AWS AI News Hub

Amazon CloudWatch now supports ingesting AWS Security Hub CSPM findings, enabling customers to centrally analyze and monitor security findings directly in CloudWatch Logs. Security Hub CSPM findings are supported in AWS Security Finding Format (ASFF) and Open Cybersecurity Schema Framework (OCSF) format using CloudWatch Pipelines, providing standardized security data ingestion. Customers can now use CloudWatch Logs Insights to query findings, create metric filters for monitoring, and leverage Amazon S3 Tables integration for advanced analytics, helping security teams identify and respond to threats faster across their AWS environment. With today's launch, customers can automatically enable Security Hub findings delivery to CloudWatch Logs using CloudWatch enablement rules that apply to the entire organization or specific accounts, to standardize security monitoring coverage. For example, a security team can create an enablement rule to automatically send Security Hub findings to CloudWatch Logs for all production accounts, ensuring consistent visibility into security posture. Security Hub findings to CloudWatch logs are available in all AWS commercial regions. Security Hub findings are charged as tiered pricing when delivered to CloudWatch Logs. For pricing information, see the CloudWatch pricing page. To learn more about Security Hub findings in CloudWatch Logs and organization-level enablement, visit the Amazon CloudWatch documentation..

In this post, we introduce Amazon Bedrock AgentCore Evaluations, a fully managed service for assessing AI agent performance across the development lifecycle. We walk through how the service measures agent accuracy across multiple quality dimensions. We explain the two evaluation approaches for development and production and share practical guidance for building agents you can deploy with confidence.

AWS launches the AWS Sustainability console, a free, standalone service that shows customers their environmental impact associated with their AWS usage. Expanding on the features from the Customer Carbon Footprint Tool (CCFT) in the AWS Billing console, this new service addresses a critical access barrier by enabling sustainability professionals to view carbon emissions data without requiring billing permissions. Organizations can now ensure the right teams have access to the environmental data. Like the CCFT, the AWS Sustainability console provides customers their estimated carbon emissions from using AWS, calculated using both market-based (MBM) and location-based (LBM) methods and available by AWS Region, service, and emissions scope (1, 2, 3). The console also delivers additional capabilities including improved customizable visualizations, the ability to set which month your fiscal year starts, customizable CSV reports, and API/SDK access for seamless integration of emissions data into existing reporting workflows. The AWS Sustainability service is now available in the US East (N. Virginia) region and provides carbon emissions data for all AWS commercial regions. Access the service globally through the AWS Management Console.

Amazon OpenSearch Service now offers agentic AI capabilities that enable engineering and support teams to analyze log data through an agentic conversational interface. These agentic AI features help simplify log querying and accelerate incident investigations by allowing teams to interact with data using natural language, plan and initiate autonomous root cause analysis, and persist conversation as they navigate through their Observability workspace in OpenSearch UI. This launch introduces three key capabilities available at no additional cost (token-based usage limits apply). Agentic chat enables you to ask questions in natural language to analyze data, generate and iterate Piped Processing Language (PPL) queries in Discover, and analyze visualizations for insights. When deeper root cause analysis is needed, you can trigger the investigation agent to autonomously and iteratively plan for the investigation, execute queries, reflect on results, and then deliver structured root cause hypotheses ranked by likelihood with full transparency into its reasoning. With agent memory, you can seamlessly continue your conversation across different feature pages or in a new web session. You can use the agentic AI features in the following AWS Regions: Asia Pacific (Tokyo), Asia Pacific (Sydney), Europe (Frankfurt), Europe (Stockholm), Europe (Spain), Europe (Ireland), US East (N. Virginia), US East (Ohio), and US West (Oregon). To learn more, see Agentic AI in Amazon OpenSearch Service. For more information about Amazon OpenSearch Service, see the Amazon OpenSearch Service product page.

You can now deploy AWS IAM Identity Center in the AWS European Sovereign Cloud (Germany) Region. The AWS European Sovereign Cloud is a new independent cloud for Europe entirely located within the European Union (EU), designed to help customers meet their evolving sovereignty requirements. IAM Identity Center is the recommended service for managing workforce access to AWS applications. It enables you to connect your existing source of workforce identities once and to offer your users a single sign-on experience across the AWS European Sovereign Cloud. It powers the personalized experiences provided by AWS applications, and the ability to define and audit user-aware access to data in AWS services. It can also help you manage access to multiple AWS accounts from a central place. IAM Identity Center is available at no additional cost. To learn more about IAM Identity Center, visit the product detail page. To get started, see the IAM Identity Center user guide.

Amazon Managed Service for Apache Flink now supports Apache Flink version 2.2. This is a major upgrade that brings runtime improvements such as Java 17 support, RocksDB 8.10.0 for better I/O performance, and serialization enhancements. Additionally, Dataset API and Scala APIs are now deprecated. You can create a new application on Apache Flink 2.2 or use in-place version upgrades to adopt the Flink 2.2 runtime for a simpler and faster upgrade to compatible applications. Amazon Managed Service for Apache Flink makes it easier to transform and analyze streaming data in real time across various use cases, including real-time analytics, anomaly detection, and complex event processing. Amazon Managed Service for Apache Flink simplifies the setup, operation, and scaling of Apache Flink applications, allowing developers and data engineers to focus on building and running their streaming applications without managing the underlying infrastructure. Apache Flink 2.2 is available across AWS regions where Amazon Managed Service for Apache Flink is offered. You can learn more about Apache Flink 2.2 in Amazon Managed Service for Apache Flink in our documentation.

Amazon SageMaker Unified Studio adds Observability for jobs, it now displays Amazon CloudWatch metrics for AWS Glue jobs directly alongside job logs in a single, unified interface. This enhancement adds observability to SageMaker Unified Studio, enabling data engineers and ETL developers to streamline their troubleshooting processes. With this feature, teams can diagnose performance issues faster by correlating resource utilization patterns—including DPU utilization, memory consumption, CPU load, and data movement size—directly with job log output. Specific use cases include identifying compute bottlenecks, detecting memory pressure or out-of-memory conditions, optimizing resource allocation, and monitoring data pipeline performance at scale. By consolidating metrics and logs into one workspace, organizations can significantly reduce mean time to resolution (MTTR) for ETL pipeline issues and improve overall operational efficiency. This feature is available in all AWS Regions where Amazon SageMaker Unified Studio is generally available. To access CloudWatch metrics, navigate to any Glue job in SageMaker Unified Studio, open a previous job run, and select the Metrics tab to view comprehensive performance data. To learn more about Amazon SageMaker Unified Studio and this new capability, visit the SageMaker Unified Studio page and see the documentation.

AWS Organizations now returns the complete organizational path for accounts and organizational units (OUs) directly in API responses, eliminating the need for multiple API calls to traverse organizational hierarchies. Previously, understanding where accounts and organizational units (OUs) are positioned within your organization structure required multiple API calls. This enhancement is particularly valuable for enterprise customers managing large, complex AWS Organizations with deeply nested OU structures. With this launch, APIs including DescribeAccount, ListAccounts, DescribeOrganizationalUnit, and others now include the full path from organization to root to the target entity (e.g., o-{orgId}/r-{rootId}/ou-{ouId}/{accountId}) in a single call. This eliminates time-consuming multiple API calls for org path determination and reduces operational overhead when analyzing service control policy impacts, assessing permissions boundaries, or evaluating account movements across complex organizational hierarchies. Cloud architects, security teams, and operations teams can now troubleshoot faster and build more effective automation, including large language model (LLM) powered tools that require complete organizational context for accurate guidance. The organization path is now available in all commercial AWS Regions and the AWS GovCloud (US) Regions. To learn more, visit the To learn more, visit the AWS Organizations API documentation.

Today, AWS Deadline Cloud introduces three powerful new fleet scaling options that give you greater flexibility in managing your render farm capacity and performance: worker idle duration, standby worker count, and scale out rate. AWS Deadline Cloud is a fully managed service that helps creative teams efficiently manage and scale their rendering workloads in the cloud. These new options give you direct control over balancing rendering speed and efficiency. Configurable worker idle duration allows you to specify how long workers remain available after completing a job, eliminating wait times between job submissions and speeding up artist’s iteration workflow. Standby worker count maintains a pool of pre-warmed, idle workers that are immediately available at job submission so your renders start right away. Scale out rate lets you configure how quickly your fleet scales, up to 500 workers per minute, giving you the control you need to match your infrastructure needs. These flexible scaling controls are now available in AWS Deadline Cloud. To learn more, visit the AWS Deadline Cloud documentation.

AWS Marketplace now offers sellers a streamlined self-service process for refunds and agreement cancellations, reducing the time and effort required to process these requests. This new capability eliminates the need to file support tickets, and gives both sellers and buyers full visibility into the latest status of each request. Buyers can now review and approve cancellation requests directly from the AWS Marketplace console, and see refunds reflected on their charge summary for easier reconciliation. Additionally, Know Your Customer (KYC) verification is now only triggered for invoices that require compliance validation, so sellers can process refunds for KYC-exempt invoices without unnecessary verification delays. With this launch, sellers can request refunds or cancellations from the Agreements page in the seller portal or programmatically through the AWS Marketplace Agreement APIs. These requests are pre-populated with agreement and invoice data and processed automatically. Sellers can then track every request from submission through completion. Billing adjustments are processed automatically without requiring buyer approval, allowing sellers to refund charges on paid invoices or reduce outstanding balances on unpaid invoices. For agreement cancellations, sellers submit a request and share an approval link directly with the buyer, who has seven days to respond before the cancellation proceeds automatically. All parties receive email and Amazon EventBridge notifications for every status change, enabling integration with their operational workflows. For Channel Partner Private Offer agreements, the channel partner initiates the refund or cancellation request, and the Independent Software Vendor (ISV) receives notifications for visibility. Seller self-service refunds and agreement cancellations are available in all commercial AWS Regions where AWS Marketplace is supported. To learn more, see Refunds and cancellations in the AWS Marketplace Seller Guide. For information about responding to seller-initiated cancellation requests and tracking refunds, see Refunds and cancellations in the AWS Marketplace Buyer Guide.

In this blog post, we take a building blocks approach. Starting with the tools like AWS Backup to protect your data, we then add protection for Amazon Elastic Compute Cloud (Amazon EC2) compute using AWS Elastic Disaster Recovery (AWS DRS). Finally, we show how to use the full capabilities of AWS to restore your entire workload—data, infrastructure, networking, and configuration, using Arpio disaster recovery automation.

In this post, you learn how to build a FinOps agent using Amazon Bedrock AgentCore that helps your finance team manage AWS costs across multiple accounts. This conversational agent consolidates data from AWS Cost Explorer, AWS Budgets, and AWS Compute Optimizer into a single interface, so your team can ask questions like "What are my top cost drivers this month?" and receive immediate answers.

In this post, we show you how to build a similar system for your organization. You will learn the architecture decisions, implementation details, and deployment process that can help you automate your own compliance workflows.

In this post, we demonstrate how to implement agentic QA automation through QA Studio, a reference solution built with Amazon Nova Act. You will see how to define tests in natural language that adapt automatically to UI changes, explore the serverless architecture that executes tests reliably at scale, and get step-by-step deployment guidance for your AWS environment.

Amazon S3 Vectors is now available in 17 additional AWS Regions: Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Asia Pacific (New Zealand), Asia Pacific (Osaka), Asia Pacific (Taipei), Asia Pacific (Thailand), Canada West (Calgary), Europe (Milan), Europe (Spain), Europe (Zurich), Mexico (Central), South America (Sao Paulo), and US West (N. California). Amazon S3 Vectors is the first cloud object storage with native support for storing and querying vectors. It delivers purpose-built, cost-optimized vector storage for AI agents, inference, Retrieval Augmented Generation (RAG), and semantic search at billion-vector scale. S3 Vectors is designed to provide the same elasticity, durability, and availability as Amazon S3. With a dedicated set of APIs, you can store and query up to two billion vectors per vector index and elastically scale to 10,000 vector indexes per vector bucket without provisioning any infrastructure. Infrequent queries return results in under one second, with frequent queries resulting in latencies as low as 100 milliseconds. S3 Vectors is natively integrated with Amazon Bedrock Knowledge Bases so you can reduce the cost of using large vector datasets for RAG. With this expansion, S3 Vectors is now available in 31 AWS Regions. For pricing details, visit the S3 pricing page. To learn more, visit the product page and documentation.

Businesses want to send one-time passcodes (OTPs) because they are often the easiest and fastest way for customers to verify who they are. However, businesses are often surprised when it takes weeks or months to get phone numbers, complete carrier registrations, and set up sender IDs. Today, AWS announces AWS End User Messaging Notify to change all of this. Within minutes, a developer can use phone numbers and sender IDs owned by AWS to power their OTP use case and start sending right away. With Notify, you set up a configuration with your brand name, turn on SMS, voice, or both, and begin sending OTP messages to over 200 countries using ready-to-use templates. You can customize your brand name, code format, and how long a code stays valid. Every API call includes built-in SMS fraud protection through AWS End User Messaging SMS Protect at no extra cost, catching and blocking suspicious traffic before messages incur costs. Spend limits give you another layer of protection by pausing delivery if your account hits its set threshold. AWS End User Messaging Notify is available in all AWS Regions where AWS End User Messaging is available. To get started, visit the AWS End User Notify user guide.

We’re announcing availability changes to the following AWS services and features. Services moving to Maintenance Services moving to maintenance will no longer be accessible to new customers starting April 30, 2026. Customers already using these services and features can continue to do so. AWS will continue to operate and support these services and features. We recommend that customers learn about the changes in the product pages and documentation. Amazon Application Recovery Controller (ARC) - Readiness Check Feature Amazon Comprehend - Topic Modeling, Event Detection, and Prompt Safety Classification Features Amazon Rekognition - Streaming Events and Batch Image Content Moderation Features Amazon Simple Notification Service (SNS) - Message Data Protection (MDP) Feature AWS App Runner AWS Audit Manager AWS CloudTrail Lake AWS Glue - Ray Jobs Feature AWS IoT FleetWise Services entering Sunset The following services are entering sunset, and we are announcing the date upon which we will end operations and support of the service. Customers using these services should click on the links below to understand the sunset timeline and begin planning migration to alternatives as recommended in the updated service web pages and documentation. Amazon RDS Custom for Oracle Amazon WorkMail Amazon WorkSpaces Thin Client AWS Service Management Connector Services reaching End of Support The following feature has reached end of support and is no longer available as of March 31, 2026. Amazon Chime SDK – Proxy Sessions For customers affected by these changes, we've prepared comprehensive migration guides, and our support teams are ready to assist with your transition. Visit AWS Product Lifecycle Page to learn more, and subscribe to the RSS feed for future updates.

Amazon ECS Managed Instances now supports Amazon EC2 instance store volumes as a data volume option for container workloads. You can now leverage instance store volumes on your ECS container instances instead of provisioning an Amazon EBS data volume, reducing storage costs and accelerating I/O performance for latency-sensitive workloads. Amazon ECS Managed Instances is a fully managed compute option designed to eliminate infrastructure management overhead, dynamically scale EC2 instances to match your workload requirements, and continuously optimize task placement to reduce infrastructure costs. With today’s launch, you can enable local storage by configuring a custom ECS Managed Instances capacity provider and selecting the desired Amazon EC2 instance types that include instance store volumes. When an instance lacks instance store volumes or when local storage is disabled, Amazon ECS automatically provisions an Amazon EBS data volume. Support for instance store is available in all commercial AWS Regions where Amazon ECS Managed Instances is available. To learn more about local storage support, visit the documentation. To learn more about Amazon ECS Managed Instances, visit the feature page, documentation, and AWS News launch blog.

I'm excited to announce that AWS Security Agent on-demand penetration testing and AWS DevOps Agent are now generally available, representing a new class of AI capabilities we announced at re:Invent called frontier agents. These autonomous systems work independently to achieve goals, scale massively to tackle concurrent tasks, and run persistently for hours or days without constant human oversight. Together, these agents are changing the way we secure and operate software. In preview, customers and partners report that AWS Security Agent compresses penetration testing timelines from weeks to hours and the AWS DevOps Agent supports 3–5x faster incident resolution.

