Amazon Web Services (AWS)

AWS CloudFormation launches a new parameter OnStackFailure for the CreateChangeSet API that allows customers to control the rollback behavior of ChangeSets. Customers use ChangeSets to preview the impact of a stack operation on active resources. Customers can deploy ChangeSets with an ExecuteChangeSet operation. With this launch, customers can modify the actions that CloudFormation will take when ChangeSet execution is unsuccessful. This allows customers to reduce manual intervention during retries of ChangeSet executions. View the full article

This blog post was co-written by Lida Li of Quora Introduction Quora is a leading Q&A platform with a mission to share and grow the world’s knowledge, serving hundreds of millions of users worldwide every month. Quora uses machine learning (ML) to generate a custom feed of questions, answers, and content recommendations based on each user’s activity, interests, and preferences. ML drives targeted advertising on the platform, where advertisers use Quora’s vast user data and sophisticated targeting capabilities to deliver highly personalized ads to the audience. Moreover, ML plays a pivotal role in maintaining high-quality content for users by effectively filtering s…

Today, AWS Systems Manager announces auto-update support for the Amazon EC2 Windows, Linux, and Mac launch agents in Quick Setup. With this launch, customers can enable automatic upgrades with a few clicks in the console in order to get the latest bug fixes, security patches, and feature updates for their EC2 launch agents across accounts and Regions in their Organization. View the full article

AWS Lake Formation now supports accessing Glue Data Catalog databases and tables across Regions. Previously, in order to access the Glue Data Catalog databases and tables from a different Region, you had to replicate the catalog items and/or underlying data from the source Region to the local Region. Now, with the cross-Region support in Lake Formation, you can access the Glue catalog databases and tables from any Region that Lake Formation is available. Each feature of Lake Formation, such as LF-Tags based access control, fine grained access permissions at the row and column level, data filters, and sharing to direct IAM principals across accounts are available with cros…

Today, OpsCenter, a capability of AWS Systems Manager, announces simplified cross-account management of operational issues (OpsItems). In just a few clicks, customers can configure OpsCenter to centrally create, view, and manage operational issues across all accounts in their AWS Organization. View the full article

Amazon Kinesis Data Firehose can now deliver streaming data to Amazon Redshift Serverless. With few clicks, you can more easily ingest, transform, and reliably deliver streaming data into Amazon Redshift Serverless without building and managing your own data ingestion and delivery infrastructure. Kinesis Data Firehose is a fully managed service that automatically scales to match the throughput of your data and without ongoing administration. View the full article

Today we are excited to announce the general availability of the integration between AWS Control Tower and AWS Security Hub. You can now enable over 170 Security Hub detective controls that map to related control objectives from AWS Control Tower. AWS Control Tower now detects when you disable a control from Security Hub which results in a ‘Drifted’ control state. With this drift detection capability, it is simpler for you to monitor the deployment state of your controls and take appropriate actions to manage the security posture of your AWS Control Tower environment. View the full article

This week, I’ll meet you at AWS partner’s Jamf Nation Live in Amsterdam where we’re showing how to use Amazon EC2 Mac to deploy your remote developer workstations or configure your iOS CI/CD pipelines in the cloud. Last Week’s Launches While I was traveling last week, I kept an eye on the AWS News. Here are some launches that got my attention. Amazon EC2 Instance Connect Endpoint. Endpoint for EC2 Instance Connect allows you to securely access Amazon EC2 instances using their private IP addresses, making the use of bastion hosts obsolete. Endpoint for EC2 Instance Connect is by far my favorite launch from last week. With EC2 Instance Connect, you use AWS Identity and…

AWS Verified Access now provides improved logging functionality, making it easier to author and troubleshoot application access policies. Verified Access enables you to provide secure access to your corporate application using zero-trust principles. You can use end-user context, such as user groups and device risk score, from your existing third-party identity and device security services to define access policies. Starting today, you can log all the end-user context received from third-party services, simplifying policy authoring and troubleshooting. View the full article

We are excited to announce the addition of Volcano and Apache Yunikorn as job schedulers when running EMR on EKS using Spark operator and spark-submit. Amazon EMR on EKS enables customers to run open-source big data frameworks such as Apache Spark on Amazon EKS. Using a custom job scheduler for Spark jobs enables fine-grained capacity management and faster pod provisioning at scale. View the full article

