AWS AI News Hub

Amazon Bedrock Advanced Prompt Optimization enables customers to optimize their prompts for their current model or migrate prompts to new models faster than before with built-in evaluation feedback loops. Optimize your prompts and compare results for up to 5 models simultaneously.

Customers spend days to weeks optimizing prompts and evaluating responses when they want to migrate to a new model or just get better performance out of their current model. They struggle with changing their prompts quickly and then testing them to prevent regressions and improve on underperforming tasks. These situations call for the same tool – a prompt optimizer with built-in evaluations.  Today, Amazon Bedrock introduces Advanced Prompt Optimization, a new tool that allows customers to optimize their prompts for any model on Bedrock, while comparing their original prompts to their optimized prompts across up to 5 models simultaneously. Customers can use this if they are migrating to a new model or just want to get better performance on their current model. If they’re changing models, they can select their current model as a baseline and up to 4 other models. If they aren’t changing models, they just select their current model to see before and after optimization. The optimizer takes in prompt templates, example user inputs for the variable values, optional ground truth answers, and an evaluation metric or short natural language criteria to use as a guide. It's even compatible with multimodal inputs such as jpg, png, or PDF. The prompt optimizer works in a feedback loop to steer the prompt and resulting model responses toward optimizing the evaluation metric, and outputs the original and final prompt templates with evaluation scores, cost estimates, and latency. For region availability, see our documentation. For pricing, see the Bedrock pricing page. To get started, use the Bedrock APIs for Advanced Prompt Optimizer or visit the Bedrock Console.

Amazon Web Services announces general availability of Amazon EC2 M3 Ultra Mac instances, powered by the latest Mac Studio hardware. Amazon EC2 M3 Ultra Mac instances are the next-generation EC2 Mac instances, that enable Apple developers to migrate their most demanding build and test workloads onto AWS. These instances are ideal for building and testing applications for Apple platforms such as iOS, macOS, iPadOS, tvOS, watchOS, visionOS, and Safari.    M3 Ultra Mac instances are powered by the AWS Nitro System, providing up to 10 Gbps network bandwidth and 8 Gbps of Amazon Elastic Block Store (Amazon EBS) storage bandwidth. These instances are built on Apple M3 Ultra Mac Studio computers featuring a 28-core CPU, 60-core GPU, 32-core Neural Engine, and 256GB of unified memory. Compared to EC2 M4 Max Mac instances, M3 Ultra Mac instances provide 2x the unified memory, 1.75x the CPU cores, 1.5x the GPU cores, and 2x the Neural Engine cores, giving Apple developers the headroom to run significantly more Xcode simulators in parallel and accelerate on-device ML workflows to improve product time to market.  Amazon EC2 M3 Ultra Mac instances are available in US East (N. Virginia) and US West (Oregon). To learn more about Amazon EC2 M3 Ultra Mac instances, visit the Amazon EC2 Mac page.

Amazon SageMaker AI now supports serverless model customization for Qwen3.6 27B parameter model using supervised fine-tuning (SFT) and reinforcement fine-tuning (RFT). Qwen3.6 is a popular open-weight model family from Alibaba Cloud. This launch is an addition to our support for fine-tuning Qwen3.5 and other popular models. Before this launch, you could deploy Qwen3.6 base model on SageMaker AI and now, you can also adapt it to your specific domains and workflows. Model customization enables you to tailor foundation models with your proprietary data so they more accurately reflect your domain knowledge, terminology, and quality standards. Rather than building models from scratch, fine-tuning lets you start from a capable base model and specialize it for your use cases, whether that's improving accuracy on domain-specific tasks, aligning outputs with your organization's tone, or improving performance on new tasks using your labeled data. With serverless customization, SageMaker AI handles all infrastructure provisioning and training orchestration, so you can focus on your data and evaluation rather than cluster management, and only pay for what you use. Serverless model customization for Qwen3.6 on SageMaker AI is available in US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo), and EU (Ireland). To get started, navigate to the Models page in Amazon SageMaker Studio to launch a customization job, or use the SageMaker Python SDK for programmatic access. To learn more, see the Amazon SageMaker AI model customization documentation.

Today, as part of the AWS Transform composability initiative, AWS announces the general availability of the agent builder toolkit Kiro power for AWS Transform. With the agent builder toolkit, AWS Partners and customers can build agents tailored to their specific modernization needs and ensure it works seamlessly within AWS Transform. This capability enables Migration and Modernization Competency Partners, ISVs, or customers to create differentiated transformation solutions by integrating their specialized agents, tools, knowledge bases, and workflows with AWS Transform's agentic AI capabilities. The agent builder toolkit provides the end-to-end lifecycle for transformation agents: build agents using the Kiro power; share them with teams or across partner networks, and register them with AWS Transform for discovery. The agent builder toolkit for AWS Transform is available in the Kiro power marketplace. To learn more, see AWS Transform (https://aws.amazon.com/transform).

AWS Transform brings assessment, migration, and modernization into a single AI-powered experience that guides enterprises through their full transformation journey. Today, AWS announces support for customer-owned Amazon S3 buckets, giving customers full control over where their transformation artifacts are stored and how they are secured. With this launch, you can configure your own S3 bucket, optionally encrypt artifacts with your own AWS KMS key, and manage access policies through your own AWS account. Migration practitioners can upload files directly to their bucket for immediate use by transformation agents and centralize artifact storage across multiple AWS accounts. This is designed to help enterprises in regulated industries meet data sovereignty and compliance requirements without changing how they use AWS Transform. This capability is available in all AWS Regions where AWS Transform is offered. To learn more, see the AWS Transform User Guide.

Today, AWS announces that the AWS Transform agents — built on decades of AWS migration and modernization experience — are now accessible through a Kiro power, agent plugins, and via the AWS Transform MCP server. Developers can now consume all of AWS Transform's capabilities directly from their preferred development environment, whether working interactively in an agentic IDE, managing jobs through the web console, or integrating programmatically via MCP. This launch gives builders flexibility to choose the surface that fits their workflow while gaining the depth of transformation expertise behind the AWS Transform agents for Windows, VMware, mainframe and more. A developer can start a transformation in their agentic IDE, monitor progress and collaborate in the web console, then see results back in their IDE — all against the same underlying job with consistent state. Additionally, AWS Transform now supports IAM role authentication. Customers who start using AWS Transform in their IDE or the web app can use their existing AWS credentials to create a Transform environment, workspace, and transformation job. The agent plugin and MCP are available on GitHub, and the Kiro Power within the Kiro marketplace. To learn more, see https://aws.amazon.com/transform.

Today, AWS announced the availability of FLUX.2-klein-base-4B and Qwen3-Embedding-0.6B in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These models from Black Forest Labs and Qwen bring state-of-the-art image generation and multilingual text embedding capabilities, enabling customers to build creative AI applications and intelligent search systems on AWS infrastructure. These models address different enterprise AI challenges with specialized capabilities: FLUX.2-klein-base-4B excels at real-time image generation and multi-reference editing in a compact architecture, delivering state-of-the-art quality that runs on consumer hardware with as little as 13GB VRAM. It is ideal for creative content pipelines, product visualization, rapid prototyping, and applications that require high-quality image synthesis without sacrificing speed. Qwen3-Embedding-0.6B excels at text embedding for retrieval, classification, clustering, and bitext mining across 100+ languages, with flexible output dimensions and instruction-aware embeddings. It is ideal for building semantic search systems, RAG pipelines, multilingual document retrieval, and applications that require efficient, high-quality text representations at scale. With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases. To get started with these models, navigate to the Models section of SageMaker Studio or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.

Amazon Application Recovery Controller (ARC) Region Switch helps customers orchestrate the failover of their multi-Region applications to achieve a bounded recovery time in the event of a Regional impairment. Today, we are announcing the Lambda event source mapping execution block, which automates the coordinated failover of event streams for multi-Region workloads. Customers running event-driven architectures use Lambda functions with event source mappings to process event streams from Kinesis, DynamoDB Streams, MSK, or SQS. For active-passive workloads, customers may maintain Lambda functions in each Region but process events in only one Region at a time. These event source mappings must be toggled during failover to avoid duplicate processing—a manual, error-prone step. The Lambda event source mapping execution block automates this by enabling or disabling event source mappings in either the activating or deactivating Region. To control duplicate processing, customers can configure two Lambda event source mapping execution blocks in sequence: a disable block to stop event processing in the deactivating Region, and an enable block to start it in the activating Region. The disable block can be overridden by running the plan in "ungraceful" mode for unplanned failovers where the deactivating Region may be impaired. Native cross-account support enables a single plan to handle event stream failover across multiple accounts. To get started, see the Lambda event source mapping execution block documentation. ARC Region switch is available in all commercial Regions. See ARC Region switch availability

Amazon Aurora DSQL introduces support for change data capture (CDC) in preview, enabling you to stream real-time database changes directly to Amazon Kinesis Data Streams. This fully managed capability removes the need to build or maintain custom streaming pipelines, making it easier to build event-driven applications, power real-time analytics pipelines, and synchronize data across systems. Aurora DSQL automatically captures the result of insert, update, and delete operations as change events. You can use these events to synchronize data across microservices, trigger downstream processing with AWS Lambda, or deliver to Amazon S3, Amazon Redshift, and Amazon OpenSearch Service through Amazon Data Firehose for analytics. CDC streaming requires no infrastructure setup and is designed to have zero impact on your database workload, so you can stream changes without affecting database throughput or latency. CDC streaming in preview is available in all AWS Regions where Aurora DSQL is available. Streams are billed using Distributed Processing Units (DPUs) based on the volume of data captured, with standard Amazon Kinesis Data Streams pricing applying separately. To learn more, read the blog and see getting started.

Today, AWS announced the availability of Qwen3-TTS-12Hz-1.7B-CustomVoice, Qwen3-TTS-12Hz-1.7B-Base, and Qwen3-ASR-1.7B in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These three models from Qwen bring advanced speech synthesis and recognition capabilities across 10+ languages, enabling customers to build intelligent voice-powered applications on AWS infrastructure. These models address different enterprise speech and audio challenges with specialized capabilities: Qwen3-TTS-12Hz-1.7B-CustomVoice excels at multilingual text-to-speech with customizable voice styles, supporting 10 languages with instruction-driven control over timbre, emotion, and prosody. It is ideal for building real-time interactive voice applications, customer-facing virtual assistants, and content creation workflows that require natural, expressive speech output. Qwen3-TTS-12Hz-1.7B-Base excels at multilingual text-to-speech with 3-second rapid voice cloning from audio input. It is ideal for building custom voice applications, fine-tuning domain-specific speech synthesis, and scenarios where developers need a flexible foundation model for voice generation. Qwen3-ASR-1.7B excels at automatic speech recognition supporting 52 languages and dialects with state-of-the-art accuracy in complex acoustic environments. It is ideal for transcription services, multilingual customer support, real-time captioning, and applications that require robust streaming and offline speech-to-text. With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases. To get started with these models, navigate to the Models section of SageMaker Studio or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.

Today, AWS announced the availability of GLM-5.1-FP8 and Phi-4-mini-instruct in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These models from Z.ai and Microsoft bring advanced agentic capabilities and efficient inference to enterprise AI workloads on AWS infrastructure. These models address different enterprise AI challenges with specialized capabilities: GLM-5.1-FP8 excels at agentic software engineering with sustained multi-round optimization, handling repository-level code generation, terminal tasks, and complex debugging workflows that improve with extended reasoning. It is ideal for automated code review pipelines, AI-powered development environments, and long-horizon problem-solving where the model iterates over hundreds of rounds to refine solutions. Phi-4-mini-instruct excels at strong reasoning, math, and logic in memory-constrained and latency-bound environments, supporting 24 languages and function calling in a compact form factor. It is ideal for edge deployment, latency-sensitive applications, multilingual chatbots, and scenarios where customers need capable reasoning with minimal resource overhead. With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases. To get started with these models, navigate to the Models section of SageMaker Studio or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.

