AWS AI News Hub

In this post, we analyze the results from our benchmark tests comparing the Amazon EMR 7.9 optimized Spark runtime against Spark 3.5.5 without encryption optimizations. We walk through a detailed cost analysis and provide step-by-step instructions to reproduce the benchmark.

In this post, we demonstrate the write performance benefits of using the Amazon EMR 7.12 runtime for Spark and Iceberg compares to open source Spark 3.5.6 with Iceberg 1.10.0 tables on a 3TB merge workload.

In this post, we show you how Medidata created a unified, scalable, real-time data platform that serves thousands of clinical trials worldwide with AWS services, Apache Iceberg, and a modern lakehouse architecture.

In this post, we explore how Myriad Genetics partnered with the AWS Generative AI Innovation Center to transform their healthcare document processing pipeline using Amazon Bedrock and Amazon Nova foundation models, achieving 98% classification accuracy while reducing costs by 77% and processing time by 80%. We detail the technical implementation using AWS's open-source GenAI Intelligent Document Processing Accelerator, the optimization strategies for document classification and key information extraction, and the measurable business impact on Myriad's prior authorization workflows.

In this post, CBRE and AWS demonstrate how they transformed property management by building a unified search and digital assistant using Amazon Bedrock, enabling professionals to access millions of documents and multiple databases through natural language queries. The solution combines Amazon Nova Pro for SQL generation and Claude Haiku for document interactions, achieving a 67% reduction in processing time while maintaining enterprise-grade security across more than eight million documents.

In this post, we introduce Managed Tiered KV Cache and Intelligent Routing for Amazon SageMaker HyperPod, new capabilities that can reduce time to first token by up to 40% and lower compute costs by up to 25% for long context prompts and multi-turn conversations. These features automatically manage distributed KV caching infrastructure and intelligent request routing, making it easier to deploy production-scale LLM inference workloads with enterprise-grade performance while significantly reducing operational overhead.

We are launching a new feature: gateway interceptors for Amazon Bedrock AgentCore Gateway. This powerful new capability provides fine-grained security, dynamic access control, and flexible schema management.

In 2025, Amazon Redshift delivered several performance optimizations that improved query performance over twofold for Iceberg workloads on Amazon Redshift Serverless, delivering exceptional performance and cost-effectiveness for your data lake workloads. In this post, we describe some of the optimizations that led to these performance gains.

AWS Glue now supports catalog federation for remote Iceberg tables in the Data Catalog. With catalog federation, you can query remote Iceberg tables, stored in Amazon S3 and cataloged in remote Iceberg catalogs, using AWS analytics engines and without moving or duplicating tables. In this post, we discuss how to get started with catalog federation for Iceberg tables in the Data Catalog.

In this post, we walk you through the new capabilities in Iceberg V3, explain how deletion vectors and row lineage address these challenges, explore real-world use cases across industries, and provide practical guidance on implementing Iceberg V3 features across AWS analytics, catalog, and storage services.

Organizations often have large volumes of documents containing valuable information that remains locked away and unsearchable. This solution addresses the need for a scalable, automated text extraction and knowledge base pipeline that transforms static document collections into intelligent, searchable repositories for generative AI applications.

In this post, we explore how Condé Nast used Amazon Bedrock and Anthropic’s Claude to accelerate their contract processing and rights analysis workstreams. The company’s extensive portfolio, spanning multiple brands and geographies, required managing an increasingly complex web of contracts, rights, and licensing agreements.

Available through the Amazon Bedrock bidirectional streaming API, Amazon Nova Sonic can connect to your business data and external tools and can be integrated directly with telephony systems. This post will introduce sample implementations for the most common telephony scenarios.

In this post, we will walk through the performance constraints and design choices by OARC and REMAP teams at UCLA, including how AWS serverless infrastructure, AWS Managed Services, and generative AI services supported the rapid design and deployment of our solution. We will also describe our use of Amazon SageMaker AI and how it can be used reliably in immersive live experiences.

In this post, we focus on one portion of the REM™ system: the automatic identification of changes to the road structure which we will refer to as Change Detection. We will share our journey of architecting and deploying a solution for Change Detection, the core of which is a deep learning model called CDNet. We will share real-life decisions and tradeoffs when building and deploying a high-scale, highly parallelized algorithmic pipeline based on a Deep Learning (DL) model, with an emphasis on efficiency and throughput.

This blog post introduces the new Amazon Nova model evaluation features in Amazon SageMaker AI. This release adds custom metrics support, LLM-based preference testing, log probability capture, metadata analysis, and multi-node scaling for large evaluations.

In this post, we show how you can use Amazon Redshift to write data directly to Apache Iceberg tables stored in Amazon S3 and S3 Tables for seamless integration between your data warehouse and data lake while maintaining ACID compliance.

Amazon SageMaker HyperPod now supports Managed Tiered KV Cache and Intelligent Routing for large language model (LLM) inference, enabling customers to optimize inference performance for long-context prompts and multi-turn conversations. Customers deploying production LLM applications need fast response times while processing lengthy documents or maintaining conversation context, but traditional inference approaches require recalculating attention mechanisms for all previous tokens with each new token generation, creating computational overhead and escalating costs. Managed Tiered KV Cache addresses this challenge by intelligently caching and reusing computed values, while Intelligent Routing directs requests to optimal instances. These capabilities deliver up to 40% latency reduction, 25% throughput improvement, and 25% cost savings compared to baseline configurations. The Managed Tiered KV Cache feature uses a two-tier architecture combining local CPU memory (L1) with disaggregated cluster-wide storage (L2). AWS-native disaggregated tiered storage is the recommended backend, providing scalable terabyte-scale capacity and automatic tiering from CPU memory to local SSD for optimal memory and storage utilization. We also offer Redis as an alternative L2 cache option. The architecture enables efficient reuse of previously computed key-value pairs across requests. The newly introduced Intelligent Routing maximizes cache utilization through three configurable strategies: prefix-aware routing for common prompt patterns, KV-aware routing for maximum cache efficiency with real-time cache tracking, and round-robin for stateless workloads. These features work seamlessly together. Intelligent routing directs requests to instances with relevant cached data, reducing time to first token in document analysis and maintaining natural conversation flow in multi-turn dialogues. Built-in observability integration with Amazon Managed Grafana provides metrics for monitoring performance. You can enable these features through InferenceEndpointConfig or SageMaker JumpStart when deploying models via the HyperPod Inference Operator on EKS-orchestrated clusters. These features are available in all regions where SageMaker HyperPod is available. To learn more, see the user guide.

Amazon SageMaker HyperPod now supports custom Kubernetes labels and taints, enabling customers to control pod scheduling and integrate seamlessly with existing Kubernetes infrastructure. Customers deploying AI workloads on HyperPod clusters orcehstrated with EKS need precise control over workload placement to prevent expensive GPU resources from being consumed by system pods and non-AI workloads, while ensuring compatibility with custom device plugins such as EFA and NVIDIA GPU operators. Previously, customers had to manually apply labels and taints using kubectl and reapply them after every node replacement, scaling, or patching operation, creating significant operational overhead. This capability allows you to configure labels and taints at the instance group level through the CreateCluster and UpdateCluster APIs, providing a managed approach to defining and maintaining scheduling policies across the entire node lifecycle. Using the new KubernetesConfig parameter, you can specify up to 50 labels and 50 taints per instance group. Labels enable resource organization and pod targeting through node selectors, while taints repel pods without matching tolerations to protect specialized nodes. For example, you can apply NoSchedule taints to GPU instance groups to ensure only AI training jobs with explicit tolerations consume high-cost compute resources, or add custom labels that enable device plugin pods to schedule correctly. HyperPod automatically applies these configurations during node creation and maintains them across replacement, scaling, and patching operations, eliminating manual intervention and reducing operational overhead. This feature is available in all AWS Regions where Amazon SageMaker HyperPod is available. To learn more about custom labels and taints, see the user guide.

In this post, we explore three essential strategies for successfully integrating AI into your organization: addressing organizational debt before it compounds, embracing distributed decision-making through the "octopus organization" model, and redefining management roles to align with AI-powered workflows. Organizations must invest in both technology and workforce preparation, focusing on streamlining processes, empowering teams with autonomous decision-making within defined parameters, and evolving each management layer from traditional oversight to mentorship, quality assurance, and strategic vision-setting.

AWS announces a new warm storage tier for Amazon Kinesis Video Streams (Amazon KVS), delivering cost-effective storage for extended media retention. The standard Amazon KVS storage tier, now designated as the hot tier, remains optimized for real-time data access and short-term storage. The new warm tier enables long-term media retention with sub-second access latency at reduced storage costs. The warm storage tier enables developers of home security and enterprise video monitoring solutions to cost-effectively stream data from devices, cameras, and mobile phones while maintaining extended retention periods for video analytics and regulatory compliance. Moreover, developers now have the flexibility to configure fragment sizes based on their specific requirements — selecting smaller fragments for lower latency use cases or larger fragments to reduce ingestion costs. Both hot and warm storage tiers integrate seamlessly with Amazon Rekognition Video and Amazon SageMaker, enabling continuous data processing to support the creation of computer vision and video analytics applications. Amazon Kinesis Video Streams with the new warm storage tier is available in all regions where Amazon Kinesis Video Streams is available, except the AWS GovCloud (US) Regions. To learn more, refer to the getting started guide.

You can now achieve significant performance improvements when using Amazon Bedrock Custom Model Import, with reduced end-to-end latency, faster time-to-first-token, and improved throughput through advanced PyTorch compilation and CUDA graph optimizations. With Amazon Bedrock Custom Model Import you can to bring your own foundation models to Amazon Bedrock for deployment and inference at scale. In this post, we introduce how to use the improvements in Amazon Bedrock Custom Model Import.

In this post, we demonstrate how to utilize AWS Network Firewall to secure an Amazon EVS environment, using a centralized inspection architecture across an EVS cluster, VPCs, on-premises data centers and the internet. We walk through the implementation steps to deploy this architecture using AWS Network Firewall and AWS Transit Gateway.

Amazon S3 Block Public Access (BPA) now allows organization-level control through AWS Organizations, allowing you to standardize and enforce S3 public access settings across all accounts in your AWS organization through a single policy configuration. S3 Block Public Access at the organization level uses a single configuration that controls all public access settings across accounts within your organization. When you attach the policy at the root or Organizational Unit (OU)-level of your organization, it propagates to all sub-accounts within that scope, and new member accounts automatically inherit the policy. Alternatively, you can choose to apply the policy to specific accounts for more granular control. To get started, navigate to the AWS Organizations console and use the "Block all public access" checkbox or JSON editor. Additionally, you can use AWS CloudTrail to audit or keep track of policy attachment as well as enforcement for member accounts. This feature is available in the AWS Organizations console as well as AWS CLI/SDK, in all AWS Regions where AWS Organizations and Amazon S3 are supported, with no additional charges. For more information, visit the AWS Organizations User Guide and Amazon S3 Block Public Access documentation.

AWS Health now includes two new properties in its event schema - actionability and persona - enabling customers to identify the most relevant events. These properties allow organizations to programmatically identify events requiring customer action and direct them to relevant teams. The enhanced event schema is accessible through both the AWS Health API and Health EventBridge communication channels, improving operational efficiency and team coordination. AWS customers receive various operational notifications and scheduled changes, including Planned Lifecycle Events. With the new actionability property, teams can quickly distinguish between events requiring action and those shared for awareness. The persona property streamlines event routing and visibility to specific teams like security and billing, ensuring critical information reaches appropriate stakeholders. These structured properties streamline integration with existing operational tools, allowing teams to effectively identify and remediate affected resources while maintaining appropriate visibility across the organization. This enhancement is available across all AWS Commercial and AWS GovCloud (US) Regions. To learn more about implementing these new properties, see the AWS Health User Guide and the API and EventBridge schema documentation.

Amazon CloudWatch now offers configuring deletion protection on your CloudWatch log groups, helping customers safeguard their critical logging data from accidental or unintended deletion. This feature provides an additional layer of protection for logs maintaining audit trails, compliance records, and operational logs that must be preserved. With deletion protection enabled, administrators can prevent unintended deletions of their most important log groups. Once enabled, log groups cannot be deleted until the protection is explicitly turned off, helping safeguard critical operational, security, and compliance data. This protection is particularly valuable for preserving audit logs and production application logs needed for troubleshooting and analysis. Log group deletion protection is available in all AWS commercial Regions. You can enable deletion protection during log group creation or on existing log groups using the Amazon CloudWatch console, AWS Command Line Interface (AWS CLI), AWS Cloud Development Kit (AWS CDK), and AWS SDKs. For more information, visit the Amazon CloudWatch Logs User Guide..

Today, Amazon SageMaker HyperPod announces the general availability of new APIs that enable programmatic rebooting and replacement of SageMaker HyperPod cluster nodes. SageMaker HyperPod helps you provision resilient clusters for running machine learning (ML) workloads and developing state-of-the-art models such as large language models (LLMs), diffusion models, and foundation models (FMs). The new BatchRebootClusterNodes and BatchReplaceClusterNodes APIs enable customers to programmatically reboot or replace unresponsive or degraded cluster nodes, providing a consistent, orchestrator agnostic approach to node recovery operations. The new APIs enhance node management capabilities for both Slurm and EKS orchestrated clusters complementing existing node reboot and replacement workflows. Existing orchestrator-specific methods, such as Kubernetes labels for EKS clusters and Slurm commands for Slurm clusters, remain available alongside the newly introduced programmatic capabilities for reboot and replace operations through these purpose-built APIs. When cluster nodes become unresponsive due to issues such as memory overruns or hardware degradation, recovery operations such as node reboots and replacements maybe be necessary and can be initiated through these new APIs. These capabilities are particularly valuable when running time-sensitive workloads. For instance, when a Slurm controller, login or compute node becomes unresponsive, administrators can trigger a reboot operation using the API and monitor its progress to get nodes back to operational status. Similarly, EKS cluster administrators can replace degraded worker nodes programmatically. Each API supports batch operations of up to 25 instances, enabling efficient management of large-scale recovery scenarios. The reboot and replace APIs are currently supported in three AWS regions where SageMaker HyperPod is available: US East (Ohio), Asia Pacific (Mumbai), and Asia Pacific (Tokyo).The APIs can be accessed through the AWS CLI, SDK, or API calls. For more information, see the Amazon SageMaker HyperPod documentation for BatchRebootClusterNodes and BatchReplaceClusterNodes.

Today, AWS announces that AWS Compute Optimizer now supports idle resource recommendations for NAT Gateways. With this new recommendation type, you will be able to identify NAT Gateways that are unused, resulting in cost savings. With the new unused NAT Gateway recommendation, you will be able to identify NAT Gateways that show no traffic activity over a 32-day analysis period. Compute Optimizer analyzes CloudWatch metrics including active connection count, incoming packets from source, and incoming packets from destination to validate if NAT Gateways are truly unused. To avoid recommending critical backup resources, Compute Optimizer also examines if the NAT Gateway resource is associated in any AWS Route Tables. You can view the total savings potential of these unused NAT Gateways and access detailed utilization metrics to verify unused conditions before taking action. This new feature is available in all AWS Regions where AWS Compute Optimizer is available except the AWS GovCloud (US) and the China Regions. To learn more about the new feature updates, please visit Compute Optimizer’s product page and user guide.

AWS announces the availability of the AWS API MCP Server on AWS Marketplace, enabling customers to deploy the Model Context Protocol (MCP) server to Amazon Bedrock AgentCore. The marketplace entry includes step-by-step configuration and deployment instructions for deploying the AWS API MCP Server as a managed service with built-in authentication and session isolation to Bedrock Agent Core Runtime. The AWS Marketplace deployment simplifies container management while providing enterprise-grade security, scalability, and session isolation through Amazon Bedrock AgentCore Runtime. Customers can deploy the AWS API MCP Server with configurable authentication methods (SigV4 or JWT), implement least-privilege IAM policies, and leverage AgentCore's built-in logging and monitoring capabilities. The deployment lets customers configure IAM roles, authentication methods, and network settings according to their security requirements. The AWS API MCP Server can now be deployed from AWS Marketplace in all AWS Regions where Amazon Bedrock AgentCore is supported. Get started by visiting the AWS API MCP Server listing on AWS Marketplace or explore the deployment guide on AWS Labs GitHub repository. Learn more about Amazon Bedrock AgentCore in the AWS documentation.

AWS now supports deletion vectors and row lineage as defined in the Apache Iceberg Version 3 (V3) specification. These new features are available with Apache Spark on Amazon EMR 7.12, AWS Glue, Amazon SageMaker notebooks, Amazon S3 Tables, and the AWS Glue Data Catalog. These Iceberg V3 capabilities help customers build petabyte-scale data lakes with improved performance for data modifications and functionality to easily track changed records. Deletion vectors write optimized delete files that speed up data pipelines and reduce data compaction costs. Row lineage provides metadata fields on each record to track changes with a simple SQL query, eliminating the computational expense of finding small changes in large tables. Get started creating V3 tables by setting the table property to 'format-version = 3' in the CREATE TABLE command in Spark or a SageMaker notebook. To upgrade existing tables, simply update the table property in metadata with the new format version. When you do this, AWS query engines that support V3 will automatically begin to use deletion vectors and row lineage. Iceberg V3 deletion vectors and row lineage are now available in all AWS Regions where each respective service/feature—Amazon EMR, AWS Glue, SageMaker notebooks, S3 Tables, and AWS Glue Data Catalog—is supported. To learn more about AWS support for Iceberg V3, visit Apache Iceberg V3 on AWS, and read the blog post.

