log events on traffic that matches pass action rules provides enhanced visibility into your network traffic without a need to add an alert action rule before the pass action rule. This can help you detect anomalies or potential security issues in traffic that would otherwise be permitted without additional scrutiny. JA4 filtering rules enables AWS Network Firewall to analyze network traffic based on JA4 fingerprints, which are used to identify client and server applications. This feature allows for more precise traffic identification and control, helping you to better secure your network against potential threats.

Pass action rule alert and JA4 filtering rules are available in all AWS Regions where AWS Network Firewall is offered. To see which regions AWS Network Firewall is available in, visit the AWS Region Table.

To learn more about these new features and how to implement them in your AWS Network Firewall setup, visit the AWS Network Firewall documentation. You can start using these new capabilities today to enhance your network security posture and gain deeper insights into your VPC traffic patterns.

Read More for the details.

We are announcing the support of Amazon OpenSearch Managed cluster as a vector store in Amazon Bedrock Knowledge Bases. Amazon Bedrock Knowledge Bases securely connects foundation models (FMs) to internal company data sources for Retrieval Augmented Generation (RAG), to deliver more relevant and accurate responses.

Amazon Bedrock Knowledge Bases’ native integration with vector databases allows you to mitigate the need to build custom data source integrations. With this launch, you can use OpenSearch managed cluster as the vector database to take advantage of the suite of features available in Bedrock Knowledge Bases. This integration adds to the list of vector databases supported by Bedrock Knowledge Bases, including Amazon OpenSearch Serverless, Amazon Aurora, Amazon Neptune Analytics, Pinecone, MongoDB Atlas, and Redis.

The OpenSearch Managed cluster integration for Amazon Bedrock Knowledge Bases is now generally available in all existing Amazon Bedrock Knowledge Base and Opensearch service regions. To learn more, refer to the Knowledge Bases documentation.

Read More for the details.

Today, we are excited to announce a set of improvements to the seller management experience for Machine Learning (ML) products in AWS Marketplace. Sellers can now quickly publish and update ML listings with a new self-service experience in the AWS Marketplace Management Portal. Additionally, sellers can now create, view, and manage private offers for ML products through a guided step-by-step process in the AWS Marketplace Management Portal, making it easier for them to extend custom pricing terms to their customers. To help improve operational efficiency, sellers can now utilize AWS Marketplace Catalog APIs to automate creating and updating ML product listings and private offers.

These three features help streamline the process of listing and managing ML products in AWS Marketplace, offering a more seamless experience for ML sellers and enabling them to bring their innovative ML solutions to customers faster and more efficiently. With the new self-service experience, sellers can perform all listing creation and management actions and publish private offers in minutes, all without requiring help from AWS Marketplace support. With access to APIs, ML sellers can automate their listing creation and update processes by integrating directly with AWS Marketplace from within their model publishing pipelines.

To get started, visit the Machine Learning product page in the AWS Marketplace Management Portal. To learn more, access the AWS Marketplace Seller Guide.
 

Read More for the details.

Today, Amazon Elastic Kubernetes Service (EKS) announced a new control to prevent accidental cluster upgrades when issues are already detected that may impact application compatibility with the next Kubernetes version. This feature leverages EKS upgrade insights and is significant step towards giving cluster administrators confidence with Kubernetes version upgrades.

EKS upgrade insights automatically scan clusters against a list of potential Kubernetes version upgrade impacting issues such as deprecated Kubernetes API usage. EKS periodically updates the list of insight checks to perform, based on evaluations of changes in the Kubernetes project, as well as changes introduced in the EKS service along with new versions. With this new control, EKS will prevent you from upgrading the EKS clusters if there are any Kubernetes version upgrade impacting issues surfaced by EKS upgrade insights. Once the upgrade impacting issues are resolved, you will be able to upgrade the Kubernetes version of your cluster. EKS has also introduced an override flag which you can use to bypass upgrade insights checks on upgrades, which can useful for example in dev environments.

This feature is available in all AWS Regions, except the AWS GovCloud (US) Regions. To learn more visit the EKS documentation.

Read More for the details.

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) P5en instances powered by NVIDIA H200 GPUs are available in US East (N. Virginia) and Asia Pacific (Jakarta) regions. These instances are optimized for generative AI and high performance computing (HPC) applications.

P5en instances feature 8 H200 GPUs which have 1.7x GPU memory size and 1.4x GPU memory bandwidth than H100 GPUs featured in P5 instances. P5en instances pair the H200 GPUs with high performance custom 4^th Generation Intel Xeon Scalable processors, enabling Gen5 PCIe between CPU and GPU which provides up to 4x the bandwidth between CPU and GPU and boosts AI training and inference performance. P5en, with up to 3200 Gbps of third generation of EFA using Nitro v5, shows up to 35% improvement in latency compared to P5 that uses the previous generation of EFA and Nitro. This helps improve collective communications performance for distributed training workloads such as deep learning, generative AI, real-time data processing, and high-performance computing (HPC) applications. To address customer needs for large scale at low latency, P5en instances are deployed in Amazon EC2 UltraClusters, and provide market-leading scale-out capabilities for distributed training and tightly coupled HPC workloads.

With these additional regions, P5en instances are now available in the US East (N. Virginia, Ohio), US West (Oregon), Europe (Spain) and Asia Pacific (Jakarta, Mumbai, Seoul, Tokyo and Seoul) AWS Regions and US East (Atlanta) Local Zone us-east-1-atl-2a in the p5en.48xlarge size.

To learn more about P5en instances, see Amazon EC2 P5en Instances.

Read More for the details.

Starting today, Amazon Q Business is available in Asia Pacific (Sydney) AWS Region. Amazon Q Business revolutionizes the way that employees interact with organizational knowledge and enterprise systems. Q Business customers in this region can get answers from enterprise RAG knowledge bases and uploaded files (e.g. pdf’s, images) and run tabular search on small tables. Customers can also get answers from LLM knowledge and generate content using their Q Business assistant. Amazon Q Business connects seamlessly to over 40 popular enterprise systems, including Amazon Simple Storage Service (Amazon S3), Microsoft 365, and Salesforce. It ensures that users access content securely with their existing credentials using single sign-on, according to their permissions, and enterprise-level access controls.

With this regional expansion, Amazon Q is now available in the following regions: US East (N. Virginia), US West (Oregon), Europe West (Ireland), and Asia Pacific Southeast (Sydney) AWS Regions.

To learn more about the Amazon Q Business features available in this region, go to Q Business service regions.

For more information, see Amazon Q Business.

Read More for the details.