Amazon Bedrock AgentCore Evaluations is now generally available, providing automated quality assessment for AI agents. Evaluations enables developers to monitor agent quality through continuous evaluation of production traffic, validate changes through testing workflows, and measure agent performance against defined expectations. AgentCore Evaluations offers two evaluation types. Online evaluation continuously monitors agent performance in production by sampling and scoring live traces. On-demand evaluation enables teams to test agents programmatically, supporting regression testing in CI/CD pipelines and interactive development workflows. Teams can evaluate agents using 13 built-in evaluators for response quality, safety, task completion, and tool usage. Developers can also use Ground Truth to measure agent performance against expectations, including reference answers for response validation, behavioral assertions for session-level goals, and expected tool execution sequences. For domain-specific requirements, teams can configure custom evaluators using their choice of prompts and model for LLM-based evaluation, or implement custom logic in Python or JavaScript through Lambda-hosted functions for code-based evaluation. Evaluations integrates with AgentCore Observability for unified monitoring and real-time alerts. AgentCore Evaluations is available in nine AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland). Learn more about Amazon Bedrock AgentCore Evaluations through the documentation, and get started with the AgentCore Starter Toolkit

Today, AWS End User Messaging announces support for Rich Communication Services (RCS) for Business. Traditional SMS arrives from a generic phone number that customers may not recognize, making it harder for businesses to build trust. RCS solves this by delivering messages through the same messaging app your customers already use, with a verified business identity that displays your name and logo. AWS End User Messaging provides a scalable, cost-effective way to integrate RCS into your applications. Beyond common use cases like one-time passcodes, appointment reminders, and delivery notifications, RCS enables rich conversational experiences that can transform how customers interact with your brand. With RCS for Business, you can create and manage RCS agents (the resources used for RCS messaging) directly in the AWS End User Messaging console or through APIs. RCS includes automated SMS fallback, ensuring messages are delivered as SMS when a recipient's device doesn't support RCS with no additional logic required in your application. RCS integrates with AWS services the same way SMS does today. Events route to Amazon EventBridge, Amazon CloudWatch, or Amazon Data Firehose, and inbound messages are delivered via Amazon SNS to destinations like AWS Lambda or AI agents powered by Amazon Bedrock. This enables you to build bidirectional, AI-powered conversational experiences directly in your applications, transforming text messaging from a notification channel into an interactive experience. RCS for Business is available in all AWS Regions where AWS End User Messaging is available. To learn more, visit the AWS End User Messaging RCS User Guide. To get started, see the RCS quickstart guide to send and receive your first RCS test message in 5 minutes.

Traditional frameworks designed for static deployments cannot address the dynamic interactions that define agentic workloads. AI Risk Intelligence (AIRI), from AWS Generative AI Innovation Center, provides the automated rigor required to govern agents at enterprise scale—a fundamental reimagining of how security, operations, and governance work together systemically.

Now generally available, AWS DevOps Agent is your always-available operations teammate that resolves and proactively prevents incidents, optimizes application reliability and performance, and handles on-demand SRE tasks across AWS, multicloud, and on-prem environments. Building on the preview launch, DevOps Agent now adds new use cases, broader integrations, enhanced intelligence, and enterprise-ready features, including the ability to investigate applications in Azure and on-prem environments, add custom agent skills to extend capabilities, and create custom charts and reports for deeper operational insights. DevOps Agent investigates incidents and identifies operational improvements as an experienced teammate would: by learning your applications and their relationships, working with your observability tools, runbooks, code repositories, and CI/CD pipelines, and correlating telemetry, code, and deployment data. It autonomously triages incidents and guides teams to rapid resolution, reducing mean time to resolution (MTTR) from hours to minutes, while analyzing patterns across historical incidents to deliver actionable recommendations that prevent future outages. For the full list of AWS Regions where AWS DevOps Agent is available, visit the Regions list. Pricing details are available on the AWS DevOps Agent pricing page. AWS Support customers receive monthly DevOps Agent credits based on the prior month's gross AWS Support spend: 100% for Unified Operations, 75% for Enterprise Support, or 30% for Business Support+. For many customers, this significantly reduces or eliminates DevOps Agent costs. For details, visit the support compare page. If you are a preview customer, review the migration documentation to ensure seamless access to new AWS DevOps Agent capabilities. To learn more, read the launch blog and see getting started.

Amazon Connect now allows you to test and simulate chat experiences in just a few clicks, making it easy to validate self-service chat interactions, customer service workflows, and their outcomes. For each test, you can configure the test parameters including the channel as chat, customer attributes, the reason for the chat (such as "I need to check my order status"), the expected responses (such as "Your request has been processed"), and business conditions like after-hours scenarios or full queues. After executing tests, results show success or failure based on your defined criteria, along with the path taken by the simulated interaction and detailed logs to quickly diagnose potential issues. With this launch, you can run multiple tests simultaneously to validate your chat workflows at scale, reducing testing time. Companies can view test results and identify common failure patterns across all their tests in Connect's analytics dashboards. These capabilities enable you to confidently deploy new experiences and quickly adapt to your ever-changing business needs. To learn more about these features, see the Amazon Connect Administrator Guide. These features are available in all AWS regions where Amazon Connect is available. To learn more about Amazon Connect, AWS’s AI-native customer experience solution, please visit the Amazon Connect website.

Today, AWS announced the general availability of AWS Security Agent for on-demand penetration testing in six AWS Regions. AWS Security Agent delivers autonomous penetration testing that operates 24/7 at a fraction of the cost than manual penetration tests. This milestone transforms penetration testing from a periodic bottleneck into an on-demand capability that scales with your development velocity across AWS, Azure, GCP, other cloud-providers, and on-premises. With multicloud support, AWS Security Agent allows you to consolidate penetration testing across your entire infrastructure.  Previewed at re:Invent 2025, AWS Security Agent represents a new class of frontier agents that are autonomous systems that work independently to achieve goals, scale to tackle concurrent tasks, and run persistently without constant human oversight. It deploys specialized AI agents to help discover, validate, and report security vulnerabilities through sophisticated multi-step attack scenarios customized for each application. It provides detailed findings with CVSS risk scores, application-specific severity ratings, reproduction steps, and remediation suggestions.  AWS Security Agent is now available in US East (N. Virginia), US West (Oregon), Europe (Ireland), Europe (Frankfurt), Asia Pacific (Sydney), and Asia Pacific (Tokyo) regions.  New customers can explore AWS Security Agent with a 2-month free trial. For pricing and feature details, visit the AWS Security Agent pricing page. To learn more about AWS Security Agent, visit the product page and read the launch announcement. For technical details and to get started, see the AWS Security Agent documentation.

AWS Private Certificate Authority (AWS Private CA) now publishes certificate authority (CA) utilization metrics to Amazon CloudWatch, providing visibility into your CA usage. AWS Private CA enforces service quota limits on the number of certificates a CA can issue and the number of CAs you can create per Region. The new metrics track the number of certificates issued by each CA and the total number of CAs in each Region, enabling you to monitor usage against these quotas and proactively manage CA lifecycle to maintain high availability. With these metrics, you can configure CloudWatch alarms to prevent quota-related service disruptions. For example, you can set alarms to trigger automation that replaces a CA approaching its certificate issuance quota and transitions certificate issuance to a new CA. This is particularly important when using AWS services that rely on AWS Private CA certificates, such as Amazon EKS, Amazon ECS Service Connect, and Amazon WorkSpaces. The utilization metrics are available in all AWS Regions where AWS Private CA is available. To learn more about AWS Private CA metrics, see the AWS Private CA User Guide.

Amazon Location Service now supports GrabMaps with simplified APIs that eliminate upfront resource creation, making it faster to build maps, places, and routing applications with high-quality Southeast Asian data. GrabMaps provides detailed, region-specific mapping data built for Southeast Asia's unique geography, road networks, and local navigation patterns. The data is continuously refreshed using Grab's extensive regional operations to maintain current coverage of road conditions, address changes, and points of interest. The new APIs follow industry-standard patterns that let you make calls without creating resources upfront, reducing setup friction and accelerating time to integration. Whether you are building delivery logistics, ride-hailing, or consumer applications, GrabMaps provides trusted local data for Southeast Asian customers. GrabMaps-powered location services are available in the Asia Pacific (Singapore) (ap-southeast-1) and Asia Pacific (Malaysia) (ap-southeast-5) regions. GrabMaps provides geospatial data coverage across eight Southeast Asian countries: Malaysia, Philippines, Thailand, Singapore, Vietnam, Indonesia, Myanmar, and Cambodia. Learn more about GrabMaps for Amazon Location Service.

Amazon CloudWatch Logs Insights now supports a new lookup command that enables customers to enrich log query results with data from reference tables. Developers, DevOps engineers, and SREs working with complex distributed systems often encounter logs containing opaque identifiers such as GUIDs, IP addresses, or internal resource IDs that are difficult to interpret without additional context. With the lookup command, you can join log data against a lookup table at query time, automatically enriching your results with meaningful values. For example, you can translate a customer ID into a customer name or map an internal IP address to the team that owns it. The new command makes log analysis faster and more intuitive without requiring pre-processing pipelines.  The lookup command is available today in all commercial AWS Regions.  To get started, upload a CSV file by navigating to CloudWatch → Settings → Logs.  Next, use the lookup command in your Logs Insights queries by specifying a log field, a lookup table name, and one or more columns.  CSV data does not count toward CloudWatch Logs Insights per GB of data scanned query charges.  To learn more, see the CloudWatch Logs Insights documentation.

AWS Backup support for Amazon Redshift Serverless is now available in seven additional AWS Regions: Asia Pacific (Osaka, Hyderabad, Taipei, Kuala Lumpur, Auckland), Europe (Milan), and Africa (Cape Town). This expansion brings policy-based data protection and recovery to your Amazon Redshift Serverless data warehouses in these newly supported Regions. To start protecting your Redshift Serverless resources with AWS Backup, add them to your existing backup plans, or create a new backup plan and attach your Redshift Serverless resouces to it. To learn more about AWS Backup for Amazon Redshift Serverless, visit the product page, pricing page, and documentation. To get started, visit the AWS Backup console, AWS Command Line Interface (CLI), or AWS SDKs.

AWS Transform custom announces the general availability of the comprehensive codebase analysis transformation. This up-front analysis reduces documentation maintenance burden and preserves critical institutional knowledge. This enables you to better understand the current state of your codebase before starting a modernization effort, reducing the time and guesswork involved in planning large-scale upgrades. It performs deep static analysis and generates structured documentation covering architecture, technical debt, code metrics, reference documentation, migration planning, and diagrams. Behavior analysis is available in early access. The transformation analyzes codebases in any language, including Python, Java (Maven and Gradle), Node.js, .NET, and applications exceeding one million lines of code. It produces a technical debt report that identifies outdated components and end-of-life dependencies, and recommends specific AWS-managed transformations to address them — helping you prioritize modernization efforts based on actual codebase conditions rather than manual assessment. To get started, install the AWS Transform CLI and run atx custom def exec -n AWS/comprehensive-codebase-analysis -p. To run codebase analysis across multiple repositories at organizational scale, see Building a scalable code modernization solution with AWS Transform custom. For more information, see AWS-Managed Transformations. AWS Transform custom is available in US East (N. Virginia) and Europe (Frankfurt ).

Amazon Relational Database Service (Amazon RDS) for Oracle is now available on AWS Outposts. AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any data center, co-location space, or on-premises facility for a consistent hybrid experience. As a result, customers can run applications using AWS features and services in their on-premises environment for applications that require data residency, regulatory, or other business constraints. With Amazon RDS for Oracle on AWS Outposts, customers can now use a managed Oracle database service on premises, just as they do in the cloud. Amazon RDS for Oracle on AWS Outposts offers fully managed database management experience such as automated backups, automated patching, point-in-time recovery, monitoring with Amazon CloudWatch, and data encryption at rest with AWS KMS. Amazon RDS for Oracle on AWS Outposts supports multi-AZ deployments across two different Outposts racks for high availability, providing automatic failover to ensure business continuity. For disaster recovery, customer can either restore the database instance in the parent AWS Region using a snapshot taken from the database instance running on AWS Outposts or set up a replica instance in the different Outpost rack or in the parent AWS Region. Customers can deploy Oracle Database 19c and 21c Enterprise Edition (EE) and Standard Edition 2 (SE2) using the Bring Your Own License (BYOL) model in Amazon RDS for Oracle on AWS Outposts. To get started with RDS for Oracle on Outposts, visit the Amazon RDS on AWS Outposts User Guide. Amazon RDS for Oracle on AWS Outposts is available in all AWS Regions where Amazon RDS on AWS Outposts is available. For pricing information, visit the Amazon RDS on AWS Outposts pricing page.

AWS Transform custom now offers seven new AWS-managed transformations to help you modernize code at scale. These transformations address common modernization scenarios across multiple languages and frameworks. Generally available transformations includes comprehensive codebase analysis transformation, enabling you to generate hierarchical, cross-referenced documentation covering architecture, business logic, and technical debt, with actionable insights on outdated components and maintenance concerns. The Node.js version upgrade transformation is now generally available and includes comprehensive library upgrade support, enabling you to upgrade Node.js applications from any source version to any target version with full dependency modernization. Those transformations available in early access include Java performance optimization transformation helps you analyze Java Flight Recorder (JFR) profiling data to detect CPU and memory hotspots and anti- patterns, then applies targeted code fixes to reduce resource usage and improve efficiency. The Log4j to SLF4J migration transformation allows you to remediate Log4j logging dependencies by migrating to the SLF4J logging framework. Also available in early access is the Angular to React migration transformation transforms Angular applications to React. The Angular version upgrade transformation enables you to upgrade Angular applications to the latest version. Finally, the Vue version upgrade transformation upgrades your Vue.js applications to the latest version. AWS-managed transformations are validated by AWS and can be customized to meet your organization's specific requirements. All transformations benefit from continual learning, automatically improving quality from every execution. To get started, install the AWS Transform CLI and run atx custom def list to see all available transformations. For more information, see AWS-Managed Transformations. AWS Transform custom is available in US East (N. Virginia) and Europe (Frankfurt).

Amazon RDS for Db2 is now available in the Asia Pacific (New Zealand) AWS Region. Amazon RDS for Db2 makes it easy to set up, operate, and scale Db2 databases in the cloud. Customers can deploy a Db2 database in minutes with automatically configured parameters for optimal performance. For databases setup with Multi-AZ configuration, Amazon RDS performs synchronous replication to a standby instance in a different Availability Zone to provide high availability. To use Amazon RDS for Db2, customers can purchase a Db2 license from the AWS Marketplace for hourly, pay-as-you-go pricing, or use Bring Your Own License (BYOL). Both hourly and BYOL licensing are available in Standard and Advanced Editions. Learn more about hourly licenses for Standard and Advanced Edition on AWS Marketplace. Your RDS for Db2 usage may be eligible for Database Savings Plan, a flexible pricing model that offers savings in exchange for a commitment to a specific amount of usage (measured in $/hour) over a 1-year term. You can learn more about eligible usage on the Database Savings Plans pricing page. To learn more about Amazon RDS for Db2, refer to documentation and pricing pages.

Amazon Relational Database Service (Amazon RDS) for SQL Server now offers Microsoft SQL Server Developer Edition in the AWS GovCloud (US) Regions. With Amazon RDS for SQL Server Developer Edition, customers can reduce costs associated with building and testing applications. SQL Server Developer Edition is a free, full-featured version of Microsoft SQL Server licensed exclusively for development, testing, and demonstration (non-production) workloads. It contains all functionalities of the premium Enterprise edition. Furthermore, customers can use all Amazon RDS for SQL Server features such as automated backups, automated software updates, monitoring, and encryption. Amazon RDS for SQL Server Developer Edition is available for SQL Server 2019 and SQL Server 2022. For more information, refer to the Amazon RDS for SQL Server User Guide and Amazon RDS for SQL Server Pricing.

Amazon S3 Express One Zone, a high performance S3 storage class for latency-sensitive applications, now supports request metrics in Amazon CloudWatch. You can use request metrics to track performance and monitor the operational health of applications that use S3 Express One Zone. In addition to existing storage metrics, you can now use request metrics to monitor request counts, data transfer volumes, error rates, and latency measurements at minute-level granularity. These request metrics are available through the CloudWatch console, S3 console, S3 API, and AWS CLI.  CloudWatch request metrics for S3 Express One Zone are available in all AWS Regions where the storage class is available. For pricing information, visit the CloudWatch pricing page. To learn more, visit the S3 Express One Zone overview page and documentation.

Amazon CloudWatch centralization now supports centralizing logs based on data source name and type. CloudWatch allows customers to copy log data from multiple AWS accounts and regions into a single destination account using centralization rules. With today's launch, customers can now define rules that target data sources by name and type, such as VPC Flow Logs, EKS Audit Logs, and CloudTrail Logs, in addition to the existing log group name-based selection. Data source name and type are discovered automatically by CloudWatch for AWS service logs and are based on log group tags for application logs.  Now, customers can specifically target which logs they want to centralize using these parameters. For example, a central security team can create a rule that centralizes all logs from CloudTrail and VPC data sources across their entire organization without needing to know or maintain a list of individual log group names. To get started, create or modify a centralization rule in the Amazon CloudWatch console or through the AWS CLI and AWS SDKs, and specify your data source selection criteria in the centralization rule configuration. Data source selection criteria is available in all AWS commercial regions where CloudWatch log centralization is available. Standard CloudWatch Logs pricing applies for log ingestion, storage, and data transfer. For more information, see the CloudWatch Logs Centralization documentation.

