AWS

Amazon Elastic Kubernetes Service (EKS) announces the general availability of EKS Dashboard, a new feature that provides centralized visibility into Kubernetes infrastructure across multiple AWS Regions and accounts. EKS Dashboard provides comprehensive insights into your Kubernetes clusters, enabling operational planning and governance. You can access the Dashboard in EKS console through AWS Organizations’ management and delegated administrator accounts.

As you expand your Kubernetes footprint to address operational and strategic objectives, such as improving availability, ensuring business continuity, isolating workloads, and scaling infrastructure, the EKS Dashboard provides centralized visibility across your Kubernetes infrastructure. You can now visualize your entire Kubernetes infrastructure without switching between AWS Regions or accounts, gaining aggregated insights into clusters, managed node groups, and EKS add-ons. This includes clusters running specific Kubernetes versions, support status, upcoming end of life auto-upgrades, managed node group AMI versions, EKS add-on versions, and more. This centralized approach supports more effective oversight, auditability, and operational planning for your Kubernetes infrastructure.

The EKS Dashboard can be accessed in the us-east-1 AWS Region, aggregating EKS cluster metadata from all commercial AWS Regions. To get started, see the EKS user guide.

Read More for the details.

Starting today, customers can now configure System Integrity Protection (SIP) settings on their EC2 Mac instances, providing greater flexibility and control over their development environments. SIP is a critical macOS security feature that helps prevent unauthorized code execution and system-level modifications. This enhancement enables developers to temporarily disable SIP for development and testing purposes, install and validate system extensions and DriverKit drivers, optimize testing performance through selective program management, and maintain security compliance while meeting development requirements.

The new SIP configuration capability is available across all EC2 Mac instance families, including both Intel (x86) and Apple silicon platforms. Customers can access this feature in all AWS regions where EC2 Mac instances are currently supported. To learn more about this feature, please visit the documentation here and our launch blog here. To learn more about EC2 Mac instances, click here.

Read More for the details.

AWS Database Migration Service (AWS DMS) now supports Data Resync, a new feature that automatically corrects data inconsistencies identified during validation between source and target databases.

Data Resync integrates with your existing DMS migration tasks and supports both Full Load and Change Data Capture (CDC) phases. It uses your current task settings—including connection configurations, table mappings, and transformations—to apply corrections automatically, helping ensure accurate and reliable migrations without manual intervention. With Data Resync, AWS DMS can detect and resolve common data issues, such as missing records, duplicate entries, or mismatched values, based on validation results.

Data Resync is available starting with AWS DMS replication engine version 3.6.1, and currently supports migration paths from Oracle and SQL Server to PostgreSQL. For detailed information on how Data Resync enhances migration accuracy, please refer to the AWS DMS Technical Documentation.

Read More for the details.

AWS Cost Anomaly Detection now integrates with AWS User Notifications (via Amazon EventBridge), enabling customers to create enhanced alerting capabilities in the AWS User Notifications console. This integration lets customers configure sophisticated alert rules based on service, account, or other cost dimensions to identify and respond to unexpected spending changes faster. Using AWS User Notifications, customers can receive immediate or aggregated alerts through multiple channels including email, AWS Chatbot, and the AWS Console Mobile Application, while maintaining a centralized history of alert notifications.

This new capability allow customers to customize their cost monitoring by creating alert rules in AWS User Notifications. Now customers can configure rules with higher thresholds for machine learning services that naturally experience cost spikes during training, while setting lower thresholds for stable services like databases where small changes might indicate configuration issues. Customers also benefit from verified contact management, ensuring alerts reach the right teams through validated delivery channels that can be reused across multiple alert configurations.

These enhancements are available in all AWS Regions, except the AWS GovCloud (US) Regions and the China Regions. To learn more about setting up alerts in AWS User Notifications and getting started, visit the AWS Cost Anomaly Detection product page and documentation.
 

Read More for the details.