Amazon Route 53 is excited to release the accelerated recovery option for managing DNS records in public hosted zones. Accelerated recovery targets a 60-minute recovery time objective (RTO) for regaining the ability to make DNS changes to your DNS records in Route 53 public hosted zones, if AWS services in US East (N. Virginia) become temporarily unavailable. The Route 53 public DNS service API is used by customers today for making changes to DNS records in order to facilitate software deployments, run infrastructure operations, and onboard new users. Customers in banking, financial technology (FinTech), and software-as-a-service (SaaS) in particular need a predictable and short RTO for meeting business continuity and disaster recovery objectives. In the past, if AWS services in US East (N. Virginia) became unavailable, customers would not be able to modify or recreate DNS records to point users and internal services to updated endpoints. Now, when you enable the accelerated recovery option on your Route 53 public hosted zone, you can make changes to Route 53 public DNS records (Resource Record Sets) in that hosted zone soon after such an interruption, most often in less than one hour. Accelerated recovery for managing public DNS records is available globally, except in AWS GovCloud and Amazon Web Services in China. There is no additional charge for using this feature. To learn more about the accelerated recovery option, visit our documentation.

Amazon Lex now allows you to use Large Language Models (LLMs) as the primary option to understand customer intent across voice and chat interactions. With this capability, your voice and chat bots can better understand customer requests, handle complex utterances, maintain accuracy despite spelling errors, and extract key information from verbose inputs. When customer intent is unclear, bots can intelligently ask follow-up questions to fulfill requests accurately. For example, when a customer says “I need help with my flight,” the LLM automatically clarifies whether the customer wants to check their flight status, upgrade their flight, or change their flight. This feature is available in all AWS commercial regions where Amazon Connect and Lex operate. To learn more, visit the Amazon Lex documentation or explore the Amazon Connect website to learn how Amazon Connect and Amazon Lex deliver seamless end-customer self-service experiences.

Amazon EMR and AWS Glue now provide comprehensive audit context support for AWS Lake Formation credential vending APIs and AWS Glue Data Catalog GetTable and GetTables API calls. This auditing capability helps you maintain compliance with regulatory frameworks, including the Digital Markets Act (DMA) and data protection regulations. The feature is enabled by default, offering seamless integration into existing workflows while strengthening security and compliance monitoring across your data lake infrastructure. You can view this audit context information in AWS CloudTrail logs, enabling enhanced security auditing, regulatory compliance, and improved troubleshooting for EMR for Apache Spark native fine-grained access control (FGAC) and full table access jobs. The audit logging feature automatically records the platform type (EMR-EC2, EMR on EKS, EMR Serverless, or AWS Glue) and its corresponding identifiers like such as Cluster ID, Step ID, Job Run ID, and Virtual Cluster ID. This enables security teams to track and correlate API calls from individual Spark jobs, streamline compliance reporting, and analyze historical data access patterns. Additionally, data engineers can quickly troubleshoot access-related issues by connecting them to specific job executions, resolve FGAC permission challenges, and monitor access patterns across different compute platforms. This feature is available in all AWS Regions that support Amazon EMR, AWS Glue, and AWS Lake Formation, requiring EMR version 7.12+ or AWS Glue version 5.1+.

Today, AWS announces enhanced search capabilities for the AWS Knowledge MCP Server, which now supports topic-based search across specialized AWS documentation domains. The AWS Knowledge MCP Server is a Model Context Protocol (MCP) server that provides AI agents and developers with programmatic access to AWS documentation and knowledge resources. This enhancement enables more precise and relevant search results by allowing MCP clients and agentic frameworks to query specific documentation domains such as Troubleshooting, AWS Amplify, AWS CDK, CDK Constructs, and AWS CloudFormation, reducing noise and improving response accuracy for domain-specific queries. These topic-based searches complement existing capabilities for searching API references, What's New announcements, and general AWS documentation. Developers building AI agents can now retrieve targeted information for specific use cases—for example, searching Troubleshooting documentation for error resolution, Amplify documentation for frontend development guidance, or CDK Constructs for production-ready architectural patterns. This focused approach accelerates development workflows and improves the quality of AI-generated responses for AWS-specific queries. The enhanced search capabilities are available immediately at no additional cost through the AWS Knowledge MCP Server. Usage remains subject to standard rate limits. To learn more and get started, see the AWS Knowledge MCP Server documentation.

Amazon EMR and AWS Glue now enable you to enforce fine-grained access control (FGAC) on both read and write operations for AWS Lake Formation registered tables in your Apache Spark jobs. Previously, you could only apply Lake Formation's table, column, and row-level permissions for read operations (SELECT, DESCRIBE). This simplifies data workflows by allowing both read and write tasks in a single Spark job, eliminating the need for separate clusters or applications. Organizations can now execute end-to-end data workflows with consistent security controls, streamlining operations and reducing infrastructure costs. With this launch, administrators can control who is authorized to insert new data, update specific records, or merge changes through DML operations (CREATE, ALTER, INSERT, UPDATE, DELETE, MERGE INTO, DROP), ensuring that all data modifications adhere to specified security policies to mitigate the risk of unauthorized data modification, or misuse. This launch simplifies data governance and security frameworks by providing a single point for defining access rules in AWS Lake Formation and enforcing these rules in Spark for both read and write operations. This feature is available in all AWS Regions where Amazon EMR (EC2, EKS and Serverless), AWS Glue and AWS Lake Formation are available. To learn more, visit the open table format support documentation.

Amazon S3 Metadata is now available in twenty-two additional AWS Regions: Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central), Canada West (Calgary), Europe (London), Europe (Milan), Europe (Paris), Europe (Spain), Europe (Stockholm), Europe (Zurich), Israel (Tel Aviv), Middle East (Bahrain), Middle East (UAE), South America (Sao Paulo), and US West (N. California). Amazon S3 Metadata is the easiest and fastest way to help you instantly discover and understand your S3 data with automated, easily-queried metadata that updates in near real-time. This helps you to curate, identify, and use your S3 data for business analytics, real-time inference applications, and more. S3 Metadata supports object metadata, which includes system-defined details like size and source of the object, and custom metadata, which allows you to use tags to annotate your objects with information like product SKU, transaction ID, or content rating. S3 Metadata automatically populates metadata for both new and existing objects, providing you with a comprehensive, queryable view of your data. With this expansion, S3 Metadata is now generally available in twenty-eight AWS Regions. For pricing details, visit the S3 pricing page. To learn more, visit the product page, documentation, and AWS Storage Blog.

Amazon SageMaker AI’s Flexible Training Plans (FTP) now support inference endpoints, giving customers guaranteed GPU capacity for planned evaluations and production peaks. Now, customers can reserve the exact instance types they need and rely on SageMaker AI to bring up the inference endpoint automatically, without doing any infrastructure management themselves. As customers plan their ML development cycles, they need confidence that the GPUs required for model evaluation and pre-production testing will be available on the exact dates they need them. FTP makes it easy for customers to access GPU capacity to run ML workloads. With FTP support for inference endpoints, you choose your preferred instance types, compute requirements, reservation length, and start date for your inference workload. When creating the endpoint, you simply reference the reservation ARN and SageMaker AI automatically provisions and runs the endpoint on that guaranteed capacity for the entire plan duration. This removes weeks of infrastructure management and scheduling effort, letting you run inference predictably while focusing your time on improving model performance. Flexible Training Plans support for SageMaker AI Inference is available in following regions: US East (N. Virginia), US West (Oregon), US East (Ohio). To learn more about using FTP reservations for inference endpoints, visit the SageMaker AI Inference API reference here.

Today, Amazon Bedrock introduces a new Reserved service tier designed for workloads requiring predictable performance and guaranteed tokens-per-minute capacity. The Reserved tier provides the ability to reserve prioritized compute capacity, keeping service levels predictable for your mission critical applications. It also includes the flexibility to allocate different input and output tokens-per-minute capacities to match the exact requirements of your workload and control cost. This is particularly valuable because many workloads have asymmetric token usage patterns. For instance, summarization tasks consume many input tokens but generate fewer output tokens, while content generation applications require less input and more output capacity. When your application needs more tokens-per-minute capacity than what you reserved , the service automatically overflows to the pay-as-you-go Standard tier, ensuring uninterrupted operations. The Reserved tier targets 99.5% uptime for model response and is available today for Anthropic Claude Sonnet 4.5. Customers can reserve capacity for 1 month or 3 month duration. Customers pay a fixed price per 1K tokens-per-minute and are billed monthly. With the Reserved service tier, Amazon Bedrock continues to provide more choice to customers, helping them develop, scale, and deploy applications and agents that improve productivity and customer experiences while balancing performance and cost requirements. For more information about the AWS Regions where Amazon Bedrock Reserved is available, refer to the Documentation. To get access to the Reserved tier, please contact your AWS account team.

AWS Glue 5.1 is now generally available, delivering improved performance, security updates, expanded Apache Iceberg capabilities, and AWS Lake Formation write support for data integration workloads. AWS Glue is a serverless, scalable data integration service that simplifies discovering, preparing, moving, and integrating data from multiple sources. This release upgrades core engines to Apache Spark 3.5.6, Python 3.11, and Scala 2.12.18, bringing performance and security enhancements. It also updates support for open table format libraries, including Apache Hudi 1.0.2, Apache Iceberg 1.10.0, and Delta Lake 3.3.2. AWS Glue 5.1 introduces support for Apache Iceberg format version 3.0, adding default column values, deletion vectors for merge-on-read tables, multi-argument transforms, and row lineage tracking. This release also extends AWS Lake Formation fine-grained access control to write operations (both DML and DDL) for Spark DataFrames and Spark SQL. Previously, this capability was limited to read operations only. AWS Glue 5.1 also adds full-table access control in Apache Spark for Apache Hudi and Delta Lake tables, providing more comprehensive security options for your data. AWS Glue 5.1 is available in US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), Europe (Stockholm), Europe (Frankfurt), Europe (Spain), Asia Pacific (Hong Kong), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Malaysia), Asia Pacific (Thailand), Asia Pacific (Mumbai), and South America (São Paulo). Visit the AWS Glue documentation for more information.

Amazon Quick Suite, the AI-powered workspace helping organizations get answers from their enterprise data and move swiftly from insights to action, enhances Quick Research with access to specialized third-party datasets. Quick Research transforms how business professionals tackle complex business problems by completing weeks of data discovery, analysis, and insight generation in minutes. Today, Quick Research launches its partner ecosystem with industry intelligence providers S&P Global, FactSet, and IDC, with more to come. Users with existing subscriptions can combine these authoritative datasets with all of their business data and real-time web search, accelerating their path to deeper insights and strategic decision-making. Additionally, all users have access to decades of US Patent and Trademark Office data along with millions of PubMed citations and abstracts in biomedical and life sciences literature. Business professionals from any industry can now access and analyze multiple data sources in one unified workspace, eliminating the need to switch between platforms. For example, a financial analyst can evaluate investment opportunities using FactSet's financial data alongside real-time web search and internal market reports, while energy teams can optimize trading strategies using S&P Global's commodity data combined with insights from their strategy teams. Similarly, sales and product teams can spot emerging trends faster by leveraging IDC's industry intelligence with their customer data. By bringing critical data sources together in one place, organizations can move from insight to action with greater speed and confidence. Quick Research's third-party data integration is available in the following AWS Regions: US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), and Europe (Ireland). To learn more, read our User Guide.

Amazon SageMaker AI now supports EAGLE-based adaptive speculative decoding, a technique that accelerates large language model inference by up to 2.5x while maintaining output quality. In this post, we explain how to use EAGLE 2 and EAGLE 3 speculative decoding in Amazon SageMaker AI, covering the solution architecture, optimization workflows using your own datasets or SageMaker's built-in data, and benchmark results demonstrating significant improvements in throughput and latency.

In this post, we show how to use the new visual workflow experience in SageMaker Unified Studio IAM-based domains to orchestrate an end-to-end machine learning workflow. The workflow ingests weather data, applies transformations, and generates predictions—all through a single, intuitive interface, without writing any orchestration code.

In this post, we demonstrate how to migrate computer vision workloads from Amazon Lookout for Vision to Amazon SageMaker AI by training custom defect detection models using pre-trained models available on AWS Marketplace. We provide step-by-step guidance on labeling datasets with SageMaker Ground Truth, training models with flexible hyperparameter configurations, and deploying them for real-time or batch inference—giving you greater control and flexibility for automated quality inspection use cases.

You can now develop AWS Lambda functions using Node.js 24, either as a managed runtime or using the container base image. Node.js 24 is in active LTS status and ready for production use. It is expected to be supported with security patches and bugfixes until April 2028. The Lambda runtime for Node.js 24 includes a new implementation of the […]

The AWS Customer Success Center of Excellence (CS COE) helps customers get tangible value from their AWS investments. We've seen a pattern: customers who build AI strategies that address people, process, and technology together succeed more often. In this post, we share practical considerations that can help close the AI value gap.

AWS re:Invent 2025 returns to Las Vegas, Nevada, from December 1–5, 2025. This year, we’re offering a comprehensive lineup of sessions and booth activities to help you build resilient, performant, and scalable applications wherever you need them—in the cloud, on premises, or at the edge.

We're introducing bidirectional streaming for Amazon SageMaker AI Inference, which transforms inference from a transactional exchange into a continuous conversation. This post shows you how to build and deploy a container with bidirectional streaming capability to a SageMaker AI endpoint. We also demonstrate how you can bring your own container or use our partner Deepgram's pre-built models and containers on SageMaker AI to enable bi-directional streaming feature for real-time inference.

The Amazon SageMaker AI MCP Server now supports tools that help you setup and manage HyperPod clusters. Amazon SageMaker HyperPod removes the undifferentiated heavy lifting involved in building generative AI models by quickly scaling model development tasks such as training, fine-tuning, or deployment across a cluster of AI accelerators. The SageMaker AI MCP Server now empowers AI coding assistants to provision and operate AI/ML clusters for model training and deployment. MCP servers in AWS provide a standard interface to enhance AI-assisted application development by equipping AI code assistants with real-time, contextual understanding of various AWS services. The SageMaker AI MCP server comes with tools that streamline end-to-end AI/ML cluster operations using the AI assistant of your choice—from initial setup through ongoing management. It enables AI agents to reliably setup HyperPod clusters orchestrated by Amazon EKS or Slurm complete with pre-requisites, powered by CloudFormation templates that optimize networking, storage, and compute resources. Clusters created via this MCP server are fully optimized for high-performance distributed training and inference workloads, leveraging best practice architectures to maximize throughput and minimize latency at scale. Additionally, it provides comprehensive tools for cluster and node management—including scaling operations, applying software patches, and performing various maintenance tasks. When used in conjunction with AWS API MCP Server, AWS Knowledge MCP Server, and Amazon EKS MCP Server you gain complete coverage for all SageMaker HyperPod APIs and you can effectively troubleshoot common issues, such as diagnosing why a cluster node became inaccessible. For cluster administrators, these tools streamline daily operations. For data scientists, they enable you to set up AI/ML clusters at scale without requiring infrastructure expertise, allowing you to focus on what matters most—training and deploying models. You can manage your AI/ML clusters through the SageMaker AI MCP server in all regions where SageMaker HyperPod is available. To get started, visit the AWS MCP Servers documentation.

AWS introduces Network Firewall Proxy in public preview. You can use it to exert centralized controls against data exfiltration and malware injection. You can set up your Network Firewall Proxy in explicit mode in just a few clicks and filter the traffic going out from your applications and the response that these applications receive. Network Firewall Proxy enables customers to efficiently manage and secure web and inter-network traffic. It protects your organization against atempts to spoof the domain name or the server name index (SNI) and offers flexibility to set fine-grained access controls. You can use Network Firewall Proxy to restrict access from your applications to trusted domains or IP addresses, or block unintended response from external servers. You can also turn on TLS inspection and set granular filtering controls on HTTP header attributes. Your Network Firewall Proxy offers comprehensive logs for monitoring your applications. You can enable them and send to Amazon S3 and AWS CloudWatch for detailed analyses and audit. Try out AWS Network Firewall Proxy in your test environment today in US East (Ohio) region. Proxy is available for free during public preview. For more information check AWS Network Firewall proxy documentation.

Warner Bros. Discovery (WBD) is a leading global media and entertainment company that creates and distributes the world’s most differentiated and complete portfolio of content and brands across television, film and streaming. In this post, we describe the scale of our offerings, artificial intelligence (AI)/machine learning (ML) inference infrastructure requirements for our real time recommender systems, and how we used AWS Graviton-based Amazon SageMaker AI instances for our ML inference workloads and achieved 60% cost savings and 7% to 60% latency improvements across different models.