AWS Local Zones is now available in Manila, Philippines. You can now use AWS Local Zones in Manila to deliver applications that require single-digit millisecond latency or local data processing. View the full article

Amazon CloudWatch Internet Monitor is now available in all standard AWS Regions. Internet Monitor is a feature of Amazon CloudWatch that helps you monitor internet performance and availability metrics between your AWS-hosted applications and your application’s end users. It can help reduce the time it takes to diagnose internet issues from days to minutes, and it also provides recommendations to help you improve your end users' experience. Internet Monitor publishes internet measurements to CloudWatch Logs and CloudWatch Metrics, and optionally to Amazon S3, and sends health events to Amazon EventBridge so that you can set up notifications. View the full article

AWS Trusted Advisor has launched five fault tolerance checks across Amazon MQ, EC2 Nat Gateway and Amazon OpenSearch. AWS Trusted Advisor evaluates your AWS account with automated checks and provides cloud optimization recommendations to reduce costs, improve performance, increase security and fault tolerance, and monitor service quotas. View the full article

ENA Express now supports 10 new instances: C6a.48xlarge, C6a.metal, M6a.48xlarge, M6a.metal, R6a.48xlarge, R6a.metal, x2idn.32xlarge, x2idn.metal, x2iedn.32xlarge, and x2iedn.metal. ENA Express is a networking feature that uses the AWS Scalable Reliable Datagram (SRD) protocol to improve network performance in two key ways: higher single flow bandwidth and lower tail latency for network traffic between EC2 instances. SRD is a proprietary protocol that delivers these improvements through advanced congestion control, multi-pathing, and packet reordering directly from the Nitro card. View the full article

Today, accelerating application development while shifting security and assurance left in the development lifecycle is essential. One of the most critical components of application security is access control. While traditional access control mechanisms such as role-based access control (RBAC) and access control lists (ACLs) are still prevalent, policy-based access control (PBAC) is gaining momentum. PBAC is a more powerful and flexible access control model, allowing developers to apply any combination of coarse-, medium-, and fine-grained access control over resources and data within an application. In this article, we will explore PBAC and how it can be used in applicati…

Amazon Relational Database Service (Amazon RDS) for MySQL now supports MySQL minor versions 5.7.42 and 8.0.33. We recommend that you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of MySQL, and to benefit from the bug fixes, performance improvements, and new functionality added by the MySQL community. View the full article

AWS Step Functions expands its AWS SDK integrations with support for 7 additional AWS services including Amazon VPC Lattice, Amazon CloudWatch Internet Monitor, AWS IoT TwinMaker, and Amazon OpenSearch Ingestion. View the full article

Amazon Connect Contact Lens now provides screen recording capabilities, making it easy for you to help agents improve their performance. With screen recording, you can identify areas for agent coaching (e.g., long contact handle duration or non-compliance with business processes) by not only listening to customer calls or reviewing chat transcripts, but also watching agents’ actions while handling a contact (i.e., a voice call, chat, or task). Screen recording is Payment Card Industry Data Security Standard (PCI) compliant and in scope for System Organization Controls (SOC 1 and SOC 2). View the full article

AWS Partners now have deeper insights into their Amazon Web Services (AWS) business through AWS Partner Analytics Dashboard, accessible from AWS Partner Central. The dashboard provides Alliance Leads for partners at the Validated or Differentiated with a 360-degree view of their AWS business, including opportunity pipeline, funding benefits, and pipeline revenue. View the full article

GoDaddy, a leading global provider of domain registration and web hosting services, has served over 84 million domains and 22 million customers since its establishment in 1997. Among its various internal systems, the Customer Signal Platform provides tooling to capture, analyze, and act on customer and product data to drive better business outcomes. With this platform, GoDaddy can track user visits and interactions on its website and use meaningful event data to improve its customer experience and overall business performance. Nowadays, the Customer Signal Platform processes 400 million events every day. As GoDaddy expands its integrations, it aims to increase this numb…

