AWS

Amazon EKS Pod Identity now provides a simplified experience for configuring application permissions to access AWS resources in separate accounts. With enhancements to EKS Pod Identity APIs, you can now seamlessly configure access to resources across AWS accounts by providing the resource account’s IAM details during the creation of the Pod Identity association. Your applications running in the EKS cluster automatically receive the required AWS credentials during runtime without requiring any code changes.

EKS Pod Identity enables applications in your EKS cluster to access AWS resources across accounts through a process called IAM role chaining. When creating a Pod Identity association, you can provide two IAM roles — an EKS Pod Identity role in the same account as your EKS cluster and a target IAM role from the account containing your AWS resources (like S3 buckets or DynamoDB tables). When your application pod needs to access AWS resources, it requests credentials from the EKS Pod Identity, which automatically assumes the roles through IAM role chaining to provide your pod with the necessary cross-account temporary credentials.

This feature is available in all AWS Regions where Amazon EKS is available. To learn more, see Access AWS Resources using EKS Pod Identity Target IAM Roles.

Read More for the details.

AWS Marketplace now provides streamlined Private Marketplace management within the AWS Marketplace console. Administrators can create and manage custom Private Marketplace experiences, controlling what products can be procured from AWS Marketplace by users in their organization. These customized Private Marketplace experiences can be tailored for an entire organization, specific organizational units (OUs), or individual accounts providing flexible control over software procurement.

In addition to availability in the AWS Marketplace console, Private Marketplace has been updated to include an improved configuration and management experience that reduces setup time, improves visibility, and streamlines administration. Administrators can utilize a multi-step wizard for creating Private Marketplace experiences, and an enhanced wizard for bulk product approvals. All Private Marketplace management actions can be tracked through a new dedicated change sets page, providing real-time visibility and a comprehensive audit trail. With this launch, Private Marketplace also includes support for multiple languages.

To learn more about Private Marketplace, visit the Private Marketplace overview page. To get started, access the Private Marketplace buyer guide.
 

Read More for the details.

Today, we are excited to announce support for service-linked AWS Config rules in AWS Control Towers detective controls. A service-linked AWS Config rule is managed entirely by AWS services and cannot be edited or deleted by users. To maintain consistency, prevent configuration drift, and simplify user experience, you can only update these rules through AWS Control Tower.

With this release, AWS Control Tower now deploys service-linked Config rules directly in managed accounts, replacing the previous AWS CloudFormation StackSets deployment method. This change delivers substantial improvements to deployment speed, significantly reducing the time required to enable service-linked Config rules across multiple AWS Control Tower managed accounts and regions. Additionally, these service-linked Config rules are designed to ensure consistent governance of your resources through detective controls by preventing unintentional configuration drift.

AWS Control Towers Config rules detect resource noncompliance within your accounts, such as policy violations, and provide alerts through the dashboard. You can deploy AWS Control Tower controls via the console or using AWS Control Tower control APIs. For a complete list of supported AWS Regions, please refer to the AWS Region Table.

Read More for the details.

Today, AWS announces an enhancement to Amazon S3 DeleteObjects API logging in AWS CloudTrail, bringing additional visibility into the bulk delete operations to help you better protect and monitor the usage of your Amazon S3 buckets.

Amazon S3’s DeleteObjects API enables bulk object deletion in a single operation and serves as the default method for console-based deletions.

Earlier, when you deleted multiple S3 objects using the DeleteObjects API call, CloudTrail logged the DeleteObjects API call as a single event, giving you the visibility on who initiated the call and on which bucket. However, this event does not contain information on what objects were included or successfully deleted. With this update, CloudTrail will provide granular visibility by logging:

1. The overall DeleteObjects API call event (as before)
2. Individual DeleteObject events for each object included in the bulk delete request (new)

This enhancement provides visibility into the individual S3 objects that were deleted as part of bulk delete request. These detailed records strengthen your security posture and support your compliance requirements with more complete information about deletion activities in your S3 buckets. You can also use advanced events selectors to log only the most relevant data events for your use case. To learn how to use advanced event selectors to exclude these additional DeleteObject data events, review our documentation.

Read More for the details.