AWS CloudFormation now supports a new intrinsic function, Fn::GetStackOutput, that enables you to reference stack outputs across AWS accounts and Regions directly within your CloudFormation templates and CDK applications. This new capability simplifies the provisioning and management of multi-account and multi-Region workloads in CloudFormation and CDK, and eliminates deployment deadlocks when restructuring cross-stack dependencies in CDK apps. When managing multi-account AWS environments, teams often need to share infrastructure values, such as VPC IDs or database endpoints, across account boundaries. Previously, achieving this required multiple steps, including copying values between templates or coordinating parameter updates across teams. Now, with Fn::GetStackOutput, you simply specify the target stack name, output key, an IAM role ARN for cross-account access, and optionally a Region. CloudFormation assumes the specified role, retrieves the output value, and resolves it during template processing, reducing manual coordination and the risk of configuration drift. In CDK applications, cross-account and cross-Region references now use this function automatically, eliminating the need for custom resources and SSM parameters that the previous approach required. Customers can also call Fn.getStackOutput directly to create weak references between stacks, simplifying stack refactoring. To get started, add the Fn::GetStackOutput function to your CloudFormation template and configure the appropriate IAM permissions for cross-account access. In CDK, cross-account and cross-Region references use this function automatically. Visit the AWS CloudFormation User Guide or the CDK developer guide to learn more. This feature is available in all AWS Regions where CloudFormation is supported. Refer to the AWS Region table for service availability details.

In this post, you will learn how to implement Assisted NLU effectively. You will learn how to improve your bot design with effective intent and slot descriptions, validate your implementation using Test Workbench, and plan your transition from traditional NLU to Assisted NLU for both new and existing bots.

In this post, you learn how to combine Stream's Vision Agents open-source framework with Amazon Bedrock and Amazon Nova 2 Sonic to build real-time voice agents that can be production-ready in minutes. You'll learn how the integration works under the hood, walk through code examples, and explore advanced capabilities like function calling, automatic reconnection, and multilingual voice support.

Today, we're announcing cross-account Athena access for Amazon Quick. With this feature, customers can query Athena data in other AWS accounts using AWS Identity and Access Management (IAM) role chaining, with query costs billed to the account where the data resides.

In this post, you will configure Chrome enterprise policies to restrict a browser agent to a specific website, observe the policy enforcement through session recording, and demonstrate custom root CA certificates using a public test site. The walkthrough produces a working solution that researches Amazon Bedrock AgentCore documentation while operating under enterprise browser restrictions.

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) X8aedz instances are available in Europe (Ireland) region. These instances are powered by 5th Gen AMD EPYC processors (formerly code named Turin). These instances offer the highest maximum CPU frequency, 5GHz in the cloud. X8aedz instances are built using the latest sixth generation AWS Nitro Cards and are ideal for electronic design automation (EDA) workloads such as physical layout and physical verification jobs, and relational databases that benefit from high single-threaded processor performance and a large memory footprint. The combination of 5 GHz processors and local NVMe storage enables faster processing of memory-intensive backend EDA workloads such as floor planning, logic placement, clock tree synthesis (CTS), routing, and power/signal integrity analysis. X8aedz instances feature a 32:1 ratio of memory to vCPU and are available in 8 sizes ranging from 2 to 96 vCPUs with 64 to 3,072 GiB of memory, including two bare metal variants, and up to 8 TB of local NVMe SSD storage. Customers can purchase X8aedz instances via Savings Plans, On-Demand instances, and Spot instances. To get started, sign in to the AWS Management Console. For more information visit the Amazon EC2 X8aedz instance page.

Amazon Connect Customer now supports a permission that gives agents access to their own performance evaluations in the Connect UI, without exposing other agents' evaluations, so they can review feedback to improve their performance. With this permission, agents can search for contacts where they have received an evaluation, view their evaluations alongside call recordings and transcripts, and submit an acknowledgment after reviewing. Agents can be granted access to view their entire department's contacts for investigating multi-contact customer issues, while ensuring that they can only view their own evaluations. This provides operational flexibility while ensuring that agents cannot view sensitive peer performance data. This feature is available in all AWS regions where Amazon Connect Customer is offered. To learn more, please see our website and documentation.

This is the third post in our S3 Tables and Amazon Redshift series. The first post covered getting started with querying Apache Iceberg tables, and the second post walked through enterprise-scale governance and access controls. In this post, you address those performance and usability gaps with three different approaches.

Amazon Relational Database Service (RDS) for PostgreSQL now supports the latest minor versions 18.4, 17.10, 16.14, 15.18, and 14.23. We recommend that you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of PostgreSQL, and to benefit from the bug fixes and improvements added by the PostgreSQL community. This release also adds postgis_topology support in PostGIS 3.6.3 for PostgreSQL 18, enabling you to model and query topological relationships such as network connectivity and spatial adjacency directly in your databases. You can upgrade your databases during scheduled maintenance windows using automatic minor version upgrades. To simplify operations at scale, enable automatic minor version upgrades and use the AWS Organizations Upgrade Rollout Policy to orchestrate thousands of upgrades in phases, first to development environments before upgrading production systems. You can also use Amazon RDS Blue/Green deployments with physical replication to minimize downtime for minor version upgrades. Amazon RDS for PostgreSQL makes it simple to set up, operate, and scale PostgreSQL deployments in the cloud. See Amazon RDS for PostgreSQL Pricing for pricing details and regional availability. Create or update a fully managed Amazon RDS database in the Amazon RDS Management Console or by using the AWS Command Line Interface (CLI).

To improve developer experience, AWS Transform now includes an interactive agentic AI assistant in the AWS Toolkit for Visual Studio. This enables .NET developers to modernize applications through a conversational, step-by-step guided experience directly in their IDE. The assistant provides visibility, checkpointing, and enhanced steering capabilities. So, a developer that lives in IDE can continue to work in IDE leveraging fine granular control. The agent analyzes source code, provides a detailed assessment report, and generates a transformation plan. It then executes modernization tasks interactively, allowing developers to review, edit, and approve each step before proceeding, all without switching to the web console. You can pause at any step, inspect generated diffs, upload a custom plan, and direct the agent with natural language. The agent automatically attempts to fix build errors encountered during transformation, provides detailed worklogs for transparency, and generates a downloadable HTML summary report upon completion along with recommended next steps. You can start a modernization project in the AWS Transform web console and continue directly in Visual Studio, with full context and progress preserved across both environments, eliminating the need to restart or reconfigure your workflow. In addition to Visual Studio, you can invoke the power of AWS Transform agents from Kiro and other AI coding assistants and coding environments. Through Kiro power for AWS Transform and AWS Transform MCP agents, you can enjoy a unified tool experience to reduce context-switching and continue iterating on transformed code in your preferred development. This capability is available in the following AWS Regions: US East (N. Virginia), Canada (Central), Europe (Frankfurt), Europe (London), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), and Asia Pacific (Tokyo). To get started, download the latest AWS Toolkit for Visual Studio from the Visual Studio Marketplace. To learn more, visit the AWS Transform for Windows .NET page.

AWS RTB Fabric now supports custom domains for real-time bidding transactions received through external links. This capability helps advertising technology (AdTech) companies preserve their public endpoints and use owned domains—without requiring their partners to update their endpoint configurations. Endpoints (like bid.company.com/path) for real-time bidding workloads are typically representative of established, long-term traffic contracts. Modifying these endpoints requires coordination across multiple organizations, applications, and domains—which can slow set up between AdTech partners. With custom domains, AdTech companies can use their own domain name system (DNS) and configure canonical name (CNAME) public endpoints. They can also define routing rules to direct traffic to specific RTB Fabric links based on URL patterns. For example, a demand side platform (DSP) or supply side platform (SSP) can point their existing DNS server to RTB Fabric and define routing rules to map URL patterns to specific traffic sources. This allows them to seamlessly route all partner traffic through RTB Fabric without altering their own endpoint configurations. Supply partners also do not need to change their configurations. AWS RTB Fabric helps you connect with your AdTech partners such as Amazon Ads, GumGum, Kargo, MobileFuse, Sovrn, TripleLift, Viant, Yieldmo, and more in three steps while delivering single-digit millisecond latency through a private, high-performance network environment. RTB Fabric reduces standard cloud networking costs by up to 80% and does not require upfront commitments. This capability is available in all AWS Regions where AWS RTB Fabric is supported: US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Ireland). To learn more, visit the documentation or AWS RTB Fabric product page.

Amazon SageMaker Data Agent is now available in SageMaker Unified Studio domains configured with IAM Identity Center. Data Agent extends its AI-powered capabilities to help data analysts and engineers streamline their analytics workflows across both SageMaker notebooks and Query Editor environments, eliminating the need to manually write complex SQL joins, aggregations, and Python code. With Data Agent, you can describe your analysis goals in plain English and receive working Python or SQL code tailored to your connected data sources, including Amazon Athena, Amazon Redshift, Amazon S3, and AWS Glue Data Catalog. The agent maintains conversational context across notebook cells, selected tables, and query history, proposing step-by-step plans before generating code. Use it to calculate quarterly revenue growth rates, generate visualizations, transform DataFrames, or optimize query performance—all through natural language interaction. The "Fix with AI" feature provides intelligent debugging by analyzing execution errors and suggesting corrections, accelerating your development cycle. This capability is available in all commercial AWS Regions where Amazon SageMaker Unified Studio is supported. To get started, navigate to a project in SageMaker Unified Studio, open a notebook or Query Editor, and select the Data Agent panel. To learn more, visit the Amazon SageMaker Unified Studio page and refer to "Use the SageMaker Data Agent" in the Amazon SageMaker Unified Studio User Guide.

Amazon FSx for OpenZFS now allows you to create Multi-AZ file systems in shared VPCs within your AWS organization, making it easier for you to decentralize network and storage administration. VPC sharing is a feature that allows resource owners ("owner accounts") to share one or more VPC subnets with other accounts ("participant accounts") in their AWS organization. Participant accounts can then view, create, modify, delete, and manage their application resources in the subnets shared with them. Previously, participant accounts could create Single-AZ OpenZFS file systems in VPCs shared with them, but could only create Multi-AZ file systems in VPCs they owned. Starting today, participant accounts can create any FSx for OpenZFS file system in a shared VPC, allowing organizations to run highly available file systems with centralized network management. You can create Multi-AZ FSx for OpenZFS file systems from shared VPC participant accounts in all AWS Regions where Amazon FSx for OpenZFS is available. To learn more, visit the FSx for OpenZFS documentation and the FSx for OpenZFS product page.

This post demonstrates how to build a documentation extraction and model fine-tuning pipeline that addresses challenges when processing the complex financial documents. By combining Pulse AI's advanced document understanding capabilities with the powerful AI services of Amazon Bedrock, organizations can achieve enterprise-grade accuracy and extract contextually relevant financial insights at scale.

Building end-to-end live streaming applications with real-time voice interaction presents several challenges. This post introduces a solution based on Amazon Nova 2 Sonic (Nova Sonic) and Amazon Kinesis Video Streams WebRTC (WebRTC) that addresses these challenges. In this post, we’ll walk through the solution architecture, implementation patterns, and two real-world scenario examples.

The Cisco and AWS partnership addresses three challenges enterprises face when scaling AI agents: visibility gaps, security bottlenecks, and compliance risks. In this post, we explore how you can overcome AI security challenges through automated scanning and unified governance.

In this post, we demonstrate how to build a secure, complete LLM fine-tuning workflow that integrates Unity Catalog with Amazon SageMaker AI using Amazon EMR Serverless for preprocessing. The solution shows how to securely access governed data, maintain lineage across services, fine-tune the Ministral-3-3B-Instruct model, and register trained artifacts back into Unity Catalog. With this approach, you can continue using your existing services while preserving central governance, tracking data lineage without compromising security or compliance requirements.