Today, we are announcing two new AWS Clean Rooms capabilities to help business and technical users collaborate more easily and at scale. Analysis Builder is a guided UI that helps business users to generate insights without writing any code. Business users can use analysis builder to create and edit queries in their AWS Clean Rooms collaboration, and specify their desired metrics, segments, and filters to get insights in a few steps. AWS Clean Rooms customers can also now use AWS CloudFormation templates to create, update, and delete their collaborations, as well as manage resources such as Configured Tables and Table associations. With support for CloudFormation template…

AWS CloudShell is now generally available in the Asia Pacific (Hong Kong), Asia Pacific (Seoul), US West (N. California), Asia Pacific (Osaka), Asia Pacific (Jakarta), Europe (Stockholm), Asia Pacific (Singapore), Europe (Paris), Africa (Cape Town), Europe (Milan), Middle East (UAE), and Middle East (Bahrain) regions. View the full article

AWS announces the preview of Amazon Elastic Compute Cloud (Amazon EC2) M7a instances. M7a instances are designed to deliver the best x86 performance and price performance within the Amazon EC2 general purpose family, based on SPECint benchmarks. M7a instances are powered by fourth-generation AMD EPYC processors (code named Genoa) with an all-core turbo frequency of up to 3.7GHz. These instances deliver up to 50% greater performance on average compared to M6a instances. View the full article

AWS Elastic Disaster Recovery (AWS DRS) now allows you to replicate and recover your AWS network components and configurations to maintain the readiness and security of your AWS recovery site. These components includes subnet CIDR, security groups, route tables, Internet gateways, and network ACLs. View the full article

Amazon Relational Database Service (Amazon RDS) for Oracle now supports physical data migration via Oracle Recovery Manager cross-platform Transportable Tablespaces (RMAN XTTS). As of today, you can migrate sets of tablespaces to RDS for Oracle using Oracle RMAN XTTS to simplify movement of large amounts of data and reduce application downtime for a physical data migration. View the full article

Amazon Relational Database Service (Amazon RDS) for MariaDB now supports MariaDB minor versions 10.6.13, 10.5.20, 10.4.29, and 10.3.39. We recommend that you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of MariaDB, and to benefit from the bug fixes, performance improvements, and new functionality added by the MariaDB community. View the full article

Amazon Web Services (AWS) announces expansion in Nigeria by launching a new edge location in Lagos. Customers in Nigeria can expect up to 20% improvement in latency, on average, for data delivered through the new edge location. The new AWS edge location brings the full suite of benefits provided by Amazon CloudFront, a highly distributed and scalable content delivery network (CDN) that delivers static and dynamic content, APIs, and live and on-demand video with low latency and high performance. View the full article

Amazon Location Service now supports geofence metadata, allowing customers to associate up to three types of additional information (metadata) to a virtual perimeter of a real-world geographical area known as a geofence. With metadata, developers can enrich their applications with properties about each geofence, such as building floor, area designation, route ID, etc., to address use cases such as finding a different floor inside the same geographic boundary. View the full article

Amazon AppFlow announces the release of 4 new data connectors for Software-as-a-Service (SaaS) applications. The new data connectors enable you to transfer your data from Adobe Analytics, Blackbaud Raiser’s Edge, Coupa, and Google BigQuery, providing connectivity to business planning solutions. These Amazon AppFlow integrations make it easier for you to enrich or hydrate your data lakes, gain actionable insights, and streamline analysis and reporting. View the full article

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) M6i and R6i instances are available in AWS Region Middle East (UAE). These instances are built on AWS Nitro System, a collection of AWS designed hardware and software innovations that enables the delivery of efficient, flexible, and secure cloud services with isolated multi-tenancy, private networking, and fast local storage. View the full article

Starting today, AWS Global Accelerator supports application endpoints in Asia Pacific (Jakarta) Region, expanding the number of supported AWS Regions to twenty-four. View the full article

As the mother of four girls ranging in age from four to 13, Anna Prorok embodies resilience and determination. A successful IT professional with a master’s degree in applied mathematics, Anna put her career on pause after her family moved from Kyiv to a small town near Stuttgart, Germany in 2015. As her youngest daughter prepared for kindergarten, Anna began thinking again about re-entering the workforce. But the outbreak of the war in her home country of Ukraine in February 2022 interrupted her plans, both emotionally and practically. “It was awful. My parents were in Kyiv, and my brother actually lived near Bucha, a town where heavy battles took place. They didn’t have …

