Welcome to above the clouds

GCP – Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
Written by: John Wolfram, Michael Edie, Jacob Thompson, Matt Lin, Josh Murchie On Thursday, April 3, 2025, Ivanti disclosed a critical security vulnerability, CVE-2025-22457, impacting Ivanti Connect Secure (“ICS”) VPN appliances version 22.7R2.5 and earlier. CVE-2025-22457 is a buffer overflow vulnerability, and successful exploitation would result in remote code execution. Mandiant and Ivanti have identified […]

AWS – Monitor service dependencies with Amazon CloudWatch Application Signals SLOs
Amazon CloudWatch Application Signals now supports creating Service Level Objectives (SLOs) using metrics from your service dependencies. You can now monitor the performance of your services’ dependencies, and proactively resolve problems through SLO goal setting, thanks to this new ability. Using Application Signals you can create period-based or request-based SLOs that track key metrics like […]

AWS – Amazon Security Lake achieves FedRamp High and Moderate authorization
Amazon Security Lake has achieved FedRAMP High authorization in AWS GovCloud (US) Region and FedRAMP Moderate in the US East and US West Regions. If you’re a federal agency, public sector organization, or enterprise with FedRAMP compliance requirements, you can now centralize your security data using Amazon Security Lake. Amazon Security Lake automatically centralizes security […]

AWS – Amazon CloudWatch Logs increases maximum log event size to 1 MB
Amazon CloudWatch Logs now supports log events up to 1 MB in size, a 4x increase from the previous 256 KB limit. This enhancement applies to the CloudWatch Logs PutLogEvents API and OpenTelemetry Protocol (OTLP) endpoint. Customers can now capture richer log data while maintaining data integrity, eliminating the need to truncate large events or […]

AWS – Amazon RDS Proxy is now available in the AWS GovCloud (US) Regions
Amazon Relational Database Service (RDS) Proxy is now available in the AWS GovCloud (US-West) and AWS GovCloud (US-East) Regions. RDS Proxy is a fully managed and a highly available database proxy for RDS and Amazon Aurora databases. RDS Proxy helps improve application scalability, resiliency, and security. Many applications, including those built on modern architectures capable […]

AWS – AWS Clean Rooms Spark SQL now supports aggregation and list analysis rules
With today’s launch, AWS Clean Rooms provides additional privacy-enhancing controls to support aggregation and list analysis rules using the Spark analytics engine. Using AWS Clean Rooms Spark SQL, you and your partners can now manage how your data is used with aggregation, list, and custom analysis rules, running SQL queries with configurable resources based on […]

AWS – AWS CDK Construct Library for Amazon EventBridge Scheduler now generally available
Amazon Web Services (AWS) announces the general availability of the AWS Cloud Development Kit (AWS CDK) L2 construct library for Amazon EventBridge Scheduler. This construct library allows developers to programmatically create, configure, and manage scheduled tasks using infrastructure as code with their preferred programming language, simplifying the process of building event-driven applications. The EventBridge Scheduler […]

AWS – AWS CDK L2 Construct for Amazon Cognito Identity Pools now generally available
Amazon Web Services (AWS) announces the general availability of the AWS Cloud Development Kit (AWS CDK) L2 construct for Amazon Cognito Identity Pools. This library enables developers to programmatically define and deploy Identity Pool resources using familiar programming languages, making it easier to grant users secure access to AWS services in their applications. With this […]

AWS – Amazon CloudFront supports VPC Origin modification with CloudFront Functions
In November 2024, CloudFront Functions introduced origin modifications, allowing you to conditionally change origin servers on each request. Starting today, you can now use this capability with VPC Origins and origin groups, enabling you to create even more sophisticated routing policies for your applications delivered from CloudFront. You can now create dynamic routing policies that […]
AWS – Announcing enhanced autoscaling for Amazon OpenSearch Ingestion pipelines
Amazon OpenSearch Ingestion now supports enhanced autoscaling capabilities, allowing pipelines to scale dynamically based on additional parameters, including Amazon SQS queue size, persistent buffer lag, and the number of incoming HTTP connections. These enhancements improves upon the existing scaling mechanism, which previously relied only on memory and CPU utilization, providing a more comprehensive and responsive […]