AWS Security Hub is now available in the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. Security Hub is a unified cloud security solution that prioritizes critical security issues and helps you respond at scale, reduce security risks, and improve team productivity. Security Hub detects critical risks by correlating and enriching security signals from Amazon GuardDuty, Amazon Inspector, and AWS Security Hub CSPM, enabling you to quickly surface and prioritize active risks in your cloud environment. The service delivers near real-time risk analytics and advanced trends, transforming correlated security signals into actionable insights through enhanced visualizations and contextual enrichment. You can enable Security Hub for individual accounts or across your entire organization with centralized deployment and management. Capabilities include exposure findings, security-focused resource inventory, attack path visualization, and automated response workflows. The service automatically visualizes potential attack paths by showing how adversaries could chain together threats, vulnerabilities, and misconfigurations to compromise critical resources. Streamlined pricing consolidates charges across multiple AWS security services for improved cost predictability. To get started, visit the AWS Security Hub console or the AWS Security Hub product page. For the full list of AWS Regions where Security Hub is available, see the AWS Regional Services List.

AWS HealthOmics announces VPC-connected workflows, giving customers the ability to run bioinformatics pipelines that access AWS resources across regions and public internet resources through a customer’s Virtual Private Cloud (VPC). With this launch, life sciences customers no longer need to migrate their data and dependencies to the same AWS Region as their workflow before running analyses. AWS HealthOmics is a HIPAA-eligible service that helps accelerate scientific breakthroughs at scale with fully managed bioinformatics workflows. This launch enables life sciences customers to develop and test bioinformatics workflows more quickly. Customers can design workflows that access publicly-hosted data sets as well as AWS resources in different regions without making changes to the workflow code or migrating data between regions. Customers can use new Configuration APIs to specify a VPC configured to access public internet resources to which HealthOmics can send and receive network traffic, making it easy to use different network configurations for different use cases. With Configuration APIs, you can add and remove public internet dependencies anytime. Networking settings are configured at the per-run level, allowing you to opt-in only the workflows that you want to be VPC connected.  VPC-connected workflows are now available in all regions where AWS HealthOmics is available: US East (N. Virginia), US West (Oregon), Europe (Frankfurt, Ireland, London), Israel (Tel Aviv), Asia Pacific (Singapore), and Asia Pacific (Seoul). To learn more about connecting workflows to your VPC, see the HealthOmics documentation.

AWS Elemental MediaTailor is now available in the Europe (London) AWS Region. MediaTailor is a personalized ad insertion and channel assembly service that enables video providers to serve targeted ads in live and on-demand video streams using server-side ad insertion (SSAI) and Server Guided Ad Insertion (SGAI), delivering a broadcast-quality viewing experience without the buffering or ad blockers associated with client-side ad insertion. With this expansion, customers serving viewers in Northern Europe can now run ad insertion workloads closer to their audience, reducing ad decisioning latency and improving ad fill rates. Customers using SSAI or SGAI workflows benefit from lower-latency ad stitching and ad tracking closer to their European viewers, and customers already using MediaTailor in Europe (Ireland) gain an additional region for redundancy and increased capacity. To learn more, visit the AWS Elemental MediaTailor product page or the AWS Elemental MediaTailor User Guide. To get started, sign into the AWS Elemental MediaTailor console.

Amazon Athena now offers Capacity Reservations in additional commercial AWS Regions. Capacity Reservations give you dedicated serverless capacity for your most important workloads. When you use Capacity Reservations, your queries run in isolation from other workloads in your account, and you control how many queries run concurrently. Capacity Reservations is now available in US West (N. California), Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Thailand), Asia Pacific (Taipei), Canada (Central), Canada West (Calgary), Europe (Frankfurt), Europe (London), Europe (Milan), Europe (Paris), Europe (Zurich), and Mexico (Central). To learn more, see Manage query processing capacity in the Athena User Guide.

In this post, we show you how to configure a native identity provider (IdP) federation for Amazon Redshift Serverless using Network Load Balancer. You will learn how to enable secure connections from tools like DBeaver and Power BI while maintaining your enterprise security standards.

In this post, we show you how Kafka clients can use Zilla Plus to securely access your MSK Serverless clusters through Identity and Access Management (IAM) authentication over PrivateLink, from as many different AWS accounts or VPCs as needed. We also show you how the solution provides a way to support a custom domain name for your MSK Serverless cluster.

This post shows you how to accelerate your AI inference workloads by up to 76% using Intel Advanced Matrix Extensions (AMX) – an accelerator that uses specialized hardware and instructions to perform matrix operations directly on processor cores – on Amazon Elastic Compute Cloud (Amazon EC2) 8th generation instances. You'll learn when CPU-based inference is cost-effective, how to enable AMX with minimal code changes, and which configurations deliver optimal performance for your models.

Last week, what excited me most was the launch of the 2026 AWS AI & ML Scholars program by Swami Sivasubramanian, VP of AWS Agentic AI, to provide free AI education to up to 100,000 learners worldwide. The program has two phases: a Challenge phase where you’ll learn foundational generative AI skills, followed by a […]

In this post, you will learn how Aigen modernized its machine learning (ML) pipeline with Amazon SageMaker AI to overcome industry-wide agricultural robotics challenges and scale sustainable farming. This post focuses on the strategies and architecture patterns that enabled Aigen to modernize its pipeline across hundreds of distributed edge solar robots and showcase the significant business outcomes unlocked through this transformation. By adopting automated data labeling and human-in-the-loop validation, Aigen increased image labeling throughput by 20x while reducing image labeling costs by 22.5x.

In this post, you'll learn how Ring implemented metadata-driven filtering for Region-specific content, separated content management into ingestion, evaluation and promotion workflows, and achieved cost savings while scaling up.

In this post, we explore the challenges that Volkswagen Group faced in producing brand-compliant marketing assets at scale. We walk through how we built a generative AI solution that generates photorealistic vehicle images, validates technical accuracy at the component level, and helps enforce brand guideline compliance alignment across the ten brands.

In this post, we show you how to use Amazon SageMaker AI to build and deploy a deep learning model for detecting solar flares using data from the European Space Agency's STIX instrument.

In this post, we walk through two use cases that help enhance the user viewing experience using agentic AI tools and frameworks including Strands Agents SDK, Amazon Bedrock AgentCore, and Amazon Nova Sonic 2.0. This agentic AI system uses a Model Context Protocol (MCP) to deliver a personal entertainment concierge that understands user preferences through natural dialogue.

In this post, you will learn how to configure AWS Lambda Managed Instances by creating a Capacity Provider that defines your compute infrastructure, associating your Lambda function with that provider, and publishing a function version to provision the execution environments. We will conclude with production best practices including scaling strategies, thread safety, and observability for reliable performance.

Amazon OpenSearch Service extends access to Cluster Insights through the AWS Management Console, in addition to the existing OpenSearch UI Dashboards. This launch makes it easier to review performance and resilience recommendations and make necessary configuration changes, all within the same Console. In addition, Cluster Insights now publishes insights as events to Amazon EventBridge. Cluster insights presents curated insights of a cluster’s operational health along with actionable recommendations to help prevent issues before they affect the stability or performance of the cluster. You can continue to use OpenSearch UI Dashboards for more detailed metrics, including index and shard-level data and top-N query analysis. In addition, with this release, you can monitor insights through Amazon EventBridge events. Cluster Insights is available at no additional cost for OpenSearch versions 2.17 or later in all Regions where OpenSearch Service is available. View the complete list of supported Regions here. To learn more about Cluster Insights, refer to our technical documentation.

Amazon SageMaker Data Agent is now available in the Query Editor in Amazon SageMaker Unified Studio, extending beyond notebook experience. With Data Agent in Query Editor, you can generate SQL queries from natural language, debug failed queries, and explore your data through a conversational, interactive experience. Data Agent brings the same conversational experience available in notebooks to your SQL analytics workflow. You can ask "calculate quarterly revenue growth rate by product category for 2025," and the agent proposes a step-by-step plan for you to review before generating contextually accurate SQL for Amazon Redshift and Amazon Athena. This helps you build analytics queries faster, going from question to executable SQL without writing complex joins and aggregations manually. When a query fails, you can use Fix with AI to analyze the error and get suggested corrections. Data Agent maintains awareness of your connected data sources and schema information, so follow-up questions and modifications build on your previous context. To get started, navigate to a project in SageMaker Unified Studio, open the Query Editor, and open the agent panel. Data Agent in Query Editor is available in IAM domains in all AWS Regions where Amazon SageMaker Unified Studio is supported. For more information, see SageMaker Data Agent and Generative SQL in the Amazon SageMaker Unified Studio User Guide.

AWS Direct Connect now publishes three new Amazon CloudWatch metrics for virtual interfaces (VIFs) that provide visibility into Border Gateway Protocol (BGP) session health and route counts. Network engineers and operations teams managing hybrid cloud connectivity can now monitor BGP sessions natively through CloudWatch without building custom solutions or polling APIs. These metrics solve critical monitoring gaps that previously required custom Lambda functions or on-premises network management tools. VirtualInterfaceBgpStatus reports BGP session state, enabling detection when sessions fail. VirtualInterfaceBgpPrefixesAccepted tracks prefixes from your on-premises network, allowing proactive alarms before reaching prefix limits that would cause BGP sessions to enter idle state. VirtualInterfaceBgpPrefixesAdvertised monitors routes AWS advertises to your network, helping validate configuration changes and detect silent route withdrawals that impact traffic even when BGP sessions remain up. These metrics are available for private, public, and transit virtual interfaces in all commercial AWS Regions. You can integrate them with CloudWatch alarms, dashboards, and Amazon SNS for comprehensive BGP monitoring, reducing mean time to detect network issues and simplifying operations for multi-region and disaster recovery architectures. To learn more about AWS Direct Connect, visit https://aws.amazon.com/directconnect/.

Amazon Timestream for InfluxDB now offers Advanced Metrics, providing comprehensive visibility into your database performance and health. This new capability automatically publishes detailed operational metrics from your Timestream for InfluxDB 2 instances directly to Amazon CloudWatch, enabling real-time monitoring and alerting without requiring additional configuration or instrumentation for both Single-AZ and Multi-AZ Timestream for InfluxDB 2 databases. With Advanced Metrics, customers can track critical database performance indicators, set up custom dashboards, and configure automated alerts based on predefined thresholds. This enhanced observability helps DevOps teams quickly identify potential issues, optimize database performance, and ensure high availability for time-series applications by providing deeper insights into resource utilization, query performance, and system health across their InfluxDB 2 environments. Amazon Timestream for InfluxDB Advanced Metrics is available in all Regions where Timestream for InfluxDB is offered. To get started with Amazon Timestream for InfluxDB, visit the Amazon Timestream for InfluxDB console. For more information, see the Amazon Timestream for InfluxDB documentation and pricing page.

Amazon Connect now applies tag-based access controls (TBAC) to routing profile assignments in quick responses. Previously, quick responses configured by administrators with tag-based access controls were available to all agents, regardless of routing profile tags. Administrators can now assign quick responses to specific routing profiles based on their TBAC permissions, giving them the same level of access control they use across other Amazon Connect resources. Organizations using TBAC to control access to Amazon Connect resources can now apply that same access control to quick response assignments. A compliance team can tag routing profiles by jurisdiction and assign regulatory quick responses, such as region-specific disclosure templates, to matching profiles, ensuring agents see the content most relevant to their role. This update is available in the following AWS Regions: US East (N. Virginia), US West (Oregon), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), and Europe (London). For the full list, see Availability of Amazon Connect features by Region. To learn more, visit Amazon Connect and see Quick Responses and Tag-based Access Control in the Amazon Connect Administrator Guide.

Amazon CloudWatch Logs now supports expanded analytics and data protection capabilities for the Infrequent Access (Logs IA) ingestion class, including support for data protection, OpenSearch’s Piped Processing Language (PPL) and OpenSearch SQL. These enhancements make it easier for customers to perform flexible analytics and protect sensitive data while cost-effectively consolidating all your logs natively on AWS, making Logs IA ideal for ad-hoc troubleshooting and forensic analysis on infrequently accessed logs. Logs IA is a cost-effective ingestion class for consolidating logs that are queried occasionally, such as forensic investigations. Logs IA currently offers log analytics with Logs Insights Query Language, export to S3, and encryption with a lower ingestion price per GB compared to the Standard log class. With today’s launch, customers can now use OpenSearch SQL and OpenSearch PPL queries to perform advanced analytics. In addition, data protection allows customers to automatically detect and mask sensitive information in logs, helping organizations meet security and compliance requirements. Learn more about CloudWatch Logs IA pricing and read the user guide here. For Regional availability, visit the AWS Builder Center.

AWS Lambda now supports up to 32 GB of memory and 16 vCPUs for functions running on Lambda Managed Instances, enabling customers to run compute-intensive workloads such as large-scale data processing, media transcoding, and scientific simulations without managing any infrastructure. Customers can also configure the memory-to-vCPU ratio — 2:1, 4:1, or 8:1 — to match the resource profile of their workload. Lambda Managed Instances lets you run Lambda functions on managed Amazon EC2 instances with built-in routing, load balancing, and auto-scaling, giving you access to specialized compute configurations including the latest-generation processors and high-bandwidth networking, with no operational overhead. Customers building compute-intensive applications such as data processing pipelines, high-throughput API backends, and batch computation workloads require substantial memory and CPU resources to process large datasets, serve low-latency responses at scale, and run complex computations efficiently. Previously, function execution environments on Lambda were limited to 10 GB of memory and approximately 6 vCPUs, with no option to customize the memory-to-vCPU ratio. Functions on Lambda Managed Instances can now be configured with up to 32 GB of memory, and a choice of memory-to-vCPU ratio — 2:1, 4:1, or 8:1 — allowing customers to select the right balance of memory and compute for their workload. For example, at 32 GB of memory, customers can configure 16 vCPUs (2:1), 8 vCPUs (4:1), or 4 vCPUs (8:1) depending on whether their workload is CPU-intensive or memory-intensive. This feature is available in all AWS Regions where Lambda Managed Instances is generally available. You can configure these settings using the AWS Console, AWS CLI, AWS CloudFormation, AWS CDK, or AWS SAM. To learn more, visit the AWS Lambda Managed Instances product page and documentation.

Today, AWS announces the general availability of Visible services and Visible Regions account settings in the AWS Management Console. These settings allow you to customize which services and regions appear in the Management Console for authorized users in your account, helping your users easily identify what is available to them and simplifying navigation. You can configure these settings in the AWS Management Console under Unified Settings in the Account Settings tab. You can also configure these setting programmatically via User Experience Customization (UXC) in AWS Command Line Interface (CLI), AWS Software Development Kits (SDKs), AWS Cloud Development Kit (CDK), or AWS CloudFormation. The Visible services and Visible Regions settings are available in AWS Commercial Regions at no additional cost. Visit the AWS User Experience Customization documentation page and API guide to learn more.

Amazon GameLift Servers now supports Amazon EC2 5th through 8th generation instances, offering enhanced price-performance, efficiency, and flexibility for game server hosting. This update allows developers to leverage the latest advancements in EC2 compute, memory, and networking across three main instance families: General Purpose (M-series): Balanced CPU, memory, and networking for a wide range of game workloads. Compute Optimized (C-series): High-performance compute instances with a 2:1 memory ratio, ideal for CPU-intensive game servers. Memory Optimized (R-Series): Optimized for high-memory workloads with an 8:1 memory ratio, supporting complex simulations and large player sessions. Each new EC2 generation brings significant improvements: 5th Gen: Proven reliability with Intel processors with balanced performance 6th Gen: Includes AWS Graviton2 ARM-based options alongside Intel and AMD variants offering enhanced price-performance efficiency. 7th Gen: The latest evolution featuring DDR5 memory, enhanced networking, and offering significant performance gains over previous generations. 8th Gen: Cutting-edge AWS Graviton4 and Intel Xeon-based instances for demanding workloads Customers can also choose variants with local storage (d), enhanced networking (n), and different processor architectures (Intel, AMD, Graviton – i/a/g). This update empowers developers with greater flexibility, scalability, and cost efficiency to optimize game server performance. Customers can now seamlessly transition workloads to newer EC2 generations, leveraging AWS's continuous innovation for building, scaling, and operating multiplayer games globally. These next-generation instances are available in Amazon GameLift Servers supported regions, except AWS China. For more information on launching fleets with next-generation EC2 instances, visit the Amazon GameLift Servers documentation and EC2 Instance Types overview.