Today, Amazon Location Service added support for places categories, allowing developers to request, filter, or group places based on specific categories such as coffee shops or restaurants. Developers can use places categories to improve the relevance of their searches, increase the accuracy of their location-based insights, and improve their customer experience. For example, a developer working on a food delivery website can build a search box that filters on restaurants, autocompletes user inputs, and only suggests results relevant to their customers. View the full article

Introduction Amazon Managed Service for Prometheus is a Prometheus-compatible service that monitors and provides alerts on containerized applications and infrastructure at scale. In the previous post, Integrating Kubecost with Amazon Managed Service for Prometheus, we discussed how you can integrate Kubecost with Amazon Managed Service for Prometheus (AMP) to get granular visibility into your Amazon Elastic Kubernetes Service (Amazon EKS) cluster costs, letting you aggregate costs by the majority of Kubernetes contexts, starting from the cluster level down to the container level. The integration helps customers monitor a single Amazon EKS cluster without worrying about s…

Amazon Relational Database Service (Amazon RDS) for PostgreSQL, MySQL, and MariaDB now supports AWS Graviton2-based T4g database instances in Asia Pacific (Hyderabad), Europe (Spain), and Middle East (UAE) Regions. T4g database instances provide a baseline level of CPU performance, with the ability to burst CPU usage at any time for as long as required. Depending on the database engine, version, and workload, T4g database instances provide up to 36% better price performance over comparable x86-based T3 database instances. View the full article

We hope you will join us on Wednesday, June 21, for a free-to-attend online event, AWS Silicon Innovation Day. AWS will stream the event simultaneously across multiple platforms, including LinkedIn Live, Twitter, YouTube, and Twitch. AWS Silicon Innovation Day is a one-day virtual event on June 21, 2023, that will allow you to better understand AWS Silicon and how you can use AWS’s unique Amazon EC2 chip offerings to your benefit. AWS has designed and developed purpose-built silicon specifically for the cloud. During this event, you will have the opportunity to hear directly from senior leaders at AWS. Our panel of lead architects, engineers, customers, and analysts w…

AWS Security Hub has released 6 new security controls, increasing the overall number of controls Security Hub offers to 264. The new controls conduct fully-automatic security checks against services such as Amazon CloudFront and Amazon Simple Storage Service (Amazon S3). To use these controls, you should first turn on the standard they belong to - either Foundational Security Best Practices (FSBP) or National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5. If you are already using those standards and have Security Hub set to automatically turn on new controls, these new controls will run without having to take any additional action. View the full article

High availability is non-negotiable for organizations today to prevent business-critical application disruptions. Enterprises must prioritize database scalability and availability to avoid downtime in their databases, network, servers, or storage environments. For organizations that want to avoid required application changes, Oracle Real Application Clusters (RAC) is an option for providing high availability and scalability to the Oracle database. While the RAC feature is not supported by Oracle databases on Amazon Elastic Compute Cloud (Amazon EC2), Oracle Active Data Guard helps achieve high availability on AWS cloud. The Oracle Data Guard feature helps customers su…

Introduction With the proliferation of open-source and commercial container software products, customers want to know upfront which products are compatible with the container orchestrator of their choice. Customers expect compatibility testing to be continuous and include all the available dimensions, such as Amazon Elastic Kubernetes Service (Amazon EKS) / Amazon EKS Anywhere (EKS-A) versions, OS, hardware and virtualization platforms. Customers also ask for guidelines and best practices to provision and maintain production-ready clusters with partner solutions in place, addressing security, ingress, storage, and software distribution across various edge locations, rang…

Starting today, Amazon Elastic Container Registry (ECR) basic scanning feature will use Common Vulnerability Scoring System (CVSS) version 3 information when determining the severity for new Common Vulnerabilities and Exposures (CVEs). This enables customers to get the most recent severity information for vulnerabilities in their ECR container images. We use CVSS information to determine the severity of a vulnerability when the upstream distribution source does not have this information. View the full article