In this post, we show you a reference architecture that automates sensitive data discovery across legal document repositories on Amazon Web Services (AWS), demonstrate how to capture structured findings as a compliance dataset, and guide you through building a governed analytics workspace that maintains your security boundaries. You walk away with a practical model for building security and analytics into the same lifecycle, without moving documents outside their system of record.

In this post, we demonstrate an approach we used to address this challenge for a customer by implementing an AWS Lambda transformation function that streams Amazon CloudWatch metrics directly to internal OpenTelemetry collectors running within a VPC.

AWS Lambda now supports scheduled scaling for functions running on Lambda Managed Instances, using Amazon EventBridge Scheduler. This capability allows you to define one-time or recurring schedules that proactively adjust your function's capacity limits ahead of expected traffic, to meet your performance targets during peak periods and avoid costs during idle periods. Lambda Managed Instances lets you run Lambda functions on managed Amazon EC2 instances with built-in routing, load balancing, and autoscaling. Capacity scales between your configured minimum and maximum execution environment limits based on traffic. Previously, customers with predictable traffic patterns, such as business-hours applications or marketing events, were required to manually adjust capacity limits ahead of known demand changes or build custom automation to manage scaling on a schedule. With scheduled scaling, you can now define schedules that proactively adjust your function’s capacity limits ahead of expected traffic. For example, you can schedule capacity limits to increase before business hours so execution environments are ready when the first requests arrive. You can also define a schedule that scales capacity to zero during idle periods (so you only pay when the function is actively serving traffic), and schedule it to scale back up before traffic returns. Scheduled scaling for functions running on Lambda Managed Instances is available in all AWS Regions where Lambda Managed Instances is supported. You can create schedules using the Amazon EventBridge Scheduler console, AWS CLI, AWS SDK, AWS CDK, or AWS CloudFormation. To learn more, visit the AWS Lambda Managed Instances documentation, Amazon EventBridge Scheduler documentation, AWS Lambda pricing, and Amazon EventBridge pricing.

Amazon EventBridge Scheduler expands its AWS SDK integrations with 13 additional services and 619 new API actions across new and existing AWS services, including AWS Lambda Managed Instances. You can now schedule direct invocations of a broader set of AWS services without writing custom integration code. EventBridge Scheduler is a serverless scheduler that allows you to create, run, and manage billions of scheduled events and tasks across more than 270 AWS services, without provisioning or managing the underlying infrastructure. With this expansion, you can now schedule a broader set of AWS API actions directly from Scheduler, including scaling Lambda managed instances up or down on a time-based schedule for precise control over capacity provisioning. These enhancements are now generally available in all AWS Regions where AWS EventBridge Scheduler is available. Specific services and API actions are subject to the availability of the target service in the AWS Region. To learn more about AWS EventBridge Scheduler SDK integrations, visit the Developer Guide.

Today, AWS announces the release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire codebase. Unlike traditional static analysis tools that match code against known vulnerability patterns, full repository code review reasons about your application's architecture, trust boundaries, and data flows to surface systemic vulnerabilities that pattern-matching tools miss. When vulnerabilities are found, the scanner generates code remediation, specific fixes tied to the exact file and line, so teams can identify and remediate security vulnerabilities faster than ever before. This capability is available at no additional charge for existing AWS Security Agent customers during the preview. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent can find vulnerabilities and build working exploits at a scale and speed we haven't seen before. AWS is prioritizing free early access for customers, giving defenders the opportunity to strengthen their codebases and share what they learn so the whole industry can benefit. Full repository code review is available in in all AWS Regions where AWS Security Agent is available. To get started, visit the AWS Security Agent console to enable full repository code review and run your first review. To learn more, see the AWS Security Agent documentation.

Amazon SageMaker Feature Store now supports the SageMaker Python SDK v3, including new capabilities for Lake Formation access controls and Apache Iceberg table properties configuration. Feature Store is a fully managed repository to store, share, and manage features for machine learning models. Data scientists can now use the modern, modular SDK v3 interfaces to manage feature groups with fine-grained access control and optimized offline storage. Data scientists can use the SageMaker Python SDK v3 to manage feature groups with streamlined workflows and reduced boilerplate. With Lake Formation integration, data scientists can enforce column-level and row-level access control on offline store data through an opt-in setting at feature group creation. With Iceberg properties support, data scientists can configure additional table properties such as compaction and snapshot expiration directly through the SDK to optimize storage and query performance. These capabilities allow data scientists to govern access to feature data and optimize offline store performance from a single SDK without managing separate tools. These capabilities are available in all AWS Regions where Amazon SageMaker Feature Store is available. To get started, install SageMaker Python SDK v3.8.0 or later. For more information, see Lake Formation access controls and Iceberg metadata management documentation.

Amazon Elastic Kubernetes Service (Amazon EKS) now supports Amazon Application Recovery Controller (ARC) zonal shift and zonal autoshift when using the open source Karpenter project for compute provisioning. ARC helps you manage and coordinate recovery for your applications across AWS Regions and Availability Zones (AZs). With this launch, you can better maintain Kubernetes application availability by automating the process of shifting in-cluster network traffic away from an impaired AZ. Customers increasingly deploy highly available applications in Amazon EKS across multiple AZs to eliminate a single point of failure. With ARC zonal shift, you can temporarily mitigate an AZ impairment by redirecting in-cluster network traffic away from the impacted AZ. For a fully automated experience, authorize AWS to manage this on your behalf using ARC zonal autoshift, which includes practice runs to verify your cluster functions as expected with one less AZ. When a zonal shift is activated for your EKS cluster, Karpenter stops provisioning new capacity in the impaired AZ, halts voluntary disruptions such as consolidation and drift for nodes in that AZ, and prevents voluntary disruptions in healthy zones if they depend on scheduling pods to the impaired zone. Pods with strict scheduling requirements such as volume affinities that require the impaired zone will not trigger launch attempts. When the zonal shift expires or is canceled, Karpenter resumes normal operations. This Karpenter feature works with both manual zonal shifts and zonal autoshifts. No custom ARC resources are required as Karpenter integrates directly with the existing EKS cluster ARC resource. To enable zonal shift support, set the ENABLE_ZONAL_SHIFT setting in your Karpenter settings. To learn more, visit the Karpenter documentation and the ARC zonal shift documentation.

In this post, we demonstrate how Amazon FinTech teams are using Amazon Bedrock and other AWS services to build a scalable AI application to transform how regulatory inquiries are handled. Each team using this solution creates and maintains its own dedicated knowledge base, populated with that team's specific documents and reference materials.

Amazon Redshift RG instances, powered by AWS Graviton, run data warehouse and data lake workloads up to 2.4x as fast as RA3 instances at 30% lower price per vCPU. Its integrated data lake query engine supports open table formats such as Apache Iceberg.

Amazon Redshift announces the general availability of RG instances, a new generation of provisioned cluster nodes powered by AWS Graviton processors that deliver better performance, running data warehouse and data lake workloads up to 2.4x as fast as previous generation RA3 instances, at 30% lower price per vCPU. RG instances include Redshift's custom-built vectorized data lake query engine that processes Apache Iceberg and Parquet data on your cluster nodes — enabling you to run SQL analytics across your data warehouse and data lake using a single engine. This eliminates the need for Redshift Spectrum's separate scanning fleet and its associated per-terabyte charges. Whether you're running structured data warehouse workloads on Redshift Managed Storage or querying open-format data lake tables in Amazon S3, RG instances deliver significant performance improvements — up to 2.2x as fast as RA3 instances for data warehouse workloads, up to 2.4x as fast for Apache Iceberg queries, and up to 1.5x as fast for Parquet workloads. The natively built data lake engine features a purpose-built I/O subsystem with smart prefetch, NVMe caching, vectorized Parquet scans, and advanced file and partition-level pruning. Just-in-Time (JIT) Analyze delivers consistently fast queries without manual tuning — automatically collecting and updating table statistics as your data and workload patterns evolve. Intelligent NVMe caching keeps frequently accessed datasets close to compute, reducing round-trips to your data lake for faster response times on repeated queries. RG instances are available at launch in two instance sizes — rg.xlarge and rg.4xlarge. Existing RA3 clusters can migrate using Snapshot & Restore, Elastic Resize, or Classic Resize. RG instances are available with flexible pricing options, including On-Demand, and 1-year and 3-year Reserved Instances with No Upfront payment. For pricing details, visit the Amazon Redshift pricing page. Amazon Redshift RG instances are now available in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Canada (Central), South America (São Paulo), Europe (Ireland), Europe (Frankfurt), Europe (London), Europe (Paris), Europe (Stockholm), Europe (Milan), Europe (Spain), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Mumbai), Asia Pacific (Jakarta), Asia Pacific (Hong Kong), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Hyderabad), Asia Pacific (Taiwan), and Asia Pacific (Melbourne). To get started, refer to the following resources: Amazon Redshift RG Instance Documentation RA3 to RG Upgrade Guide Amazon Redshift Pricing

Previously, the Amazon CloudFront Premium flat-rate plan supported a single usage allowance, and customers who outgrew it needed to contact us to discuss custom pricing options. Now, the Premium plan offers a range of self-service monthly usage levels ranging from 500 million to 6 billion requests and 50 TB to 600 TB, so customers can scale within the plan as their applications grow. Enterprises and mid-sized businesses whose baseline traffic previously made them ineligible for flat-rate plans can now adopt the Premium plan at a usage level that fits their application. You select your Premium plan usage level in the CloudFront console, see your new monthly flat-rate price instantly, and can change your usage level at any time with no commitment required. All Premium plan features are included at every usage level. Flat-rate plans provide a single monthly price covering content delivery, AWS WAF and DDoS protection, bot management, Amazon Route 53 DNS, Amazon CloudWatch Logs ingestion, serverless edge compute, and Amazon S3 storage credits — with no overage charges. To get started, visit the CloudFront console. To learn more, refer to the Launch Blog or Amazon CloudFront Developer Guide.

In this post, we walk you through five key enhancements: Amazon CloudWatch Logs integration, step-level Amazon Simple Storage Service (Amazon S3) logging controls, expanded console UIs for YARN and Tez, Amazon EMR step to YARN application ID mapping, and enhanced custom metrics with updated documentation.

In this post, we show you how to build an AI-powered troubleshooting solution using Amazon OpenSearch Service vector search and intelligent analysis. This solution reduces HBase inconsistency resolution from hours to minutes and root cause identification from days to hours through natural language queries over operational data. This democratizes HBase troubleshooting capabilities across teams and reducing dependency on specialized expertise.

In this post, we'll show you how our multi-document discovery feature solves this problem. It serves as an automated pre-processing step, analyzing unknown documents, clustering them by type, and generating schemas ready for the IDP Accelerator. You'll learn how the new capability uses visual embeddings for automatic clustering and agents for schema generation. We'll also walk you through running the solution on your own document collections.

In this post, we show you how to set up FLOPs tracking during LLM fine-tuning using the open source Fine-Tuning FLOPs Meter toolkit on Amazon SageMaker AI. You learn how to determine your compliance status with a single configuration flag and generate audit-ready documentation.

We are pleased to announce general availability of Amazon EC2 P5.48xl instances in the AWS US West (San Francisco), Asia Pacific (Tokyo, Mumbai, Sydney, Jakarta) and Europe (London, Stockholm) regions on SageMaker Studio notebooks. Amazon EC2 P5.48xl instances are powered by NVIDIA H100 Tensor Core GPUs and deliver high performance in Amazon EC2 for deep learning (DL) and high performance computing (HPC) applications. They help you accelerate your time to solution by up to 4x compared to previous-generation GPU-based EC2 instances, and reduce cost to train ML models by up to 40%. Customers can use P5 instances for training and deploying complex large language models (LLMs) and diffusion models powering generative AI applications. These applications include question answering, code generation, video and image generation, and speech recognition. Visit developer guides for instructions on setting up and using JupyterLab and CodeEditor applications on SageMaker Studio. For pricing information on these instances, please visit our pricing page.