Amazon Bedrock Custom Model Import now supports Qwen models. You can now import custom weights for Qwen-based architectures, including models like Qwen 2.5 Coder, Qwen 2.5 VL, and QwQ 32B. This enables you to bring your own customized Qwen models into Bedrock and deploy them in a fully managed, serverless environment—without having to manage infrastructure or model serving.

Qwen models are known for their strong performance across a wide range of modalities and tasks. Qwen 2.5 Coder is optimized for code generation and understanding, making it well-suited for tasks like code completion, bug fixing, and code translation. Qwen 2.5 VL is a multimodal model capable of both text and vision tasks such as visual question answering, image captioning, and document analysis. QwQ 32B, excels in complex reasoning tasks and achieving performance comparable to larger models while being more efficient.

You can get started by importing your custom Qwen model in the custom models page of the Amazon Bedrock console or by referring to this guide. To see what all architectures are supported visit the documentation page. Amazon Bedrock Custom Model Import is generally available in the US-East (N. Virginia), US-West (Oregon), and Europe (Frankfurt) AWS regions.

Read More for the details.

Amazon Q Developer now allows users with AWS Builder IDs to upgrade to the Pro Tier, giving them higher usage limits in their IDEs and on the command line interface. See here for Amazon Q Developer pricing and usage limit information.

AWS Builder IDs enable developers using free tier to leverage Amazon Q Developer’s agentic capabilities for code generation, analysis, and problem-solving directly within their development environments. With this update, free tier users can now upgrade to the Amazon Q Developer Pro tier to get additional usage without requiring any additional configuration or management. As users reach free tier limits for Amazon Q Developer, they will be prompted to subscribe to the Pro tier by connecting their AWS account. Users can then connect their Builder ID in the Amazon Q Developer console, and sign up for Pro tier subscription.

Amazon Q Developer Pro tier upgrades for Builder ID are currently available in all regions where Amazon Q Developer is supported. To learn more about using Builder IDs with Amazon Q Developer, including detailed information on limitations and upgrade options, visit the Amazon Q Developer documentation. Get started today by signing up for a free Builder ID and installing Amazon Q in your preferred IDE or command line interface.

Read More for the details.

Amazon Relational Database Service (RDS) for DB2 now supports cross-region standby replicas, a new feature that helps customers reduce database down time during disaster recovery. In situations where a database in a region becomes unavailable, customers can immediately promote a standby replica in a different region to resume operations, and do not have to wait until a database backup is restored.

To use the feature, customers simply configure their RDS for DB2 database instance to maintain a standby replica in another AWS region. RDS automatically replicates changes asynchronously from the primary instance to the standby replica. In situations where the primary database instance becomes unavailable, customers can promote the standby replica to primary, and resume read and write operations. Customers can create up to three standby replicas for a database instance. Since standby replicas are not operable until promoted, customers need commercial database licenses for only two vCPUs per replica, regardless of the number of vCPUs on the instance. Customers can use either Bring Your Own License (BYOL) or Marketplace licensing models to use Amazon RDS for DB2 with standby replicas.

To learn more, refer to Amazon RDS for Db2 documentation and pricing pages.

Read More for the details.

Today, AWS extended the availability of the AWS Financing program to help all US customers simplify and accelerate their AWS Marketplace software purchases directly through the AWS Billing and Cost Management console. US customers can now apply for, utilize, and manage financing within the console for AWS Marketplace software purchases.

The AWS Marketplace Financing program provides customers with a seamless experience to search for and apply for financing, while buying third-party software on AWS Marketplace, all while managing billing and payment within the AWS Console. The AWS Financing program gives you the flexibility to better manage your cash flow by spreading payments over time, while only paying financing cost on what you use. With thousands of software products available in AWS Marketplace, this financing program enables you to finance purchases ranging from $10,000 – $100,000,000, subject to credit approval. With near real-time decisions for loans up to $350,000, approved customers can finance AWS Marketplace software purchases with contract terms of at least 12 months. Financing can be applied to a variety of purchases from multiple AWS Marketplace sellers, giving you more flexibility across your software portfolio.

This financing program is available in the AWS Billing and Cost Management console for AWS Marketplace customers in the US, excluding NV, NC, ND, TN, & VT.