AWS HealthImaging now supports fine-grained access control, enabling organizations to securely manage access to medical imaging data at the DICOM study and series levels. Medical imaging workflows are typically organized around DICOM studies, which are stored in AWS HealthImaging as one or more image set resources. Now customers can easily grant users access to all image sets for a set of DICOM Studies or Series with easy-to-maintain IAM policies. Customers can now grant permissions for DICOMweb APIs using DICOM Study Instance UIDs and Series Instance UIDs directly in their IAM policies, eliminating the need to list individual image set ARNs. Customers can now create dynamic, temporary access grants using AWS Security Token Service (STS) session policies with low-latency authentication. This capability provides enhanced protection for Protected Health Information (PHI) by scoping access grants to specific Studies or Series rather than entire data stores. This launch better supports use cases such as pathologist case-level access, radiology study sharing with external partners, and controlled research data distribution. To learn more, see the AWS HealthImaging Developer Guide. AWS HealthImaging is a HIPAA-eligible service that empowers healthcare providers, life sciences organizations, and their software partners to store, analyze, and share medical images. AWS HealthImaging is generally available in the following AWS Regions: US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), Europe (Ireland), and Europe (London).

Today, we’re excited to announce that Amazon Bedrock is now available in the Asia Pacific (New Zealand) Region (ap-southeast-6). Customers in New Zealand can now access Anthropic Claude models (Claude Opus 4.5, Opus 4.6, Sonnet 4.5, Sonnet 4.6, and Haiku 4.5) and Amazon (Nova 2 Lite) models directly in the Auckland Region with cross region inference. In this post, we explore how cross-Region inference works from the New Zealand Region, the models available through geographic and global routing, and how to get started with your first API call. We

Amazon EC2 High Memory U7i-8TB instances (u7i-8tb.112xlarge) and U7i-12TB instances (u7i-12tb.224xlarge) are now available in AWS Europe (Milan). U7i instances are part of AWS 7th generation and are powered by custom fourth generation Intel Xeon Scalable Processors (Sapphire Rapids). U7i-8tb instances offer 8TiB of DDR5 memory, and U7i-12tb instances offer 12TiB of DDR5 memory, enabling customers to scale transaction processing throughput in a fast-growing data environment. U7i-8tb instances deliver 448 vCPUs; U7i-12tb instances deliver 896 vCPUs. Both instances support up to 100 Gbps of Amazon EBS bandwidth for faster data loading and backups, 100 Gbps of network bandwidth, and ENA Express. U7i instances are ideal for customers using mission-critical in-memory databases like SAP HANA, Oracle, and SQL Server. To learn more about U7i instances, visit the High Memory instances page.

AWS Step Functions expands its AWS SDK integrations with 28 additional services and over 1,100 new API actions across new and existing AWS services, including Amazon Bedrock AgentCore and Amazon S3 Vectors. This expansion enables you to orchestrate a broader set of AWS services directly from your workflows without writing integration code. AWS Step Functions is a visual workflow service capable of orchestrating over 220 AWS services to help customers build distributed applications at scale. With the Amazon Bedrock AgentCore service integration, you can invoke AI agent runtimes with built-in retries, run multiple agents in parallel using Map states, and automate agent provisioning workflows that create, update, and tear down agent infrastructure as workflow steps. This expansion also includes Amazon S3 Vectors for automating document ingestion pipelines that populate knowledge bases for AI applications. It also adds support for AWS Lambda durable execution APIs, allowing you to pass an execution name for idempotent invocations of Lambda durable functions and manage durable executions directly from your workflows. These enhancements are now generally available in all AWS Regions where AWS Step Functions is available. Specific services and API actions are subject to the availability of the target service in the AWS Region. To learn more about AWS Step Functions SDK integrations, visit the Developer Guide, or see the full list of supported services at AWS SDK service integrations.

Amazon Bedrock is a fully managed service that offers a choice of high-performing foundation models from leading AI companies via a single API. Starting today, customers can use Palmyra Vision 7B from Writer on Amazon Bedrock to build generative AI applications that interpret and generate text from images. With Palmyra Vision 7B on Bedrock, customers can build generative AI applications for visual understanding tasks without managing inference infrastructure. The model has been trained on PixMo, a dataset of 1 million high-quality image-text pairs, and excels in visual question answering and image-text comprehension for enterprise applications. It enables visual understanding tasks such as document analysis, chart interpretation, and image-based question answering. Palmyra Vision 7B can extract handwritten text, classify objects and colors, interpret plots and dashboards, and answer natural-language questions about image content. Typical applications include accessibility features such as alt-text and image descriptions, document and report ingestion including handwritten forms, claims, and clinical notes, product and UX analysis from screenshots, and multimodal assistants that let users converse about images and text in a single interface. Palmyra Vision 7B is now available in Amazon Bedrock across select AWS Regions. To get started, visit the Amazon Bedrock and see our documentation for more details.

Today, AWS announces the ability to remotely connect from Kiro and Cursor IDEs to Amazon SageMaker Studio. This new capability allows data scientists, ML engineers, and developers to leverage their Kiro and Cursor setup - including its spec-driven development, conversational coding, and automated feature generation capabilities - while accessing the scalable compute resources of Amazon SageMaker Studio. By connecting Kiro and Cursor to SageMaker Studio using the AWS Toolkit extension, you can eliminate context switching between your local IDE and cloud infrastructure, maintaining your existing agentic development workflows within a single environment for all your AWS analytics and AI/ML services. SageMaker Studio, offers a broad set of fully managed cloud interactive development environments (IDE), including JupyterLab and Code Editor based on Code-OSS (Open-Source Software), and VS Code IDE as remote IDE. Starting today, you can also use your customized local Kiro and Cursor setup - complete with specs, steering files, and hooks - while accessing your compute resources and data on Amazon SageMaker. You can authenticate using the AWS Toolkit extension in Kiro or Cursor or through SageMaker Studio's web interface. Once authenticated, connect to any of your SageMaker Studio development environments in a few simple clicks. You maintain the same security boundaries as SageMaker Studio’s web-based environments while developing AI models and analyzing data in local IDE of your choice - Kiro or Cursor. To learn more, refer to the SageMaker user guide.

Starting today, customers can deploy their Graviton-based and GPU-accelerated workloads on Amazon Elastic Container Service (Amazon ECS) Managed Instances in a Federal Information Processing Standard (FIPS) compliant mode in the AWS GovCloud (US) Regions. FIPS is a U.S. and Canadian government standard that specifies the security requirements for cryptographic modules that protect sensitive information. In the AWS GovCloud (US) Regions, Amazon ECS Managed Instances automatically enable FIPS compliance by default. ECS Managed Instances communicate through FIPS-compliant endpoints, use appropriately configured cryptographic modules, and boot the underlying kernel in FIPS mode. Customers with federal compliance requirements can run workloads with FIPS-validated cryptographic modules across a broad range of instance types, including Graviton-based, GPU-accelerated, network-optimized, and burstable performance instances. To learn more about FIPS, refer to FIPS on AWS and AWS Fargate Federal Information Processing Standard (FIPS-140). To get started with ECS Managed Instances, use the AWS Console, Amazon ECS MCP Server, ECS Express Mode, or your favorite infrastructure-as-code tooling to enable it in a new or existing Amazon ECS cluster. You will be charged for the management of compute provisioned, in addition to your regular Amazon EC2 costs. To learn more about ECS Managed Instances, visit the feature page, documentation, and AWS News launch blog.

Today we're announcing Research and Engineering Studio (RES) on AWS 2026.03, which introduces new administrator controls, expanded filesystem support, and session management improvements. Research and Engineering Studio on AWS (RES) is an open source, easy-to-use web-based portal for administrators to create and manage secure cloud-based research and engineering environments. Using RES, scientists and engineers can visualize data and run interactive applications without the need for cloud expertise. RES 2026.03 gives administrators more flexibility in configuring and managing their environments. Admins can now onboard multiple individual FSx for ONTAP volumes as RES filesystems. Admins can also configure DCV token expiration time, which is useful for enabling session files with longer durations, and add up to three custom links on the RES login page for resources such as account management pages, help documentation, or usage policy pages. Version 2026.03 also improves the experience for both admins and users around virtual desktop sessions. Admins can now restart VDIs in an error state directly from the Sessions page, helping resolve launch issues with less user intervention. Users can reset a VDI session schedule back to the system default with a single button. This version also includes assorted bug fixes and performance improvements. This release is available in all AWS Regions where RES is available. To learn more about RES 2026.03, including detailed release notes and deployment instructions, visit the Research and Engineering Studio documentation or check out the RES GitHub repository.

AWS Parallel Computing Service (AWS PCS) now supports additional Slurm configuration settings for slurmdbd and cgroups, enabling you to fine-tune accounting behavior and resource isolation directly through the AWS PCS console, CLI, or SDK. This feature helps you implement production-ready HPC environments with enhanced privacy controls, flexible data retention policies, and improved resource management. Using slurmdbd settings, you can configure how Slurm accounting operates on your cluster—including privacy controls, data retention policies, and workload tracking capabilities. With cgroups support, you can prevent resource oversubscription by binding CPU cores, enforce memory limits to maintain node stability, and control device access to ensure workloads run within defined boundaries. AWS PCS is a managed service that simplifies running and scaling HPC workloads on AWS using Slurm. You can build complete, elastic environments that integrate compute, storage, networking, and visualization tools, while the service handles cluster operations with managed updates and built-in observability features. This feature is available in all AWS Regions where AWS PCS is available. You can configure these settings when creating a new cluster or by modifying an existing cluster. To learn more, see the AWS PCS User Guide.

In this post, we demonstrate how to architect AWS systems that enable AI agents to iterate rapidly through design patterns for both system architecture and code base structure. We first examine the architectural problems that limit agentic development today. We then walk through system architecture patterns that support rapid experimentation, followed by codebase patterns that help AI agents understand, modify, and validate your applications with confidence.

In this post, we walk you through how to implement a fully automated, context-aware AI solution using a serverless architecture on AWS. This solution helps organizations looking to deploy responsible AI systems, align with compliance requirements for vulnerable populations, and help maintain appropriate and trustworthy AI responses across diverse user groups without compromising performance or governance.

Last year, AWS announced an integration between Amazon SageMaker Unified Studio and Amazon S3 general purpose buckets. This integration makes it straightforward for teams to use unstructured data stored in Amazon Simple Storage Service (Amazon S3) for machine learning (ML) and data analytics use cases. In this post, we show how to integrate S3 general purpose buckets with Amazon SageMaker Catalog to fine-tune Llama 3.2 11B Vision Instruct for visual question answering (VQA) using Amazon SageMaker Unified Studio.

Today, we’re excited to announce the new Bidirectional Streaming API for Amazon Polly, enabling streamlined real-time text-to-speech (TTS) synthesis where you can start sending text and receiving audio simultaneously. This new API is built for conversational AI applications that generate text or audio incrementally, like responses from large language models (LLMs), where users must begin synthesizing audio before the full text is available.

Amazon Web Services (AWS) announces the availability of Amazon EC2 I8ge instances in Europe (Stockholm), Asia Pacific (Mumbai), Asia Pacific (Malaysia), Asia Pacific (Singapore), and Asia Pacific (Sydney) AWS regions. I8ge instances are powered by AWS Graviton4 processors to deliver up to 60% better compute performance compared to previous generation Graviton2-based storage optimized Amazon EC2 instances. I8ge instances use the third generation AWS Nitro SSDs, local NVMe storage that delivers up to 55% better real-time storage performance per TB. They offer up to 60% lower storage I/O latency and up to 75% lower storage I/O latency variability compared to previous generation Im4gn instances. I8ge instances are storage-optimized instances offering up to 120TB of locally attached NVMe storage. They are ideal for workloads that demand rapid local storage with high random read/write performance and consistently low latency for accessing large datasets. These versatile instances are offered in eleven different sizes including two metal sizes, providing flexibility to match customers’ computational needs. They deliver up to 180 Gbps of network performance bandwidth and 60 Gbps of dedicated bandwidth for Amazon Elastic Block Store (EBS), ensuring fast and efficient data transfer for the most demanding applications. To begin your Graviton journey, visit the Level up your compute with AWS Graviton page. To get started, see AWS Management Console, AWS Command Line Interface (AWS CLI), and AWS SDKs. To learn more, visit the I8ge instances page.

Today we are announcing the release of the Aurora DSQL Connector for Ruby (pg gem) that makes it easy to build Ruby applications on Aurora DSQL. The Ruby Connector streamlines authentication and eliminates security risks associated with traditional user-generated passwords by automatically generating tokens for each connection, ensuring valid tokens are always used while maintaining full compatibility with existing pg gem features. The connector handles IAM token generation, SSL configuration, and connection pooling, enabling customers to scale from simple scripts to production workloads without changing their authentication approach. It also provides opt-in optimistic concurrency control (OCC) retry with exponential backoff, custom IAM credential providers, and AWS profile support, giving customers flexibility in how they manage their AWS credentials and handle transient failures. To get started, visit the Connectors for Aurora DSQL documentation page. For code examples, visit our Github page for the Ruby connector. Get started with Aurora DSQL for free with the AWS Free Tier. To learn more about Aurora DSQL, visit the webpage.

AWS Lambda increases the file descriptor limit from 1,024 to 4,096, a 4x increase, for functions running on Lambda Managed Instances (LMI). This capability enables customers to run I/O intensive workloads such as high-concurrency web services, and file-heavy data processing pipelines, without running into file descriptor limits. LMI enables you to run Lambda functions on managed Amazon EC2 instances with built-in routing, load-balancing, and auto-scaling, giving you access to specialized compute configurations including the latest-generation processors and high-bandwidth networking, with no operational overhead. Customers use Lambda functions to build a wide range of serverless applications such as event-driven workloads, web applications, and AI-driven workflows. These applications rely on file descriptors for operations such as opening files, establishing network socket connections to external services and databases, and managing concurrent I/O streams for data processing. Each open file, network socket, or internal resource consumes one file descriptor. Today, Lambda supports a maximum of 1,024 file descriptors. However, LMI allows multiple requests to be processed simultaneously, which often requires higher number of file descriptors. With this launch, AWS Lambda is increasing the file descriptor limit to 4,096, allowing customers to run I/O intensive workloads, maintain larger connection pools, and effectively utilize multi-concurrency for functions running on LMI. This feature is available in all AWS Regions where AWS Lambda Managed Instances is generally available. To get started, visit the AWS Lambda Managed Instances documentation.

Amazon Elastic Compute Cloud (Amazon EC2) R8gd instances with up to 11.4 TB of local NVMe-based SSD block-level storage are now available in US West (N. California), Asia Pacific (Seoul, Hong Kong, Jakarta), Africa (Cape Town), and Canada West (Calgary) AWS Regions. These instances are powered by AWS Graviton4 processors, delivering up to 30% better performance over Graviton3-based instances. They have up to 40% higher performance for I/O intensive database workloads, and up to 20% faster query results for I/O intensive real-time data analytics than comparable AWS Graviton3-based instances. These instances are built on the AWS Nitro System and are a great fit for applications that need access to high-speed, low latency local storage. Each instance is available in 12 different sizes. They provide up to 50 Gbps of network bandwidth and up to 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS). Additionally, customers can now adjust the network and Amazon EBS bandwidth on these instances by 25% using EC2 instance bandwidth weighting configuration, providing greater flexibility with the allocation of bandwidth resources to better optimize workloads. These instances offer Elastic Fabric Adapter (EFA) networking on 24xlarge, 48xlarge, metal-24xl, and metal-48xl sizes. To learn more, see Amazon R8gd Instances. To explore how to migrate your workloads to Graviton-based instances, see AWS Graviton Fast Start program and Porting Advisor for Graviton. To get started, see the AWS Management Console.

AWS Glue Data Quality is a feature of AWS Glue that helps maintain trust in your data and support better decision-making and analytics across your organization. You can use Terraform to deploy AWS Glue Data Quality pipelines. Using Terraform to deploy AWS Glue Data Quality pipeline enables IaC best practices to ensure consistent, version controlled and repeatable deployments across multiple environments, while fostering collaboration and reducing errors due to manual configuration. In this post, we explore two complementary methods for implementing AWS Glue Data Quality using Terraform.