We are pleased to announce general availability of Amazon EC2 G6 instances in Asia Pacific (Tokyo, Mumbai, Sydney) and Europe (London, Paris, Frankfurt, Stockholm, Zurich) on SageMaker notebook instances. Amazon EC2 G6 instances are powered by up to 8 NVIDIA L4 Tensor Core GPUs with 24 GB of memory per GPU and third generation AMD EPYC processors. G6 instances offer 2x better performance for deep learning inference compared to EC2 G4dn instances. Customers can use G6 instances to interactively test model deployment and for interactive model training for use cases such as generative AI fine-tuning and inference workloads, natural language processing, language translation, computer vision, and recommender engines. Visit developer guides for instructions on setting up and using JupyterLab and CodeEditor applications on SageMaker Studio and SageMaker notebook instances.

We are pleased to announce general availability of Amazon EC2 P6-B200 instances in AWS US East (N. Virginia) on SageMaker Studio notebooks. Amazon EC2 P6-B200 instances are powered by 8 NVIDIA Blackwell GPUs with 1440 GB of high-bandwidth GPU memory and 5th Generation Intel Xeon processors (Emerald Rapids). These instances deliver up to 2x better performance compared to P5en instances for AI training. Customers can use P6-B200 instances to interactively develop and fine-tune large foundation models, including LLMs, mixture of experts models, and multi-modal reasoning models. These instances enable efficient experimentation with larger models directly in JupyterLab or CodeEditor environments for generative AI applications such as enterprise copilots and content generation across text, images, and video. Visit developer guides for instructions on setting up and using JupyterLab and CodeEditor applications on SageMaker Studio. For pricing information on these instances, please visit our pricing page.

In this post, you will learn how to set up the Exa integration in Strands Agents, understand the two core tools it exposes, and walk through real-world use cases that show how agents use web search to complete multi-step tasks.

We are pleased to announce general availability of Amazon EC2 G6e instances in the Middle East (Dubai), Asia Pacific (Tokyo, Seoul) and Europe (Frankfurt, Stockholm, Spain) on SageMaker Studio notebooks. Amazon EC2 G6e instances are powered by up to 8 NVIDIA L40s Tensor Core GPUs with 48 GB of memory per GPU and third generation AMD EPYC processors. G6e instances deliver up to 2.5x better performance compared to EC2 G5 instances. Customers can use G6e instances to interactively test model deployment and for interactive model training use cases such as generative AI fine-tuning. You can use G6e instances to deploy large language models (LLMs) with up to 13B parameters and diffusion models for generating images, video, and audio. Visit developer guides for instructions on setting up and using JupyterLab and CodeEditor applications on SageMaker Studio. For pricing information on these instances, please visit our pricing page.

We are pleased to announce general availability of Amazon EC2 G6 instances in the Middle East (Dubai) and Asia Pacific (Malaysia) on SageMaker Studio notebooks. Amazon EC2 G6 instances are powered by up to 8 NVIDIA L4 Tensor Core GPUs with 24 GB of memory per GPU and third generation AMD EPYC processors. G6 instances offer 2x better performance for deep learning inference compared to EC2 G4dn instances. Customers can use G6 instances to interactively test model deployment and for interactive model training for use cases such as generative AI fine-tuning and inference workloads, natural language processing, language translation, computer vision, and recommender engines. Visit developer guides for instructions on setting up and using JupyterLab and CodeEditor applications on SageMaker Studio. For pricing information on these instances, please visit our pricing page.

Elastic Network Adapter (ENA) Express now supports traffic between Amazon EC2 instances in different Availability Zones within a Region, delivering up to 25 Gbps single-flow bandwidth. ENA Express is a networking feature that uses the AWS Scalable Reliable Datagram (SRD) protocol to improve network performance. SRD is a reliable network protocol that delivers performance improvements through advanced congestion control and multi-pathing. Amazon Elastic Block Store (EBS) io2 Block Express and Elastic Fabric Adapter (EFA) for high performance computing and machine learning workloads also leverage SRD. Workloads such as distributed storage, databases, and file systems require deployments spanning multiple Availability Zones for resilience, yet single flows between zones support up to 5 Gbps with ENA. ENA Express delivers up to 25 Gbps single-flow bandwidth for traffic between Availability Zones. To achieve this, ENA Express detects compatibility between your EC2 instances and establishes an SRD connection when both communicating instances have ENA Express enabled. Once established, SRD uses multi-pathing to route your traffic across the network and avoids head-of-line blocking as it does not need packets to arrive in order. Using these capabilities, ENA Express delivers the performance benefits transparently to your application with TCP and UDP protocols. ENA Express for connections between Availability Zones within a Region is available for all supported instance types and sizes in Africa (Cape Town), Asia Pacific (Hong Kong, Hyderabad, Jakarta, Malaysia, Melbourne, Mumbai, New Zealand, Osaka, Seoul, Singapore, Sydney, Taipei, Thailand, Tokyo), Canada (Central), Canada West (Calgary), Europe (Frankfurt, Ireland, London, Milan, Paris, Spain, Stockholm, Zurich), Israel (Tel Aviv), Mexico (Central), US East (N. Virginia, Ohio), US West (N. California, Oregon), and AWS GovCloud (US) Regions. ENA Express comes at no additional cost. For a list of supported instances and configuration guidance, please review the latest EC2 documentation.

We are pleased to announce general availability of Amazon EC2 P4de instances in Asia Pacific (Tokyo, Singapore) and Europe (Frankfurt) on SageMaker Studio notebooks. Amazon EC2 P4de instances are powered by 8 NVIDIA A100 GPUs with 80GB high-performance HBM2e GPU memory, 2X higher than the GPUs in our current P4d instances. The new P4de instances provide a total of 640GB of GPU memory, which provide up to 60% better ML training performance along with 20% lower cost to train when compared to P4d instances. The improved performance will allow customers to reduce model training times and accelerate time to market. Increased GPU memory on P4de will also benefit workloads that need to train on large datasets of high-resolution data. Visit developer guides for instructions on setting up and using JupyterLab and CodeEditor applications on SageMaker Studio. For pricing information on these instances, please visit our pricing page.

Amazon Aurora DSQL single-Region clusters are now available in Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Singapore), Europe (Stockholm), and South America (Sao Paulo). Aurora DSQL is the fastest serverless, distributed SQL database that enables you to build always available applications with virtually unlimited scalability, the highest availability, and zero infrastructure management. It is designed to make scaling and resilience effortless for your applications and offers the fastest distributed SQL reads and writes. With this launch, Aurora DSQL is available in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), Canada West (Calgary), Asia Pacific (Hong Kong), Asia Pacific (Melbourne), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Singapore), Asia Pacific (Sydney), , Asia Pacific (Tokyo), Asia Pacific (Seoul), Europe (Ireland), Europe (London), Europe (Frankfurt), Europe (Paris), Europe (Stockholm), and South America (Sao Paulo). Get started with Aurora DSQL for free with the AWS Free Tier. To learn more, visit the Aurora DSQL webpage and documentation.

AWS HealthOmics now supports caching completed task outputs of cancelled runs, enabling customers to reuse outputs and avoid recomputing previously completed tasks. When caching is enabled and a run is cancelled, HealthOmics automatically stores completed task outputs in the customer’s S3 bucket, allowing customers to restart runs from the point of cancellation. AWS HealthOmics is a HIPAA-eligible service that helps healthcare and life sciences customers accelerate scientific breakthroughs at scale with fully managed bioinformatics workflows. Caching of cancelled runs helps researchers, bioinformaticians, and workflow developers debug and iteratively develop workflows efficiently by storing intermediate files and completed task outputs for inspection. This saves customers the cost of recomputing completed tasks that may have taken hours and accelerates subsequent runs by executing only the remaining incomplete tasks. Caching cancelled runs is now available for Nextflow, WDL, and CWL runs in all AWS HealthOmics regions: US East (N. Virginia), US West (Oregon), Europe (Frankfurt, Ireland, London), Israel (Tel Aviv), and Asia Pacific (Singapore, Seoul). To learn more, visit the workflow cache documentation.

In this post, we walk through how to set up and manage S3 Tables in the AWS Glue Data Catalog, create and query Iceberg materialized views, and configure access controls that work across your analytics stack with IAM-based authorization.

Organizations face critical architectural decisions that can impact their operations for years to come such as: Is it better to maintain a single organization or implement multiple organizations? In this post, I explain the key advantages and disadvantages of both approaches and the scenarios where each model fits best.

In this post, you learn how to replicate Amazon DynamoDB data to Apache Iceberg tables in Amazon S3 through a zero-ETL integration. We walk through the challenges that the DynamoDB nested, schema-flexible data model introduces for analytics workloads, and show you how to configure schema unnesting and data partitioning for a sample product catalog table. We also cover how to query the replicated data in Amazon Athena using standard SQL.

In this post, we outline the solution that provides cross-Region resiliency without needing to reestablish relationships during a fail-back, using an active-active replication model with Amazon OpenSearch Ingestion (OSI) and Amazon Managed Streaming for Apache Kafka (Amazon MSK). This solution applies to both OpenSearch Service managed clusters and Amazon OpenSearch Serverless collections. We use Amazon OpenSearch Serverless as an example for the configurations in this post.

Today, we're excited to announce the general availability of Claude Platform on AWS. Claude Platform on AWS is a new service that gives customers direct access to Anthropic's native Claude Platform experience through their AWS account, with no separate credentials, contracts, or billing relationships required. AWS is the first cloud provider to offer access to the native Claude Platform experience. In this post, we explore how Claude Platform on AWS works and how you can start using it today.

AWS WAF now supports dynamic label interpolation, enabling you to forward WAF classification signals to your origin and embed context in responses with a single rule. Security engineers who previously maintained a separate rule for every signal value can now use ${namespace:} syntax in custom request headers, response headers, and response bodies to forward an entire label namespace at once. For example, one rule with a dynamic variable can forward all IP reputation signals to your application, which can then respond adaptively, such as by enforcing multi-factor authentication (MFA). Interpolation also introduces synthetic labels: built-in values resolved from request context, including client IP address, WAF request ID, and JA3 and JA4 fingerprints. You can embed these in custom block pages and challenge pages so users reporting false positives have a reference ID to cite, or forward TLS fingerprints to your application for adaptive auth decisions. Interpolation works with any label namespace, including AWS Managed Rules, AWS Marketplace rule groups, and your own custom labels. Headers automatically adapt as new labels are added to the namespace, and when multiple labels match, values resolve to a comma-separated list. Dynamic label interpolation is available in all AWS Regions where AWS WAF is available at no additional cost. There are no new API fields or configuration steps. To get started, see Dynamic label interpolation in the AWS WAF Developer Guide, or explore the sample on GitHub.

We are pleased to announce general availability of Amazon EC2 P5.4xl instances on SageMaker Studio notebooks. Amazon EC2 P5.4xl instances are powered by NVIDIA H100 Tensor Core GPUs and deliver high performance in Amazon EC2 for deep learning (DL) and high performance computing (HPC) applications. They help you accelerate your time to solution by up to 4x compared to previous-generation GPU-based EC2 instances, and reduce cost to train ML models by up to 40%. Customers can use P5 instances for training and deploying complex large language models (LLMs) and diffusion models powering generative AI applications. These applications include question answering, code generation, video and image generation, and speech recognition. Amazon EC2 P5.4xl instances are available for SageMaker Studio notebooks in the AWS US East (N. Virginia and Ohio), US West (Oregon), Asia Pacific (Mumbai, Tokyo, Jakarta) and South America (São Paulo) regions. Visit developer guides for instructions on setting up and using JupyterLab and CodeEditor applications on SageMaker Studio. For pricing information on these instances, please visit our pricing page.