To learn more about financing options for AWS Marketplace purchases and details about the AWS Financing program, visit the AWS Marketplace financing page.

Read More for the details.

Amazon DynamoDB Streams is a serverless data streaming feature that makes it straightforward to track, process, and react to item-level changes in DynamoDB tables in near real time. Today, DynamoDB has added support for KCL 3.0. With KCL 3.0, you can reduce compute costs to process streaming data by up to 33% compared to previous KCL versions. KCL 3.0 introduces an enhanced load balancing algorithm that continuously monitors resource utilization of the stream processing workers and automatically redistributes the load from over-utilized workers to other underutilized workers. Additionally, KCL 3.0 is built with the AWS SDK for Java 2.x for improved performance and security features, fully removing the dependency on the AWS SDK for Java 1.x.

Kinesis Client Library (KCL) is an open-source library that simplifies the development of stream processing applications with Amazon DynamoDB Streams. It manages complex tasks associated with distributed computing such as load balancing streaming data, processing data with fault-tolerance, and coordinating distributed workers, allowing you to solely focus on your core business logic. You can upgrade your stream processing application running on KCL 1.x by simply replacing the current library to use KCL 3.0 without any changes in your data processing logic. For migration instructions, see Migrating from KCL 1.x to KCL 3.x.

KCL 3.0 is available with Amazon DynamoDB Streams in all AWS Regions. To learn more, refer to Working with DynamoDB Streams in the DynamoDB Developer Guide.
 

Read More for the details.

AWS Deadline Cloud monitor now includes a worker dashboard that makes it easy to monitor the performance of your workers. AWS Deadline Cloud is a fully managed service that simplifies render management for teams creating computer-generated graphics and visual effects for films, television, broadcasting, web content, and design.

Understanding the CPU and memory usage of workers in a render farm is critical to ensuring efficient resource usage and rapidly troubleshooting issues. When renders are taking longer than expected, the worker dashboard helps determine if your instances are adequately sized for your workloads. Even when tasks are completing successfully, there may be opportunities to optimize your costs. The worker dashboard can reveal if you’re using larger instances than your workloads require.

Worker dashboard for AWS Deadline Cloud Monitor is available in all AWS Regions where the service is offered.

To learn more about AWS Deadline Cloud worker dashboard see the AWS Deadline Cloud documentation.

Read More for the details.

Amazon S3 adds S3 Tables storage cost information for individual tables in AWS Cost Explorer and AWS Cost and Usage Reports (AWS CUR). You can now track and analyze all S3 Tables costs, including storage, API requests, and maintenance operations for each table in your data lake. This helps you to make decisions about resource optimization and to attribute costs to specific projects and business units.

To view your S3 Tables storage cost at the table level, enable resource-level data in your cost management preferences, then access table-level cost data through AWS Cost Explorer. For more comprehensive cost and usage data, configure AWS CUR to show resource-level details, then set up daily reports to be sent to your specified S3 bucket.

This enhanced cost visibility for S3 Tables is rolling out in the coming weeks in all AWS Regions where S3 Tables are available, at no additional charge. To learn more, visit the product page and documentation.
 

Read More for the details.

AWS announces the general availability for Security Group (SG) Referencing and enhanced Domain Name System (DNS) support across Amazon Virtual Private Clouds (VPCs) connected by AWS Cloud WAN. With SG Referencing, customers can simplify management of Security Groups and gain a better security posture for cross-VPC connectivity via Cloud WAN. With enhanced DNS support, customers can enable the resolution of public DNS hostnames to private IP addresses for DNS queries from VPCs attached to Cloud WAN.

Customers can configure Security Groups by specifying a list of rules that allow network traffic based on criteria such as IP addresses, Prefix-Lists, Ports and SG references. Until now, customers were not able to use SG references for controlling traffic between VPCs connected via Cloud WAN. SG Referencing allows customers to specify other SGs as references, or matching criterion in inbound security rules to allow instance-to-instance traffic. With this capability, customers do not need to reconfigure security rules as applications scale up or down or if their IP addresses change. Rules with SG references also provide higher scale as a single rule can cover thousands of instances and prevents customers from over-running SG rule limits. Both SG Referencing and enhanced DNS support are regional features on Cloud WAN, meaning VPCs must be connected to the same Core network edge (CNE) for these features to work.