Starting today, the general-purpose Amazon EC2 M8a instances are available in AWS Europe (Ireland) region. M8a instances are powered by 5th Gen AMD EPYC processors (formerly code named Turin) with a maximum frequency of 4.5 GHz, deliver up to 30% higher performance, and up to 19% better price-performance compared to M7a instances. M8a instances deliver 45% more memory bandwidth compared to M7a instances, making these instances ideal for even latency sensitive workloads. M8a instances deliver even higher performance gains for specific workloads. M8a instances are up to 60% faster for GroovyJVM benchmark, and up to 39% faster for Cassandra benchmark compared to Amazon EC2 M7a instances. M8a instances are SAP-certified and offer 12 sizes including 2 bare metal sizes. This range of instance sizes allows customers to precisely match their workload requirements. M8a instances are built using the latest sixth generation AWS Nitro Cards and ideal for applications that benefit from high performance and high throughput such as financial applications, gaming, rendering, application servers, simulation modeling, mid-size data stores, application development environments, and caching fleets. To get started, sign in to the AWS Management Console. Customers can purchase these instances via Savings Plans, On-Demand instances, and Spot instances. For more information visit the Amazon EC2 M8a instance page.

Starting today, the general-purpose Amazon EC2 M8a instances are available in AWS GovCloud (US-West) region. M8a instances are powered by 5th Gen AMD EPYC processors (formerly code named Turin) with a maximum frequency of 4.5 GHz, deliver up to 30% higher performance, and up to 19% better price-performance compared to M7a instances. M8a instances deliver 45% more memory bandwidth compared to M7a instances, making these instances ideal for even latency sensitive workloads. M8a instances deliver even higher performance gains for specific workloads. M8a instances are up to 60% faster for GroovyJVM benchmark, and up to 39% faster for Cassandra benchmark compared to Amazon EC2 M7a instances. M8a instances are SAP-certified and offer 12 sizes including 2 bare metal sizes. This range of instance sizes allows customers to precisely match their workload requirements. M8a instances are built using the latest sixth generation AWS Nitro Cards and ideal for applications that benefit from high performance and high throughput such as financial applications, gaming, rendering, application servers, simulation modeling, mid-size data stores, application development environments, and caching fleets. To get started, sign in to the AWS Management Console. Customers can purchase these instances via Savings Plans, On-Demand instances, and Spot instances. For more information visit the Amazon EC2 M8a instance page.

AWS Storage Gateway Terraform modules now enable Amazon Linux 2023-based deployments, delivering improved security, reliability, and operational simplicity for Infrastructure as Code (IaC) provisioning. The updated modules support all gateway types including Amazon S3 File Gateway, Tape Gateway, and Volume Gateway in both Amazon EC2 and VMware environments. You can use the new Terraform modules to deploy AL2023-based gateways that enforce IMDSv2 by default for EC2 deployments, protecting against credential theft and server-side request forgery (SSRF) attacks. The update prevents unexpected gateway replacements during routine Terraform operations and simplifies Active Directory integration with optional domain controller configuration. EC2-based gateways now support optional Elastic IP address (EIP) association, enabling fully private gateway activations.  To get started, download the Terraform Storage Gateway module. To learn more, visit the AWS Storage Gateway product page or the Storage Gateway User Guide. See the AWS Region Table for complete regional availability.

AWS Firewall Manager announces that it is now available in AWS Asia Pacific (New Zealand) Region. AWS Firewall Manager helps cloud security administrators and site reliability engineers protect applications while reducing the operational overhead of manually configuring and managing rules. Working with AWS Firewall Manager, customers can provide defense in depth policies to address the full range of AWS security services for customers hosting their applications and workloads in AWS Taipei. Customers wishing to establish secured assets using AWS WAF can create and maintain security policies with AWS Firewall Manager. To learn more about how AWS Firewall Manager works, see the AWS Firewall Manager documentation for more details and the AWS Region Table for the list of regions where AWS Firewall Manager is currently available. To learn more about AWS Firewall Manager, its features, and its pricing, visit the AWS Firewall Manager website.

AWS announces the Agent Plugin for AWS Serverless, enabling developers to easily build, deploy, troubleshoot, and manage serverless applications using AI coding assistants like Kiro, Claude Code, and Cursor. Agent plugins extend AI coding assistants with structured, reusable capabilities by packaging skills, sub-agents, hooks, and Model Context Protocol (MCP) servers into a single modular unit. The Agent Plugin for AWS Serverless dynamically loads relevant guidance and expertise required throughout the development lifecycle for building production-ready serverless applications on AWS. You can create AWS Lambda functions that integrate with popular event sources like Amazon EventBridge, Amazon Kinesis, and AWS Step Functions, while following built-in best practices for observability, performance optimization, and troubleshooting. As you adopt Infrastructure as Code (IaC), you can streamline project setup with AWS Serverless Application Model (SAM) and AWS Cloud Development Kit (CDK), with reusable constructs, proven architectural patterns, automated CI/CD pipelines, and local testing workflows. For long-running, stateful workflows, you can build with confidence using Lambda durable functions, which provides checkpoint-replay model, advanced orchestration patterns, and error handling capabilities. Lastly, you can design and manage APIs as part of your application using Amazon API Gateway, with guidance across REST APIs, HTTP APIs, and WebSocket APIs. These capabilities are packaged as agent skills in the open Agent Skills format, making them usable across compatible AI tools such as Kiro, Claude Code, and Cursor. The Agent Plugin for AWS Serverless is available in any AI coding assistant tools that support agent plugins such as Claude Code and Cursor. In Claude Code, you can install it from the official Claude Marketplace using a simple command ‘/plugin install aws-serverless@claude-plugins-official’. You can also install agent skills from the plugin individually in any AI coding assistant tools that support agent skills. To learn more about the plugin and its capabilities, visit GitHub.

AWS introduces a new express configuration for Amazon Aurora PostgreSQL, a streamlined database creation experience with preconfigured defaults designed to help you get started in seconds. With Aurora PostgreSQL, start building quickly from the RDS Console or your preferred developer tool—with the ability to modify configurations anytime. Plus, Aurora PostgreSQL is now available with AWS Free Tier.

Today, AWS announces remote connection from Cursor IDE to Amazon SageMaker Unified Studio via the AWS Toolkit extension. This new capability allows data scientists, ML engineers, and developers to leverage their Cursor setup - including its AI-powered code completion, natural language editing, and multi-file editing capabilities - while accessing the scalable compute resources of Amazon SageMaker. By connecting Cursor to SageMaker Unified Studio using the AWS Toolkit extension, you can eliminate context switching between your local IDE and cloud infrastructure, maintaining your existing AI-assisted development workflows within a single environment for all your AWS analytics and AI/ML services. SageMaker Unified Studio, part of the next generation of Amazon SageMaker, offers a broad set of fully managed cloud interactive development environments (IDE), including JupyterLab and Code Editor based on Code-OSS (Open-Source Software). Starting today, you can also use your customized local Cursor setup - complete with custom rules, extensions, and AI model preferences - while accessing your compute resources and data on Amazon SageMaker. Since Cursor is built on Code-OSS, authentication is secure via IAM through the AWS Toolkit extension, giving you access to all your SageMaker Unified Studio domains and projects. This integration provides a convenient path from your local AI-powered development environment to scalable infrastructure for running workloads across data processing, SQL analytics services like Amazon EMR, AWS Glue, and Amazon Athena, and ML workflows - all with enterprise-grade security including customer-managed encryption keys and AWS IAM integration. This feature is available in all AWS Regions where Amazon SageMaker Unified Studio is available. To learn more, visit the local IDE support documentation..

Amazon Bedrock AgentCore now enables customers to configure Chrome Enterprise policies for AgentCore Browser and specify custom root Certificate Authority (CA) certificates for both AgentCore Browser and Code Interpreter. These enhancements help ensure enterprise requirements are met when allowing AI agents to operate within organizations that have strict security policies and internal infrastructure using custom certificates. With Chrome policies, you can leverage over 100+ configurable policies for managing browser behavior across security, URL filtering, content settings, and more to enforce organizational compliance requirements. For example, restrict agents to specific URLs for kiosk-mode operations, disable password managers and downloads for data-entry tasks, or implement URL blocklists for regulatory compliance. Custom root CA support enables agents to seamlessly connect to internal services like Artifactory, Jira, and finance portals that use SSL certificates signed by your organization's internal Certificate Authority, and work with corporate proxies performing TLS interception. These features are available in all 14 AWS Regions where Amazon Bedrock AgentCore Browser and Code Interpreter are available: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), and Canada (Central). To learn more, visit the AgentCore Browser documentation.

In this post, we explore how the multimodal foundation models (FMs) of Amazon Bedrock enable scalable video understanding through three distinct architectural approaches. Each approach is designed for different use cases and cost-performance trade-offs.

In this series of posts, you will learn how streaming architectures help address these challenges using Pipecat voice agents on Amazon Bedrock AgentCore Runtime. In Part 1, you will learn how to deploy Pipecat voice agents on AgentCore Runtime using different network transport approaches including WebSockets, WebRTC and telephony integration, with practical deployment guidance and code samples.

AWS Batch now supports quota management with job preemption for SageMaker Training jobs, enabling you to efficiently allocate and share compute resources across your teams and projects. If you're using GPU capacity in SageMaker Training jobs, you can now intelligently allocate compute resources, prioritize your business-critical training jobs, and automatically preempt lower-priority workloads when your urgent experiments arrive. With quota management, you can create up to 20 quota shares per job queue that function as virtual queues with dedicated capacity limits and configurable resource sharing strategies. The service automatically uses cross-share preemption to restore borrowed capacity when the original owner submits jobs, and supports in-share preemption to allow high-priority jobs to preempt lower-priority jobs within the same quota share. You can monitor capacity utilization at the queue, quota share, and job-level granularity, update job priorities after submission to influence preemption decisions, and configure preemption retry limits to control behavior. The feature integrates directly with the SageMaker Python SDK via the aws_batch module. Quota management with job preemption for SageMaker Training jobs is available today in all AWS Regions where AWS Batch is available. For more information, see our Quota Management example notebook on GitHub and the AWS Batch User Guide.

Amazon Route 53 Profiles now supports granular AWS Identity and Access Management (IAM) permissions, allowing you to control which users can manage specific resource types and VPC associations within your Profiles. With this launch, you can create IAM policies that restrict users to specific operations (associate, disassociate, or update) on individual resource types such as private hosted zones, Resolver rules, or DNS Firewall rule groups. You can also define permissions based on resource ARNs, hosted zone names, Resolver rule domain names, DNS Firewall rule group priority ranges, or specific VPC associations. Route 53 Profiles enable you to define a standard DNS configuration that includes private hosted zone associations, Resolver rules, and DNS Firewall rule groups, and apply this configuration to multiple VPCs in your account or share with AWS accounts using AWS Resource Access Manager (RAM). This new capability provides administrators with fine-grained control over Profile management, enabling you to delegate specific responsibilities while maintaining security and governance standards across your organization. This feature is available at no additional charge in all AWS Regions where Route 53 Profiles is available, except in Middle East (Bahrain) and Middle East (UAE). To learn more, see the Amazon Route 53 Profiles documentation and pricing page.

In this post, we walk through the end-to-end workflow of using RFT on Amazon Bedrock with OpenAI-compatible APIs: from setting up authentication, to deploying a Lambda-based reward function, to kicking off a training job and running on-demand inference on your fine-tuned model.

Amazon Quick is now available in the AWS Asia Pacific (Tokyo) region (ap-northeast-1). This launch allows customers in Japan to access the full power of Amazon Quick while meeting local and regional requirements for data sovereignty. Amazon Quick provides business users an agentic teammate that quickly answers questions at work and turns those answers into actions. With Amazon Quick, every user is empowered to make better decisions, faster and take actions without switching applications using AI they can trust. Today’s launch allows customers to take advantage of Amazon Quick’s capabilities including AI-powered chat, Research, Spaces, Flows, and QuickSight dashboards — with their data stored and processed locally within the AWS Tokyo region. This expansion also supports in-region inference through JP-CRIS (Japan Cross-Region Inference), ensuring that inference requests from Tokyo instances are routed exclusively within the AWS Tokyo region. Customers in regulated industries such as financial services, healthcare, and the public sector can meet strict data sovereignty requirements of Japan's data protection frameworks, including the Act on the Protection of Personal Information (APPI). For a full list of AWS regions where Amazon Quick is available, visit the Quick regional availability page. To learn more, visit the Amazon Quick documentation or product detail page.

Amazon Aurora PostgreSQL is now available on the AWS Free Tier, which offers new customers $100 in AWS credits upon sign-up and the ability to earn an additional $100 in credits by using services including Amazon RDS. With a Free Plan account, you can create an Aurora PostgreSQL serverless cluster from the Amazon RDS Console, AWS CLI, or AWS SDKs using express configuration, which enables you to create and query an Aurora PostgreSQL database in seconds. To get started, select the Free Plan during new AWS account sign-up. AWS Free Tier is available in all AWS Regions where Aurora PostgreSQL serverless is supported. For more details, see the Aurora & RDS Free Tier and AWS Free Tier pages.

Amazon Aurora PostgreSQL now offers a new experience to create a cluster with express configuration, enabling you to create and query an Aurora serverless database in seconds. With pre-configured settings, the new experience accelerates initial setup and reduces time to first query. You have the flexibility to modify certain settings during creation and most other settings afterward. Aurora clusters created using express configuration reside outside a virtual private cloud (VPC) network and include an internet access gateway for secure connections from your favorite development tools - no VPN, or AWS Direct Connect required. The internet access gateway supports the full PostgreSQL wire protocol, enabling connectivity from a broad range of development tools and clients. It is distributed across multiple Availability Zones, providing the same level of high availability as your Aurora cluster. It also sets up AWS Identity and Access Management (IAM) authentication for your administrator user by default, enabling passwordless database authentication from the beginning without additional configuration. Aurora PostgreSQL serverless is now available with the AWS Free Tier on both the Free and Paid plans.  For regional availability and more details, see the Amazon Aurora documentation or read the launch blog. To get started, use the Amazon RDS Console, AWS CLI, or AWS SDKs.

Amazon Quick is now available in the AWS Europe (Frankfurt) region (eu-central-1). This launch allows customers in Germany to access the full power of Amazon Quick while meeting local and regional requirements for data sovereignty. Amazon Quick provides business users an agentic teammate that quickly answers questions at work and turns those answers into actions. With Amazon Quick, every user is empowered to make better decisions, faster and take actions without switching applications using AI they can trust. Today’s launch allows customers to take advantage of Amazon Quick’s capabilities including AI-powered chat, Research, Spaces, Flows, and QuickSight dashboards — with their data stored and processed locally within the Frankfurt region. This expansion also supports in-region inference through EU-CRIS (Europe Cross-Region Inference), ensuring that inference requests from Frankfurt instances are routed exclusively within European AWS Regions. Customers in regulated industries such as financial services, healthcare, and the public sector can meet strict data sovereignty requirements of EU data protection frameworks including GDPR. For a full list of AWS regions where Amazon Quick is available, visit the Quick regional availability page. To learn more, visit the Amazon Quick documentation or product detail page.

Amazon Quick is now available in the AWS Europe (London) region (eu-west-2). This launch allows customers in the United Kingdom to access the full power of Amazon Quick while meeting local and regional requirements for data sovereignty. Amazon Quick provides business users an agentic teammate that quickly answers questions at work and turns those answers into actions. With Amazon Quick, every user is empowered to make better decisions, faster and take actions without switching applications using AI they can trust. Today’s launch allows customers to take advantage of Amazon Quick’s capabilities including AI-powered chat, Research, Spaces, Flows, and QuickSight dashboards — with their data stored and processed locally within the London region. This expansion also supports in-region inference through EU-CRIS (Europe Cross-Region Inference), ensuring that inference requests from London instances are routed exclusively within European AWS Regions. Customers in regulated industries such as financial services, healthcare, and the public sector can meet strict data sovereignty requirements of UK data protection frameworks. For a full list of AWS regions where Amazon Quick is available, visit the Quick regional availability page. To learn more, visit the Amazon Quick documentation or product detail page.