Starting today, AWS Deadline Cloud will support the latest version of Foundry Nuke, a powerful compositing tool widely used for visual effects and post-production workflows. AWS Deadline Cloud is a fully managed service that simplifies render management for teams creating computer-generated graphics and visual effects, for films, television and broadcasting, web content, and design.

With support for Nuke version 16, you can access the latest improvements for Nuke while leveraging AWS Deadline Cloud’s managed infrastructure for your rendering pipelines, giving you the ability to create high-quality content using cutting-edge compositing features.

This new version is now available in all AWS regions where AWS Deadline Cloud is currently offered. To learn more about AWS Deadline Cloud and how to leverage Nuke version 16 in your workflows, visit the AWS Deadline Cloud documentation.
 

Read More for the details.

Amazon RDS announces a new capability that helps you view engine lifecycle support dates for your databases. This new feature provides a centralized and convenient place to access engine support dates, offering greater control over your database lifecycle management

You can view start and end dates for RDS Standard Support and RDS Extended Support for RDS and Aurora major engine versions through the RDS API or AWS CLI. If RDS Extended Support is available for an engine version then both RDS Standard and Extended Support dates are shown. If RDS Extended Support is not available for an engine version, the response includes only RDS Standard Support dates

With this feature you can view lifecycle support dates for RDS MySQL, RDS MariaDB, RDS PostgreSQL, Aurora MySQL, and Aurora PostgreSQL engines. To learn more, visit Amazon RDS User Guide and Amazon Aurora User Guide.

Amazon RDS makes it simple to set up, operate, and scale database deployments in the cloud. Create or update a fully managed Amazon RDS database in the Amazon RDS Management Console.

Amazon Aurora is designed for unparalleled high performance and availability at global scale with full MySQL and PostgreSQL compatibility. To get started with Amazon Aurora, take a look at our getting started page.

Read More for the details.

AWS Marketplace now supports partial disbursements for AWS Marketplace invoices transacted through the AWS Inc., Europe, Middle East and Africa (EMEA), Australia (AU), and Japan (JP) Marketplace Operators (MPOs), allowing sellers to receive funds as buyers make partial payments on AWS Marketplace invoices. AWS Marketplace now automatically processes partial disbursements based on the invoice amount paid by the buyer, aligned with the seller’s disbursement schedule configured in the AWS Marketplace Management Portal (AMMP). Previously, sellers had to wait for complete invoice payments by buyers before receiving disbursements for invoices.

Sellers can now access funds faster through disbursement of partial payments without waiting for buyers to pay invoices in full. Enhancements have also been made to AWS Marketplace Seller reporting to provide better visibility into partially disbursed invoices. For more details on the AWS Marketplace Seller reporting experience, visit the billed revenue dashboard and collections and disbursement dashboard guides.

Partial disbursements are available to AWS Marketplace sellers who transact through the AWS Inc., EMEA, AU, and JP MPOs.

For more information about partial disbursements for AWS Marketplace invoices and updates to seller dashboards, access the partial disbursements documentation.
 

Read More for the details.

AWS Transfer Family now supports ML- KEM (FIPS-203), a post-quantum algorithm standardized by the National Institute of Standards and Technology (NIST), for SFTP file transfers. Quantum-resistant public-key exchange helps protect transfers of data files that require long-term confidentiality against “harvest now, decrypt later“ threats. In such scenarios, an adversary may be recording present day traffic for decrypting once cryptanalytically relevant quantum computers become available.

AWS Transfer Family offers fully managed support for the transfer of files over SFTP, AS2, FTPS, FTP, and web browser-based transfers directly into and out of AWS storage services. With this launch, you can now use post-quantum (PQ) hybrid security policies that combine classical Elliptic Curve Diffie-Hellman with quantum-resistant ML-KEM key exchanges between your AWS Transfer Family SFTP endpoints and clients like OpenSSH, Putty, and JSch that support PQ algorithms. When using a PQ hybrid policy, your Transfer Family SFTP server preserves the standard connection options supported by most clients today, while leveraging the most secure PQ connection options with clients that support quantum-resistant key exchange.