In this post, we explore the complete development lifecycle of physical AI—from data collection and model training to edge deployment—and examine how these intelligent systems learn to understand, reason, and interact with the physical world through continuous feedback loops. We illustrate this workflow through Diligent Robotics' Moxi, a mobile manipulation robot that has completed over 1.2 million deliveries in hospitals, saving nearly 600,000 hours for clinical staff while transforming healthcare logistics and returning valuable time to patient care.

In this post, we explore how Amazon SageMaker HyperPod now supports NVIDIA Multi-Instance GPU (MIG) technology, enabling you to partition powerful GPUs into multiple isolated instances for running concurrent workloads like inference, research, and interactive development. By maximizing GPU utilization and reducing wasted resources, MIG helps organizations optimize costs while maintaining performance isolation and predictable quality of service across diverse machine learning tasks.

AWS Glue now supports zero-ETL for self-managed database sources. Using Glue zero-ETL, you can now setup an integration to replicate data from Oracle, SQL Server, MySQL or PostgreSQL databases which are located on-premises or on AWS EC2 to Redshift with a simple experience that eliminates configuration complexity. AWS zero-ETL for self-managed database sources will automatically create an integration for an on-going replication of data from your on-premises or EC2 databases through a simple, no-code interface. You can now replicate data from Oracle, SQL Server, MySQL and PostgreSQL databases into Redshift. This feature further reduces users' operational burden and saves weeks of engineering effort needed to design, build, and test data pipelines to ingest data from self-managed databases to Redshift.    AWS Glue zero-ETL for self-managed database sources are available in the following AWS Regions: US East (Ohio), Europe (Stockholm), Europe (Ireland), Europe (Frankfurt),  Canada West (Calgary), US West (Oregon), and Asia Pacific (Seoul) regions. To get started, sign into the AWS Management Console.  For more information visit the AWS Glue page or review the AWS Glue zero-ETL documentation.

AWS Lambda now supports creating serverless applications using Node.js 24. Developers can use Node.js 24 as both a managed runtime and a container base image, and AWS will automatically apply updates to the managed runtime and base image as they become available. Node.js 24 is the latest long-term support release of Node.js and is expected to be supported for security and bug fixes until April 2028. With this release, Lambda has simplified the developer experience, focusing on the modern async/await programming pattern and no longer supports callback-based function handlers. You can use Node.js 24 with Lambda@Edge (in supported Regions), allowing you to customize low-latency content delivered through Amazon CloudFront. Powertools for AWS Lambda (TypeScript), a developer toolkit to implement serverless best practices and increase developer velocity, also supports Node.js 24. You can use the full range of AWS deployment tools, including the Lambda console, AWS CLI, AWS Serverless Application Model (AWS SAM), AWS CDK, and AWS CloudFormation to deploy and manage serverless applications written in Node.js 24. The Node.js 24 runtime is available in all Regions, including the AWS GovCloud (US) Regions and China Regions. For more information, including guidance on upgrading existing Lambda functions, see our blog post. For more information about AWS Lambda, visit our product page.

Amazon SageMaker AI Inference now supports bidirectional streaming for real-time speech-to-text transcription, enabling continuous speech processing instead of batch input. Models can now receive audio streams and return partial transcripts simultaneously as users speak, enabling you to build voice agents that process speech with minimal latency. As customers build AI voice agents, they need real-time speech transcription to minimize delays between user speech and agent responses. Data scientists and ML engineers lack managed infrastructure for bidirectional streaming, making it necessary to build custom WebSocket implementations and manage streaming protocols. Teams spend weeks developing and maintaining this infrastructure rather than focusing on model accuracy and agent capabilities. With bidirectional streaming on Amazon SageMaker AI Inference, you can deploy speech-to-text models by invoking your endpoint with the new Bidirectional Stream API. The client opens an HTTP2 connection to the SageMaker AI runtime, and SageMaker AI automatically creates a WebSocket connection to your container. This can process streaming audio frames and return partial transcripts as they are produced. Any container implementing a WebSocket handler following the SageMaker AI contract works automatically, with real-time speech models such as Deepgram running without modifications. This eliminates months of infrastructure development, enabling you to deploy voice agents with continuous transcription while focusing your time on improving model performance. Bidirectional streaming is available in following AWS Regions - Canada (Central), South America (São Paulo), Africa (Cape Town), Europe (Paris), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Israel (Tel Aviv), Europe (Zurich), Asia Pacific (Tokyo), AWS GovCloud US (West), AWS GovCloud US (East), Asia Pacific (Mumbai), Middle East (Bahrain), US West (Oregon), China (Ningxia), US West (Northern California), Asia Pacific (Sydney), Europe (London), Asia Pacific (Seoul), US East (N. Virginia), Asia Pacific (Hong Kong), US East (Ohio), China (Beijing), Europe (Stockholm), Europe (Ireland), Middle East (UAE), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Spain), Europe (Frankfurt), Europe (Milan), Asia Pacific (Singapore). To learn more, visit AWS News Blog here and SageMaker AI documentation here.

Amazon OpenSearch Service launches Agentic Search, transforming how users interact with their data through intelligent, agent-driven search. Agentic Search introduces an intelligent agent-driven system that understands user intent, orchestrates the right set of tools, generates OpenSearch DSL (domain-specific language) queries, and provides transparent summaries of its decision-making process through a simple 'agentic' query clause and natural language search terms. Agentic Search automates OpenSearch query planning and execution, eliminating the need for complex search syntax. Users can ask questions in natural language like "Find red cars under $30,000" or "Show last quarter's sales trends." The agent interprets intent, applies optimal search strategies, and delivers results while explaining its reasoning process. The feature provides two agent types: conversational agents, which handle complex interactions with the ability to store conversations in memory, and flow agents for efficient query processing. The built-in QueryPlanningTool uses large language models (LLMs) to create DSL queries, making search accessible regardless of technical expertise. Users can manage Agentic Search through APIs or OpenSearch Dashboards to configure and modify agents. Agentic Search’s advanced settings allow you to connect with external MCP servers and use custom search templates. Support for agentic search is available for OpenSearch Service version 3.3 and later in all AWS Commercial and AWS GovCloud (US) Regions where OpenSearch Service is available. See here for a full listing of our Regions. Build agents and run agentic searches using the new Agentic Search use case available in the AI Search Flows plugin. To learn more about Agentic Search, visit the OpenSearch technical documentation.

Today, we’re excited to announce the general availability of new capability of automatic quota management feature in AWS Service Quotas. Today, automatic quota management supports customers to receive notifications when their quota usage approaches their allocated quotas and configure their preferred notifications channel, such as email, SMS, or Slack, through Service Quotas console or API. Now, this feature adjusts values of AWS services’ quotas automatically and safely based on customer’s usage, which reduces operational burden from customers to constantly monitor their quota usage, and request quota increases across multiple AWS services in different AWS accounts and Regions. Customers can now confidently scale their applications on AWS to meet their growing customer demand without the risk of unexpected service interruptions due to quota exhaustion. This new capability is now available at no additional cost in all AWS commercial regions. To explore this feature and for details, please visit Service Quotas console and AWS Service Quotas documentation.

Amazon SageMaker AI now supports EAGLE (Extrapolation Algorithm for Greater Language-model Efficiency) speculative decoding to improve large language model inference throughput by up to 2.5x. This capability enables models to predict and validate multiple tokens simultaneously rather than one at a time, improving response times for AI applications. As customers deploy AI applications to production, they need capabilities to serve models with low latency and high throughput to deliver responsive user experiences. Data scientists and ML engineers lack efficient methods to accelerate token generation without sacrificing output quality or requiring complex model re-architecture, making it hard to meet performance expectations under real-world traffic. Teams spend significant time optimizing infrastructure rather than improving their AI applications. With EAGLE speculative decoding, SageMaker AI enables customers to accelerate inference throughput by allowing models to generate and verify multiple tokens in parallel rather than one at a time, maintaining the same output quality while dramatically increasing throughput. SageMaker AI automatically selects between EAGLE 2 and EAGLE 3 based on your model architecture, and provides built-in optimization jobs that use either curated datasets or your own application data to train specialized prediction heads. You can then deploy optimized models through your existing SageMaker AI inference workflow without infrastructure changes, enabling you to deliver faster AI applications with predictable performance. You can use EAGLE speculative decoding in the following AWS Regions: US East (N. Virginia), US West (Oregon), US East (Ohio), Asia Pacific (Tokyo), Europe (Ireland), Asia Pacific (Singapore), and Europe (Frankfurt) To learn more about EAGLE speculative decoding, visit AWS News Blog here, and SageMaker AI documentation here.

Today, AWS announces the general availability of rule label, a feature of AWS Glue Data Quality, enabling you to apply custom key-value pair labels to your data quality rules for improved organization, filtering, and targeted reporting. This enhancement allows you to categorize data quality rules by business context, team ownership, compliance requirements, or any custom taxonomy that fits your data quality and governance needs. Rule labels provide effective way to organize analyze data quality results. You can query results by specific labels to identify failing rules within particular categories, count rule outcomes by team or domain, and create focused reports for different stakeholders. For example, you can apply all rules that pertain to finance team with a label "team=finance" and generate a customized report to showcase quality metrics specific to finance team. You can label high priority rules with "criticality=high" to prioritize remediation efforts. Labels can be authored as part of the DQDL. You can query the labels as part of rule outcomes, row-level results, and API responses, making it easy to integrate with your existing monitoring and reporting workflows. AWS Glue Data Quality rule labeling is available in all commercial AWS Regions where AWS Glue Data Quality is available. See the AWS Region Table for more details. To learn more about rule labeling, see the AWS Glue Data Quality documentation.

Today, AWS announces the general availability of preprocessing queries for AWS Glue Data Quality, enabling you to transform your data before running data quality checks through AWS Glue Data Catalog APIs. This feature allows you to create derived columns, filter data based on specific conditions, perform calculations, and validate relationships between columns directly within your data quality evaluation process. Preprocessing queries provide enhanced flexibility for complex data quality scenarios that require data transformation before validation. You can create derived metrics like calculating total fees from tax and shipping columns, limiting number of columns that are considered for data quality recommendations or filter datasets to focus quality checks on specific data subsets. This capability eliminates the need for separate data pre-processing steps, streamlining your data quality workflows. AWS Glue Data Quality preprocessing queries are available through AWS Glue Data Catalog APIs - start-data-quality-rule-recommendation-run and start-data-quality-ruleset-evaluation-run, in all commercial AWS Regions where AWS Glue Data Quality is available. To learn more about preprocessing queries, see the Glue Data Quality documentation.

Amazon Quick Flows now supports scheduling, enabling you to automate repetitive workflows without requiring manual intervention. You can now configure Quick Flows to run automatically at specified times or intervals, improving operational efficiency and ensuring critical tasks execute consistently. You can schedule Quick Flows to run daily, weekly, monthly, or on custom intervals. This capability is great for automating routine and administrative tasks such as generating recurring reports from dashboards, summarizing open items assigned to you in external services, or generating daily meeting briefings before you head out to work. You can schedule any flow you have access to—whether you created it or it was shared with you. To schedule a flow, click the scheduling icon and configure your desired date, time, and frequency. Scheduling in Quick Flows is available now in US East (N. Virginia), US West (Oregon), and Europe (Ireland) There are no additional charges for using scheduled execution beyond standard Quick Flows usage. To learn more about configuring scheduled Quick Flows, please visit our documentation.

Organizations running critical workloads on Amazon Elastic Compute Cloud (Amazon EC2) reserve compute capacity using On-Demand Capacity Reservations (ODCR) to have availability when needed. However, reserved capacity can intermittently sit idle during off-peak periods, between deployments, or when workloads scale down. This unused capacity represents a missed opportunity for cost optimization and resource efficiency across the organization.

We are excited to announce that customers in Canada can now access advanced foundation models including Anthropic's Claude Sonnet 4.5 and Claude Haiku 4.5 on Amazon Bedrock through cross-Region inference (CRIS). This post explores how Canadian organizations can use cross-Region inference profiles from the Canada (Central) Region to access the latest foundation models to accelerate AI initiatives. We will demonstrate how to get started with these new capabilities, provide guidance for migrating from older models, and share recommended practices for quota management.

Amazon SageMaker HyperPod clusters with Amazon Elastic Kubernetes Service (EKS) orchestration now support creating and managing interactive development environments such as JupyterLab and open source Visual Studio Code, streamlining the ML development lifecycle by providing managed environments for familiar tools to data scientists. This post shows how HyperPod administrators can configure Spaces for their clusters, and how data scientists can create and connect to these Spaces.

Next week, don’t miss AWS re:Invent, Dec. 1-5, 2025, for the latest AWS news, expert insights, and global cloud community connections! Our News Blog team is finalizing posts to introduce the most exciting launches from our service teams. If you’re joining us in person in Las Vegas, review the agenda, session catalog, and attendee guides […]

Amazon Web Services (AWS) provides many mechanisms to optimize the price performance of workloads running on Amazon Elastic Compute Cloud (Amazon EC2), and the selection of the optimal infrastructure to run on can be one of the most impactful levers. When we started building the AWS Graviton processor, our goal was to optimize AWS Graviton […]

Today, AWS announces enhanced log analytics capabilities in Amazon OpenSearch Service, making Piped Processing Language (PPL) and natural language the default experience in OpenSearch UI's Observability workspace. This update combines proven pipeline syntax with simplified workflows to deliver an intuitive observability experience, helping customers analyze growing data volumes while controlling costs. The new experience includes 35+ new commands for deep analysis, faceted exploration, and natural language querying to help customers gain deeper insights across infrastructure, security, and business metrics. With this enhancement, customers can streamline their log analytics workflows using familiar pipeline syntax while leveraging advanced analytics capabilities. The solution includes enterprise-grade query capabilities, supporting advanced event correlation using natural language that help teams uncover meaningful patterns faster. Users can seamlessly move from query to visualization within a single interface, reducing mean time to detect and resolve issues. Admins can quickly stand up an end-to-end OpenTelemetry solution using OpenSearch's Get Started workflow in the AWS console. The unified workflow includes out-of-the-box OpenSearch Ingestion pipelines for OpenTelemetry data, making it easier for teams to get started quickly. Amazon OpenSearch UI is available in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Osaka), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Europe (Ireland), Europe (London), Europe (Frankfurt), Europe (Paris), Europe (Stockholm), Europe (Milan), Europe (Spain), Europe (Zurich), South America (São Paulo), and Canada (Central). To learn more about the new OpenSearch log analytics experience, visit the OpenSearch Service observability documentation and start using these enhanced capabilities today in OpenSearch UI.

Amazon CloudFront announces support for mutual TLS Authentication (mTLS), a security protocol that requires both the server and client to authenticate each other using X.509 certificates, enabling customers to validate client identities at CloudFront's edge locations. Customers can now ensure only clients presenting trusted certificates can access their distributions, helping protect against unauthorized access and security threats. Previously, customers had to spend ongoing effort implementing and maintaining their own client access management solutions, leading to undifferentiated heavy lifting. Now with the support for mutual TLS, customers can easily validate client identities at the AWS edge before connections are established with their application servers or APIs. Example use cases include B2B secure API integrations for enterprises and client authentication for IoT. For B2B API security, enterprises can authenticate API requests from trusted third parties and partners using mutual TLS. For IoT use cases, enterprises can validate that devices are authorized to receive proprietary content such as firmware updates. Customers can leverage their existing third-party Certificate Authorities or AWS Private Certificate Authority to sign the X.509 certificates. With Mutual TLS, customers get the performance and scale benefits of CloudFront for workloads that require client authentication. Mutual TLS authentication is available to all CloudFront customers at no additional cost. Customers can configure mutual TLS with CloudFront using the AWS Management Console, CLI, SDK, CDK, and CloudFormation. For detailed implementation guidance and best practices, visit CloudFront Mutual TLS (viewer) documentation.

Today, Amazon EC2 announces interruptible Capacity Reservations to help you better utilize your reserved capacity and save costs. On-Demand Capacity Reservations (ODCRs) help you reserve compute capacity in a specific Availability Zone for any duration. When ODCRs are not in use, you can now make them temporarily available as interruptible ODCRs, enabling other workloads within your organization to utilize them while preserving your ability to reclaim the capacity for critical operations. By repurposing unused capacity as interruptible ODCRs, workloads suitable for flexible, fault-tolerant operations—such as batch processing, data analysis, and machine learning training can benefit from temporarily available capacity. Reservation owners can reclaim their capacity at any time, while consumers of interruptible ODCRs will receive an interruption notice before termination to allow for graceful shutdown or checkpointing before. Interruptible ODCRs are now available at no additional cost to all Capacity Reservations customers. Refer to the AWS Capabilities by Region website for the feature's regional availability. CloudFormation support will be coming soon. For more details, please refer to the Capacity Reservations user guide.