Security Group Referencing and enhanced DNS support on Cloud WAN are available in all AWS Regions where Cloud WAN is available. You can enable these features using the AWS Management Console, AWS Command Line Interface (CLI) and the AWS Software Development Kit (SDK). There is no additional charge for enabling SG Referencing or DNS support on Cloud WAN. For more information, see the AWS Cloud WAN documentation pages.

Read More for the details.

Amazon Managed Streaming for Apache Kafka (Amazon MSK) now supports Apache Kafka version 3.8 on Express Brokers, introducing new features, bug fixes, and performance improvements for Kafka workloads running on Express Brokers. The update brings enhancements in data compression capabilities. You can now configure compression levels for lz4, zstd, and gzip formats, allowing precise control over the balance between compression efficiency and resource usage.

The transition to version 3.8 is straightforward – you can either create new clusters or upgrade your existing ones. For a detailed understanding of the specific improvements and bug fixes included in this release, see the Apache Kafka release notes for version 3.8.

Read More for the details.

Amazon Relational Database Service (Amazon RDS) Custom for SQL Server now supports Cumulative Update (CU) 18 for Microsoft SQL Server 2022. This update is available for SQL Server Developer, Web, Standard, and Enterprise editions, and includes performance improvements and bug fixes. For more details about the improvements in this update, please review Microsoft KB5050771 release notes.

You can upgrade with just a few clicks in the Amazon RDS Management Console or by using the AWS SDK or CLI. Learn more about upgrading your database instances from the Amazon RDS Custom User Guide.

This CU is available in all AWS Regions where Amazon RDS Custom for SQL Server is available.

RDS Custom is a managed database service that allows customization of the underlying operating system and database environment. RDS Custom for SQL Server supports two licensing models: License Included (LI) and Bring Your Own Media (BYOM). By using Bring Your Own Media (BYOM), customers can use their existing SQL Server licenses with Amazon RDS Custom for SQL Server. See Amazon RDS Custom Pricing for pricing details and regional availability.
 

Read More for the details.

Amazon Q Developer transformation capabilities now support customization of Java upgrades in Java upgrade transformation CLI (command line interface) with a new selective transformation feature. Using this feature, you can use natural language chat and/or an input file to tailor transformation plans and exercise greater control over Java upgrades. The following options are supported:

• Selection of steps from a transformation plan and breakdown of a transformation job for granular code reviews
• For first-party and third-party dependencies, the libraries and their versions you would like Q Developer to upgrade during JDK version upgrades

Amazon Q Developer Java upgrade capabilities now have been tested to offer enhanced transformation success rates, reducing the manual effort needed to complete your software modernization tasks.

The selective transformation feature for Java upgrades is available in the command line, on Linux and MacOS. To learn more and get started, please visit the documentation page.

Read More for the details.

Powertools for AWS Lambda now offers a new Amazon Bedrock Agents Function utility that simplifies building serverless applications integrated with Amazon Bedrock Agents. This utility enables developers to easily create AWS Lambda functions that can respond to Amazon Bedrock Agent action requests with built-in parameter injection, response formatting, eliminating boilerplate code and accelerating development.

With the Amazon Bedrock Agents function utility, developers can focus on business logic while the utility handles the complex integration patterns between AWS Lambda and Amazon Bedrock Agents. The utility provides seamless integration with other Powertools features like Logger, Metrics, among other utilities, making it easier to build, test, and deploy production-ready AI applications. This integration significantly improves developer experience when building agent-based solutions that require Lambda functions to process actions requested by Bedrock Agents.

To learn more about the Amazon Bedrock Agents Function utility, visit the Powertools for AWS Lambda documentation (Python, TypeScript, .NET), and explore code examples in our GitHub repository. Get started with this new feature today by updating your Powertools for AWS Lambda dependency to the latest version.
 

Read More for the details.

AWS AppSync is a fully managed service that simplifies the development and deployment of GraphQL APIs. Starting today, AWS AppSync automatically enables encryption at-rest and in-transit for all new API caching configurations. This security enhancement applies to newly created caches, while existing caches maintain their current encryption settings. AWS AppSync SDKs have been updated to enforce encryption for new caches, ignoring any manual encryption configuration attributes.