Amazon Connect now provides new contact lifecycle events for callbacks, including when a callback was queued, answered, or disconnected. Contact events can be used to create analytics dashboards to monitor and track contact activity, integrate into workforce management (WFM) solutions to better understand contact center performance, or take follow up actions such as updating your customer databases with a record of the callback attempt. Amazon Connect contact events are published in near real-time via Amazon EventBridge, and can be set up in a couple of clicks by going to the Amazon EventBridge AWS console and creating a new rule. View the full article

Customers can now connect their Google Workspace to AWS IAM Identity Center (successor to AWS Single Sign-On) once and manage access to AWS accounts and applications centrally, in IAM Identity Center. This integration enables end users to sign in using their Google Workspace identity to access all their assigned AWS accounts and applications. The integration helps administrators simplify AWS access management across multiple accounts while maintaining familiar Google Workspace experiences for end users as they sign in. IAM Identity Center and Google Workspace use Google auto-provisioning to securely provision users into IAM Identity Center, saving administrative time. Vi…

We're excited to announce the ability to control container log rotation when running Apache Spark jobs in EMR on EKS. Amazon EMR on EKS enables customers to run open-source big data frameworks such as Apache Spark on Amazon EKS. Customers can now enable container log rotation to avoid excessive log files impacting pod execution. View the full article

Today, AWS launched a new capability that significantly improves face search accuracy by leveraging multiple face images of a user. Currently, Amazon Rekognition allows customers to search users represented by individual face vectors. Face vectors are mathematical representations of faces from images. Now, customers can create user vectors, which aggregate multiple face vectors of the same user. User vectors offer higher face search accuracy with more robust depictions, as they contain varying degrees of lighting, sharpness, pose, appearance, etc. View the full article

Today, AWS Audit Manager announces expanded support for third-party risk assessments with the launch of two new features: a third-party questionnaire and the ability to export evidence as a comma-separated values (CSV) file. Customers can already share custom frameworks with vendors on AWS, so that vendors can create assessments on these frameworks and automatically collect evidence from their environments. Together, these features make it easier for enterprises to customize their third-party vendor risk assessments on AWS. View the full article

Today, AWS announces the preview release of Amazon CodeGuru Security, a static application security testing (SAST) tool that uses Machine Learning to help you identify code vulnerabilities and provide guidance you can use as part of remediation. CodeGuru Security also provides in-context code patches for certain classes of vulnerabilities, helping you reduce the effort required to fix code vulnerabilities. View the full article

AWS WAF Fraud Control announces Account Creation Fraud Prevention, a managed protection for AWS WAF that is designed to prevent creation of fake or fraudulent accounts. Fraudsters use fake accounts to initiate activities, such as abusing promotional and sign-up bonuses, impersonating legitimate users, and carrying out phishing attacks. These activities can lead to several direct or indirect costs such as damaged customer relationships, reputational loss, and exposure to financial fraud. Account Creation Fraud Prevention protects your account sign-up or registration pages by allowing you to continuously monitor requests for anomalous digital activity and automatically bloc…

AWS CloudTrail Lake, a managed data lake that lets organizations aggregate, immutably store, and query their audit and security logs for auditing, security investigations and operational troubleshooting, announces the general availability of CloudTrail Lake dashboards. CloudTrail Lake dashboards provide out-of-the-box visibility for top trends from your CloudTrail data directly within the CloudTrail Lake console. It also offers the flexibility to drill down into additional details such as specific user activity for further investigation needs using CloudTrail Lake SQL queries. Auditing and compliance engineers can use the CloudTrail Lake dashboards to track progress of co…

AWS Elastic Disaster Recovery (AWS DRS) now allows you to replicate and recover your AWS network components and configurations to maintain the readiness and security of your AWS recovery site. These components includes subnet CIDR, security groups, route tables, Internet gateways, and network ACLs. View the full article

AWS Well-Architected introduces Profiles, which allows customers to tailor their Well-Architected reviews based on their business goals. This feature creates a mechanism for continuous improvement by encouraging customers to review their workloads with certain goals in mind first, and then complete the remaining Well-Architected review questions. View the full article