ML-KEM quantum-resistant key exchange for SFTP file transfers is supported in all AWS Regions where AWS Transfer Family is available. Older PQ key exchange methods which included ML-KEM’s pre-standardized version (Kyber), introduced in AWS Transfer in 2023, will be removed from existing policies and no longer be included in the new PQ policy. To learn more about using PQ security policies to enable quantum-resistant key exchange, visit our documentation.
 

Read More for the details.

Amazon RDS for Oracle now supports credential management with AWS Secrets Manager for databases that adopt Oracle multitenant architecture. Oracle multitenant architecture enables customers to consolidate data and code from multiple databases into one database by setting up a multitenant container database (CDB) that can include multiple pluggable databases (PDBs). With this launch, customers can use AWS Secrets Manager to manage user credentials for their tenant pluggable databases.

Using AWS Secrets Manager to manage user credentials for tenant pluggable databases allows customers to automate regular password rotations, use AWS Identity and Access Management (IAM) for access control to authorized users, encrypt credentials using AWS Key Management Service (KMS), and enhance security posture by replacing the use of plaintext password in application code with programmatic calls to retrieve credentials from AWS Secrets Manager. RDS database management operations such as database restore from Amazon S3 or a snapshot and point-in-time recovery automatically use credentials managed in AWS Secrets Manager.

To learn more about using AWS Secrets Manager with Amazon RDS for Oracle database with the CDB architecture, see the Amazon RDS documentation. When storing database secrets in AWS Secrets Manager, your AWS account incurs charges. For information about AWS Secrets Manager pricing and capabilities, visit the AWS Secrets Manager product page.

This capability is available in all AWS Regions where Amazon RDS for Oracle and AWS Secrets Manager are available. For more information about regional availability, see the AWS Region table.

Read More for the details.

AWS Site-to-Site VPN Tunnel Endpoint Lifecycle Control is now available in AWS Mexico (Central) Region, providing you with better visibility and control of your VPN tunnel maintenance updates.

AWS Site-to-Site VPN is a fully-managed service that allows you to create a secure connection between your data center or branch office and your AWS resources using IP Security (IPSec) tunnels. Enabling Tunnel Endpoint Lifecycle Control feature provides you with advanced notice of an upcoming maintenance updates to help you plan and minimize service disruptions for your VPN connections. It provides you with added flexibility to apply updates to your VPN tunnel endpoints at a time that best suits your business.

To learn more, visit the documentation.
 

Read More for the details.

AWS Organizations customers can now use Internet Protocol version 6 (IPv6) addresses, via our new dual-stack endpoints to connect to AWS Organizations over the public internet using IPv6, IPv4, or dual-stack clients. The existing AWS Organizations endpoints supporting IPv4 will remain available for backwards compatibility.

To learn more on best practices for configuring IPv6 in your environment, visit the whitepaper on IPv6 in AWS. Support for IPv6 on AWS Organizations is available in the AWS Commercial Regions, the AWS GovCloud (US) Regions, and the China Regions.

Read More for the details.

AWS now enables automatic instance migration when you reboot after receiving EC2 scheduled reboot event notifications. This new capability of customer-initiated reboot migrations enables customers to action scheduled reboot event notifications by rebooting the instance at a time of their choosing which will then automatically migrate their instance to different hardware, eliminating the pending scheduled reboot event. With today’s launch, Nitro instances with no local store disks are opted-in to customer-initiated reboot migration by default.

After receiving a scheduled reboot event notification, reboots initiated prior to the scheduled event will automatically migrate the instance. You can reboot your instance using the EC2 console or API.

Customer-initiated reboot migrations for EC2 Scheduled Events is available in all commercial AWS Regions, the AWS GovCloud (US) Regions, and the China Regions.

To learn more, see Manage Amazon EC2 instances scheduled for reboot in the AWS User Guide.
 

Read More for the details.