AWS IoT Core announces a new capability to dynamically retrieve IoT thing registry data using an IoT rule, enhancing your ability to filter, enrich, and route IoT messages. Using the new get_registry_data() inline rule function, you can access IoT thing registry data, such as device attributes, device type, and group membership and leverage this information directly in IoT rules. For example, your rule can filter AWS IoT Core connectivity lifecycle events and then retrieve thing attributes (such as "test" or "production" device) to inform routing of lifecycle events to different endpoints for downstream processing. You can also use this feature to enrich or route IoT messages with registry data from other devices. For instance, you can add a sensor’s threshold temperature from IoT thing registry to the messages relayed by its gateway. To get started, connect your devices to AWS IoT Core and store your IoT device data in IoT thing registry. You can then use IoT rules to retrieve your registry data. This capability is available in all AWS regions where AWS IoT Core is present. For more information refer to the developer guide and API documentation.

AWS Elemental MediaTailor now supports HTTP Live Streaming (HLS) Interstitials for live streams, enabling broadcasters and streaming service providers to deliver seamless, personalized ad experiences across a wide range of modern video players. This capability allows customers to insert interstitial advertisements and promotions directly into live streams using the HLS Interstitials specification (RFC 8216), which is natively supported by popular players including HLS.js, Shaka Player, Bitmovin Player, and Apple devices running iOS 16.4, iPadOS 16.4, tvOS 16.4, and later. With HLS Interstitials, MediaTailor automatically generates the necessary metadata tags (Interstitial class EXT-X-DATERANGE with X-ASSET-LIST attributes) that signal to client players when and how to play interstitial content. This approach eliminates the need for custom player-side stitching logic, reducing development complexity and ensuring consistent playback behavior. The feature integrates with MediaTailor's existing server-side ad insertion (SSAI) capabilities, delivering frame-accurate transitions with no buffering between content and interstitials. Server-side beaconing continues to work with HLS Interstitials, ensuring ad tracking and measurement workflows remain intact. HLS Interstitials for live streams is particularly valuable for sports broadcasts, live news, and event streaming where precise ad timing and minimal latency are critical. The feature supports pre-roll and mid-roll insertion, giving customers flexibility in how they monetize their live content. This launch complements MediaTailor's existing HLS Interstitials support for VOD, rounding out support across Linear, Live, FAST, and VOD workflows. MediaTailor makes it easy to test and deploy—customers can rapidly enable or disable HLS Interstitials with a simple query parameter on the multi-variant manifest request, providing per playback session control without changing the underlying MediaTailor configuration. AWS Elemental MediaTailor HLS Interstitials for live streams is available today in all AWS Regions where MediaTailor operates. You pay only for the features you use, with no upfront commitments. To learn more and get started, visit the AWS Elemental MediaTailor documentation and the HLS Interstitials implementation guide.

Amazon Redshift now supports federated permissions across multi-warehouse architectures Amazon Redshift now supports federated permissions, which simplify permissions management across multiple Redshift data warehouses. Customers are adopting multi-warehouse architectures to scale and isolate workloads and are looking for simplified, consistent permissions management across warehouses. With Redshift federated permissions, you define data permissions once from any Redshift warehouse and automatically enforce them across all warehouses in the account. Amazon Redshift warehouses with federated permissions are auto-mounted in every Redshift warehouse, and you can use existing workforce identities with AWS IAM Identity Center or use existing IAM roles to query data across warehouses. Regardless of which warehouse is used for querying, row-level, column-level, and masking controls always apply automatically, delivering fine-grained access compliance. You can get started by registering a Redshift Serverless namespace or Redshift provisioned cluster with AWS Glue Data Catalog and start querying across warehouses using Redshift Query Editor V2, or any supported SQL client. You get horizontal scalability with multiple warehouses by allowing you to add new warehouses without increasing governance complexity, as new warehouses automatically enforce permission policies and analysts immediately see all databases from registered warehouses. Amazon Redshift federated permissions is available at no additional cost in supported AWS regions. To learn more, visit the Amazon Redshift documentation.

Starting today, Amazon EC2 High Memory U7i instances with 6TB of memory (u7i-6tb.112xlarge) are now available in the Asia Pacific (Jakarta) region. U7i-6tb instances are part of AWS 7th generation and are powered by custom fourth generation Intel Xeon Scalable Processors (Sapphire Rapids). U7i-6tb instances offer 6TB of DDR5 memory, enabling customers to scale transaction processing throughput in a fast-growing data environment. U7i-6tb instances offer 448 vCPUs, support up to 100Gbps Elastic Block Storage (EBS) for faster data loading and backups, deliver up to 100Gbps of network bandwidth, and support ENA Express. U7i instances are ideal for customers using mission-critical in-memory databases like SAP HANA, Oracle, and SQL Server. To learn more about U7i instances, visit the High Memory instances page.

Amazon Connect flow modules now support custom inputs, outputs, and branches, along with version and alias management. With this launch, you can now define flexible parameters for your reusable flow modules to math your specific business logic. For example, you can create an authentication module that accepts a phone number and PIN as inputs, then returns the customer name and authentication status as outputs with branches such as "authenticated" or "not authenticated". All parameters are customizable to meet your specific needs. Additionally, advanced versioning and aliasing capabilities allow you to manage module updates more seamlessly. You can create immutable version snapshots and map aliases to specific versions. When you update an alias to point to a new version, all flows using that module automatically reference the updated version. These new features make flow modules more powerful and reusable, allowing you to build and maintain flows more efficiently. To learn more about these feature, see the Amazon Connect Administrator Guide. This feature is available in all AWS regions that offers Amazon Connect. To learn more about Amazon Connect, the AWS cloud-based contact center, please visit the Amazon Connect website.

AWS Glue announces the general availability of catalog federation for remote Iceberg catalogs. This capability provides direct and secure access to Iceberg tables stored in Amazon S3 and cataloged in remote catalogs using AWS analytics engines. With catalog federation, you can federate to remote Iceberg catalogs and query remote Iceberg tables using your preferred AWS analytics engines, without moving or copying tables. It synchronizes metadata real-time across AWS Glue Data Catalog and remote catalogs when data teams query remote tables, which means that query results are always completely up-to-date. You can now choose the best price-performance for your workloads when analyzing remote Iceberg tables using your preferred AWS analytics engines, while maintaining consistent security controls when discovering or querying data. Catalog federation is supported by a wide variety of analytics engines, including Amazon Redshift, Amazon EMR, Amazon Athena, AWS Glue, third-party engines like Apache Spark, and Amazon SageMaker with the serverless notebooks. Catalog federation uses AWS Lake Formation for access controls, allowing you to use fine-grained access controls, cross-account sharing, and trusted identity propagation when sharing remote catalog tables with other data consumers. Catalog federation integrates with catalog implementations that support the Iceberg REST specifications. Catalog federation is available in Lake Formation console and using AWS Glue and Lake Formation SDKs and APIs. This feature is generally available in all AWS commercial regions where AWS Glue and Lake Formation are available. With just a few clicks in the console, you can federate to remote catalogs, discover its databases and tables, grant permissions to access table data, and query remote Iceberg tables using AWS analytics engines. To learn more, visit the documentation.

Today, AWS announces the general availability of Amazon Quick Suite Embedded Chat, enabling you to embed Quick Suite's conversational AI, which combines structured data and unstructured knowledge in a single conversation - directly into your applications, eliminating the need to build conversational interfaces, orchestration logic, or data access layers from scratch. Quick Suite Embedded Chat solves a fundamental problem: users want answers where they work, not in another tool. Whether in a CRM, support console, or analytics portal, they need instant, contextual responses. Most conversational tools excel at either structured data or documents, analytics or knowledge bases, answering questions or performing actions—rarely all of the above. Quick Suite closes this gap. Now, users can reference a KPI, pull details from a file, check customer feedback, and trigger actions in one continuous conversation without leaving the embedded chat. Embedded Chat brings this unified experience into your applications with simple integration, either through 1-click embedding or through API-based iframes for registered users with your existing authentication. You can connect your Agentic Chat to your data through connectors to search SharePoint, websites, send Slack messages, or create Jira tasks and customize the Agent with your brand colors, communication style, and personalized greetings. Security always stays under your control as you choose what the agent accesses and explicitly scope all actions. Quick Suite Embedded Chat is available the following AWS Regions: US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), and Europe (Ireland), and we'll expand availability to additional AWS Regions over the coming months. There is no additional cost for Quick Suite Embedded Chat. Existing Quick Suite pricing is available here. To learn more, see Embedding Amazon Quick Suite launch blog. To get started with Amazon Quick Suite, visit the Amazon Quick Suite product page.

You can now use Amazon MSK Replicator to replicate streaming data across Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters in five additional AWS Regions: Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain). MSK Replicator is a feature of Amazon MSK that enables you to reliably replicate data across Amazon MSK clusters in different or the same AWS Region(s) in a few clicks. With MSK Replicator, you can easily build regionally resilient streaming applications for increased availability and business continuity. MSK Replicator provides automatic asynchronous replication across MSK clusters, eliminating the need to write custom code, manage infrastructure, or setup cross-region networking. MSK Replicator automatically scales the underlying resources so that you can replicate data on-demand without having to monitor or scale capacity. MSK Replicator also replicates the necessary Kafka metadata including topic configurations, Access Control Lists (ACLs), and consumer group offsets. If an unexpected event occurs in a region, you can failover to the other AWS Region and seamlessly resume processing. You can get started with MSK Replicator from the Amazon MSK console or the Amazon CLI. To learn more, visit the MSK Replicator product page, pricing page, and documentation.

AWS Lambda launches enhanced error handling capabilities for Amazon Managed Streaming for Apache Kafka (MSK) and self-managed Apache Kafka (SMK) event sources. These capabilities allow customers to build custom retry configurations, optimize retries of failed messages, and send failed events to a Kafka topic as an on-failure destination, enabling customers to build resilient Kafka workloads with robust error handling strategies. Customers use Kafka event source mappings (ESM) with their Lambda functions to build their mission-critical Kafka applications. Kafka ESM offers robust error handling of failed events by retrying events with exponential backoff, and retaining failed events in on-failure destinations like Amazon SQS, Amazon S3, Amazon SNS. However, customers need customized error handling to meet stringent business and performance requirements. With this launch, developers can now exercise precise control over failed event processing and leverage Kafka topics as an additional on-failure destination when using Provisioned mode for Kafka ESM. Customers can now define specific retry limits and time boundaries for retry, automatically discarding failed records beyond these limits to customer-specified destination. They can now also set automatic retries of failed records in the batch and enhance their function code to report individual failed messages, optimizing the retry process. This feature is available in all AWS Commercial Regions where AWS Lambda’s Provisioned mode for Kafka ESM is available. To enable these capabilities, provide configuration parameters for your Kafka ESM in the ESM API, AWS Console, and AWS CLI. To learn more, read the Lambda ESM documentation and AWS Lambda pricing.

Customers can now use Claude Opus 4.5 in Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models from leading AI companies. Opus 4.5 is Anthropic's newest model, setting new standards across coding, agentic workflows, computer use, and office tasks while making Opus-level intelligence accessible at one-third the cost. Opus 4.5 excels at professional software engineering tasks, achieving state-of-the-art performance on SWE-bench. The model handles ambiguity, reasons about tradeoffs and can figure out fixes for bugs that require reasoning across multiple systems. It can help transform multi-day team development projects into hours-long tasks with improved multilingual coding capabilities. This generation of Claude spans the full development lifecycle: Opus 4.5 for production code and lead agents, Sonnet 4.5 for rapid iteration and scaled user experiences, Haiku 4.5 for sub-agents and free-tier products. Beyond coding, the model powers agents that produce documents, spreadsheets, and presentations with consistency, professional polish, and domain awareness, making it ideal for finance and other precision-critical verticals. As Anthropic's best vision model yet, it unlocks workflows that depend on complex visual interpretation and multi-step navigation. Through the Amazon Bedrock API, Opus 4.5 introduces two new capabilities: tool search and tool use examples. Together, these updates enable Claude to navigate large tool libraries and accurately execute complex tasks. A new effort parameter, available in beta, lets you control how much effort Claude allocates across thinking, tool calls, and responses to balance performance with latency, and cost. Claude Opus 4.5 is now available in Amazon Bedrock via global cross region inference in multiple locations. For the full list of available regions, refer to the documentation. To get started with the model in Amazon Bedrock, read the launch blog or visit the Amazon Bedrock console.

You can now run OpenSearch version 3.3 in Amazon OpenSearch Service. OpenSearch 3.3 introduces several improvements in areas like search performance, observability and new functionality to make agentic AI integrations simpler and more powerful. This launch includes several improvements in vector search capabilities. First, with agentic search, you can now achieve precise search results using natural language inputs without the need to construct complex domain-specific language (DSL) queries. Second, batch processing for semantic highlighter improves performance by reducing overhead latency and improving GPU utilization. Finally, enhancements to Neural Search plugin make semantic search more efficient and provide optimization options for your specific data, performance, and relevance needs. This launch also introduces support for Apache Calcite as default query engine for PPL that delivers optimization capabilities, improvements to query processing efficiency, and an extensive library of new PPL commands and functions. Additionally, this launch includes enhancements to the approximation framework that improve the responsiveness of paginated search results, real-time dashboards, and applications requiring deep pagination through large time-series or numeric datasets. Finally, workload management plugin now allows you to group search traffic and isolate network resources. This prevents specific requests from overusing network resources and offers tenant-level isolation. For information on upgrading to OpenSearch 3.3, please see the documentation. OpenSearch 3.3 is now available in all AWS Regions where Amazon OpenSearch Service is available.

Amazon Aurora PostgreSQL-Compatible Edition now supports dynamic data masking through the new pg_columnmask extension, allowing you to simplify the protection of sensitive data in your database. pg_columnmask extends Aurora's security capabilities by enabling column-level protection that complements PostgreSQL's native row-level security and column level grants. Using pg_columnmask, you can control access to sensitive data through SQL-based masking policies and define how data appears to users at query time based on their roles, helping you comply with data privacy regulations like GDPR, HIPAA, and PCI DSS. With pg_columnmask, you can create flexible masking policies using built-in or user-defined functions. You can completely hide information, replace partial values with wildcards, or define custom masking approaches. Further, you can apply multiple masking policies to a single column and control their precedence using weights. pg_columnmask helps protect data in complex queries with WHERE, JOIN, ORDER BY, or GROUP BY clauses. Data is masked at the database level during query processing, leaving stored data unmodified. pg_columnmask is available for Aurora PostgreSQL version 16.10 and higher, and 17.6 and higher in all AWS Regions where Aurora PostgreSQL is available. To learn more, review our blog post and visit technical documentation.

Amazon SageMaker HyperPod now supports Spot Instances, enabling customers to reduce GPU compute costs by up to 90% compared to on-demand instances on HyperPod . As AI workloads scale, optimizing infrastructure costs becomes increasingly critical. SageMaker HyperPod's Spot integration addresses this by allowing customers to automatically leverage spare EC2 capacity at significant discounts, while providing the managed AI experience customers enjoy on HyperPod.  With Spot Instances, organizations can run fault-tolerant workloads cost-effectively at scale. You can combine Spot with on-demand instances to balance cost optimization with guaranteed availability. The feature is available on HyperPod EKS clusters and integrates with Karpenter for intelligent auto-scaling, automatically discovering available Spot capacity and handling instance interruptions. You can enable Spot Instances when creating instance groups through the CreateCluster API or AWS Console. The feature supports all instance types available on HyperPod, including CPUs and GPUs. Capacity availability depends on supply from EC2 and varies by region and instance type. Spot instance support is available in all regions where SageMaker HyperPod is currently available. To learn more, please refer to the documentation.

Amazon SageMaker HyperPod now supports NVIDIA Multi-Instance GPU (MIG) technology, enabling administrators to partition a single GPU into multiple isolated GPUs. This capability allows administrators to maximize resource utilization by running diverse, small generative AI (GenAI) tasks simultaneously on GPU partitions while maintaining performance and task isolation. Administrators can choose either the easy-to-use configuration setup on the SageMaker HyperPod console or a custom setup approach to enable fine-grained, hardware-isolated resources for specific task requirements that don't require full GPU capacity. They can also allocate compute quota to ensure fair and efficient distribution of GPU partitions across teams. With real-time performance metrics and resource utilization monitoring dashboard across GPU partitions, administrators gain visibility to optimize resource allocation. Data scientists can now accelerate time-to-market by scheduling lightweight inference tasks and running interactive notebooks in parallel on GPU partitions, eliminating wait times for full GPU availability. This capability is currently available for Amazon SageMaker HyperPod clusters using the EKS orchestrator across the following AWS Regions: US West (Oregon), US East (N.Virginia), US East (Ohio), US West (N. California), Canada (Central), South America (Sao Paulo), Europe (Stockholm), Europe (Spain), Europe (Ireland), Europe (Frankfurt), Europe (London), Asia Pacific (Mumbai), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Seoul), Asia Pacific (Singapore). To learn more, visit SageMaker HyperPod webpage, and SageMaker HyperPod documentation.