Amazon SageMaker AI now supports serverless model customization and reinforcement fine-tuning for 12 additional open-weight models, enabling you to fine-tune and evaluate them without provisioning or managing infrastructure. The newly supported models are: gpt-oss-120b, Qwen2.5 72B Instruct, DeepSeek-R1-Distill-Llama-70B, Qwen3 14B, DeepSeek-R1-Distill-Qwen-14B, Qwen2.5 14B Instruct, DeepSeek-R1-Distill-Llama-8B, DeepSeek-R1-Distill-Qwen-7B, Qwen3 4B, Meta Llama 3.2 3B Instruct, Qwen3 1.7B, and DeepSeek-R1-Distill-Qwen-1.5B. With this expansion, you can customize these models using supervised fine-tuning (SFT), direct preference optimization (DPO), and reinforcement fine-tuning (RFT) techniques including RLVR and RLAIF, and only pay for what you use. Reinforcement fine-tuning enables you to align models to complex, domain-specific reasoning tasks where techniques such as traditional SFT alone fall short. With RLVR, you can improve model accuracy on verifiable tasks such as code generation, math, and structured extraction by providing reward signals based on correctness. RLAIF uses AI-generated feedback to steer model behavior toward your quality and safety preferences. These techniques are available on previously supported and newly added models, with no cluster setup, capacity planning, or distributed training expertise required. These models and fine-tuning techniques are available in US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo), and EU (Ireland). To get started, see the Amazon SageMaker AI model customization product page and visit the Amazon SageMaker AI pricing page (Model Customization tab) to see the full list of models, techniques, and prices.

AWS is announcing starting today, Amazon EC2 I7ie instances are now available in AWS Asia Pacific (Hong Kong), Asia Pacific (Seoul), Asia Pacific (Melbourne), Asia Pacific (Thailand), Europe (Zurich), Europe (Milan) and Mexico (Central) regions. Designed for large storage I/O intensive workloads, I7ie instances are powered by 5th Gen Intel Xeon Processors with an all-core turbo frequency of 3.2 GHz, offering up to 40% better compute performance and 20% better price performance versus I3en instances. I7ie instances offer up to 120TB local NVMe storage density for storage optimized instances and offer up to twice as many vCPUs and memory compared to prior generation instances. Powered by 3rd generation AWS Nitro SSDs, I7ie instances deliver up to 65% better real-time storage performance, up to 50% lower storage I/O latency, and 65% lower storage I/O latency variability compared to I3en instances. I7ie are high density storage optimized instances, ideal for workloads requiring fast local storage with high random read/write performance at very low latency consistency to access large data sets. These instances are available in 9 virtual sizes and deliver up to 100Gbps of network bandwidth and 60Gbps of bandwidth for Amazon Elastic Block Store (EBS). To learn more, visit the I7ie instances page.

AWS Backup now supports Amazon DocumentDB in 12 additional AWS Regions: Asia Pacific (Malaysia, Thailand, Osaka, Hong Kong, Jakarta, Melbourne), Europe (Stockholm, Spain, Zurich), Africa (Cape Town), Israel (Tel Aviv), and Mexico (Central). This expansion brings policy-based data protection and recovery to your Amazon DocumentDB clusters in these newly supported Regions. To start protecting your DocumentDB clusters with AWS Backup, add your DocumentDB clusters to your existing backup plans, or create a new backup plan and attach your DocumentDB clusters to it. To learn more about AWS Backup for Amazon DocumentDB, visit the product page, pricing page, and documentation. To get started, visit the AWS Backup console, AWS Command Line Interface (CLI), or AWS SDKs.

AWS Transfer Family now supports receiving Message Disposition Notifications (MDNs) asynchronously for messages sent to trading partners over Applicability Statement 2 (AS2). This enables you to migrate your AS2 workflows to Transfer Family while maintaining interoperability with your trading partners, regardless of their message processing times or network requirements.  Organizations across healthcare, life sciences, retail, manufacturing, and supply chain sectors depend on Transfer Family for secure AS2-based data exchange with trading partners and regulatory bodies. You can now send AS2 messages while requesting MDNs asynchronously over a separate TLS connection, ensuring compatibility with partner AS2 systems that have extended processing times or high latency. With this launch, Transfer Family supports both synchronous and asynchronous MDN requests, enabling you to migrate AS2 workflows to AWS without impacting your partner integrations.  This capability is available in the majority of AWS regions where AWS Transfer Family is offered. For the full list of supported regions, visit the AWS Capabilities tool in Builder Center. For detailed implementation guidance, see the Transfer Family user guide. To learn more, visit the AWS Transfer Family product page.

AWS ParallelCluster 3.15 is now generally available. This release adds support for P6-B300 instance types and upgrades Slurm to version 25.11 with expedited job requeue. With P6-B300 support, you can run demanding AI/ML and high-performance computing workloads on the latest NVIDIA Blackwell GPU infrastructure. This release includes improved EFA network configuration defaults and support for network interface customization. To learn how to customize network interfaces, see Customize compute node network interfaces with launch template overrides. Other improvements include more reliable cluster updates, improved performance for tightly-coupled workloads in large clusters, and support for updating cluster tags without disruption. For more details, review the AWS ParallelCluster 3.15.0 release notes. AWS ParallelCluster is an open-source cluster management tool that makes it possible for R&D customers and IT administrators to operate high-performance computing (HPC) clusters on AWS. ParallelCluster is designed to automatically and securely provision cloud resources into elastically-scaling HPC clusters capable of running scientific and engineering workloads at scale on AWS. ParallelCluster is available at no additional charge in the AWS Regions listed here, and you pay only for the AWS resources needed to run your applications. To learn more about launching HPC clusters on AWS, visit the ParallelCluster User Guide. To start using ParallelCluster, see the installation instructions for ParallelCluster UI and CLI.

Amazon SageMaker HyperPod now extends continuous provisioning support to clusters using the Slurm orchestrator, enabling greater flexibility and efficiency for enterprise customers running large-scale AI/ML training workloads. AI/ML customers running Slurm-based clusters need to start training quickly, scale seamlessly, perform maintenance without disrupting operations, and have granular visibility into cluster operations. Previously, if any instance group could not be fully provisioned, the entire cluster creation or scaling operation failed and rolled back, causing delays and requiring manual intervention. With continuous provisioning for Slurm, SageMaker HyperPod automatically provisions remaining capacity in the background while training jobs can begin immediately on available instances. The system uses priority-based provisioning to bring up the Slurm controller node first, followed by login and worker nodes in parallel, so your cluster reaches an operational state as quickly as possible. HyperPod retries failed node launches asynchronously and adds nodes to the Slurm cluster automatically as they become available, ensuring clusters reliably reach their desired scale without requiring manual intervention. You can now perform concurrent, non-blocking scaling operations across multiple instance groups simultaneously — a capacity shortage in one instance group no longer blocks scaling in others. These capabilities help customers reduce time-to-training, maximize resource utilization, and focus on innovation rather than infrastructure management. This feature is available for new SageMaker HyperPod clusters using the Slurm orchestrator. You can enable continuous provisioning by setting the NodeProvisioningMode parameter to "Continuous" when creating new HyperPod clusters using the CreateCluster API. Continuous provisioning can also be enabled when creating new clusters through the AWS CLI and the SageMaker AI console. This feature is available in all AWS Regions where Amazon SageMaker HyperPod is supported. To learn more about continuous provisioning for Slurm clusters, see the Amazon SageMaker HyperPod User Guide.

Amazon Bedrock AgentCore Runtime now offers managed session storage in public preview, enabling agents to persist their filesystem state across stop and resume cycles. Modern agents write code, install packages, generate artifacts, and manage state through the filesystem. Until now, that work was lost when a session stopped. With managed session storage, everything your agent writes to a configured mount path persists automatically, even after the compute environment terminates. When you configure session storage, each session gets a persistent directory at the mount path you specify. Your agent reads and writes files as normal, and AgentCore Runtime transparently replicates data to durable storage. When the session stops, data is flushed during graceful shutdown. When you resume with the same session ID, a new microVM mounts the same storage and the agent continues from where it left off — source files, installed packages, build artifacts, and git history all intact. No checkpoint logic, no save and restore code, and no changes to your agent application required. Session storage supports standard Linux filesystem operations including regular files, directories, and symlinks, with up to 1 GB per session and data retained for 14 days of idle time. Storage communication is confined to a single session's data and cannot access other sessions or AgentCore Runtime environments. Session storage is available in public preview across fourteen AWS Regions: US (N. Virginia, Ohio, Oregon), Canada (Central), Asia Pacific (Mumbai, Seoul, Singapore, Sydney, Tokyo), Europe (Frankfurt, Ireland, London, Paris, Stockholm). To learn more, see persist files across stop/resume in the Amazon Bedrock AgentCore documentation.

If you’re struggling with manual data classification in your organization, the new Amazon SageMaker Catalog AI agent can automate this process for you. Most large organizations face challenges with the manual tagging of data assets, which doesn’t scale and is unreliable. In some cases, business terms aren’t applied consistently across teams. Different groups name and tag data assets based on local conventions. This creates a fragmented catalog where discovery becomes unreliable and governance teams spend more time normalizing metadata than governing. In this post, we show you how to implement this automated classification to help reduce the manual tagging effort and improve metadata consistency across your organization.

(Continued from Part 1) In this post, we show how you can give on-premises clients and spoke account resources private access to OpenSearch Serverless collections distributed across multiple business unit accounts.

In this post, we show how organizations can provide secure, private access to multiple Amazon OpenSearch Serverless collections from both on-premises environments and distributed AWS accounts using a single centralized interface VPC endpoint and Route 53 Profiles.

In this post, we walk through how to search for available p-family GPU capacity, create a training plan reservation for inference, and deploy a SageMaker AI inference endpoint on that reserved capacity. We follow a data scientist's journey as they reserve capacity for model evaluation and manage the endpoint throughout the reservation lifecycle.

This post introduces Claude Tool use in Amazon Bedrock which uses the power of large language models (LLMs) to perform dynamic, adaptable entity recognition without extensive setup or training.

You can now use Amazon Timestream for InfluxDB in the Mexico (Central), Japan (Osaka), and Brazil (Sao Paulo) AWS regions. Timestream for InfluxDB makes it easy for application developers and DevOps teams to run fully managed InfluxDB databases on AWS for real-time time-series applications using open-source APIs. Timestream for InfluxDB offers Multi-AZ high availability, read replicas, enhanced durability, and multi-node scaling — giving you flexible deployment options to match your workload as it evolves. Whether you're starting with a single-node setup or scaling to a 15-node Enterprise cluster, you can right-size your infrastructure without re-architecting. You can create your InfluxDB databases using the Amazon Timestream for InfluxDB console. AWS CLI, or AWS SDKs . Amazon Timestream for InfluxDB is available in the following AWS Regions. For more information, see the Amazon Timestream for InfluxDB documentation and pricing page.

AWS HealthOmics announces batch run submission, allowing customers to submit up to 100,000 runs of any given workflow in a single request. With this launch, customers can now submit large-scale genomics experiments with thousands of samples without the overhead of submitting and tracking individual runs one by one, reducing overhead and simplifying orchestration. AWS HealthOmics is a HIPAA-eligible service that helps healthcare and life sciences customers accelerate scientific breakthroughs with fully managed bioinformatics workflows. Batch run submission enables customers to initiate multiple workflow runs with similar parameters simultaneously. All runs in a batch share a common configuration, with the option to override specific parameters for individual runs based on different sample inputs or parameter values. The batch run APIs provide full lifecycle management of batch processing workflows. Customers can use the new batch ID resource to track each submission, easily cancel or delete in bulk, and monitor batch progress. Batch resources enable customers to troubleshoot issues and maintain optimal resource utilization across large-scale automation pipelines. Batch run operations are now available in all regions where AWS HealthOmics is available: US East (N. Virginia), US West (Oregon), Europe (Frankfurt, Ireland, London), Israel (Tel Aviv), Asia Pacific (Singapore), and Asia Pacific (Seoul). To get started with run batches in HealthOmics workflows, see the documentation.

In this post, we look at how Generali is using Amazon EKS Auto Mode and its integration with other AWS services to enhance performance while reducing operational overhead, optimizing costs, and enhancing security.

This post walks through a fraud detection system built with durable functions. It also highlights the best practices that you can apply to your own production workflows, from approval processes to data pipelines to AI agent orchestration.

In this post, you learn how to set up an automated, end-to-end solution that extracts tables from Amazon Aurora MySQL Serverless v2 and writes them to Amazon S3 Tables in Apache Iceberg format using AWS Glue.

In this post, we show you how Amazon Managed Streaming for Apache Kafka (Amazon MSK) Express brokers brokers streamline the end-to-end activities for Kafka administration.

In this blog post, we show you how Reco implemented Amazon Bedrock to help transform security alerts and achieve significant improvements in incident response times.

Hello! I’m Daniel Abib, and this is my first AWS Weekly Roundup. I’m a Senior Specialist Solutions Architect at AWS, focused on the generative AI and Amazon Bedrock. With over 28 years of experience in solution architecture, software development, and cloud architecture, I help Startups & Enterprises harness the power of generative AI with Amazon […]

AWS HealthImaging is now available in the AWS Europe (London) Region. AWS HealthImaging is a HIPAA-eligible service that empowers healthcare providers, life sciences organizations, and their software partners to store, analyze, and share medical images at petabyte scale. AWS HealthImaging offers fully managed infrastructure for storing medical imaging data, with both DICOMWeb APIs for easy integration with existing applications and AWS-native APIs for cloud-first implementations. With AWS HealthImaging, organizations can reduce storage costs by up to 40% compared to do-it-yourself solutions, enable faster image access for clinical workflows, and accelerate the development of AI-powered diagnostic applications while maintaining strict security controls over sensitive data. AWS HealthImaging is generally available in the following AWS Regions: US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), Europe (Ireland), and Europe (London). To learn more, see the AWS HealthImaging Developer Guide.

AWS announces the Neuron Dynamic Resource Allocation (DRA) driver for Amazon Elastic Kubernetes Service (EKS), bringing Kubernetes-native hardware-aware scheduling to AWS Trainium-based instances. The Neuron DRA driver publishes rich device attributes directly to the Kubernetes scheduler, enabling topology-aware placement decisions without custom scheduler extensions. Deploying AI workloads on Kubernetes requires ML engineers to make infrastructure decisions that are not directly related to model development, such as determining device counts, understanding hardware and network topologies, and writing accelerator-specific manifests. This creates friction, slows iteration, and tightly couples workloads to underlying infrastructure. As use cases expand to distributed training, long-context inference, and disaggregated architectures, this complexity becomes a scaling bottleneck. The Neuron DRA driver removes this burden by separating infrastructure concerns from ML workflows. Infrastructure teams define reusable ResourceClaimTemplates that capture device topology, allocation, and networking policies. ML engineers can simply reference these templates in their manifests, without needing to reason about hardware details. This enables consistent deployment across workload types while allowing per-workload configuration so multiple workloads can efficiently share the same nodes. The Neuron DRA driver supports all AWS Trainium instance types  and is available in all AWS Regions where AWS Trainium is available. For documentation, sample templates, and implementation guides, visit the Neuron DRA documentation. Learn more: Neuron EKS DRA templates Neuron EKS documentation Amazon EKS documentation

Amazon Bedrock AgentCore Runtime now supports WebRTC for real-time bidirectional streaming between clients and agents, adding to the existing WebSocket protocol support. With WebRTC, developers can build voice agents for browser and mobile applications that stream audio and video bidirectionally with low latency using peer-to-peer, UDP-based transport, enabling natural, real-time conversational experiences. WebRTC joins WebSocket as the second bidirectional streaming protocol supported by AgentCore Runtime. While WebSocket provides persistent, full-duplex connections for text and audio streaming over TCP, WebRTC is optimized for real-time media delivery where low latency is critical, such as voice agents in browser and mobile applications. WebRTC requires a TURN relay for media traffic, and AgentCore Runtime gives you flexibility in how you set that up: Amazon Kinesis Video Streams managed TURN for a fully managed experience with native AWS IAM integration, a third-party provider, or your own self-hosted TURN infrastructure. Both protocols benefit from AgentCore Runtime session isolation, observability, and scaling. WebRTC is supported in AgentCore Runtime across fourteen AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Mumbai), Canada (Central), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), and Europe (Stockholm). To get started, see Bidirectional streaming in the Amazon Bedrock AgentCore documentation, which includes ready-to-deploy examples for both protocols: an Amazon Nova Sonic voice agent with KVS TURN server, Pipecat voice agents with WebSocket, WebRTC, and Daily transport, a LiveKit voice agent, and a Strands Agents SDK voice agent.

Amazon Elastic Kubernetes Service (Amazon EKS) now offers a 99.99% Service Level Agreement (SLA) for clusters running on Provisioned Control Plane, up from the 99.95% SLA offered on standard control plane. Amazon EKS is also introducing the 8XL scaling tier, the largest available Provisioned Control Plane tier. Provisioned Control Plane gives you the ability to select your cluster's control plane capacity from a set of well-defined scaling tiers, ensuring the control plane is pre-provisioned and ready to handle traffic spikes or unpredictable bursts. The higher 99.99% SLA is measured in 1-minute intervals, providing a more granular and stringent availability commitment for mission-critical workloads. The new 8XL tier offers double the Kubernetes API server request processing capacity of the next lower 4XL tier, enabling workloads such as ultra-scale AI/ML training, high-performance computing (HPC), and large-scale data processing. Both the 99.99% SLA and the 8XL tier are available today in all AWS regions where Amazon EKS Provisioned Control Plane is offered. To learn more about the SLA, see the Amazon EKS Service Level Agreement. For 8XL pricing and capabilities, see the EKS pricing and EKS Provisioned Control Plane documentation.