Amazon SageMaker Unified Studio now helps you get productive faster with getting started tutorials and a development environment appearance that automatically adapts to your system preference, and adds in-product release notes to help you discover new capabilities. On the homepage, a new getting started section helps you get productive in minutes by walking through core workflows such as running your first SQL query, analyzing data from a notebook, building a data pipeline with Visual ETL, and training an ML model. Each tutorial uses pre-loaded sample data and can be completed in under 10 minutes. The development environment now also defaults to match your operating system’s light or dark mode setting, so the interface matches your preference from your first sign-in. A new “What’s New” section surfaces recent feature announcements and release notes directly in the product, so you can stay informed about new capabilities as they launch. In 2026 alone, SageMaker Unified Studio has added over 20 new features, which you can also find in the release notes. These enhancements are available in all AWS Regions where Amazon SageMaker Unified Studio is supported in IAM-based domains. Sign in to SageMaker Unified Studio to explore what’s new, or start with the getting started tutorials in the Amazon SageMaker Unified Studio User Guide.

In this post, we build a multimodal retrieval system for aerospace manufacturing documents using Amazon Nova Multimodal Embeddings on Amazon Bedrock and Amazon S3 Vectors. We evaluate the system on 26 manufacturing queries and compare generation quality between a text-only pipeline and the multimodal pipeline.

In this post, we dive deep into the architecture and techniques we used to improve Miro’s bug routing, achieving six times fewer team reassignments and five times shorter time-to-resolution powered by Amazon Bedrock.

My most exciting news of last week: Amazon Bedrock AgentCore previewed the first managed payment capabilities enabling AI agents to autonomously access and pay for APIs, MCP servers, web content, and other agents. Built in partnership with Coinbase and Stripe, it removes the undifferentiated heavy lifting of building customized systems for billing, credential management, and […]

Amazon Quick helps turn your large enterprise data into fast and accurate AI-powered decisions. In this post, you will learn about five new capabilities of Amazon Quick that accelerate how data professionals deliver trusted AI-powered insights at enterprise scale.

Amazon Route 53 Domains now supports registration and management of 34 new top-level domains (TLDs), including .app, .dev, .art, .forum, .health, and .realty. This expansion enhances Route 53's domain registration and DNS management capabilities by offering customers industry-specific, technology-focused, and purpose-driven domain name options directly through AWS, enabling businesses and individuals to better establish their online presence.   The new TLDs cater to diverse use cases across multiple sectors. The .app domain is perfect for anyone building digital products — from mobile apps and SaaS platforms to browser extensions and developer tools. Developers can utilize .dev for development projects and technical portfolios, while .art serves creative professionals and galleries. The .forum domain suits community platforms and discussion boards. Healthcare organizations can leverage .health for medical services and wellness platforms. Real estate professionals can establish their presence with .realty domains. Additional domains like .food, .lifestyle, .living, and .love provide opportunities for specialized content and services. Users can register these domains through the Route 53 console, AWS CLI, or SDKs, enjoying integrated DNS management and automatic renewal features. This seamless integration allows for efficient domain administration alongside existing Route 53 hosted zones and DNS records, providing a unified experience for managing both domain registration and DNS services. Additionally, developers building AI-powered workflows can leverage the AWS Agent Toolkit to register and manage these domains programmatically through a fully managed MCP server. Complete list of new TLDs: .app, .art, .bar, .boo, .build, .dad, .day, .dev, .diy, .earth, .esq, .fit, .foo, .food, .forum, .health, .how, .lifestyle, .living, .love, .menu, .mov, .my, .nexus, .one, .page, .phd, .prof, .realty, .rest, .rsvp, .soy, .win, .zip To learn more about Amazon Route 53 Domains and start registering new domains, visit the Amazon Route 53 Domains page. Domain registration pricing varies by TLD. Visit the pricing page for detailed pricing information.

Today, AWS announced the general availability of Claude Platform on AWS, a new service that gives customers direct access to Anthropic's native Claude Platform experience through their existing AWS account. AWS is the first cloud provider to offer access to the native Claude Platform experience. Developers and organizations now have the choice to access Anthropic's native Claude Platform experience, including APIs, console, and early-access beta features, directly through their existing AWS account, without managing separate accounts, billing, or tracking. Claude Platform on AWS is operated by Anthropic, and customer data is processed outside the AWS security boundary. Claude Platform on AWS is designed for development teams and enterprises that want access to Anthropic's native Claude Platform development experience and do not have specific regional data residency requirements. Customers still use existing IAM credentials and access controls, consolidated AWS billing, and CloudTrail audit logging for full security visibility. Features available through Claude Platform on AWS include Claude Managed Agents (beta), advisor strategy (beta), web search, web fetch, code execution, files API (beta), Skills (beta), MCP connector (beta), prompt caching, citations, batch processing, and the Claude Console for prompt development and evaluation.  Claude Platform on AWS is available in US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), South America (São Paulo), Europe (Dublin), Europe (London), Europe (Frankfurt), Europe (Milan), Europe (Zurich), Europe (Paris), Europe (Stockholm), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Jakarta), Asia Pacific (Sydney), and Asia Pacific (Melbourne). To learn more, visit the Claude Platform on AWS product page. To get started, see the Claude Platform on AWS documentation.

AWS Transform now supports replatforming applications to containers during migration to AWS. This release extends AWS Transform's agentic AI capabilities to automate the containerization of your source code, enabling you to migrate and modernize in parallel, reducing the time and complexity of moving from on-premises to cloud-native architectures. Migration teams can containerize source code from GitHub, Bitbucket, GitLab, or .zip files, generate Docker images, publish to Amazon Elastic Container Registry (Amazon ECR), and deploy to Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). This brings containerization into the same workflow your team uses to plan and execute rehost migrations. AWS Transform analyzes your source code repositories, generates Dockerfiles, and builds container images with integrated security scanning for common vulnerabilities and exposures (CVEs). It produces deployment-ready Terraform infrastructure-as-code and Helm charts for your target environment. The service supports monolithic repositories (monorepos) and multi-repo structures, private dependency resolution through AWS CodeArtifact, and containerization of thousands of applications at scale. During migration wave planning, you can assign applications to either a rehost or replatform-to-containers path, so you can move and realize the benefits of AWS faster. This new capability is available in all AWS Regions where AWS Transform is offered. To learn more, please visit the AWS Transform User Guide.

AWS Client VPN now supports Linux desktop client with Ubuntu versions 26.04 LTS. You can now run the AWS supplied VPN client on the latest Ubuntu OS versions. AWS Client VPN desktop clients are available free of charge, and can be downloaded here. AWS Client VPN is a managed service that securely connects your remote workforce to AWS or on-premises networks. It supports desktop clients for MacOS, Windows, and Ubuntu-Linux. With this release, CVPN now supports the latest version of Ubuntu client - 26.04 LTS, along with 22.04 and 24.04. It already support Mac OS version Sonoma 14.0,, Sequoia 15.0, and Tahoe 26.0, and Windows 11. Client also supports ARM64 for MacOS and Windows. This client version is available in all regions where AWS Client VPN is generally available with no additional cost. To learn more about Client VPN: Visit the AWS Client VPN product page Read the AWS Client VPN documentation

Amazon Connect now supports Default Guides for After Contact Work (ACW), enabling contact center administrators to automatically launch a Step-by-Step Guide when an agent enters the ACW state without any manual work.  This capability helps contact centers standardize post-contact workflows and reduce handle time by ensuring agents are automatically guided through required wrap-up tasks, such as logging disposition codes, updating cases, or completing follow-up actions. By eliminating the need for agents to manually navigate to the correct application during ACW, organizations can improve consistency, reduce errors, and accelerate agent productivity across their contact center operations.  To learn more and get started, visit the Amazon Connect webpage and documentation.

Amazon Route 53 Global Resolver now lets you add and remove AWS Regions for anycast DNS resolution, giving you flexible control over where your DNS queries are resolved. This allows you to easily expand Global Resolver coverage as your organization grows or adjust regional deployment to meet compliance requirements. Global Resolver provides anycast DNS resolution for public internet domains and private Route 53 hosted zones from any location, along with DNS query filtering and centralized logging. With this update, you can dynamically adjust which AWS Regions participate in anycast resolution without recreating your Global Resolver configuration. This capability is available at no additional cost in all AWS Regions where Route 53 Global Resolver is supported. To get started, see the Route 53 Global Resolver documentation. For regional availability, see the Route 53 Global Resolver Region list. For pricing, see Amazon Route 53 pricing.

AWS Service Catalog is now available to customers in two additional AWS Regions: Asia Pacific (New Zealand) and Canada West (Calgary). AWS Service Catalog enables customers to create, govern, and distribute a catalog of approved Infrastructure as Code (IaC) products for deployment on AWS. Administrators define products using AWS CloudFormation or other IaC tools such as Terraform. A product is a set of AWS resources that can range from a single compute instance to a fully configured multi-tier application. Customers can share portfolios of approved products across AWS accounts and organizational units through AWS Organizations, giving engineers, database administrators, data scientists, and other end-users consistent self-service access to governed AWS resources across their organization. With AWS Service Catalog, organizations can apply launch and template constraints to govern how products are provisioned, manage product versions as they evolve, and control access by individual, group, or cost center using AWS Identity and Access Management (IAM). AWS Service Catalog is used by enterprises, system integrators, and managed service providers to organize, govern, and provision resources on AWS at scale. For more information, please visit the AWS Service Catalog product page and documentation. See the AWS Region Table for complete regional availability.

Today, Amazon Quick is announcing cross-account access for Amazon Athena data sources. This launch enables you to query Athena data residing in a different AWS account(s) from your Quick deployment using IAM role chaining, with Athena query costs billed to the account where the data lives. With this feature, administrators can create an Athena data source in Quick by specifying a RunAsRole in the Quick account and a ConsumerAccountRoleArn in the target account where Athena resources reside. Quick uses a role chaining mechanism first assuming the RunAsRole, then chaining into the consumer account role to execute queries. This launch supports multiple roles per consumer account(s), enabling fine-grained access segregation across teams within a single account.   This feature is now available in all supported Amazon Quick Sight regions here. For more details, read our blog post.

In this post, we discuss how you can use Precisely Connect to enable real-time, direct replication of mainframe data to Amazon Simple Storage Service (Amazon S3), and how your organization can extend this foundation using Amazon S3 Tables for advanced analytics.

In this post, we'll explore how we built a proof-of-concept that converts natural language queries into executable seismic workflows while providing a question-answering capability for Halliburton's Seismic Engine tools and documentation. We'll cover the technical details of the solution, share evaluation results showing workflow acceleration of up to 95%, and discuss key learnings that can help other organizations enhance their complex technical workflows with generative AI.

IAM Policy Autopilot now supports Java applications and Terraform-aware policy generation, expanding its language coverage and its ability to generate less permissive IAM policies from code. IAM Policy Autopilot is an open-source tool launched at re:Invent 2025 that helps builders quickly and deterministically create baseline IAM policies on AWS that you can refine as your application evolves, reducing the time you spend writing IAM policies and troubleshooting access issues. Java has been one of the most requested languages from IAM Policy Autopilot users. With this release, Java developers can now analyze their application source code to generate AWS IAM policies, joining Python, TypeScript, and Go as supported languages. In addition, IAM Policy Autopilot can now cross-reference Terraform resource definitions with SDK calls in your application code to resolve actual resource ARNs for each IAM action. For example, a policy generated for an application that calls S3 GetObject will now reference the specific bucket defined in Terraform rather than defaulting to wildcard (*) resources.  IAM Policy Autopilot is available at no additional cost and can be used from your own machine. To get started, visit the IAM Policy Autopilot GitHub repository.