At AWS, we understand that the decision to end support for a service or feature significantly impacts customers. We approach such decisions only after careful consideration. When end of support is necessary, we provide customers detailed guidance on available alternatives and comprehensive support for migration, ensuring minimal disruption to customer operations.

We understand that changes in availability can impact your operations. Our team is committed to supporting you through these transitions. For specific guidance, consult the relevant service documentation or contact AWS Support.

Services closing access to new customers
We are closing access to new customers for the following services on June 20th 2025. Existing customers will be able to continue to utilize the service.

• Amazon Timestream for LiveAnalytics 

Services announcing end of support
We will be ending support for the following services. Review the specific end-of-support dates and migration paths for each service below.

• Amazon Pinpoint 
• AWS IQ
• AWS IoT Analytics 
• AWS IoT Events 
• AWS SimSpace Weaver 
• AWS Panorama
• Amazon Inspector Classic 
• Amazon Connect Voice ID
• AWS DMS Fleet Advisor

Services and features reaching end of support
The following services and features have reached their end of support date, and can no longer be accessed.

• AWS Private 5G
• AWS DataSync Discovery

To learn more about end of support dates, alternative solutions, and migration options, please visit the AWS Product Lifecycle Page.

Read More for the details.

Amazon Relational Database Service (Amazon RDS) for MariaDB now supports community MariaDB minor versions 10.5.29 and 10.6.22. We recommend that you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of MariaDB, and to benefit from the bug fixes, performance improvements, and new functionality added by the MariaDB community.

You can leverage automatic minor version upgrades to automatically upgrade your databases to more recent minor versions during scheduled maintenance windows. You can also leverage Amazon RDS Managed Blue/Green deployments for safer, simpler, and faster updates to your MariaDB instances. Learn more about upgrading your database instances, including automatic minor version upgrades and Blue/Green Deployments, in the Amazon RDS User Guide.

Amazon RDS for MariaDB makes it straightforward to set up, operate, and scale MariaDB deployments in the cloud. Learn more about pricing details and regional availability at Amazon RDS for MariaDB. Create or update a fully managed Amazon RDS database in the Amazon RDS Management Console.
 

Read More for the details.

The next generation of Amazon SageMaker is now available in AWS Europe (Stockholm).

Amazon SageMaker is the center for all your data, analytics, and AI. From SageMaker Unified Studio, you can discover your data and put it to work using familiar AWS tools for model development, generative AI app development, data processing, and SQL analytics. Unified access to data is provided by Amazon SageMaker Lakehouse, and catalog and governance features are available via SageMaker Catalog (built on Amazon DataZone) to help you meet enterprise security requirements.

For more information on AWS Regions where the next generation of Amazon SageMaker is available, see Supported regions.

To get started, see the following resources:

• SageMaker overview
• SageMaker documentation

Read More for the details.

CloudWatch Application Signals, an application performance monitoring (APM) tool that simplifies health and performance monitoring for applications, now makes instrumentation easier for your EKS applications through a single configuration flag within the Amazon CloudWatch Observability add-on. Once enabled, you can gain access to pre-built, standardized dashboards within CloudWatch Application Signals and track application performance against key business or service-level objectives (SLOs), making it easier to troubleshoot issues for your EKS applications.

SRE teams can now setup APM on CloudWatch on EKS by simply installing and configuring the Amazon CloudWatch EKS add-on, eliminating the need for manual coordination between teams and enabling rapid setup in just a few minutes. Once the add-on is installed and the flag is enabled, the add-on automatically discovers applications along with their dependencies. The add-on then instruments these applications with AWS Distro for OpenTelemetry SDKs (ADOT) to collect application metrics (throughput, latency, and errors), distributed traces and logs after the restarts.

To get started, install or upgrade the Amazon CloudWatch EKS add-on to version v4.0.0-eksbuild.1 and enable Application Signals monitoring via the new configuration flag. All service workload applications deployed in EKS are monitored by default, but you can customize the configuration to focus on specific services that matter most to your business. See documentation to learn more.