Amazon SageMaker Unified Studio introduces new one-click onboarding experiences and serverless notebooks with a built-in AI agent without any manual set up or provisioning of your domain or compute resources. You can launch SageMaker Unified Studio directly from Amazon SageMaker, Amazon Athena, Amazon Redshift, and Amazon S3 Tables console pages, giving a fast path to analytics and AI workloads.

Amazon EMR Serverless now supports Apache Spark 4.0.1 (preview). With Spark 4.0.1, you can build and maintain data pipelines more easily with ANSI SQL and VARIANT data types, strengthen compliance and governance frameworks with Apache Iceberg v3 table format, and deploy new real-time applications faster with enhanced streaming capabilities. This enables your teams to reduce technical debt and iterate more quickly, while ensuring data accuracy and consistency. With Spark 4.0.1, you can build data pipelines with standard ANSI SQL, making it accessible to a larger set of users who don't know programming languages like Python or Scala. Spark 4.0.1 natively supports JSON and semi-structured data through VARIANT data types, providing flexibility for handling diverse data formats. You can strengthen compliance and governance through Apache Iceberg v3 table format, which provides transaction guarantees and tracks how your data changes over time, creating the audit trails you need for regulatory requirements. You can deploy real-time applications faster with improved streaming controls that let you manage complex stateful operations and monitor streaming jobs more easily. With this capability, you can support use cases like fraud detection and real-time personalization. Apache Spark 4.0.1 is available in preview in all regions where EMR Serverless is available, excluding China and AWS GovCloud (US) regions. To learn more about Apache Spark 4.0.1 on Amazon EMR, visit the Amazon EMR Serverless release notes, or get started by creating an EMR application with Spark 4.0.1 from the AWS Management Console.

Amazon SageMaker now supports Amazon Athena for Apache Spark, bringing a new notebook experience and fast serverless Spark experience together within a unified workspace. Now, data engineers, analysts, and data scientists can easily query data, run Python code, develop jobs, train models, visualize data, and work with AI from one place, with no infrastructure to manage and second-level billing. Athena for Apache Spark scales in seconds to support any workload, from interactive queries to petabyte-scale jobs. Athena for Apache Spark now runs on Spark 3.5.6, the same high-performance Spark engine available across AWS, optimized for open table formats including Apache Iceberg and Delta Lake. It brings you new debugging features, real-time monitoring in the Spark UI, and secure interactive cluster communication through Spark Connect. As you use these capabilities to work with your data, Athena for Spark now enforces table-level access controls defined in AWS Lake Formation. Athena for Apache Spark is now available with Amazon SageMaker notebooks in all Regions where Amazon SageMaker Unified Studio is supported. To learn more, visit Apache Spark engine version 3.5, read the AWS News Blog or visit Amazon SageMaker documentation. Visit the Getting Started guide to try it from Amazon SageMaker notebooks.

Amazon ECS Express Mode simplifies containerized application deployment by automating infrastructure setup through a single command, allowing developers to focus on building applications while following AWS best practices.

Today, AWS Payments Cryptography announces support for hybrid post-quantum (PQ) TLS to secure API calls. With this launch, customers can future-proof transmissions of sensitive data and commands using ML-KEM post-quantum cryptography. Enterprises operating highly regulated workloads wish to reduce post-quantum risks from “harvest now, decrypt later”. Long-lived data-in-transit can be recorded today, then decrypted in the future when a sufficiently capable quantum computer becomes available. With today’s launch, AWS Payment Cryptography joins data protection services such as AWS Key Management Service (KMS) in addressing this concern by supporting PQ-TLS. To get started, simply ensure that your application depends on a version of AWS SDK or browser that supports PQ-TLS. For detailed guidance by language and platform, visit the PQ-TLS enablement documentation. Customers can also validate that ML-KEM was used to secure the TLS session for an API call by reviewing tlsDetails for the corresponding CloudTrail event in the console or a configured CloudTrail trail. These capabilities are generally available in all AWS Regions at no added cost. To get started with PQ-TLS and Payment Cyptography, see our post-quantum TLS guide. For more information about PQC at AWS, please see PQC shared responsibility.

In this post, you will learn how the new Amazon API Gateway’s enhanced TLS security policies help you meet standards such as PCI DSS, Open Banking, and FIPS, while strengthening how your APIs handle TLS negotiation. This new capability increases your security posture without adding operational complexity, and provides you with a single, consistent way to standardize TLS configuration across your API Gateway infrastructure.

AWS Device Farm enables web and mobile developers to test their applications using real mobile devices and desktop browsers. Today, we are announcing three new capabilities that make it easier to build better web and mobile experiences: a fully-managed Appium endpoint, support for environment variables, and IAM role integration. With the new Appium endpoint, you can connect using just a few lines of code and run interactive tests on multiple physical devices directly from your IDE or local host. This feature works seamlessly with Appium Inspector —both hosted and local versions—for all actions, including element inspection. Support for live video and log streaming enables faster feedback within your local workflow. Environment variables enable test filtering, test sharding, dynamic software version selection, and granular configuration of your test environment. You can pass simple key-value pairs to our test scheduling APIs, which are then configured as environment variables on the test host during runtime. This eliminates the need to maintain multiple test specification yaml files for different test scenarios and simplifies CI/CD pipelines by enabling dynamic test environment configuration. Additionally, Device Farm test hosts can now assume IAM roles to connect with other AWS services, enabling workflows such as uploading artifacts to Amazon S3 and logging test output to Amazon CloudWatch. Both environment variables and IAM roles can be persisted at the project level, reducing the maintenance overhead of passing them to each run. These features complement our existing server-side execution capabilities, giving you the scale, customizability and controls needed to run secure enterprise-grade workloads. Together, they help you author, debug, and test your mobile apps faster, whether working from your IDE, AWS Console, or other environments. To learn more, see Appium Testing, Accessing other AWS resources, and Environment variables in the AWS Device Farm Developer Guide.

e are pleased to announce the Developer Preview release of the Amazon S3 Transfer Manager for Swift —a high-level file and directory transfer utility for Amazon Simple Storage Service (Amazon S3) built with the AWS SDK for Swift.

Event-driven applications often need to process data in real-time. When you use AWS Lambda to process records from Apache Kafka topics, you frequently encounter two typical requirements: you need to process very high volumes of records in close to real-time, and you want your consumers to have the ability to scale rapidly to handle traffic spikes. Achieving both necessitates understanding how Lambda consumes Kafka streams, where the potential bottlenecks are, and how to optimize configurations for high throughput and best performance.

Amazon EC2 Image Builder now supports automatic versioning for recipes and automatic build version incrementing for components, reducing the overhead of managing versions manually. This enables you to increment versions automatically and dynamically reference the latest compatible versions in your pipelines without manual updates. With automatic versioning, you no longer need to manually track and increment version numbers when creating new versions of your recipes. You can simply place a single 'x' placeholder in any position of the version number, and Image Builder detects the latest existing version and automatically increments that position. For components, Image Builder automatically increments the build version when you create a component with the same name and semantic version. When referencing resources in your configurations, wildcard patterns automatically resolve to the highest available version matching the specified pattern, ensuring your pipelines always use the latest versions. Auto-versioning is available in all AWS regions including AWS China (Beijing) Region, operated by Sinnet, AWS China (Ningxia) Region, operated by NWCD, and AWS GovCloud (US) Regions. You can get started from the EC2 Image Builder Console, CLI, API, CloudFormation, or CDK. Refer to documentation to learn more about recipes, components and semantic versioning.

Today, we announced Amazon API Gateway REST API’s support for private integration with Application Load Balancers (ALBs). You can use this new capability to securely expose your VPC-based applications through your REST APIs without exposing your ALBs to the public internet.

AWS announces the launch of natural language test Q&A generation for Automated Reasoning checks in Amazon Bedrock Guardrails. Automated Reasoning checks uses formal verification techniques to validate the accuracy and policy compliance of outputs from generative AI models. Automated Reasoning checks deliver up to 99% accuracy at detecting correct responses from LLMs, giving you provable assurance in detecting AI hallucinations while also assisting with ambiguity detection in model responses. To get started with Automated Reasoning checks, customers create and test Automated Reasoning policies using natural language documents and sample Q&As. Automated Reasoning checks generates up to N test Q&As for each policy using content from the input document, reducing the work required to go from initial policy generation to production-ready, refined policy. Test generation for Automated Reasoning checks is now available in the US (N. Virginia), US (Ohio), US (Oregon), Europe (Frankfurt), Europe (Ireland), and Europe (Paris) Regions. Customers can access the service through the Amazon Bedrock console, as well as the Amazon Bedrock Python SDK. To learn more about Automated Reasoning checks and how you can integrate it into your generative AI workflows, please read the Amazon Bedrock documentation, review the tutorials on the AWS AI blog, and visit the Bedrock Guardrails webpage.

AWS IoT Core now supports a SET clause in IoT rules-SQL, which lets you set and reuse variables across SQL statements. This new feature provides a simpler SQL experience and ensures consistent content when variables are used multiple times. Additionally, a new get_or_default() function provides improved failure handling by returning default values while encountering data encoding or external dependency issues, ensuring IoT rules continue execution successfully. AWS IoT Core is a fully managed service that securely connects millions of IoT devices to the AWS cloud. Rules for AWS IoT is a component of AWS IoT Core which enables you to filter, process, and decode IoT device data using SQL-like statements, and route the data to 20+ AWS and third-party services. As you define an IoT rule, these new capabilities help you eliminate complicated SQL statements and make it easy for you to manage IoT rules-SQL failures. These new features are available in all AWS Regions where AWS IoT Core is available, including AWS GovCloud (US) and Amazon China Regions. For more information and getting started experience, visit the developer guides on SET clause and get_or_default() function.

Amazon Connect now allows agents to send follow-up replies to email contacts, making it easier to share additional information or continue assisting customers without starting a new thread. This capability preserves the full conversation history, helping agents maintain context and deliver consistent, seamless support. Amazon Connect Email is available in the US East (N. Virginia), US West (Oregon), Africa (Cape Town), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), and Europe (London) regions. To learn more and get started, please refer to the help documentation, pricing page, or visit the Amazon Connect website.

Amazon Connect now provides you with the ability to monitor which contacts are queued for callback. This feature enables you to search for contacts queued for callback and view additional details such as the customer’s phone number and duration of being queued within the Connect UI and APIs. You can now pro-actively route contacts to agents that are at risk of exceeding the callback timelines communicated to customers. Businesses can also identify customers that have already successfully connected with agents, and clear them from the callback queue to remove duplicative work. This feature is available in all regions where Amazon Connect is offered. To learn more, please visit our documentation and our webpage.

Amazon EMR 7.12 is now available featuring the new Apache Iceberg v3 table format with Apache Iceberg 1.10. This release enables you to reduce costs when deleting data, strengthen governance and compliance through better tracking for row level changes, and enhance data security with more granular data access control. With Iceberg v3, you can delete data cost-effectively because Iceberg v3 marks deleted rows without rewriting entire files - speeding up your data pipelines while reducing storage costs. You get better governance and compliance capabilities through automatic tracking of every row’s creation and modification history, creating the audit trails needed for regulatory requirements and change data capture. You can enhance data security with table-level encryption, helping you meet privacy regulations for your most sensitive data. With Apache Spark 3.5.6 included in this release, you can leverage these Iceberg 1.10 capabilities for building robust data lakehouse architectures on Amazon S3. This release also includes support for data governance operations across your Iceberg tables using AWS Lake Formation. In addition, this release also includes Apache Trino 476. Amazon EMR 7.12 is available in all AWS Regions that support Amazon EMR. To learn more about Amazon EMR 7.12 release, visit the Amazon EMR 7.12 release documentation.

Today, we're excited to announce the addition of Web Bot Auth (WBA) support in AWS WAF, providing a secure and standardized way to authenticate legitimate AI agents and automated tools accessing web applications. Web Bot Auth is an authentication method that leverages cryptographic signatures in HTTP messages to verify that a request comes from an automated bot. Web Bot Auth is used as a verification method for verified bots and signed agents. It relies on two active IETF drafts: a directory draft allowing the crawler to share their public keys, and a protocol draft defining how these keys should be used to attach crawler's identity to HTTP requests. AWS WAF now automatically allows verified AI agent traffic. Verified WBA bots will now be automatically allowed by default. Previously, Category AI blocked unverified bots; this behavior is now refined to respect WBA verification. To learn more, please review the documentation. There is no additional cost for using this feature, however standard AWS WAF charges still apply. For details, visit the AWS WAF Pricing page. This feature is currently available only for AWS WAF customers protecting Amazon CloudFront distributions.

Second-generation AWS Outposts racks are now supported in the AWS Asia Pacific (Tokyo) Region. Outposts racks extend AWS infrastructure, AWS services, APIs, and tools to virtually any on-premises data center or colocation space for a truly consistent hybrid experience. Organizations from startups to enterprises and the public sector in and outside of Japan can now order their Outposts racks connected to this new supported region, optimizing for their latency and data residency needs. Outposts allows customers to run workloads that need low latency access to on-premises systems locally while connecting back to their home Region for application management. Customers can also use Outposts and AWS services to manage and process data that needs to remain on-premises to meet data residency requirements. This regional expansion provides additional flexibility in the AWS Regions that customers’ Outposts can connect to. To learn more about second-generation Outposts racks, read this blog post and user guide. For the most updated list of countries and territories and the AWS Regions where second-generation Outposts racks are supported, check out the Outposts rack FAQs page.

Amazon Aurora DSQL now supports a maximum storage limit of 256 TiB, doubling the previous limit of 128 TiB. Now, customers can store and manage larger datasets within a single database cluster, simplifying data management for large-scale applications. With Aurora DSQL, customers only pay for the storage they use and storage automatically scales with usage, ensuring that customers do not need to provision storage upfront. All Aurora DSQL clusters by default have a storage limit of 10 TiB. Customers that desire clusters with higher storage limits can request a limit increase using either the Service Quotas console or AWS CLI. Visit the Service Quotas documentation for a step-by-step guide to requesting a quota increase. The increased storage limits are available in all Regions where Aurora DSQL is available. Get started with Aurora DSQL for free with the AWS Free Tier. To learn more about Aurora DSQL, visit the webpage and documentation.

AWS announces general availability of Flexible Cost Allocation on AWS Transit Gateway, enhancing how you can distribute Transit Gateway costs across your organization. Previously, Transit Gateway only used a sender-pay model, where the source attachment account owner was responsible for all data usage related costs. The new Flexible Cost Allocation (FCA) feature provides more versatile cost allocation options through a central metering policy. Using FCA metering policy, you can choose to allocate all of your Transit Gateway data processing and data transfer usage to the source attachment account, the destination attachment account, or the central Transit Gateway account. FCA metering policies can be configured at an attachment-level or individual flow-level granularity. FCA also supports middle-box deployment models enabling you to allocate data processing usage on middle-box appliances such as AWS Network Firewall to the original source or destination attachment owners. This flexibility allows you to implement multiple cost allocation models on a single Transit Gateway, accommodating various chargeback scenarios within your AWS network infrastructure. Flexible Cost Allocation is available in all commercial AWS Regions where Transit Gateway is available. You can enable these features using the AWS Management Console, AWS Command Line Interface (CLI) and the AWS Software Development Kit (SDK). There is no additional charge for using FCA on Transit Gateway. For more information, see the Transit Gateway documentation pages.

Amazon Athena now gives you control over Data Processing Unit (DPU) usage for queries running on Capacity Reservations. You can now configure DPU settings at the workgroup or query level to balance cost efficiency, concurrency, and query-level performance needs. Capacity Reservations provides dedicated serverless processing capacity for your Athena queries. Capacity is measured in DPUs, and queries consume DPUs based on their complexity. Now you can set explicit DPU values for each query—ensuring small queries use only what they need while guaranteeing critical queries get sufficient resources for fast execution. The Athena console and API now return per-query DPU usage, helping you understand DPU usage and determine your capacity needs. These updates help you control per-query capacity usage, control query concurrency, reduce costs by eliminating over-provisioning, and deliver consistent performance for business-critical workloads. Cost and performance controls are available today in AWS Regions where Capacity Reservations is supported. To learn more, see Control capacity usage in the Athena user guide.

This blog will guide you through setting up and using Cluster Insights, including key features and metrics. By the conclusion, you'll understand how to use Cluster insights to recognize and address performance and resiliency issues within your OpenSearch Service clusters.

AWS announces VPC encryption controls, a new capability that helps organizations audit and enforce encryption in transit for all traffic within and across VPCs in a Region, simplifying compliance with regulatory frameworks like HIPAA, PCI DSS, and FedRAMP through automated monitoring and enforcement modes.