Amazon Route 53 Resolver endpoints now support DNS64 on inbound endpoints and IPv6 forwarding through the internet gateway (IGW) on outbound endpoints, making it easier to manage hybrid DNS across IPv4 and IPv6 networks. With DNS64 enabled on inbound endpoints, you can synthesize AAAA (IPv6) responses for domains that only have A (IPv4) records, allowing IPv6-only clients on-premises to reach IPv4 services on AWS without changes to those services. You can also configure outbound endpoints to forward DNS queries to public IPv6 name servers through the IGW. Amazon Route 53 Resolver endpoints simplify hybrid cloud DNS by enabling seamless query resolution between on-premises networks and Amazon Virtual Private Cloud (Amazon VPC). As you transition workloads to IPv6, these capabilities help your IPv6 resources on VPCs and on-premises networks communicate with both IPv4 and IPv6 destinations without additional workarounds. These capabilities are available at no additional cost in all AWS Regions where Route 53 Resolver endpoints are supported. To get started, see the Route 53 VPC Resolver documentation. For regional availability, see the Route 53 Region list. For Route 53 Resolver endpoint pricing, see here.

AWS Marketplace launches a new Tax management portal that provides sellers a streamlined self-service process to view and download invoices, eliminating the need to request invoices through support channels. Tax management portal integrates the invoice management directly into the AWS Partner Central console, providing centralized access to both seller listing fee invoices and invoices issued to buyers in applicable regions. The portal streamlines invoice retrieval and record-keeping for sellers and partner finance teams managing AWS Marketplace operations. Sellers can now access the new experience through AWS Partner Central or AWS Marketplace Management portal, enabling advanced search and filtering capabilities, allowing you to search listing fee invoices by invoice ID, date range, or invoicing entity. Sellers can also access these invoices programmatically through the ListInvoiceSummaries API. Sellers can download multiple invoices simultaneously, making it efficient to prepare for audits, reconcile financial records, or retrieve tax-related information. This self-service approach provides transparency into listing fees across different AWS Marketplace invoicing entities, supporting multi-region operations and revenue tracking needs. Beyond listing fee invoices, India-based sellers can view and download tax invoices generated on their behalf to the buyer through the portal, with filtering by invoice ID, buyer name, date range, buyer account ID, or invoicing entity. Seller listing fee invoices are supported for all AWS Marketplace entities. To learn more about accessing and managing the invoices, visit AWS Marketplace Seller Guide.

Starting today, the Amazon Elastic Compute Cloud (Amazon EC2) G6 instances powered by NVIDIA L4 GPUs are available in AWS European Sovereign Cloud (Germany). G6 instances can be used for a wide range of graphics-intensive and machine learning (ML) use cases. Customers can use G6 instances for deploying ML models for natural language processing, language translation, video and image analysis, speech recognition, and personalization. G6 instances are also well-suited for graphics workloads, such as creating and rendering real-time, cinematic-quality graphics and game streaming. G6 instances feature up to 8 NVIDIA L4 Tensor Core GPUs with 24 GB of memory per GPU and third generation AMD EPYC processors. They also support up to 192 vCPUs, up to 100 Gbps of network bandwidth, and up to 7.52 TB of local NVMe SSD storage. In addition to AWS European Sovereign Cloud (Germany), Amazon EC2 G6 instances are available today in the AWS US East (N. Virginia and Ohio), US West (Oregon), Europe (Frankfurt, London, Paris, Spain, Stockholm and Zurich), Asia Pacific (Mumbai, Tokyo, Malaysia, Seoul and Sydney), South America (Sao Paulo), Middle East (UAE) and Canada (Central) Regions. Customers can purchase G6 instances as On-Demand Instances, Spot Instances, or as part of Savings Plans. To get started, visit the AWS Management Console, AWS Command Line Interface (CLI), and AWS SDKs. To learn more, visit the G6 instance page.

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) X8i instances are available in the Europe (Ireland) and Asia Pacific (Mumbai) regions. These instances are powered by custom Intel Xeon 6 processors available only on AWS. X8i instances are SAP-certified and deliver the highest performance and fastest memory bandwidth among comparable Intel processors in the cloud. They deliver up to 43% higher performance, 1.5x more memory capacity (up to 6TB), and 3.3x more memory bandwidth compared to previous generation X2i instances. X8i instances are designed for memory-intensive workloads like SAP HANA, large databases, data analytics, and Electronic Design Automation (EDA). Compared to X2i instances, X8i instances offer up to 50% higher SAPS performance, up to 47% faster PostgreSQL performance, 88% faster Memcached performance, and 46% faster AI inference performance. X8i instances come in 14 sizes, from large to 96xlarge, including two bare metal options. To get started, visit the AWS Management Console. X8i instances can be purchased via Savings Plans, On-Demand instances, and Spot instances. For more information visit X8i instances page.

Amazon SageMaker Unified Studio announces new administration features that give administrators more control over identity configuration and user management for both IAM and Identity Center domain types. In SageMaker IAM domains, administrators can now onboard users through single sign-on by configuring AWS IAM Identity Center. After configuration, administrators can add IAM roles, IAM users, IAM Identity Center users, and IAM Identity Center groups as project members. Teams can collaborate on project data and resources regardless of how individual members authenticate. Administrators can set up IAM Identity Center integration in the SageMaker Unified Studio admin portal. A new domain user management page for SageMaker IAM domains gives administrators a consolidated view of all users active in the domain, where they can manage access and update permissions from a single screen. In SageMaker Identity Center domains, users can now access the SageMaker Unified Studio portal by federating through an IAM role. SageMaker Unified Studio creates a unique user session for each federated user, so users sharing the same role don't overwrite each other's work. Administrators can audit individual actions even when multiple users share a single IAM role. With these features, customers can use IAM identity or IAM Identity Center corporate identity across both domain types, giving teams flexibility to collaborate in SageMaker Unified Studio regardless of their authentication method. These features are available in the following AWS Regions: Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), South America (São Paulo), US East (N. Virginia), US East (Ohio), and US West (Oregon). To learn more, visit the SageMaker Unified Studio documentation.

Starting today, Amazon EC2 G7e instances accelerated by NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs are now available in Europe (London) region. G7e instances offer up to 2.3x inference performance compared to G6e. Customers can use G7e instances to deploy large language models (LLMs), agentic AI models, multimodal generative AI models, and physical AI models. G7e instances offer the highest performance for spatial computing workloads as well as workloads that require both graphics and AI processing capabilities. G7e instances feature up to 8 NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs, with 96 GB of memory per GPU, and 5th Generation Intel Xeon processors. They support up to 192 virtual CPUs (vCPUs) and up to 1600 Gbps of networking bandwidth. G7e instances support NVIDIA GPUDirect Peer to Peer (P2P) that boosts performance for multi-GPU workloads. Multi-GPU G7e instances also support NVIDIA GPUDirect Remote Direct Memory Access (RDMA) with EFA in EC2 UltraClusters, reducing latency for small-scale multi-node workloads. You can use G7e instances for Amazon EC2 in the following AWS Regions: US West (Oregon), US East (N. Virginia, Ohio), Europe (Spain, London) and Asia Pacific (Tokyo, Seoul). You can purchase G7e instances as On-Demand Instances, Spot Instances, or as part of Savings Plans. To get started, visit the AWS Management Console, AWS Command Line Interface (CLI), and AWS SDKs. To learn more, visit G7e instances.

Today, AWS announces availability notifications for AWS Capabilities by Region in AWS Builder Center, a new subscription-based system that automatically alerts builders when an AWS service(s) and/or features(s) become available in their target Regions. Availability notifications make it easy for builders to track availability of 1,500+ services and features across 37 AWS Regions, accelerating infrastructure planning and deployment decisions. With availability notifications, builders can subscribe at the service level through AWS Builder Center UI, and the subscription automatically covers all underlying features across selected Regions, so there's no need to track each feature individually. Notifications are delivered through two channels: instantaneous in-app alerts within AWS Builder Center, and a consolidated weekly email digest. Subscriptions and notification preferences can be managed through Settings > Notifications in AWS Builder Center. Common use cases include tracking a specific capability launch, monitoring service parity across AWS Regions, and preparing for upcoming migrations or Regional expansions. For example, a solutions architect expanding a generative AI application into new Regions can subscribe to Amazon Bedrock and receive automatic updates as Knowledge Bases, Guardrails, and other features become available.

AWS Elemental MediaTailor now supports monetization functions, a new capability that lets customers customize how MediaTailor builds ad decision server (ADS) requests and manages session data during ad-personalized playback. With monetization functions, customers can call external APIs and run inline data transformations at defined points in the playback session — eliminating the need to build and operate middleware between the player and the ADS. Common use cases include resolving hashed email addresses into privacy-compliant identity envelopes through providers such as LiveRamp, appending contextual metadata from a content management system to every ad request through providers like GraceNote, activate header bidding workflows through providers like The Trade Desk and running A/B tests across multiple ad decision servers. Monetization functions are fail-open by design: if a function encounters an error, exceeds its timeout, or hits a resource limit, MediaTailor discards the output and proceeds with default ad-insertion behavior, so viewers' playback is never interrupted. Monetization functions is available at general availability in all AWS regions where AWS Elemental MediaTailor operates. You are billed per lifecycle hook invocation at a flat rate that does not depend on the number, type, or complexity of functions. For full details, see the MediaTailor pricing page, the Monetization Functions section of the MediaTailor User Guide, and the MediaTailor product page.

The AWS Advanced JDBC Wrapper now provides column-level client-side encryption through its KMS Encryption plugin. The wrapper provides advanced capabilities such as failover handling, AWS authentication integration, and enhanced monitoring for Amazon Aurora and Amazon RDS open source databases. It enables Java applications to encrypt sensitive data before it reaches the database without changing application code. Database encryption at rest and TLS in transit are foundational security controls. However, with these controls decrypt the data within the database engine. A compromised credential, overprivileged administrator, or SQL injection attack can expose sensitive data in plaintext, creating compliance risk under PCI DSS, HIPAA, and GDPR. The KMS Encryption plugin closes this gap by working at the JDBC driver level. When your application writes to an encrypted column, the plugin encrypts the value before it reaches the database. When reading, it decrypts the value before returning it. Plaintext remains visible only to your application, while the database sees encrypted values. The database can verify data integrity through HMAC validation without needing the encryption key. The plugin integrates seamlessly with your existing SQL, Spring, Hibernate, and connection pool setup without requiring code changes. The KMS Encryption plugin works with Amazon RDS and Amazon Aurora PostgreSQL and MySQL-compatible databases. The plugin is available as an open-source project under the Apache 2.0 license. To learn more, see AWS Advanced JDBC Wrapper documentation.

Amazon SageMaker HyperPod now supports AMI-based configuration that provisions Slurm cluster nodes with the software and configurations needed for a production-ready environment to run AI/ML training workloads. This removes the need to download, configure, or upload lifecycle configuration scripts to Amazon S3. With fewer operational steps to prepare a cluster and no lifecycle configuration scripts executing during node provisioning, cluster creation time is significantly reduced, so you can start running jobs sooner. AMI-based configuration includes required software such as Docker, Enroot, and Pyxis, and configurations such as Slurm accounting, SSH key generation, Slurm log rotation and user home directory setup. To enable AMI-based configuration, omit the LifeCycleConfig block from the instance group configuration when creating clusters using the CreateCluster API, or when using the SageMaker AI console, select "None" under Lifecycle scripts in Custom setup. For additional customization on top of the AMI-based configuration baseline, an extension script can be provided, allowing you to focus only on what capabilities and software to add, such as user configuration, observability, or LDAP integration. Extension scripts can be configured when creating clusters through both the API and the SageMaker AI console. Using the CreateCluster API, specify the new OnInitComplete parameter and SourceS3Uri in the LifeCycleConfig block. Via the console, provide the S3 URI to the extension script in the "Extension script file in S3" field in Custom setup. For advanced use cases that require full control over provisioning, custom lifecycle configuration scripts remain fully supported through both the API and the SageMaker AI console. This feature is available in all AWS Regions where SageMaker HyperPod is available. To get started with creating HyperPod Slurm clusters with AMI-based node lifecycle configuration, see Getting started with SageMaker HyperPod using the AWS CLI or Getting started with SageMaker HyperPod using the SageMaker AI console in the SageMaker AI developer guide.