Today, we are excited to announce the general availability of 10 new highly expressive Amazon Polly Generative voices across 8 locales: Tiffany (American English), Brian (British English), Aria (New Zealand English), Jasmine (Singapore English),  Florian (French), Ambre (French), Lorenzo (Italian), Beatrice (Italian), Lennart (German), and Sabrina (Swiss German).  Alongside these new voices, we have expanded the Generative engine to two new AWS regions in Europe (London) and Canada (Central). We have also introduced the Bidirectional Streaming API support for the Generative engine, allowing customers to stream text to Polly and receive synthesized audio back simultaneously. This makes it easy to feed output directly from a large language model (LLM) into speech synthesis, enabling real-time applications like chatbots and bespoke characters in games. Amazon Polly is a fully managed service that turns text into lifelike speech. This expansion addresses the growing demand for natural-sounding, lifelike speech generation in conversational AI and content creation. Developers building LLM-based interactive systems and speech-enabled applications can take advantage of the enhanced voice quality and variety, expanded language and feature support, as well as broader AWS region availability.  To hear how Polly voices sound, go to Amazon Polly Features. For more details on the Polly offerings and use, see the Amazon Polly documentation and pricing page.

AWS Database Migration Service (DMS) Schema Conversion with GenAI is now available in nine additional AWS Regions: Asia Pacific (Tokyo, Osaka, Sydney), Europe (Ireland, London, Stockholm, Paris), Canada (Central) and US East (Ohio). This feature leverages Amazon Bedrock foundation models—including Claude 3.5 Sonnet v2, Claude 3.7 Sonnet, and Claude Sonnet 4—to automate database schema and code conversion, helping organizations accelerate their database modernization initiatives. The regional expansion enables customers to process their migration workloads locally, reducing latency and supporting data residency requirements. DMS Schema Conversion with GenAI automatically converts database schemas and code from Oracle, SQL Server, MySQL, PostgreSQL, and Sybase to Amazon Aurora PostgreSQL-Compatible Edition and Amazon RDS for PostgreSQL. By automating the conversion process, the service significantly reduces manual effort and accelerates migration project timelines, enabling database administrators and migration specialists to focus on strategic modernization activities rather than time-consuming manual code transformation. DMS Schema Conversion is available at no additional charge and can be accessed through the AWS Management Console or AWS Command Line Interface (CLI). To learn more about supported database engines, conversion capabilities, and regional availability, visit the DMS Schema Conversion documentation and cross-region inference documentation.

AWS DataSync now supports AWS Secrets Manager for credential management across all location types, including Hadoop Distributed File System (HDFS), Amazon FSx for Windows File Server, and Amazon FSx for NetApp ONTAP. Previously, Secrets Manager integration was limited to a subset of location types, requiring you to provide credentials directly through the DataSync API or console. You can centralize credential management for all DataSync locations in Secrets Manager, providing a single, consistent approach across all your data transfers. You can also encrypt credentials with your own AWS KMS key instead of the default AWS-owned key, helping you meet your organization's security requirements and governance policies. All secrets are stored in your account, allowing you to update credentials as needed, independent of the DataSync service. DataSync supports two approaches for credential management. You can provide a secret ARN referencing credentials you manage in Secrets Manager for full control over rotation, auditing, and access policies. Alternatively, DataSync can automatically create and manage secrets on your behalf. This capability is available is available in the majority of AWS regions where AWS DataSync is offered. For the full list of supported regions, visit the AWS Capabilities tool in Builder Center. To get started, visit the AWS DataSync console. For more information, see Managing credentials with AWS Secrets Manager in the AWS DataSync documentation.

Today, AWS announces that the AWS MCP Server (preview) now publishes operational metrics to Amazon CloudWatch and introduces scalable Agent SOPs discovery using semantic similarity. Agent SOPs are pre-built, tested workflows that guide AI assistants through complex multi-step AWS tasks. These updates give you visibility into your MCP Server usage and provide a guided path for your agents to perform tasks on AWS. Previously, customers were unable to monitor changes done through agents using AWS MCP server to track usage patterns, identify permission issues, and set up alarms on errors. With this update, the AWS MCP Server now automatically publishes metrics under the AWS-MCP namespace in CloudWatch at no additional cost. You can monitor invocation counts, success rates, client errors, server errors, and throttling for individual tools such as the AWS API caller (call_aws) and the Agent SOP retriever (retrieve_agent_sop). These metrics help you track usage patterns, identify permission issues, and set up alarms when error rates exceed your thresholds. Additionally, the documentation search tool (search_documentation) now uses semantic similarity to return relevant Agent SOPs alongside AWS documentation results, allowing AI assistants to discover the right SOP through natural language queries. The AWS MCP Server is available in preview in the US East (N. Virginia) AWS Region at no additional cost. To get started on AWS MCP server, please read documentation here.

Amazon EC2 Fleet now supports interruptible Capacity Reservations. EC2 Fleet allows you to launch instances across multiple instance types and Availability Zones. Starting today, you can specify interruptible Capacity Reservation IDs across your Launch Templates to provision instances in a single EC2 Fleet call. When On-Demand Capacity Reservations are not in use, customers can make them temporarily available as interruptible reservations within their AWS Organization to improve utilization and save costs. When these interruptible reservations are available to your account, you can now use EC2 Fleet to easily consume them. This feature is available in all AWS commercial regions. To get started, refer to the EC2 Fleet documentation. To learn more about interruptible Capacity Reservations, visit the EC2 Capacity Reservations user guide.

AWS announces support for NVIDIA Inference Xfer Library (NIXL) with Elastic Fabric Adapter (EFA) to accelerate disaggregated large language model (LLM) inference on Amazon EC2. This integration enhances disaggregated inference serving through three key improvements: increased KV-cache throughput, reduced inter-token latency, and optimized KV-cache memory utilization. NIXL with EFA enables high throughput, low-latency KV-cache transfer between prefill and decode nodes, and it enables efficient KV-cache movement between various storage layers. NIXL is interoperable with all EFA-enabled EC2 instances and integrates natively with frameworks including NVIDIA Dynamo, SGLang, and vLLM. Combined, NIXL with EFA enables flexible integration with your EC2 instance and framework of choice, providing performant disaggregated inference at scale. AWS supports NIXL version 1.0.0 or higher with EFA installer version 1.47.0 or higher on all EFA-enabled EC2 instance types in all AWS regions at no additional cost. For more information, visit the EFA documentation.

Amazon Redshift federated permissions are now supported with AWS IAM Identity Center (IdC) in multiple AWS Regions. You can extend IdC from your primary AWS Region to additional Regions for improved performance through proximity to users and reliability. In the additional regions, you now have simplified administration of Redshift fine-grained access controls at the table and column level using existing workforce identities with IdC. When a new Region is added in IdC, you can create Redshift and Lake Formation Identity Center applications in the new Region without replicating identities from the primary Region. This enables you to use existing workforce identities to query data across warehouses in the new Region. Regardless of which warehouse is used for querying, row-level, column-level, and masking controls always apply automatically, delivering fine-grained access compliance. You can also access Amazon Redshift with single sign-on in these new Regions from Amazon QuickSight, Amazon Redshift Query Editor, or third-party SQL tools. To get started with Redshift federated permissions using IdC, read the blog and documentation. To extend IdC support in multiple regions, read IdC documentation, Redshift documentation, Lake Formation documentation, and see the region availability.

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) C8gn instances, powered by the latest-generation AWS Graviton4 processors, are available in the AWS Region Asia Pacific (Jakarta, Hyderabad, Tokyo), South America (Sao Paulo), and Europe (Zurich). The new instances provide up to 30% better compute performance than Graviton3-based Amazon EC2 C7gn instances. Amazon EC2 C8gn instances feature the latest 6th generation AWS Nitro Cards, and offer up to 600 Gbps network bandwidth, the highest network bandwidth among network optimized EC2 instances.    Take advantage of the enhanced networking capabilities of C8gn to scale performance and throughput, while optimizing the cost of running network-intensive workloads such as network virtual appliances, data analytics, CPU-based artificial intelligence and machine learning (AI/ML) inference.    For increased scalability, C8gn instances offer instance sizes up to 48xlarge, up to 384 GiB of memory, and up to 60 Gbps of bandwidth to Amazon Elastic Block Store (EBS). C8gn instances support Elastic Fabric Adapter (EFA) networking on the 16xlarge, 24xlarge, 48xlarge, metal-24xl, and metal-48xl sizes, which enables lower latency and improved cluster performance for workloads deployed on tightly coupled clusters.    C8gn instances are available in the following AWS Regions: US East (N. Virginia, Ohio), US West (Oregon, N.California), Europe (Frankfurt, Stockholm, Ireland, London, Spain, Zurich), Asia Pacific (Singapore, Malaysia, Sydney, Thailand, Mumbai, Seoul, Melbourne, Jakarta, Hyderabad, Tokyo), Middle East (UAE), Africa (Cape Town), Canada West (Calgary, Central), South America (Sao Paulo), AWS GovCloud (US-East, US-West).   To learn more, see Amazon C8gn Instances. To begin your Graviton journey, visit the Level up your compute with AWS Graviton page. To get started, see AWS Management Console, AWS Command Line Interface (AWS CLI), and AWS SDKs.

AWS Lambda now provides Availability Zone (AZ) metadata through a new metadata endpoint in the Lambda execution environment. With this capability, developers can determine the AZ ID (e.g., use1-az1) of the AZ their Lambda function is running in, enabling them to build functions that make AZ-aware routing decisions, such as preferring same-AZ endpoints for downstream services to reduce cross-AZ latency. This capability also enables operators to implement AZ-aware resilience patterns like AZ-specific fault injection testing. Lambda automatically provisions and maintains execution environments ready to serve function invocations across multiple AZs within an AWS Region to provide high availability and fault tolerance without any additional configuration or management overhead for customers.  As development teams scale their serverless applications, their functions often need to interact with other AWS services like Amazon ElastiCache and Amazon RDS that provide endpoints specific to each AZ. Until now, Lambda did not provide a way for functions to determine which AZ they were running in. With the new metadata endpoint, functions can now retrieve their AZ ID with a simple HTTP request, making it easy to implement AZ-aware logic without building and maintaining custom solutions. To get started, use the Powertools for AWS Lambda metadata utility or call the metadata endpoint directly using the environment variables that Lambda automatically sets in the execution environment. This capability is supported for all Lambda runtimes, including custom runtimes and functions packaged as container images, and integrates seamlessly with Lambda capabilities like SnapStart and provisioned concurrency, regardless of whether your functions are VPC-enabled.  AZ metadata support is available at no additional cost in all commercial AWS Regions where Lambda is available. To learn more, visit Lambda documentation.

Celebrating twenty years of innovation in ML and AI technology at AWS. Countless developers—myself included—have embraced cloud computing and actively used its capabilities to accomplish what was previously impossible.

Finding the right data assets in large enterprise catalogs can be challenging, especially when thousands of datasets are cataloged with organization-specific metadata. Amazon SageMaker Unified Studio now supports custom metadata search filters. In this post, you learn how to create custom metadata forms, publish assets with metadata values, and use structured filters to discover those assets.

Amazon Bedrock expands model selection for customers by adding support for GLM 5 and Minimax M2.5. GLM 5 is a frontier‑class, general‑purpose large language model optimized for complex systems engineering and long‑horizon agentic tasks. It builds on the GLM 4.5 agent‑centric lineage and is designed to support multi‑step reasoning, math (including AIME‑style benchmarks), advanced coding, and tool‑augmented workflows, with long context support suitable for sophisticated agents and enterprise applications. MiniMax M2.5 is an agent‑native frontier model trained explicitly to reason efficiently, decompose tasks optimally, and complete complex workflows under real‑world time and cost constraints. It achieves task completion speeds comparable to or faster than leading proprietary frontier models by combining high inference throughput with reinforcement learning focused on token‑efficient reasoning and better decision‑making in agentic scaffolds. MiniMax M2.5 and GLM 5 are now available in Amazon Bedrock across select AWS Regions. For the full list of available AWS Regions, refer to the documentation.

Amazon EC2 High Memory U7i instances with 6TB of memory (u7i-6tb.112xlarge) are now available in AWS Asia Pacific (Malaysia). U7i instances are part of AWS 7th generation and are powered by custom fourth generation Intel Xeon Scalable Processors (Sapphire Rapids). U7i-6tb instances offer 6TiB of DDR5 memory, enabling customers to scale transaction processing throughput in a fast-growing data environment. U7i-6tb instances deliver 448 vCPUs with up to 100 Gbps of Amazon EBS bandwidth for faster data loading and backups, 100 Gbps of network bandwidth, and ENA Express. U7i instances are ideal for customers using mission-critical in-memory databases like SAP HANA, Oracle, and SQL Server. To learn more about U7i instances, visit the High Memory instances page.

In this post, you'll learn how AWS DevOps Agent integrates with your existing observability stack to provide intelligent, automated responses to system events.

While working with Lambda User-Defined Functions (UDFs) in Amazon Redshift, knowing best practices may help you streamline the respective feature development and reduce common performance bottlenecks and unnecessary costs. You wonder what programming language could improve your UDF performance, how else can you use batch processing benefits, what concurrency management considerations might be applicable in your case? In this post, we answer these and other questions by providing a consolidated view of practices to improve your Lambda UDF efficiency. We explain how to choose a programming language, use existing libraries effectively, minimize payload sizes, manage return data, and batch processing. We discuss scalability and concurrency considerations at both the account and per-function levels. Finally, we examine the benefits and nuances of using external services with your Lambda UDFs.

In this post, Vanguard's Financial Advisor Services division describes how they evolved from a single Amazon Redshift cluster to a multi-warehouse architecture using data sharing and serverless endpoints to eliminate performance bottlenecks caused by exponential growth in ETL jobs, dashboards, and user queries.

This post provides a comprehensive technical walkthrough for implementing Amazon Redshift federated permissions with AWS IAM Identity Center to help achieve scalable data governance across multiple data warehouses. It demonstrates a practical architecture where an Enterprise Data Warehouse (EDW) serves as the producer data warehouse with centralized policy definitions, helping automatically enforce security policies to consuming Sales and Marketing data warehouses without manual reconfiguration.

Amazon Bedrock now supports NVIDIA Nemotron 3 Super, an open hybrid Mixture-of-Experts (MoE) model designed for complex multi-agent applications. Built for agentic workloads, Nemotron 3 Super delivers fast, and cost-efficient inference enabling AI agents to maintain focus and accuracy across long, multi-step tasks without losing context. Fully open with weights, datasets, and recipes, the model supports easy customization and secure deployment, making it well-suited for enterprises, startups, and individual developers building multi-agent workflows, and advanced reasoning applications. Amazon Bedrock gives customers access to Nemotron 3 Super through a single, fully managed API — with no infrastructure to provision or models to host. Bedrock's serverless inference, built-in security controls, and compatibility with OpenAI API specifications make it easy to integrate Nemotron 3 Super into existing workflows and deploy at production scale with confidence. NVIDIA Nemotron 3 Super is now available in Amazon Bedrock across select AWS Regions. For the full list of available AWS Regions, refer to the documentation. To learn more and get started, visit the Amazon Bedrock console or the service documentation here. To get started with Amazon Bedrock OpenAI API-compatible service endpoints, visit documentation here.

Growing data volume, variety, and velocity has made it crucial for businesses to implement architectures that efficiently manage and analyze data, while maintaining data integrity and consistency. In this post, we show you a solution that combines Apache Iceberg, Data Build Tool (dbt), and Amazon EMR to create a scalable, ACID-compliant transactional data lake. You can use this data lake to process transactions and analyze data simultaneously while maintaining data accuracy and real-time insights for better decision-making.

In this post, we demonstrate how to use AWS IAM Roles Anywhere to request temporary AWS security credentials, using x.509 certificates for client applications which enables secure interactions with an Amazon Managed Streaming for Apache Kafka (Amazon MSK) cluster. The solution described in this post is compatible with both Amazon MSK Provisioned and Serverless clusters.

Twenty years ago this past week, Amazon S3 launched publicly on March 14, 2006. While Amazon Simple Storage Service is often considered the foundational storage service that defined cloud infrastructure, what began as a simple object storage service has grown into something far larger in scope and scale. As of March 2026, S3 stores more […]

Some reflections on 20 years of innovations in Amazon S3 including S3 Tables, S3 Vectors and S3 Metadata.