This enhancement is now available in all commercial AWS Regions where both EKS and CloudWatch Application Signals are supported. You can now opt in to the new bundled pricing for Application Signals. For pricing, see Amazon CloudWatch pricing.
 

Read More for the details.

Amazon Bedrock now offers comprehensive CloudWatch metrics support for Agents, enabling developers to monitor, troubleshoot, and optimize their agent-based applications with greater visibility. This new capability provides detailed runtime metrics for both InvokeAgent and InvokeInlineAgent operations, including invocation counts, latency measurements, token usage, and error rates, helping customers better understand their agents’ performance in production environments.

With CloudWatch metrics integration, developers can track critical performance indicators such as total processing time, time-to-first-token (TTFT), model latency, and token counts across different dimensions including operation type, model ID, and agent alias ARN. These metrics enable customers to identify bottlenecks, detect anomalies, and make data-driven decisions to improve their agents’ efficiency and reliability. Customers can also set up CloudWatch alarms to receive notifications when metrics exceed specified thresholds, allowing for proactive management of their agent deployments.

CloudWatch metrics for Amazon Bedrock Agents is now available in all AWS Regions where Amazon Bedrock is supported. To get started with monitoring your agents, ensure your IAM service role has the appropriate CloudWatch permissions. For more information about this feature and implementation details, visit the Amazon Bedrock documentation or refer to the CloudWatch User Guide for comprehensive monitoring best practices.

Read More for the details.

AWS CodeBuild now supports new IAM condition keys enabling granular access control on CodeBuild’s resource-modifying APIs. The new condition keys cover most of CodeBuild’s API request contexts, including network settings, credential configurations and compute restrictions. AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages ready for deployment.

The new condition keys allow you to create IAM policies that better enforce your organizational policies on CodeBuild resources such as projects and fleets. For example, you can use codebuild:vpcConfig.vpcId condition keys to enforce the VPC connectivity settings on projects or fleets, codebuild:source.buildspec condition keys to prevent unauthorized modifications to project buildspec commands, and codebuild:computeConfiguration.instanceType condition keys to restrict which compute types your builds can use.

The new IAM condition keys are available in all regions where CodeBuild is offered. For more information about the AWS Regions where CodeBuild is available, see the AWS Regions page.

For a full list of new CodeBuild IAM condition keys, please visit our documentation. To learn more about how to get started with CodeBuild, visit the AWS CodeBuild product page.

Read More for the details.

Today, Amazon DynamoDB announces the general availability of DynamoDB local on AWS CloudShell, a browser-based, pre-authenticated shell that you can launch directly from the AWS Management Console. With DynamoDB local, you can develop and test your applications by running DynamoDB in your local development environment without incurring any costs.

DynamoDB local works with your existing DynamoDB API calls without impacting your production environment. You can now start DynamoDB local just by using dynamodb-local alias in CloudShell to develop and test your DynamoDB tables anywhere in the console without downloading or installing the AWS CLI nor DynamoDB local. To interact with DynamoDB local running in CloudShell with CLI commands, use the –endpoint-url parameter and point it to localhost:8000.

You can navigate to CloudShell from the AWS Management Console a few different ways. For more information, see Getting started with AWS CloudShell. To learn more about using DynamoDB local command line options see DynamoDB local usage notes.

Read More for the details.

Amazon Managed Streaming for Apache Kafka (Amazon MSK) is now available in Asia Pacific (Thailand) and Mexico (Central) regions. Customers can create Amazon MSK Provisioned clusters in these regions starting today.

Amazon MSK is a fully managed service for Apache Kafka and Kafka Connect that makes it easier for you to build and run applications that use Apache Kafka as a data store. Amazon MSK is fully compatible with Apache Kafka, which enables you to more quickly migrate your existing Apache Kafka workloads to Amazon MSK with confidence or build new ones from scratch. With Amazon MSK, you spend more time building innovative streaming applications and less time managing Kafka clusters.

Visit the AWS Regions page for all the regions where Amazon MSK is available. To get started, see the Amazon MSK Developer Guide.
 

Read More for the details.