AWS Security Incident Response now provides agentic AI-powered investigation capabilities to help you prepare for, respond to, and recover from security events faster and more effectively. The new investigative agent automatically gathers evidence across multiple AWS data sources, correlates the data, then presents findings for you in clear, actionable summaries. This helps you reduce the time required to investigate and respond to potential security events, thereby minimizing business disruption. When a security event case is created in the Security Incident Response console, the investigative agent immediately assesses the case details to identify missing information, such as potential indicators, resource names, and timeframes. It asks the case submitter clarifying questions to gather these details. This proactive approach helps minimize delays from back-and-forth communications that traditionally extend case resolution times. The investigative agent then collects relevant information from various data sources, such as AWS CloudTrail, AWS Identity and Access Management (IAM), Amazon EC2, and AWS Cost Explorer. It automatically correlates this data to provide you with a comprehensive analysis, reducing the need for manual evidence gathering and enabling faster investigation. Security teams can track all investigation activities directly through the AWS console and view summaries in their preferred integration tools. This feature is automatically enabled for all Security Incident Response customers at no additional cost in all AWS Regions where the service is available. To learn more and get started, visit the Security Incident Response overview page and console.

AWS Cost Anomaly Detection now features an improved detection algorithm that enables faster identification of unusual spending patterns. The enhanced algorithm analyzes your AWS spend using rolling 24-hour windows, comparing current costs against equivalent time periods from previous days each time AWS receives updated cost and usage data. The enhanced algorithm addresses two common challenges in cost pattern analysis. First, it removes the delay in anomaly detection caused by comparing incomplete calendar-day costs against historical daily totals. The rolling window always compares full 24-hour periods, enabling faster identification of unusual patterns. Second, it provides more accurate comparisons by evaluating costs against similar times of day, accounting for workloads that have different morning and evening usage patterns. These improvements help reduce false positives while enabling faster, more accurate anomaly detection. This enhancement to AWS Cost Anomaly Detection is available in all AWS Regions, except the AWS GovCloud (US) Regions and the China Regions. To learn more about this new feature, AWS Cost Anomaly Detection, and how to reduce your risk of spend surprises, visit the AWS Cost Anomaly Detection product page and getting started guide.

The AWS Transfer Family Terraform module now supports deploying Transfer Family endpoints with a custom identity provider (IdP) for authentication and access control. This allows you to automate and streamline the deployment of Transfer Family servers integrated with your existing identity providers. AWS Transfer Family provides fully-managed file transfers over SFTP, AS2, FTPS, FTP, and web browser-based interfaces for AWS storage services. Using this new module, you can now use Terraform to provision Transfer Family server resources using your custom authentication systems, eliminating manual configurations and enabling repeatable deployments that scale with your business needs. The module is built on the open source Custom IdP solution which provides standardized integration with widely-used identity providers and includes built-in security controls such as multi-factor authentication, audit logging, and per-user IP allowlisting. To help you get started, the Terraform module includes an end-to-end example using Amazon Cognito user pools.  Customers can get started by using the new module from the Terraform Registry. To learn more about the Transfer Family Custom IdP solution, visit the user guide. To see all the regions where Transfer Family is available, visit the AWS Region table.

Amazon SageMaker introduces one-click onboarding of existing AWS datasets to Amazon SageMaker Unified Studio. This helps AWS customers to start working with their data in minutes, using their existing AWS Identity and Access Management (IAM) roles and permissions. Customers can start working with any data they have access to using a new serverless notebook with a built-in AI agent. This new notebook, which supports SQL, Python, Spark or natural language, gives data engineers, analysts, and data scientists a single high-performance interface to develop and run both SQL queries and code. Customers also have access to many other existing tools such as a Query Editor for SQL analysis, JupyterLab IDE, Visual ETL and workflows, and machine learning (ML) capabilities. The ML capabilities include the ability to discover foundation models from a centralized model hub, customize them with sample notebooks, use MLflow for experimentation, publish trained models in the model hub for discovery, and deploy them as inference endpoints for prediction. Customers can start directly from Amazon SageMaker, Amazon Athena, Amazon Redshift, and Amazon S3 Tables console pages, giving them a fast path from their existing tools and data to the simple experience in SageMaker Unified Studio. After clicking ‘Get started’ and specifying an IAM role, SageMaker prompts for specific policy updates and then automatically creates a project in SageMaker Unified Studio. The project is set up with all existing data permissions from AWS Glue Data Catalog, AWS Lake Formation, and Amazon S3, and a notebook and serverless compute are pre-configured to accelerate first use. To get started, simply click "Get Started" from the SageMaker console or open SageMaker Unified Studio from Amazon Athena, Amazon Redshift, or Amazon S3 Tables. One-click onboarding of existing datasets is available in all Regions where Amazon SageMaker Unified Studio is supported. To learn more read the AWS News Blog or visit the Amazon SageMaker documentation.

Amazon SageMaker introduces a built-in AI agent that accelerates the development of data analytics and machine learning (ML) applications. SageMaker Data Agent is available in the new notebook experience in Amazon SageMaker Unified Studio and helps data engineers, analysts, and data scientists who spend significant time on manual setup tasks and boilerplate code when building analytics and ML applications. The agent generates code and execution plans from natural language prompts and integrates with data catalogs and business metadata to streamline the development process. SageMaker Data Agent works within the new notebook experience to break down complex analytics and ML tasks into manageable steps. Customers can describe objectives in natural language and the agent creates a detailed execution plan and generates the required SQL and Python code. The agent maintains awareness of the notebook context, including available data sources and catalog information, accelerating common tasks including data transformation, statistical analysis, and model development. To get started, log in to Amazon SageMaker and click on “Notebooks” on the left navigation. Amazon SageMaker Data Agent is available in all Regions where Amazon SageMaker Unified Studio is supported. To learn more, read the AWS News Blog or visit the Amazon SageMaker documentation.

AWS License Manager now provides centralized software asset management across AWS regions and accounts in an organization, reducing compliance risks and streamlines license tracking through automated license asset groups. Customers can now track license expiry dates, streamline audit responses, and make data-driven renewal decisions with a product-centric view of their commercial software portfolio. With this launch, customers no longer need to manually track licenses across multiple regions and accounts in their organization. Now with license asset groups, customers can gain organization-wide visibility of their commercial software usage with customizable grouping and automated reporting. The new feature is available in all commercial regions where AWS License Manager is available. To get started, visit the Licenses section of the AWS License Manager console, and the AWS License Manager User Guide.

AWS launches VPC Encryption Controls to make it easy to audit and enforce encryption in transit within and across Amazon Virtual Private Clouds (VPC), and demonstrate compliance with encryption standards. You can turn it on your existing VPCs to monitor encryption status of traffic flows and identify VPC resources that are unintentionally allowing plaintext traffic. This feature also makes it easy to enforce encryption across different network paths by automatically (and transparently) turning on hardware-based AES-256 encryption on traffic between multiple VPC resources including AWS Fargate, Network Load Balancers, and Application Load Balancers. To meet stringent compliance standards like HIPAA and PCI DSS, customers rely on both application layer encryption and the hardware-based encryption that AWS offers across different network paths. AWS provides hardware-based AES-256 encryption transparently between modern EC2 Nitro instances. AWS also encrypts all network traffic between AWS data centers in and across Availability Zones, and AWS Regions before the traffic leaves our secure facilities. All inter-region traffic that uses VPC Peering, Transit Gateway Peering, or AWS Cloud WAN receives an additional layer of transparent encryption before leaving AWS data centers. Prior to this release, customers had to track and confirm encryption across all network paths. With VPC Encryption Controls, customers can now monitor, enforce and demonstrate encryption within and across Virtual Private Clouds (VPCs) in just a few clicks. Your information security team can turn it on centrally to maintain a secure and compliant environment, and generate audit logs for compliance and reporting. VPC Encryption Controls is now available in the following AWS Commercial regions: US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Europe (Ireland), Europe (Frankfurt), Europe (London), Europe (Paris), Europe (Milan), Europe (Zurich), Europe (Stockholm), Asia Pacific (Sydney), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Melbourne), Asia Pacific (Hong Kong), Asia Pacific (Osaka), Asia Pacific (Mumbai), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Canada West (Calgary), Canada (Central), Middle East (UAE), Middle East (Bahrain), Africa (Cape Town) and South America (São Paulo). To learn more about this feature and its use cases, please see our documentation.

AWS CloudFormation StackSets offers deployment ordering for auto-deployment mode, enabling you to define the sequence in which your stack instances automatically deploy across accounts and regions. This capability allows you to coordinate complex multi-stack deployments where foundational infrastructure must be provisioned before dependent application components. Organizations managing large-scale deployments can now ensure proper deployment ordering without manual intervention. When creating or updating a CloudFormation StackSet, you can specify up to 10 dependencies per stack instances using the new DependsOn parameter in the AutoDeployment configuration, allowing StackSets to automatically orchestrate deployments based on your defined relationships. For example, you can make sure that your networking and security stack instance complete deployment before your application stack instances begin, preventing deployment failures due to missing dependencies. StackSets includes built-in cycle detection to prevent circular dependencies and provides error messages to help resolve configuration issues. This feature is available in all AWS Regions where CloudFormation StackSets is available at no additional cost. Get started by creating or updating your StackSets auto-deployement option through the CLI, SDK or the CloudFormation Console to define dependencies using stack instances ARNs. To learn more about StackSets deployment ordering, check out the detailed feature walkthrough on the AWS DevOps Blog or visit the AWS CloudFormation User Guide.

Today, AWS announces the general availability of the AWS Secrets Store CSI Driver provider EKS add-on. This new integration allows customers to retrieve secrets from AWS Secrets Manager and parameters from AWS Systems Manager Parameter Store and mount them as files on their Kubernetes clusters running on Amazon Elastic Kubernetes Service (Amazon EKS). The add-on installs and manages the AWS provider for the Secrets Store CSI Driver. Now, with the new Amazon EKS add-on, customers can quickly and easily set up new and existing clusters using automation to leverage AWS Secrets Manager and AWS Systems Manager Parameter Store, enhancing security and simplifying secrets management. Amazon EKS add-ons are curated extensions that automate the installation, configuration, and lifecycle management of operational software for Kubernetes clusters, simplifying the process of maintaining cluster functionality and security. Customers rely on AWS Secrets Manager to securely store and manage secrets such as database credentials and API keys throughout their lifecycle. To learn more about Secrets Manager, visit the documentation. For a list of regions where Secrets Manager is available, see the AWS Region table. To get started with Secrets Manager, visit the Secrets Manager home page. This new Amazon EKS add-on is available in all AWS commercial and AWS GovCloud (US) Regions. To get started, see the following resources: Amazon EKS add-ons user guide AWS Secrets Manager user guide

Today, AWS Control Tower announces support for an additional 279 managed Config rules in Control Catalog for various use cases such as security, cost, durability, and operations. With this launch, you can now search, discover, enable and manage these additional rules directly from AWS Control Tower and govern more use cases for your multi-account environment. AWS Control Tower also supports seven new compliance frameworks in Control Catalog. In addition to existing frameworks, most controls are now mapped to ACSC-Essential-Eight-Nov-2022, ACSC-ISM-02-Mar-2023, AWS-WAF-v10, CCCS-Medium-Cloud-Control-May-2019, CIS-AWS-Benchmark-v1.2, CIS-AWS-Benchmark-v1.3, CIS-v7.1 To get started, go to the Control Catalog and search for controls with the implementation filter AWS Config to view all AWS Config rules in the Catalog. You can enable relevant rules directly using the AWS Control Tower console or the ListControls, GetControl and EnableControl APIs. We've also enhanced control relationship mapping, helping you understand how different controls work together. The updated ListControlMappings API now reveals important relationships between controls - showing which ones complement each other, are alternatives, or are mutually exclusive. For instance, you can now easily identify when a Config Rule (detection) and a Service Control Policy (prevention) can work together for comprehensive security coverage. These new features are available in AWS Regions where AWS Control Tower is available, including AWS GovCloud (US). Reference the list of supported regions for each Config rule to see where it can be enabled. To learn more, visit the AWS Control Tower User Guide.

Amazon CloudWatch Database Insights now supports cross-account and cross-region database fleet monitoring, enabling centralized observability across your entire AWS database infrastructure. This enhancement allows DevOps engineers and database administrators to monitor, troubleshoot, and optimize databases spanning multiple AWS accounts and regions from a single unified console experience. With this new capability, organizations can gain holistic visibility into their distributed database environments without account or regional boundaries. Teams can now correlate performance issues across their entire database fleet, streamline incident response workflows, and maintain consistent monitoring standards across complex multi-account architectures, significantly reducing operational overhead and improving mean time to resolution. This feature is available in all AWS commercial regions where CloudWatch Database Insights is supported. To learn more about cross-account and cross-region monitoring in CloudWatch Database Insights, as well as instructions to get started monitoring your databases across your entire organization and regions, visit the CloudWatch Database Insights documentation.

Amazon OpenSearch Service, expands availability of OR2 and OM2, OpenSearch Optimized Instance family to 11 additional regions. The OR2 instance delivers up to 26% higher indexing throughput compared to previous OR1 instances and 70% over R7g instances. The OM2 instance delivers up to 15% higher indexing throughput compared to OR1 instances and 66% over M7g instances in internal benchmarks. The OpenSearch Optimized instances, leveraging best-in-class cloud technologies like Amazon S3, to provide high durability, and improved price-performance for higher indexing throughput better for indexing heavy workload. Each OpenSearch Optimized instance is provisioned with compute, local instance storage for caching, and remote Amazon S3-based managed storage. OR2 and OM2 offers pay-as-you-go pricing and reserved instances, with a simple hourly rate for the instance, local instance storage, as well as the managed storage provisioned. OR2 instances come in sizes ‘medium’ through ‘16xlarge’, and offer compute, memory, and storage flexibility. OM2 instances come in sizes ‘large’ through ‘16xlarge’ Please refer to the Amazon OpenSearch Service pricing page for pricing details. OR2 instance family is now available on Amazon OpenSearch Service across 11 additional regions globally: US West (N. California), Canada (Central),  Asia Pacific (Hong Kong, Jakarta , Malaysia, Melbourne, Osaka , Seoul, Singapore), Europe (London), and South America (Sao Paulo).  OM2 instance family is now available on Amazon OpenSearch Service across 14 additional regions globally: US West (N. California), Canada (Central), Asia Pacific (Hong Kong, Hyderabad, Mumbai, Osaka, Seoul, Singapore, Sydney, Tokyo), Europe ( Paris, Spain), Middle East (Bahrain), South America (Sao Paulo).

Amazon ECR now supports managed container image signing to enhance your security posture and eliminate the operational overhead of setting up signing. Container image signing allows you to verify that images are from trusted sources. With managed signing, ECR simplifies setting up container image signing to just a few clicks in the ECR Console or a single API call. To get started, create a signing rule with an AWS Signer signing profile that specifies parameters such as signature validity period, and which repositories ECR should sign images for. Once configured, ECR automatically signs images as they are pushed using the identity of the entity pushing the image. ECR leverages AWS Signer for signing operations, which handles key material and certificate lifecycle management including generation, secure storage, and rotation. All signing operations are logged through CloudTrail for full auditability. ECR managed signing is available in all AWS Regions where AWS Signer is available. To learn more, visit the documentation.

Today, Amazon Elastic Kubernetes Service (EKS) and Amazon Elastic Container Service (ECS) announced fully managed MCP servers enabling AI powered experiences for development and operations in preview. MCP (Model Context Protocol) provides a standardized interface that enriches AI applications with real-time, contextual knowledge of EKS and ECS clusters, enabling more accurate and tailored guidance throughout the application lifecycle, from development through operations. With this launch, EKS and ECS now offer fully managed MCP servers hosted in the AWS cloud, eliminating the need for local installation and maintenance. The fully managed MCP servers provide enterprise-grade capabilities like automatic updates and patching, centralized security through AWS IAM integration, comprehensive audit logging via AWS CloudTrail, and the proven scalability, reliability, and support of AWS. The fully managed Amazon EKS and ECS MCP servers enable developers to easily configure AI coding assistants like Kiro CLI, Cursor, or Cline for guided development workflows, optimized code generation, and context-aware debugging. Operators gain access to a knowledge base of best practices and troubleshooting guidance derived from extensive operational experience managing clusters at scale. To learn more about the Amazon EKS MCP server preview, visit EKS MCP server documentation and launch blog post. To learn more about the Amazon ECS MCP server preview, visit ECS MCP server documentation and launch blog post.

Today, we are introducing automation rules, a new feature in AWS Compute Optimizer that enables you to optimize Amazon Elastic Block Store (EBS) volumes at scale. With automation rules, you can streamline the process of cleaning up unattached EBS volumes and upgrading volumes to the latest-generation volume types, saving cost and improving performance across your cloud infrastructure. Automation rules let you automatically apply optimization recommendations on a recurring schedule when they match your criteria. You can set criteria like AWS Region to target specific geographies and Resource Tags to distinguish between production and development workloads. Configure rules to run daily, weekly, or monthly, and AWS Compute Optimizer will continuously evaluate new recommendations against your criteria. A new dashboard allows you to summarize automation events over time, examine detailed step history, and estimate savings achieved. If you need to reverse an action, you can do so directly from the same dashboard. AWS Compute Optimizer automation rules are available in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), and South America (São Paulo). To get started, navigate to the new Automation section in the AWS Compute Optimizer console, visit the AWS Compute Optimizer user guide documentation, or read the announcement blog to learn more.