AWS launches a new feature of Amazon S3 that lets you create general purpose buckets in your own account regional namespace simplifying bucket creation and management as your data storage needs grow in size and scope.

In this post, we share insights from one of our customers' migration from DC2 to RA3 instances. The customer, a large enterprise in the retail industry, operated a 16-node dc2.8xlarge cluster for business intelligence (BI) and ETL workloads. Facing growing data volumes and disk capacity limitations, they successfully migrated to RA3 instances using a Blue-Green deployment approach, achieving improved ETL query performance and expanded storage capacity while maintaining cost efficiency.

In this post, we explore the cost improvements we observed when benchmarking Apache Spark jobs with serverless storage on EMR Serverless. We take a deeper look at how serverless storage helps reduce costs for shuffle-heavy Spark workloads, and we outline practical guidance on identifying the types of queries that can benefit most from enabling serverless storage in your EMR Serverless Spark jobs.

On November 4, 2025, Amazon Kinesis Data Streams introduced On-demand Advantage mode, a capability that enables on-demand streams to handle instant throughput increases at scale and cost optimization for consistent streaming workloads. Historically, you had to choose between provisioned mode, which required managing stream capacity, and on-demand mode, which automatically scaled capacity, but this new offering removes the need to think about stream type at all. In this post, we show three real-world scenarios comparing different usage patterns and demonstrate how On-demand Advantage mode can optimize your streaming costs while maintaining performance and flexibility.

Fiti AWS Student Community Kenya! Last week was an incredible whirlwind: a round of meetups, hands-on workshops, and career discussions across Kenya that culminated with the AWS Student Community Day at Meru University of Science and Technology, with keynotes from my colleagues Veliswa and Tiffany, and sessions on everything from GitOps to cloud-native engineering, and […]

This post is part 3 of the three-part series ‘Enabling high availability of Amazon EC2 instances on AWS Outposts servers’. We provide you with code samples and considerations for implementing custom logic to automate Amazon Elastic Compute Cloud (EC2) relaunch on Outposts servers. This post focuses on guidance for using Outposts servers with third party storage for boot […]

AWS launches OpenClaw on Amazon Lightsail to run OpenClaw instance, pairing your browser, enabling AI capabilities, and optionally connecting messaging channels. Your Lightsail OpenClaw instance is pre-configured with Amazon Bedrock for starting with your AI assistant immediately — no additional configuration required.

In alignment with our V4.0 GA announcement and SDKs and Tools Maintenance Policy, version 3 of the AWS SDK for .NET will enter maintenance mode on March 1, 2026, and reach end-of-support on June 1, 2026. Starting March 1, 2026 we will stop adding regular updates to V3 and will only provide security updates until end-of-support begins.

In this post, we discuss how following the AWS Cloud Adoption Framework (AWS CAF) and AWS Well-Architected Framework can help reduce these risks through proper implementation of AWS guidance and best practices while taking into consideration the practical challenges organizations face in implementing these best practices, including resource constraints, evaluating trade-offs and competing business priorities.

In this post, you'll learn how to add the Apache 5 HTTP client to your project, configure it for your needs, and migrate from the 4.5.x version.

This past week, I’ve been deep in the trenches helping customers transform their businesses through AI-DLC (AI-Driven Lifecycle) workshops. Throughout 2026, I’ve had the privilege of facilitating these sessions for numerous customers, guiding them through a structured framework that helps organizations identify, prioritize, and implement AI use cases that deliver measurable business value. AI-DLC is […]

Amazon Web Services (AWS) is announcing two new features for the AWS Command Line Interface (AWS CLI) v2: structured error output and the “off” output format.

Santander faced a significant technical challenge in managing an infrastructure that processes billions of daily transactions across more than 200 critical systems. The solution emerged through an innovative platform engineering initiative called Catalyst, which transformed the bank's cloud infrastructure and development management. This post analyzes the main cases, benefits, and results obtained with this initiative.

This post describes why ProGlove chose a account-per-tenant approach for our serverless SaaS architecture and how it changes the operational model. It covers the challenges you need to anticipate around automation, observability and cost. We will also discuss how the approach can affect other operational models in different environments like an enterprise context.

Customers use AWS Lambda to build Serverless applications for a wide variety of use cases, from simple API backends to complex data processing pipelines. Lambda's flexibility makes it an excellent choice for many workloads, and with support for up to 10,240 MB of memory, you can now tackle compute-intensive tasks that were previously challenging in a Serverless environment. When you configure a Lambda function's memory size, you allocate RAM and Lambda automatically provides proportional CPU power. When you configure 10,240 MB, your Lambda function has access to up to 6 vCPUs.

This blog post shows you how to extend LZA with continuous integration and continuous deployment (CI/CD) pipelines that maintain your governance controls and accelerate workload deployments, offering rapid deployment of both Terraform and AWS CloudFormation across multiple accounts. You'll build automated infrastructure deployment workflows that run in parallel with LZA's baseline orchestration to help maintain your enterprise governance and compliance control requirements. You will implement built-in validation, security scanning, and cross-account deployment capabilities to help address Public Sector use cases that demand strict compliance and security requirements.

AWS Elemental Inference is a fully managed AI service that automatically transforms live and on-demand video broadcasts into vertical formats optimized for mobile and social platforms in real time, enabling broadcasters to reach audiences on TikTok, Instagram Reels, and YouTube Shorts without manual editing or AI expertise.

This post is co-written with Neel Patel, Abdullahi Olaoye, Kristopher Kersten, Aniket Deshpande from NVIDIA. Today, we’re excited to announce that the NVIDIA Evo-2 NVIDIA NIM microservice are now listed in Amazon SageMaker JumpStart. You can use this launch to deploy accelerated and specialized NIM microservices to build, experiment, and responsibly scale your drug discovery […]

Last week, my team met many developers at Developer Week in San Jose. My colleague, Vinicius Senger delivered a great keynote about renascent software—a new way of building and evolving applications where humans and AI collaborate as co-developers using Kiro. Other colleagues, Du’An Lightfoot, Elizabeth Fuentes, Laura Salinas, and Sandhya Subramani spoke about building and […]

Deploying applications to AWS typically involves researching service options, estimating costs, and writing infrastructure-as-code tasks that can slow down development workflows. Agent plugins extend coding agents with specialized skills, enabling them to handle these AWS-specific tasks directly within your development environment. Today, we’re announcing Agent Plugins for AWS (Agent Plugins), an open source repository of […]

We are excited to offer a preview of AWS Tools Installer V2 which addresses customer feedback for faster and more reliable bulk installation of AWS Tools for PowerShell modules.

Amazon EC2 Hpc8a instances, powered by 5th Gen AMD EPYC processors, deliver up to 40% higher performance, increased memory bandwidth, and 300 Gbps Elastic Fabric Adapter networking, helping customers accelerate compute-intensive simulations, engineering workloads, and tightly coupled HPC applications.

AWS launches Amazon SageMaker Inference for custom Amazon Nova models. You can now configure the instance types, auto-scaling policies, and concurrency settings for custom Nova model deployments to best meet their needs.

I joined AWS in 2021, and since then I’ve watched the Amazon Elastic Compute Cloud (Amazon EC2) instance family grow at a pace that still surprises me. From AWS Graviton-powered instances to specialized accelerated computing options, it feels like every few months there’s a new instance type landing that pushes performance boundaries further. As of […]

Here are the notable launches and updates from last week that can help you build, scale, and innovate on AWS. Last week’s launches Here are the launches that got my attention this week. Let’s start with news related to compute and networking infrastructure: Introducing Amazon EC2 C8id, M8id, and R8id instances: These new Amazon EC2 […]

The new multipart download support in AWS SDK for .NET Transfer Manager improves the performance of downloading large objects from Amazon Simple Storage Service (Amazon S3). Customers are looking for better performance and parallelization of their downloads, especially when working with large files or datasets. The AWS SDK for .NET Transfer Manager (version 4 only) […]

Business applications often coordinate multiple steps that need to run reliably or wait for extended periods, such as customer onboarding, payment processing, or orchestrating large language model inference. These critical processes require completion despite temporary disruptions or system failures. Developers currently spend significant time implementing mechanisms to track progress, handle failures, and manage resources when […]

In this post, we explore how the Amazon Key team used Amazon EventBridge to modernize their architecture, transforming a tightly coupled monolithic system into a resilient, event-driven solution. We explore the technical challenges we faced, our implementation approach, and the architectural patterns that helped us achieve improved reliability and scalability. The post covers our solutions for managing event schemas at scale, handling multiple service integrations efficiently, and building an extensible architecture that accommodates future growth.

This post explores the architectural patterns, challenges, and best practices for building cross-partition failover, covering network connectivity, authentication, and governance. By understanding these constraints, you can design resilient cloud-native applications that balance regulatory compliance with operational continuity.

Stay current with the latest serverless innovations that can transform your applications. In this 31st quarterly recap, discover the most impactful AWS serverless launches, features, and resources from Q4 2025 that you might have missed.

To support cloud applications that increasingly depend on rich contextual data, AWS is raising the maximum payload size from 256 KB to 1 MB for asynchronous AWS Lambda function invocations, Amazon Amazon SQS, and Amazon EventBridge. Developers can use this enhancement to build and maintain context-rich event-driven systems and reduce the need for complex workarounds such as data chunking or external large object storage.

In this post, we explore how Artera used Amazon Web Services (AWS) to develop and scale their AI-powered prostate cancer test, accelerating time to results and enabling personalized treatment recommendations for patients.

AWS now supports multiple local gateway (LGW) routing domains on AWS Outposts racks to simplify network segmentation. Network segmentation is the practice of splitting a computer network into isolated subnetworks, or network segments. This reduces the attack surface so that if a host on one network segment is compromised, the hosts on the other network segments are not affected. Many customers in regulated industries such as manufacturing, health care and life sciences, banking, and others implement network segmentation as part of their on-premises network security standards to reduce the impact of a breach and help address compliance requirements.

Amazon Elastic Kubernetes Service (Amazon EKS) on AWS Outposts brings the power of managed Kubernetes to your on-premises infrastructure. Use Amazon EKS on Outposts rack to create hybrid cloud deployments that maintain consistent AWS experiences across environments. As organizations increasingly adopt edge computing and hybrid architectures, storage optimization and performance tuning become critical for successful workload deployment.

This blog post examines how Salesforce, operating one of the world's largest Kubernetes deployments, successfully migrated from Cluster Autoscaler to Karpenter across their fleet of 1,000 plus Amazon Elastic Kubernetes Service (Amazon EKS) clusters.

Amazon Web Services (AWS) Lambda now supports .NET 10 as both a managed runtime and base container image. .NET is a popular language for building serverless applications. Developers can now use the new features and enhancements in .NET when creating serverless applications on Lambda. This includes support for file-based apps to streamline your projects by implementing functions using just a single file.

In healthcare, generative AI is transforming how medical professionals analyze data, summarize clinical notes, and generate insights to improve patient outcomes. From automating medical documentation to assisting in diagnostic reasoning, large language models (LLMs) have the potential to augment clinical workflows and accelerate research. However, these innovations also introduce significant privacy, security, and intellectual property challenges.

In this post, we walk through building a generative AI–powered troubleshooting assistant for Kubernetes. The goal is to give engineers a faster, self-service way to diagnose and resolve cluster issues, cut down Mean Time to Recovery (MTTR), and reduce the cycles experts spend finding the root cause of issues in complex distributed systems.

BASF Agricultural Solutions combines innovative products and digital tools with practical farmer knowledge. This post explores how Amazon Managed Blockchain can drive a positive change in the agricultural industry by tokenizing food and cotton value chains for traceability, climate action, and circularity.

This post is about AWS SDK for JavaScript v3 announcing end of support for Node.js versions based on Node.js release schedule, and it is not about AWS Lambda. For the latter, refer to the Lambda runtime deprecation policy. In the second week of January 2026, the AWS SDK for JavaScript v3 (JS SDK) will start […]

Have you ever wondered what it is really like to be a woman in tech at one of the world's leading cloud companies? Or maybe you are curious about how diverse perspectives drive innovation beyond the buzzwords? Today, we are providing an insider's perspective on the role of a solutions architect (SA) at Amazon Web Services (AWS). However, this is not a typical corporate success story. We are three women who have navigated challenges, celebrated wins, and found our unique paths in the world of cloud architecture, and we want to share our real stories with you.

Organizations often have large volumes of documents containing valuable information that remains locked away and unsearchable. This solution addresses the need for a scalable, automated text extraction and knowledge base pipeline that transforms static document collections into intelligent, searchable repositories for generative AI applications.

In this post, we demonstrate how to utilize AWS Network Firewall to secure an Amazon EVS environment, using a centralized inspection architecture across an EVS cluster, VPCs, on-premises data centers and the internet. We walk through the implementation steps to deploy this architecture using AWS Network Firewall and AWS Transit Gateway.

You can now develop AWS Lambda functions using Node.js 24, either as a managed runtime or using the container base image. Node.js 24 is in active LTS status and ready for production use. It is expected to be supported with security patches and bugfixes until April 2028. The Lambda runtime for Node.js 24 includes a new implementation of the […]

AWS re:Invent 2025 returns to Las Vegas, Nevada, from December 1–5, 2025. This year, we’re offering a comprehensive lineup of sessions and booth activities to help you build resilient, performant, and scalable applications wherever you need them—in the cloud, on premises, or at the edge.

Organizations running critical workloads on Amazon Elastic Compute Cloud (Amazon EC2) reserve compute capacity using On-Demand Capacity Reservations (ODCR) to have availability when needed. However, reserved capacity can intermittently sit idle during off-peak periods, between deployments, or when workloads scale down. This unused capacity represents a missed opportunity for cost optimization and resource efficiency across the organization.

e are pleased to announce the Developer Preview release of the Amazon S3 Transfer Manager for Swift —a high-level file and directory transfer utility for Amazon Simple Storage Service (Amazon S3) built with the AWS SDK for Swift.

In this post, we'll explore a reference architecture that helps enterprises govern their Amazon Bedrock implementations using Amazon API Gateway. This pattern enables key capabilities like authorization controls, usage quotas, and real-time response streaming. We'll examine the architecture, provide deployment steps, and discuss potential enhancements to help you implement AI governance at scale.

At re:Invent 2025, we introduce one new lens and two significant updates to the AWS Well-Architected Lenses specifically focused on AI workloads: the Responsible AI Lens, the Machine Learning (ML) Lens, and the Generative AI Lens. Together, these lenses provide comprehensive guidance for organizations at different stages of their AI journey, whether you're just starting to experiment with machine learning or already deploying complex AI applications at scale.

We are delighted to announce an update to the AWS Well-Architected Generative AI Lens. This update features several new sections of the Well-Architected Generative AI Lens, including new best practices, advanced scenario guidance, and improved preambles on responsible AI, data architecture, and agentic workflows.

Version 2.0 of the AWS Deploy Tool for .NET is now available. This new major version introduces several foundational upgrades to improve the deployment experience for .NET applications on AWS. The tool comes with new minimum runtime requirements. We have upgraded it to require .NET 8 because the predecessor, .NET 6, is now out of […]

The AWS SDK for Java 1.x (v1) entered maintenance mode on July 31, 2024, and will reach end-of-support on December 31, 2025. We recommend that you migrate to the AWS SDK for Java 2.x (v2) to access new features, enhanced performance, and continued support from AWS. To help you migrate efficiently, we’ve created a migration […]

The AWS SDK for Java 2.x introduces the Apache 5 SDK HTTP client which is built on Apache HttpClient 5.5.x. This new SDK HTTP client is available alongside our existing SDK HTTP clients: Apache HttpClient 4.5.x, Netty, URL Connection, and AWS CRT HttpClient. To differentiate the use of Apache HttpClient 4.5.x and Apache HttpClient 5.5.x, […]

Today, we are excited to announce the general availability of the AWS .NET Distributed Cache Provider for Amazon DynamoDB. This is a seamless, serverless caching solution that enables .NET developers to efficiently manage their caching needs across distributed systems. Consistent caching is a difficult problem in distributed architectures, where maintaining data integrity and performance across […]

This blog was co-authored by Afroz Mohammed and Jonathan Nunn, Software Developers on the AWS PowerShell team. We’re excited to announce the general availability of the AWS Tools for PowerShell version 5, a major update that brings new features and improvements in security, along with a few breaking changes. New Features You can now cancel […]

Software development is far more than just writing code. In reality, a developer spends a large amount of time maintaining existing applications and fixing bugs. For example, migrating a Go application from the older AWS SDK for Go v1 to the newer v2 can be a significant undertaking, but it’s a crucial step to future-proof […]