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) M8gn and M8gb instances are available in the AWS Europe (Ireland) region. These instances are powered by AWS Graviton4 processors to deliver up to 30% better compute performance than AWS Graviton3 processors, and feature the latest 6th generation AWS Nitro Cards. M8gn instances offer up to 600 Gbps network bandwidth, the highest network bandwidth among network optimized EC2 instances. M8gb offer up to 300 Gbps of EBS bandwidth to provide higher EBS performance compared to same-sized equivalent Graviton4-based instances. M8gn are ideal for network-intensive workloads such as high-performance file systems, distributed web scale in-memory caches, caching fleets, real-time big data analytics, and Telco applications such as 5G User Plane Function (UPF). M8gn instances offer instance sizes up to 48xlarge and metal-48xl, up to 768 GiB of memory, up to 600 Gbps of networking bandwidth, and up to 120 Gbps of bandwidth to Amazon Elastic Block Store (EBS). They support EFA networking on the 16xlarge, 24xlarge, 48xlarge, metal-24xl, and metal-48xl sizes, enabling lower latency and improved cluster performance for workloads deployed on tightly coupled clusters. M8gb are ideal for workloads requiring high block storage performance such as high performance databases and NoSQL databases. M8gb instances offer sizes up to 48xlarge and metal-48xl, up to 768 GiB of memory, up to 300 Gbps of EBS bandwidth, and up to 400 Gbps of networking bandwidth. They also support Elastic Fabric Adapter (EFA) networking on the 16xlarge, 24xlarge, 48xlarge, metal-24xl, and metal-48xl sizes. The new instances are available in the following AWS Regions: US East (N. Virginia), US West (Oregon), and Europe (Ireland). Metal sizes are available in US East (N. Virginia) region. To learn more, see Amazon EC2 M8gn and M8gb Instances. To begin your Graviton journey, visit the Level up your compute with AWS Graviton page.

In this post, you will learn how to secure reserved GPU capacity for short-term workloads using Amazon Elastic Compute Cloud (Amazon EC2) Capacity Blocks for ML and Amazon SageMaker training plans. These solutions can address GPU availability challenges when you need short-term capacity for load testing, model validation, time-bound workshops, or preparing inference capacity ahead of a release.

In this post, you will learn how to implement reinforcement learning with verifiable rewards (RLVR) to introduce verification and transparency into reward signals to improve training performance. This approach works best when outputs can be objectively verified for correctness, such as in mathematical reasoning, code generation, or symbolic manipulation tasks. You will also learn how to layer techniques like Group Relative Policy Optimization (GRPO) and few-shot examples to further improve results. You’ll use the GSM8K dataset (Grade School Math 8K: a collection of grade school math problems) to improve math problem solving accuracy, but the techniques used here can be adapted to a wide variety of other use cases.

India customers can now use UPI (Unified Payments Interface) Scan and Pay to sign up for AWS or make payments to their invoices. UPI is a popular and convenient payment method in India, which facilitates instant bank-to-bank transfers between two parties through mobile phones with internet. The new Scan and Pay experience simplifies payments by allowing customers to scan a QR code displayed on the AWS Console using their UPI mobile app (such as Google Pay, PhonePe, Paytm, or Amazon Pay), eliminating the need to manually enter a UPI ID. This enhancement makes the UPI payment experience more secure, convenient, and error-free for customers signing up for AWS or making one-time payments. Scan and Pay reduces friction and aligns with how customers commonly use UPI for everyday transactions. Customers can also set up UPI AutoPay using Scan and Pay for automatic monthly payments up to INR 15,000. To use this feature, customers log in to the AWS Console and select UPI as their payment method during signup or when making a payment. A QR code is displayed on screen, which customers scan using their UPI mobile app to verify and authorize the transaction. To learn more, see Managing Payment Methods in India.

AWS is announcing the general availability of Amazon EC2 R8idn and Amazon EC2 R8idb instances, powered by custom sixth generation Intel Xeon Scalable processors, available only on AWS. These instances also feature the latest sixth generation AWS Nitro cards. R8idn and R8idb deliver up to 43% better compute performance per vCPU compared to previous generation R6in instances. Amazon EC2 R8idn instances offer up to 600 Gbps network bandwidth, the highest network bandwidth among enhanced networking EC2 instances, combined with up to 22,800 GB of local NVMe instance storage. Amazon EC2 R8idb instances deliver up to 300 Gbps EBS bandwidth and up to 1,440K IOPS, the highest EBS performance among non-accelerated compute EC2 instances. R8idn instances are ideal for memory-intensive workloads requiring high network throughput and local storage, such as in-memory databases, real-time big data analytics, and large-scale distributed caching layers. R8idb instances are ideal for memory-intensive workloads requiring high block storage performance, such as large-scale commercial databases, high-performance file systems, and enterprise analytics platforms. Amazon EC2 R8idn and R8idb instances are available in US East (N. Virginia, Ohio), US West (Oregon), and Europe (Spain). R8idn and R8idb instances are available via Savings Plans, On-Demand, and Spot instances. For more information, visit the Amazon EC2 R8i instance page.

AWS is announcing the general availability of Amazon EC2 M8idn and Amazon EC2 M8idb instances, powered by custom sixth generation Intel Xeon Scalable processors, available only on AWS. These instances also feature the latest sixth generation AWS Nitro cards. M8idn and M8idb deliver up to 43% better compute performance per vCPU compared to previous generation M6idn instances. Amazon EC2 M8idn instances offer up to 600 Gbps network bandwidth, the highest network bandwidth among enhanced networking EC2 instances. Amazon EC2 M8idb instances deliver up to 300 Gbps EBS bandwidth, the highest EBS performance among non-accelerated compute EC2 instances. M8idn instances are ideal for network-intensive general purpose workloads requiring local storage, such as distributed compute, data analytics, and high-performance file systems. M8idb instances are ideal for storage-intensive general purpose workloads such as large commercial databases, data lakes, and NoSQL databases that benefit from both high EBS throughput and low-latency local NVMe storage. Amazon EC2 M8idn and Amazon EC2 M8idb instances are available in US East (N. Virginia), US West (Oregon), and Europe (Spain). M8idn and M8idb instances are available via Savings Plans, On-Demand, and Spot instances. For more information, visit the Amazon EC2 M8i instance page.

Today, we're announcing a preview of Amazon Bedrock AgentCore Payments, a new set of features in Amazon Bedrock AgentCore that enables AI agents to instantly access and pay for what they use. AgentCore Payments was developed in partnership with Coinbase and Stripe.

Today, Amazon Bedrock AgentCore announces the preview of AgentCore payments, enabling AI agents to autonomously access and pay for APIs, MCP servers, web content, and other agents. Built in partnership with Coinbase and Stripe, AgentCore payments is the first managed payment capabilities purpose-built for autonomous agents, handling the full payment lifecycle from wallet authentication through transaction execution to spending governance and observability. As AI agents become more capable and services shift to pay-per-use models built for machine consumption, developers need infrastructure that lets their agents transact without building bespoke billing integrations, credential management, orchestration logic, budgeting, and observability from scratch. With AgentCore payments, developers connect a Coinbase CDP wallet or Stripe Privy wallet as a payment connection, set session-level spending limits, and their agent transacts autonomously during execution. When an agent encounters a paid resource and receives an HTTP 402 response, AgentCore handles the x402 protocol negotiation, wallet authentication, stablecoin payment, and proof delivery back to the endpoint, all without interrupting the agent's reasoning loop. Spending limits are enforced deterministically at the infrastructure layer, and every transaction is observable through the same logs, metrics, and traces developers already use in AgentCore. The Coinbase x402 Bazaar MCP server is also available through AgentCore Gateway, providing over 10,000 x402 endpoints that agents can search, discover, and pay for autonomously. AgentCore payments is available in preview in the following AWS Regions: US East (N. Virginia), US West (Oregon), Europe (Frankfurt), and Asia Pacific (Sydney). Learn more about it through the blog, deep dive using the documentation, and get started with the AgentCore CLI.

We are pleased to announce that AWS Resource Explorer, a managed capability that simplifies the search and discovery of resources, is now available in the AWS GovCloud Regions (US-East) and (US-West). You can search for your AWS resources either using the AWS Resource Explorer console, the AWS Command Line Interface (AWS CLI), the AWS SDKs, or the unified search bar from wherever you are in the AWS Management Console. From the search results displayed in the console, you can go to your resource’s service console and Region with a single step, and take action. To turn on AWS Resource Explorer, visit the AWS Resource Explorer console. Read about getting started in our AWS Resource Explorer documentation, or explore the AWS Resource Explorer product page.

Amazon SES Mail Manager is now available in AWS GovCloud (US) regions, expanding Mail Manager coverage to 30 AWS regions. Amazon SES Mail Manager provides a centralized gateway to manage all inbound and outbound email traffic with advanced routing, filtering, and archiving capabilities. It simplifies complex email infrastructure by replacing the need for multiple third-party tools with a single, scalable solution integrated directly into AWS. This gives organizations greater visibility and control over their email flows while reducing operational overhead and cost. The new Mail Manager regions include AWS GovCloud (US-East) and AWS GovCloud (US-West). The full list of Mail Manager region availability is here. To learn more, visit the SES Mail Manager documentation.

Amazon Redshift now extends concurrency scaling to support high-volume data ingestion workloads, enabling concurrency scaling for Amazon Redshift COPY queries from Amazon S3. This means your data pipelines no longer have to choose between ingestion speed and query performance—even during peak demand. Organizations running time-sensitive data operations—real-time analytics, continuous ETL, or high-frequency reporting—often face ingestion bottlenecks during traffic spikes. Until now, concurrency scaling supported read queries, but write-heavy workloads could still experience resource contention with concurrent queries. With this launch, Amazon Redshift automatically provisions additional compute capacity to absorb burstiness in ingestion workloads, delivering: Faster COPY performance – For batch workloads, concurrency scaling now supports COPY for Parquet and ORC file formats from Amazon S3. Load multiple files concurrently without queuing delays, even under heavy concurrent workloads by enabling concurrency scaling for Amazon Redshift COPY queries. Zero operational overhead – No manual cluster resizing or workload scheduling required. Concurrency scaling is enabled and disabled automatically on Amazon Redshift Serverless based on the demand or based on a pre-set configurations in Amazon Redshift Provisioned. This feature is generally available across all AWS commercial regions and AWS GovCloud (US) regions for both Amazon Redshift Serverless and provisioned data warehouses. No migration or configuration changes are required — enable concurrency scaling and your ingestion workloads will benefit immediately. To learn more, visit the Amazon Redshift concurrency scaling documentation.

Amazon OpenSearch Service now supports the VPC egress option, which allows your virtual private cloud (VPC) domain to establish private network connections to resources in your VPC, such as ML models, AWS services, and custom applications, without exposing traffic to the public internet. When you enable the VPC egress option, OpenSearch Service adds network interfaces to the subnets you selected for the domain and routes outbound traffic into your VPC. You can enable or disable the VPC egress option using the Amazon OpenSearch Service console, AWS CLI, or the CreateDomain and UpdateDomainConfig API operations. VPC egress is now supported in all AWS Regions where Amazon OpenSearch Service is available. To get started, refer to Routing domain egress traffic through your VPC.