Today, AWS Organizations announces support for upgrade rollout policy, a new capability that helps customers stagger automatic upgrades across their Amazon Aurora (MySQL-Compatible Edition and PostgreSQL-Compatible Edition) and Amazon Relational Database Service (Amazon RDS) including RDS for MySQL, RDS for PostgreSQL, RDS for MariaDB, RDS for SQL Server, RDS for Oracle, and RDS for Db2 databases. This capability eliminates the operational overhead of coordinating automatic minor version upgrades either manually or through custom tools across hundreds of resources and accounts, while giving customers peace of mind by ensuring upgrades are first tested in less critical environments before being rolled out to production. With upgrade rollout policy, you can define upgrade sequences using simple orders (first, second, last) applied through account-level policies or resource tags. When new minor versions become eligible for automatic upgrade, the policy ensures upgrades start with development environments, allowing you to validate changes before proceeding to more critical environments. AWS Health notifications between phases and built-in validation periods help you monitor progress and ensure stability throughout the upgrade process. You can also disable automatic progression at any time if issues are detected, giving you complete control over the upgrade journey. This feature is available in all AWS commercial Regions and AWS GovCloud (US) Regions, supporting automatic minor version upgrades for Amazon Aurora and Amazon RDS database engines. You can manage upgrade policies using the AWS Management Console, AWS CLI, AWS SDKs, AWS CloudFormation, or AWS CDK. For Amazon RDS for Oracle, the upgrade rollout policy supports automatic minor version upgrades for engine versions released after January 2026. To learn more about automatic minor version upgrades, see the Amazon RDS and Aurora user guide. For more information about upgrade rollout policy, see Managing organization policies with AWS Organizations (Upgrade rollout policy).

Today, Amazon Elastic Kubernetes Service (EKS) introduced Provisioned Control Plane, a new feature that gives you the ability to select your cluster's control plane capacity to ensure predictable, high performance for the most demanding workloads. With Provisioned Control Plane, you can pre-provision the desired control plane capacity from a set of well-defined scaling tiers, ensuring the control plane is always ready to handle traffic spikes or unpredictable bursts. These new scaling tiers unlock significantly higher cluster performance and scalability, allowing you to run ultra-scale workloads in a single cluster. Provisioned Control Plane ensures your cluster's control plane is ready to support workloads that require minimal latency and high performance during anticipated high-demand events like product launches, holiday sales, or major sporting and entertainment events. It also ensures consistent control plane performance across development, staging, production, and disaster recovery environments, so the behavior you observe during testing accurately reflects what you'll experience in production or during failover events. Finally, it enables you to run massive-scale workloads such as AI training/inference, high-performance computing, or large-scale data processing jobs that require thousands of worker nodes in a single cluster. To get started with Amazon EKS Provisioned Control Plane, use the EKS APIs, AWS Console, or infrastructure as code tooling to enable it in a new or existing EKS cluster. To learn more about EKS Provisioned Control Plane , visit the EKS Provisioned Control plane documentation and EKS pricing page.

Amazon SageMaker introduces a new notebook experience that provides data and AI teams a high-performance, serverless programming environment for analytics and machine learning (ML) jobs. This helps customers quickly get started working with data without pre-provisioning data processing infrastructure. The new notebook gives data engineers, analysts, and data scientists one place to perform SQL queries, execute Python code, process large-scale data jobs, run ML workloads and create visualizations. A built-in AI agent accelerates development by generating code and SQL statements from natural language prompts while it guides users through their tasks. The notebook is backed by Amazon Athena for Apache Spark to deliver high-performance results, scaling from interactive SQL queries to petabyte-scale data processing. It’s available in the new one-click onboarding experience for Amazon SageMaker Unified Studio. Data engineers, analysts, and data scientists can flexibly combine SQL, Python, and natural language within a single interactive workspace. This removes the need to switch between different tools based on your workload. For example, you can start with SQL queries to explore your data, use Python for advanced analytics or to build ML models, or use natural language prompts to generate code automatically using the built-in AI agent. To get started, sign in to the console, find SageMaker, open SageMaker Unified Studio, and go to "Notebooks" in the navigation. You can use the SageMaker notebook feature in the following Regions where Amazon SageMaker Unified Studio is supported. To learn more, read the AWS News Blog or see SageMaker documentation.

Amazon SageMaker HyperPod now supports IDEs and Notebooks, enabling AI developers to run JupyterLab, Code Editor, or connect local IDEs to run their interactive AI workloads directly on HyperPod clusters. The release allows AI developers to run IDEs and notebooks on the same persistent HyperPod EKS clusters used for training and inference. Developers can leverage HyperPod's scalable GPU capacity with familiar tools like HyperPod CLI, while sharing data across IDEs and training jobs through mounted file systems such as FSx and EFS. The solution supports running multiple IDEs on the same GPU-instance, as well as on a single-GPU, by leveraging Multi-Instance GPU (MIG) support on HyperPod. Administrators can maximize CPU/GPU investments through unified governance across IDEs, training, and inference workloads using HyperPod Task Governance. HyperPod Observability provides comprehensive usage metrics including CPU, GPU, and memory consumption, enabling administrators to optimize cluster utilization and manage costs effectively. This feature is available in all AWS Regions where Amazon SageMaker HyperPod is currently available, excluding China and GovCloud (US) regions. To learn more, visit our documentation.

Amazon CloudWatch Container Insights now supports collection of GPU metrics at sub-minute frequencies for AI and ML workloads running on Amazon EKS. Customers can configure the metric sample rate in seconds, enabling more granular monitoring of GPU resource utilization. This enhancement enables customers to effectively monitor GPU-intensive workloads that run for less than 60 seconds, such as ML inference jobs that consume GPU resources for short durations. By increasing the sampling frequency, customers can maintain detailed visibility into short-lived GPU workloads. Sub-minute GPU metrics are sent to CloudWatch once per minute. This granular monitoring helps customers optimize their GPU resource utilization, troubleshoot performance issues, and ensure efficient operation of their containerized GPU applications. Sub-Minute GPU metrics in Container Insights is available in all AWS Commercial Regions and the AWS GovCloud (US) Regions. To learn more about Sub-Minute GPU metrics in Container Insights, visit the NVIDIA GPU metrics page in the Amazon CloudWatch User Guide. Sub-Minute GPU metrics in Container Insights are available for no addition cost. For Container Insights pricing, see the Amazon CloudWatch Pricing Page.

AWS Control Tower offers the easiest way to manage and govern your environment with AWS managed controls. Starting today, customers can have direct access to these AWS managed controls without requiring a full Control Tower deployment. This new experience offers over 750 managed controls that customers can deploy within minutes while maintaining their existing account structure. AWS Control Tower v4.0 introduces direct access to Control Catalog, allowing customers to review available managed controls and deploy them into their existing AWS Organization. With this release, customers now have more flexibility and autonomy over their organizational structure, as Control Tower will no longer enforce a mandatory structure. Additionally, customers will have improved operations such as cleaner resource and permissions management and cost attribution due to the separation of S3 buckets and SNS notifications for the AWS Config and AWS CloudTrail integrations. This controls-focused experience is now available in all AWS Regions where AWS Control Tower is supported. For more information about this new capability see the AWS Control Tower User Guide or contact your AWS account team. For a full list of Regions where AWS Control Tower is available, see the AWS Region Table.

Amazon EC2 Fleet now supports a new encryption attribute for Attribute-Based Instance Type Selection (ABIS). Customers can use the RequireEncryptionInTransit parameter to specifically launch instance types that support encryption-in-transit, in addition to specifying resource requirements like vCPU cores and memory. The new encryption attribute addresses critical compliance needs for customers who use VPC Encryption Controls in enforced mode and require all network traffic to be encrypted in transit. By combining encryption requirements with other instance attributes in ABIS, customers can achieve instance type diversification for better capacity fulfillment while meeting their security needs. Additionally, the GetInstanceTypesFromInstanceRequirements (GITFIR) allows you to preview which instance types you might be allocated based on your specified encryption requirements. This feature is available in all AWS commercial and AWS GovCloud (US) Regions. To get started, set the RequireEncryptionInTransit parameter to true in InstanceRequirements when calling the CreateFleet or GITFIR APIs. For more information, refer to the user guides for EC2 Fleet and GITFIR.

Amazon EC2 Image Builder now allows you to distribute existing Amazon Machine Images(AMIs), retry distributions, and define custom distribution workflows. Distribution workflows are a new workflow type that complements existing build and test workflows, enabling you to define sequential distribution steps such as AMI copy operations, wait-for-action checkpoints, and AMI attribute modifications. With enhanced distribution capabilities, you can now distribute an existing image to multiple regions and accounts without running a full Image Builder pipeline. Simply specify your AMI and distribution configuration, and Image Builder handles the copying and sharing process. Additionally, with distribution workflows, you can now customize distribution process by defining custom steps. For example, you can distribute AMIs to a test region first, add a wait-for-action step to pause for validation, and then continue distribution to production regions after approval. This provides the same step-level visibility and control you have with build and test workflows. These capabilities are available to all customers at no additional costs, in all AWS regions including AWS China (Beijing) Region, operated by Sinnet, AWS China (Ningxia) Region, operated by NWCD, and AWS GovCloud (US) Regions. You can get started from the EC2 Image Builder Console, CLI, API, CloudFormation, or CDK, and learn more in the EC2 Image Builder documentation.

AWS Glue zero-ETL integrations now support AWS CloudFormation and AWS Cloud Development Kit (AWS CDK), through which you can create Zero-ETL integrations using infrastructure as code. Zero-ETL integrations are fully managed by AWS and minimize the need to build ETL data pipelines. Using AWS Glue zero-ETL, you can ingest data from AWS DynamoDB or enterprise SaaS sources, including Salesforce, ServiceNow, SAP, and Zendesk, into Amazon Redshift, Amazon S3, and Amazon S3 Tables. CloudFormation and CDK support for these Glue zero-ETL integrations simplifies the way you can create, update, and manage zero-ETL integrations using infrastructure as code. With CloudFormation and CDK support, data engineering teams can now consistently deploy any zero-ETL integration across multiple AWS accounts while maintaining version control of their configurations. This feature is available in all AWS Regions where AWS Glue zero-ETL is currently available. To get started with the new AWS Glue zero-ETL infrastructure as code capabilities, visit the CloudFormation documentation for AWS Glue, CDK documentation, or the AWS Glue zero-ETL user guide.

Amazon Lightsail now offers a new Nginx blueprint. This new blueprint has Instance Metadata Service Version 2 (IMDSv2) enforced by default, and supports IPv6-only instances. With just a few clicks, you can create a Lightsail virtual private server (VPS) of your preferred size that comes with Nginx preinstalled. With Lightsail, you can easily get started on the cloud by choosing a blueprint and an instance bundle to build your web application. Lightsail instance bundles include instances preinstalled with your preferred operating system, storage, and monthly data transfer allowance, giving you everything you need to get up and running quickly This new blueprint is now available in all AWS Regions where Lightsail is available. For more information on blueprints supported on Lightsail, see Lightsail documentation. For more information on pricing, or to get started with your free trial, click here.

Oracle Database@AWS is now integrated with AWS Key Management Service (KMS) to manage database encryption keys. KMS is an AWS managed service to create and control keys used to encrypt and sign data. With this integration, customers can now use KMS to encrypt Oracle Transparent Data Encryption (TDE) master keys in Oracle Database@AWS. This provides customers a consistent mechanism to create and control keys used for encrypting data in AWS, and meet security and compliance requirements. Thousands of customers use KMS to manage keys for encrypting their data in AWS. KMS provides robust key management and control through central policies and granular access, comprehensive logging and auditing via AWS CloudTrail, and automatic key rotation for enhanced security. By using KMS to encrypt Oracle TDE master keys, customers can get the same benefits for database encryption keys for Oracle Database@AWS, and apply consistent auditing and compliance procedures for data in AWS. AWS KMS integration with TDE is available in all AWS regions where Oracle Database@AWS are available. Other than standard AWS KMS pricing, there is no additional Oracle Database@AWS charge for the feature. To get started, see Oracle Database@AWS and documentation to use KMS.

Amazon Bedrock Data Automation (BDA) now supports synchronous API processing for images, enabling you to receive structured insights from visual content with low latency. Synchronous processing for images complements the existing asynchronous API, giving you the flexibility to choose the right approach based on your application's latency requirements. BDA automates the generation of insights from unstructured multimodal content such as documents, images, audio, and videos for your GenAI-powered applications. With synchronous image processing, you can build interactive experiences—such as social media platforms that moderate user-uploaded photos, e-commerce apps that identify products from customer images, or travel applications that recognize landmarks and provide contextual information. This eliminates polling or callback handling, simplifying your application architecture and reducing development complexity. Synchronous processing supports both Standard Output for common image analysis tasks like summarization and text extraction, and Custom Output using Blueprints for industry-specific field extraction. You now get the high-quality, structured results you expect from BDA with low-latency response times that enable more responsive user experiences. Amazon Bedrock Data Automation is available in 8 AWS regions: Europe (Frankfurt), Europe (London), Europe (Ireland), Asia Pacific (Mumbai), Asia Pacific (Sydney), US West (Oregon) and US East (N. Virginia), and AWS GovCloud (US-West) AWS Regions. To learn more, see the Bedrock Data Automation User Guide and the Amazon Bedrock Pricing page. To get started with using Bedrock Data Automation, visit the Amazon Bedrock console.

AWS Application Load Balancers (ALB) and Network Load Balancers (NLB) now support post-quantum key exchange options for the Transport Layer Security (TLS) protocol. This opt-in feature introduces new TLS security policies with hybrid post-quantum key agreement, combining classical key exchange algorithms with post-quantum key encapsulation methods, including the standardized Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) algorithm. Post-quantum TLS (PQ-TLS) security policies protect your data in transit against potential "Harvest Now, Decrypt Later" (HNDL) attacks, where adversaries collect encrypted data today with the intention to decrypt it once quantum computing capabilities mature. This quantum-resistant encryption ensures long-term security for your applications and data transmissions, future-proofing your infrastructure against emerging quantum computing threats. This feature is available for ALB and NLB in all AWS Commercial Regions, AWS GovCloud (US) Regions and AWS China Regions at no additional cost. To use this capability, you must explicitly update your existing ALB HTTPS listeners or NLB TLS listeners to use a PQ-TLS security policy, or select a PQ-TLS policy when creating new listeners through the AWS Management Console, CLI, API or SDK. You can monitor the use of classical or quantum-safe key exchange using ALB connection logs or NLB access logs. For more information, please visit ALB User Guide, NLB User Guide, and AWS Post-Quantum Cryptography documentation.

Amazon Lex now supports wait & continue functionality in 10 new languages, enabling more natural conversational experiences in Chinese, Japanese, Korean, Cantonese, Spanish, French, Italian, Portuguese, Catalan, and German. This feature allows deterministic voice and chat bots to pause while customers gather additional information, then seamlessly resume when ready. For example, when asked for payment details, customers can say "hold on a second" to retrieve their credit card, and the bot will wait before continuing. This feature is available in all AWS Regions where Amazon Lex operates. To learn more, visit the Amazon Lex documentation or explore the Amazon Connect website to learn how Amazon Connect and Amazon Lex deliver seamless end-customer self-service experiences.

Amazon Elastic Container Registry (ECR) announces AWS PrivateLink support for its dual-stack endpoints. This makes it easier to standardize on IPv6 and enhance your security posture. Previously, ECR announced IPv6 support for API and Docker/OCI requests via the new dual-stack endpoints. With these dual-stack endpoints, you can make requests from either an IPv4 or an IPv6 network. With today’s launch, you can now make requests to these dual-stack endpoints using AWS PrivateLink to limit all network traffic between your Amazon Virtual Private Cloud (VPC) and ECR to the Amazon network, thereby improving your security posture. This feature is generally available in all AWS commercial and AWS GovCloud (US) regions at no additional cost. To get started, visit ECR documentation.

Amazon WorkSpaces Applications now supports IPv6 for WorkSpaces Applications domains and external endpoints, allowing end users to connect to WorkSpaces Applications over IPv6 from IPv6 compatible devices (except SAML authentication). This helps you meet IPv6 compliance requirements and eliminates the need for expensive networking equipment to handle address translation between IPv4 and IPv6. The Internet's growth is consuming IPv4 addresses quickly. WorkSpaces Applications, by supporting IPv6, assists customers in streamlining their network architecture. This support offers a much larger address space and removes the necessity to manage overlapping address spaces in their VPCs. Customers can now base their applications on IPv6, ensuring their infrastructure is future-ready and compatible with existing IPv4 systems via a fallback mechanism. This feature is available at no additional cost in 16 AWS Regions, including US East (N. Virginia, Ohio), US West (Oregon), Canada (Central), Europe (Paris, Frankfurt, London, Ireland), Asia Pacific (Tokyo, Mumbai, Sydney, Seoul, Singapore), and South America (Sao Paulo) and AWS GovCloud (US-West, US-East). WorkSpaces Applications offers pay-as-you go pricing. To get started with WorkSpaces Applications, see Getting Started with Amazon WorkSpaces Applications. To enable this feature for your users, you must use the latest WorkSpaces Applications client for Windows, macOS or directly through web access. To learn more about the feature, please refer to the service documentation.