This default encryption strengthens your GraphQL APIs’ security posture by ensuring comprehensive protection of cached data without requiring additional configuration. The change aligns with AWS security best practices and simplifies the implementation of secure caching for your APIs. Customers can continue using their existing cache configurations without disruption while benefiting from enhanced security for new deployments.

This update is available in all AWS Regions where AWS AppSync is offered. To learn more about AWS AppSync caching, visit our documentation or explore the full range of AWS AppSync features in our Developer Guide.

Read More for the details.

Launching today, travel and hospitality organizations can now more seamlessly ingest and map data from their industry-specific source systems to Amazon Connect Customer Profiles to create a unified and comprehensive view of their end customers.

Travel and hospitality organizations often have multiple source systems, including booking systems, loyalty programs, and customer service platforms with rich customer information, but it is difficult to integrate and analyze customer data because the schemas are complex and not standardized. Amazon Connect Customer Profiles now has industry-specific mapping to help unify customer data from over 75+ source systems with Amazon Connect data and other industry-specific systems like Amadeus.

With Amazon Connect Customer Profiles, and other new features like profile explorer, organizations can easily access instant insights on individuals and groups of customers. Organizations can empower their staff across all touchpoints—from check-in desks to customer service activation within channels in Amazon Connect – to access the information they need to deliver personalized service.

Amazon Connect Customer Profiles for travel and hospitality is available in 10 AWS Regions located here. Pricing is based on pay-as-you-go profile utilization.

To learn more, visit the Amazon Connect Customer Profiles blog.
 

Read More for the details.

Amazon Elastic VMware Service (Amazon EVS), an AWS service that enables you to run VMware Cloud Foundation (VCF) within your Amazon Virtual Private Cloud, now integrates with Amazon FSx for NetApp ONTAP, a fully managed AWS service built on NetApp’s ONTAP file system. With this integration, Amazon EVS customers can use FSx for ONTAP as a scalable, high-performance external datastore for their VCF environments on AWS, enabling them to benefit from cost savings through independent scaling of storage and compute, and automated data tiering. If you’re running VMware with ONTAP on-premises, you can use the same tools and workflows to easily migrate those workloads to AWS and maintain operational consistency.

NetApp ONTAP is commonly used as the underlying storage for VMware workloads like databases, Virtual Desktop Infrastructure (VDI), and line-of-business applications due to its advanced data management features such as snapshots, clones, replication, and storage efficiencies. With this integration, you can improve agility and reduce costs by scaling storage independently from compute, improve data protection, and further optimize costs with automated data tiering to low-cost storage and storage efficiencies. And, you can now migrate and extend your VMware workloads easily to AWS while leveraging the same data management capabilities.

The Amazon EVS integration with FSx for ONTAP is now available for public preview in all AWS Regions where both Amazon EVS and FSx for ONTAP are available. To get started, visit the Amazon EVS website. For more information, visit the FSx for ONTAP documentation.
 

Read More for the details.

Today, AWS is expanding access to Amazon Elastic VMware Service (Amazon EVS) through public preview. Building on the momentum from the initial private preview announcement at AWS re:Invent 2024, public preview opens access for AWS customers who want to run VMware Cloud Foundation (VCF)-based workloads within their Amazon Virtual Private Cloud (Amazon VPC).

During public preview, you can leverage VCF license portability entitlements and migrate non-production workloads to Amazon EVS. You can provision and configure your environment through a guided workflow and automatically deploy a fully-functional VCF environment on AWS. Amazon EVS allows you to bring in familiar VCF tools and external storage solutions, including Amazon FSx for NetApp ONTAP, to meet the unique demands of your applications and optimize your virtualization stack in the cloud. At this time, Amazon EVS supports VCF version 5.2.1 and running workloads on i4i.metal instances. You can expect to have the same easy-to-use console interface and functionality at general availability.  Additionally, any environments deployed during the public preview will carry forward without redeployment as the service moves into general availability.

The public preview of Amazon EVS is currently available in five Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Tokyo), and Europe (Frankfurt).

Access Amazon EVS on the AWS console. Learn more about Amazon EVS on the product page and user guide.

Read More for the details.