Modern generative AI applications often need to stream large language model (LLM) outputs to users in real-time. Instead of waiting for a complete response, streaming delivers partial results as they become available, which significantly improves the user experience for chat interfaces and long-running AI tasks. This post compares three serverless approaches to handle Amazon Bedrock LLM streaming on Amazon Web Services (AWS), which helps you choose the best fit for your application.

AWS introduces Attribute-Based Access Control (ABAC) for S3 general purpose buckets, enabling administrators to automatically manage permissions through tag-based policies that match tags between users, roles, and buckets—eliminating the need to constantly update IAM policies as organizations scale.

Amazon SageMaker Catalog now supports metadata enforcement rules for glossary terms classification (tagging) at the asset level. With this capability, administrators can require that assets include specific business terms or classifications. Data producers must apply required glossary terms or classifications before an asset can be published. In this post, we show how to enforce business glossary classification rules in SageMaker Catalog.

Amazon SageMaker Catalog now supports custom metadata forms and rich text descriptions at the column level, extending existing curation capabilities for business names, descriptions, and glossary term classifications. Column-level context is essential for understanding and trusting data. This release helps organizations improve data discoverability, collaboration, and governance by letting metadata stewards document columns using structured and formatted information that aligns with internal standards. In this post, we show how to enhance data discovery in SageMaker Catalog with custom metadata forms and rich text documentation at the schema level.

Today, AWS is announcing tenant isolation for AWS Lambda, enabling you to process function invocations in separate execution environments for each end-user or tenant invoking your Lambda function. This capability simplifies building secure multi-tenant SaaS applications by managing tenant-level compute environment isolation and request routing, allowing you to focus on core business logic rather than implementing tenant-aware compute environment isolation.

In this post, we will show how you can use the new portal feature to create customizable portals with enhanced security features in minutes, with APIs from multiple accounts, without managing any infrastructure.

In this post, we'll explore a reference architecture that helps enterprises govern their Amazon Bedrock implementations using Amazon API Gateway. This pattern enables key capabilities like authorization controls, usage quotas, and real-time response streaming. We'll examine the architecture, provide deployment steps, and discuss potential enhancements to help you implement AI governance at scale.

In this post, you learn how to integrate SageMaker Unified Studio with S3 Tables and query your data using Amazon Athena, Amazon Redshift, or Apache Spark in EMR and AWS Glue.

Today, AWS announced support for response streaming in Amazon API Gateway to significantly improve the responsiveness of your REST APIs by progressively streaming response payloads back to the client. With this new capability, you can use streamed responses to enhance user experience when building LLM-driven applications (such as AI agents and chatbots), improve time-to-first-byte (TTFB) performance for web and mobile applications, stream large files, and perform long-running operations while reporting incremental progress using protocols such as server-sent events (SSE).

Amazon Elastic Cloud Compute (Amazon EC2) instances with locally attached NVMe storage can provide the performance needed for workloads demanding ultra-low latency and high I/O throughput. High-performance workloads, from high-frequency trading applications and in-memory databases to real-time analytics engines and AI/ML inference, need comprehensive performance tracking. Operating system tools like iostat and sar provide valuable system-level insights, and Amazon CloudWatch offers important disk IOPs and throughput measurements, but high-performance workloads can benefit from even more detailed visibility into instance store performance.

At re:Invent 2025, we introduce one new lens and two significant updates to the AWS Well-Architected Lenses specifically focused on AI workloads: the Responsible AI Lens, the Machine Learning (ML) Lens, and the Generative AI Lens. Together, these lenses provide comprehensive guidance for organizations at different stages of their AI journey, whether you're just starting to experiment with machine learning or already deploying complex AI applications at scale.

We are delighted to announce an update to the AWS Well-Architected Generative AI Lens. This update features several new sections of the Well-Architected Generative AI Lens, including new best practices, advanced scenario guidance, and improved preambles on responsible AI, data architecture, and agentic workflows.

We are excited to announce the updated AWS Well-Architected Machine Learning Lens, now enhanced with the latest capabilities and best practices for building machine learning (ML) workloads on AWS.

AWS Lambda introduces tenant isolation mode, enabling separate execution environments for each tenant within a single function to meet strict security requirements without managing dedicated per-tenant infrastructure.

Amazon SageMaker Catalog now offers column-level metadata forms and enforced glossary requirements, enabling organizations to improve data classification, discoverability, and governance through standardized business metadata.

AWS Control Tower now offers Control Only Experience, enabling faster governance setup for established multi-account environments by providing access to AWS managed controls without requiring a full landing zone implementation.

AWS Billing Transfer enables customers to centrally manage and pay bills across multiple AWS organizations by allowing billing administrators to transfer payment responsibility while maintaining individual security and governance autonomy over their accounts.

Amazon EKS introduces Container Network Observability, providing enhanced visibility into Kubernetes workload traffic and performance insights to help teams monitor and troubleshoot microservice environments.

In this post, we walk you through a practical solution for secure, efficient cross-account data sharing and analysis. You’ll learn how to set up cross-account access to S3 Tables using federated catalogs in Amazon SageMaker, perform unified queries across accounts with Amazon Athena in Amazon SageMaker Unified Studio, and implement fine-grained access controls at the column level using AWS Lake Formation.

Amazon Bedrock introduces three service tiers—Priority, Standard, and Flex—allowing you to optimize AI workload costs by matching performance requirements with pricing for different application needs.

Amazon announces the general availability of EC2 P6-B300 instances, powered by NVIDIA Blackwell Ultra GPUs, which deliver 2x networking bandwidth and 1.5x GPU memory than previous generations, making them well suited for training and serving large-scale AI models with trillion parameters across distributed GPU clusters

AWS Lambda now supports Python 3.14 as both a managed runtime and container base image. Python is a popular language for building serverless applications. Developers can now take advantage of new features and enhancements when creating serverless applications on Lambda.

Today, AWS announced Amazon Managed Workflows for Apache Airflow (MWAA) Serverless. This is a new deployment option for MWAA that eliminates the operational overhead of managing Apache Airflow environments while optimizing costs through serverless scaling. In this post, we demonstrate how to use MWAA Serverless to build and deploy scalable workflow automation solutions.

The weeks before AWS re:Invent, my team is full steam ahead preparing content for the conference. I can’t wait to meet you at one of my three talks: CMP346 : Supercharge AI/ML on Apple Silicon with EC2 Mac, CMP344: Speed up Apple application builds with CI/CD on EC2 Mac, and DEV416: Develop your AI Agents […]

Today, AWS Lambda is promoting Rust support from Experimental to Generally Available. This means you can now use Rust to build business-critical serverless applications, backed by AWS Support and the Lambda availability SLA.

You can now develop AWS Lambda functions using Java 25 either as a managed runtime or using the container base image. This blog post highlights notable Java language features, Java Lambda runtime updates, and how you can use the new Java 25 runtime in your serverless applications.

AWS Lambda's new provisioned mode for Amazon SQS event source mapping offers dedicated polling resources that provide 3x faster scaling and 10x higher concurrency, enabling lower latency processing, better handling of traffic spikes, and greater control over event processing resources.

It’s that time of year again — AWS re:Invent is here! At re:Invent, bold ideas come to life. Get a front-row seat to hear inspiring stories from AWS experts, customers, and leaders as they explore today’s most impactful topics, from data analytics to AI. For all the data enthusiasts and professionals, we’ve curated a comprehensive […]

This is a guest post by Umesh Dangat, Senior Principal Engineer for Distributed Services and Systems at Yelp, and Toby Cole, Principle Engineer for Data Processing at Yelp, in partnership with AWS. Yelp processes massive amounts of user data daily—over 300 million business reviews, 100,000 photo uploads, and countless check-ins. Maintaining sub-minute data freshness with […]

From December 1st to December 5th, Amazon Web Services (AWS) will hold its annual premier learning event: re:Invent. There are over 2000+ learning sessions that focus on specific topics at various skill levels, and the compute team have created 76 unique sessions for you to choose. There are many sessions you can choose from, and we are here to help you choose the sessions that best fit your needs. Even if you cannot join in person, you can catch-up with many of the sessions on-demand and even watch the keynote and innovation sessions live.

With AWS re:Invent approaching, we’re celebrating three exceptional AWS Heroes whose diverse journeys and commitment to knowledge sharing are empowering builders worldwide. From advancing women in tech and rural communities to bridging academic and industry expertise and pioneering enterprise AI solutions, these leaders exemplify the innovative spirit that drives our community forward. Their stories showcase […]

In this post, we show you how to use the Amazon OpenSearch Service Lens to evaluate your OpenSearch Service workloads against architectural best practices.

AWS Backup now supports Amazon EKS, providing a fully managed, centralized solution to back up and restore Kubernetes clusters and application data without requiring custom scripts or third-party tools.

This post examines the benefits of transitioning Lambda functions to IPv6, provides practical guidance for implementing dual-stack support in your Lambda environment, and considerations for maintaining compatibility with existing systems during migration.

This post was co-written with Frederic Haase and Julian Blau with BASF Digital Farming GmbH. At xarvio – BASF Digital Farming, our mission is to empower farmers around the world with cutting-edge digital agronomic decision-making tools. Central to this mission is our crop optimization platform, xarvio FIELD MANAGER, which delivers actionable insights through a range […]

Version 2.0 of the AWS Deploy Tool for .NET is now available. This new major version introduces several foundational upgrades to improve the deployment experience for .NET applications on AWS. The tool comes with new minimum runtime requirements. We have upgraded it to require .NET 8 because the predecessor, .NET 6, is now out of […]

The global real-time payments market is experiencing significant growth. According to Fortune Business Insights, the market was valued at USD 24.91 billion in 2024 and is projected to grow to USD 284.49 billion by 2032, with a CAGR of 35.4%. Similarly, Grand View Research reports that the global mobile payment market, valued at USD 88.50 […]

Generative AI agents in production environments demand resilience strategies that go beyond traditional software patterns. AI agents make autonomous decisions, consume substantial computational resources, and interact with external systems in unpredictable ways. These characteristics create failure modes that conventional resilience approaches might not address. This post presents a framework for AI agent resilience risk analysis […]

The AWS SDK for Java 1.x (v1) entered maintenance mode on July 31, 2024, and will reach end-of-support on December 31, 2025. We recommend that you migrate to the AWS SDK for Java 2.x (v2) to access new features, enhanced performance, and continued support from AWS. To help you migrate efficiently, we’ve created a migration […]

In this post, we explore how Metagenomi built a scalable database and search solution for over 1 billion protein vectors using LanceDB and Amazon S3. The solution enables rapid enzyme discovery by transforming proteins into vector embeddings and implementing a serverless architecture that combines AWS Lambda, AWS Step Functions, and Amazon S3 for efficient nearest neighbor searches.

In this post, we explore an efficient approach to managing encryption keys in a multi-tenant SaaS environment through centralization, addressing challenges like key proliferation, rising costs, and operational complexity across multiple AWS accounts and services. We demonstrate how implementing a centralized key management strategy using a single AWS KMS key per tenant can maintain security and compliance while reducing operational overhead as organizations scale.

This two-part series shows how Karrot developed a new feature platform, which consists of three main components: feature serving, a stream ingestion pipeline, and a batch ingestion pipeline. This post starts by presenting our motivation, our requirements, and the solution architecture, focusing on feature serving.

This two-part series shows how Karrot developed a new feature platform, which consists of three main components: feature serving, a stream ingestion pipeline, and a batch ingestion pipeline. This post covers the process of collecting features in real-time and batch ingestion into an online store, and the technical approaches for stable operation.

In this post, we demonstrate how to deploy the DeepSeek-R1-Distill-Qwen-32B model using AWS DLCs for vLLMs on Amazon EKS, showcasing how these purpose-built containers simplify deployment of this powerful open source inference engine. This solution can help you solve the complex infrastructure challenges of deploying LLMs while maintaining performance and cost-efficiency.

As cloud spending continues to surge, organizations must focus on strategic cloud optimization to maximize business value. This blog post explores key insights from MIT Technology Review's publication on cloud optimization, highlighting the importance of viewing optimization as a continuous process that encompasses all six AWS Well-Architected pillars.

In this post, you’ll learn how Zapier has built their serverless architecture focusing on three key aspects: using Lambda functions to build isolated Zaps, operating over a hundred thousand Lambda functions through Zapier's control plane infrastructure, and enhancing security posture while reducing maintenance efforts by introducing automated function upgrades and cleanup workflows into their platform architecture.

In this post, we show you how to implement comprehensive monitoring for Amazon Elastic Kubernetes Service (Amazon EKS) workloads using AWS managed services. This solution demonstrates building an EKS platform that combines flexible compute options with enterprise-grade observability using AWS native services and OpenTelemetry.

The AWS SDK for Java 2.x introduces the Apache 5 SDK HTTP client which is built on Apache HttpClient 5.5.x. This new SDK HTTP client is available alongside our existing SDK HTTP clients: Apache HttpClient 4.5.x, Netty, URL Connection, and AWS CRT HttpClient. To differentiate the use of Apache HttpClient 4.5.x and Apache HttpClient 5.5.x, […]

Today, we are excited to announce the general availability of the AWS .NET Distributed Cache Provider for Amazon DynamoDB. This is a seamless, serverless caching solution that enables .NET developers to efficiently manage their caching needs across distributed systems. Consistent caching is a difficult problem in distributed architectures, where maintaining data integrity and performance across […]

This blog was co-authored by Afroz Mohammed and Jonathan Nunn, Software Developers on the AWS PowerShell team. We’re excited to announce the general availability of the AWS Tools for PowerShell version 5, a major update that brings new features and improvements in security, along with a few breaking changes. New Features You can now cancel […]

Software development is far more than just writing code. In reality, a developer spends a large amount of time maintaining existing applications and fixing bugs. For example, migrating a Go application from the older AWS SDK for Go v1 to the newer v2 can be a significant undertaking, but it’s a crucial step to future-proof […]

We’re excited to announce that the AWS Deploy Tool for .NET now supports deploying .NET applications to select ARM-based compute platforms on AWS! Whether you’re deploying from Visual Studio or using the .NET CLI, you can now target cost-effective ARM infrastructure like AWS Graviton with the same streamlined experience you’re used to. Why deploy to […]

Version 4.0 of the AWS SDK for .NET has been released for general availability (GA). V4 has been in development for a little over a year in our SDK’s public GitHub repository with 13 previews being released. This new version contains performance improvements, consistency with other AWS SDKs, and bug and usability fixes that required […]

Today, AWS launches the developer preview of the AWS IoT Device SDK for Swift. The IoT Device SDK for Swift empowers Swift developers to create IoT applications for Linux and Apple macOS, iOS, and tvOS platforms using the MQTT 5 protocol. The SDK supports Swift 5.10+ and is designed to help developers easily integrate with […]

Effective June 2, 2025, AWS SDK for Ruby Version 3 will no longer support following end-of-life (EOL) Ruby runtime versions: Ruby 2.5 (EOL began on 2021-04-05) Ruby 2.6 (EOL began on 2022-04-12) To ensure your applications and services remain secure, we strongly encourage you to upgrade to Ruby 2.7 or later. Moving forward, AWS SDK […]

We are excited to announce the Developer Preview of the Amazon S3 Transfer Manager for Rust, a high-level utility that speeds up and simplifies uploads and downloads with Amazon Simple Storage Service (Amazon S3). Using this new library, developers can efficiently transfer data between Amazon S3 and various sources, including files, in-memory buffers, memory streams, […]

In Part 1 of our blog posts for .NET Aspire and AWS Lambda, we showed you how .NET Aspire can be used for running and debugging .NET Lambda functions. In this part, Part 2, we’ll show you how to take advantage of the .NET Aspire programming model for best practices and for connecting dependent resources […]

In a recent post we gave some background on .NET Aspire and introduced our AWS integrations with .NET Aspire that integrate AWS into the .NET dev inner loop for building applications. The integrations included how to provision application resources with AWS CloudFormation or AWS Cloud Development Kit (AWS CDK) and using Amazon DynamoDB local for […]

.NET Aspire is a new way of building cloud-ready applications. In particular, it provides an orchestration for local environments in which to run, connect, and debug the components of distributed applications. Those components can be .NET projects, databases, containers, or executables. .NET Aspire is designed to have integrations with common components used in distributed applications. […]

AWS announces important configuration updates coming July 31st, 2025, affecting AWS SDKs and CLIs default settings. Two key changes include switching the AWS Security Token Service (STS) endpoint to regional and updating the default retry strategy to standard. These updates aim to improve service availability and reliability by implementing regional endpoints to reduce cross-regional dependencies and introducing token-bucket throttling for standardized retry behavior. Organizations should test their applications before the release date and can opt-in early or temporarily opt-out of these changes. These updates align with AWS best practices for optimal service performance and security.