AWS Site-to-Site VPN now supports modifying tunnel bandwidth between standard (up to 1.25 Gbps) and large (up to 5 Gbps) on existing connections, making it easier to update your VPN connections’ bandwidth per your organization’s need. Previously, changing tunnel bandwidth required deleting and recreating the connection, which generated new tunnel IP addresses and meant updating your on-premises VPN device configuration and firewall rules. With this launch, tunnels are upgraded while preserving your IP addresses, CIDR blocks, pre-shared keys, and all configuration settings, eliminating the need to make any changes to your on-premises device. This feature is available in the following AWS Regions: US East (N. Virginia, Ohio), US West (N. California), AWS GovCloud (US-West), Europe (Frankfurt, London, Paris, Spain, Stockholm), Asia Pacific (Hong Kong, Hyderabad, Jakarta, Malaysia, Mumbai, New Zealand, Osaka, Seoul, Sydney, Taipei, Thailand, Tokyo), Africa (Cape Town), Mexico (Central), and South America (São Paulo). To learn more and get started, visit the AWS Site-to-Site VPN documentation.

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) P6-B200 instances accelerated by NVIDIA Blackwell GPUs are available in AWS GovCloud (US-West) Region. These instances offer up to 2x performance compared to P5en instances for AI training and inference. P6-B200 instances feature 8 Blackwell GPUs with 1440 GB of high-bandwidth GPU memory and a 60% increase in GPU memory bandwidth compared to P5en, 5th Generation Intel Xeon processors (Emerald Rapids), and up to 3.2 terabits per second of Elastic Fabric Adapter (EFAv4) networking. P6-B200 instances are powered by the AWS Nitro System, so you can reliably and securely scale AI workloads within Amazon EC2 UltraClusters to tens of thousands of GPUs. P6-B200 instances are now available in p6-b200.48xlarge size in the following AWS Regions: US West (Oregon), US East (N. Virginia, Ohio) and AWS GovCloud (US-West). To learn more about P6-B200 instances, visit Amazon EC2 P6 instances.

Amazon Bedrock AgentCore Runtime now supports bring-your-own file system, enabling developers to attach their Amazon S3 Files and Amazon EFS access points directly to agent runtimes. AgentCore Runtime mounts the file system into every session at a path you specify, and your agent reads and writes files using standard file operations  - no custom mount code, no privileged containers, and no download orchestration before the agent can start working is needed. This complements the existing managed session storage (in public preview), which AgentCore Runtime can automatically provision. Bring-your-own file system is for the data you already own and want to share: skills, tool libraries, reference datasets, knowledge bases, and project files that should be available across sessions, across microVM lifecycles, or across multiple agents. Developers can mount an Amazon S3 Files file system to access data through both standard file operations and S3 APIs, with changes automatically synchronized between the file system and the S3 bucket. Alternatively, they can mount an Amazon EFS access point for a purpose-built, shared NFS file system. Both options deliver sub-millisecond latency for active data and support NFS close-to-open consistency. This unlocks patterns that were previously difficult to build. Agents can load shared skills, prompt templates, or curated datasets at session start without re-downloading at every new session initialization. Long-running workflows can persist intermediate results and resume work in future sessions. Multiple agents, or multiple sessions of the same agent, can collaborate on the same dataset, with one producing outputs that another consumes as inputs. To get started, developers provide an access point ARN, and the agent runtime must be configured with a VPC. Bring-your-own file system is available across all 15 AWS Regions where AgentCore Runtime is supported. For the full list, see Supported AWS Regions. To learn more, see File system configurations in AgentCore Runtime.

Starting today, Amazon Elastic Cloud Compute (Amazon EC2) P6-B300 instances are available in the US East (N. Virginia) Region. P6-B300 instances provide 8xNVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory. P6-B300 instances deliver 2x networking bandwidth, 1.5x GPU memory size, and 1.5x GPU TFLOPS (at FP4, without sparsity) compared to P6-B200 instances, making them well suited to train and deploy large trillion-parameter foundation models (FMs) and large language models (LLMs) with sophisticated techniques. The higher networking and larger memory deliver faster training times and more token throughput for AI workloads.  P6-B300 instances are now available in p6-b300.48xlarge size in the following AWS Regions: US West (Oregon), AWS GovCloud (US-East) and US East (N. Virginia). To learn more about P6-B300 instances, visit Amazon EC2 P6 instances.

Amazon ElastiCache now supports aggregation queries, making it easier to filter, group, transform, and summarize data directly in your cache with a single query. Developers can use aggregation queries to build real-time application experiences with latencies as low as microseconds over terabytes of data and results reflecting completed writes. By running aggregations directly in-memory within ElastiCache, developers can reduce architectural complexity and improve response times without a separate analytics engine. Applications can use aggregations to power faceted navigation, category counts, rollups, and leaderboards. Applications can aggregate over the most up-to-date data to deliver real-time insights such as trending content, popular categories, and top-performing items in e-commerce marketplaces and streaming services. Aggregations can drive AI-powered personalization applications that need fast summaries over search results, and operational dashboards for live monitoring and business analytics. Aggregations are available in all commercial AWS Regions, AWS GovCloud (US) Regions, and China Regions, for node-based clusters running ElastiCache version 9.0 for Valkey at no additional cost. Valkey is the most permissive open source and vendor-neutral alternative to Redis and the recommended engine on ElastiCache. To get started, create a new Valkey 9.0 or above cluster or upgrade an existing cluster using the AWS Management Console, AWS SDK, or AWS CLI. To learn more, read the aggregations blog and see the ElastiCache documentation.

Amazon ElastiCache now supports real-time hybrid search that combines vector similarity with full-text search in a single query, without a separate search service. Applications can combine semantic meaning with exact keyword matching that captures both intent and precise terms to deliver more relevant results than either method alone. Customers can use ElastiCache to combine full-text and vector similarity search across billions of embeddings from popular providers like Amazon Bedrock, Amazon SageMaker, Anthropic, and OpenAI with latency as low as microseconds and up to 99% recall. ElastiCache makes data searchable as soon as writes complete, so applications always search the most current vectors and text. Developers can use hybrid search to build AI agent memory and RAG systems that retrieve relevant context by exact terms and meaning to improve generative AI responses while reducing token costs. E-commerce and streaming platforms can use hybrid search to surface relevant matches, whether users search by exact product name, description, or both. ElastiCache for Valkey delivers the lowest latency vector search with the highest throughput and best price-performance at 95%+ recall rate among popular vector databases on AWS. Hybrid search is available in all commercial AWS Regions, AWS GovCloud (US) Regions, and China Regions, for node-based clusters running ElastiCache version 9.0 for Valkey at no additional cost. Valkey is the most permissive open source and vendor-neutral alternative to Redis and the recommended engine on ElastiCache. To get started, create a new Valkey 9.0 or above cluster or upgrade an existing cluster using the AWS Management Console, AWS SDK, or AWS CLI. To learn more, read this blog and see the ElastiCache documentation.

Amazon ElastiCache now supports real-time full-text, exact-match, and numeric range search directly in your cache without a separate search service. Applications can use ElastiCache to search terabytes of data with latency as low as microseconds and throughput up to millions of search operations per second. Developers can combine any of these search types in a single query to power real-time, scalable search across frequently changing data. ElastiCache makes data searchable as soon as writes complete, so applications always search the most current data. This is ideal for frequently updated datasets such as user session details, product inventory, and transaction records. Exact-match search enables instant lookup of records by precise values such as usernames, content IDs, or genres across streaming and gaming applications. Numeric range queries enable filtering by transaction amounts, date ranges, or player scores in financial applications and leaderboards. Developers can use full-text search with prefix, suffix, and fuzzy matching to power product discovery in e-commerce platforms, or combine search types to filter by category, price, and ratings. Full-text, exact-match, and numeric range search is available in all commercial AWS Regions, AWS GovCloud (US) Regions, and China Regions, for node-based clusters running ElastiCache version 9.0 for Valkey at no additional cost. Valkey is the most permissive open source and vendor-neutral alternative to Redis and the recommended engine on ElastiCache. To get started, create a new Valkey 9.0 or above cluster or upgrade an existing cluster using the AWS Management Console, AWS SDK, or AWS CLI. To learn more, read this blog and see the ElastiCache documentation.

Today, AWS Marketplace announces the Agreements API, enabling you to procure AWS Marketplace products and manage agreements programmatically. With this launch, you can generate estimates, accept offers, track charges and entitlements, update purchase orders and manage agreements all within your existing tools and workflows. Combined with the Discovery API, the Agreements API provides an end-to-end procurement journey from product discovery to purchase. You can integrate these APIs into your procurement systems to build custom workflows and streamline operations across your organization. Partners can also use these APIs to build custom storefronts that deliver unified procurement experiences for their customers.  The AWS Marketplace Agreements APIs is available in the US East (N. Virginia) Region. To get started, configure AWS Identity and Access Management (IAM) permissions for your AWS account and call the API through the AWS SDK. To learn more, see the AWS Marketplace Agreement APIs documentation.

Amazon Neptune now offers 1-click connect capability, enabling you to quickly connect to Neptune Database and Neptune Analytics using CloudShell. Previously, connecting to Neptune resources required manual configuration network settings and access permissions, taking time from database administrators, developers, and data analysts who needed to query their graph databases. With 1-click connect, you can immediately start querying your Neptune resources without manual network configuration, significantly reducing setup time and technical complexity. This streamlined approach works across different network configurations, including VPC only resources. 1-click connect is particularly valuable for testing and development workflows, troubleshooting, and for customers new to Neptune who want to quickly explore and experiment with their graph data. 1-click connect is available at no additional charge in all regions where Amazon Neptune is currently offered. To learn more and how to get started, visit https://aws.amazon.com/neptune/.

Amazon Bedrock AgentCore Memory now supports metadata on long-term memory (LTM) records, enabling agents to tag, filter, and retrieve memories using structured attributes alongside semantic search. You can define up to ten indexed keys per memory resource - with support for STRING, NUMBER, and STRING_LIST types - and use different operator types to filter retrieval results. Metadata can be attached to events at ingestion time or inferred automatically by the LLM based on extraction instructions you define on the memory resource. During ingestion, the LLM processes all events and determines how metadata is applied to the resulting memory records. You define a metadata schema on the memory resource that includes indexed key definitions (key name, type, and optional allowed values) along with extraction instructions that guide the LLM on how to generate metadata from conversation content. With metadata filters on retrieval - agents can retrieve records by structured attributes like ticket number, priority, or date - eliminating irrelevant context and improving response accuracy. To get started, see the Amazon Bedrock AgentCore Memory documentation. This feature is available today in all AWS Regions where Amazon Bedrock AgentCore Memory is supported.

In this post, we walk through installing the Power and Skill, using Amazon Kinesis Data Streams to build a Kinesis Data Stream-to-Kinesis Data Stream streaming pipeline, and migrating an existing application to Flink 2.2. You can follow along with this use case to see how the Managed Service for Apache Flink Kiro Power can help you build a resilient, performant application grounded in best practices.

In this post, we provide an approach to reuse your existing client certificates without reissuing them through AWS Certificate Manager (ACM) Private Certificate Authority. This solution enables an accelerated migration path by using your current third-party CA infrastructure. This removes the complexity and operational overhead of certificate re-issuance while maintaining the security posture that you've established with your existing mTLS implementation.

AWS announces the general availability of the AWS MCP Server, a managed remote Model Context Protocol (MCP) server that gives AI agents and coding assistants secure, authenticated access to all AWS services. The AWS MCP Server is part of the Agent Toolkit for AWS, a suite of tooling that includes the MCP Server, skills, and plugins that help coding agents build more effectively and efficiently on AWS.

AWS Elemental MediaTailor now enhances streaming ad personalization with support for trickplay features in HLS and DASH formats. This update also introduces compact DASH manifests for more efficient manifest delivery. Previously, these capabilities required a custom transcode profile. They are now supported natively through dynamic transcoding, eliminating that requirement. MediaTailor provides server-side ad insertion (SSAI) to personalize ads in video streams. As streaming platforms increasingly support trickplay navigation, ensuring that advertisements are properly transcoded with trickplay variants and associated image streams is critical for a seamless viewer experience. These variants must match the specifications of the origin content. With this update: Ad Trickplay Personalization: Trickplay personalization matching is now fully supported for both HLS and DASH workflows via dynamic transcoding. MediaTailor ensures that advertisements include trickplay variants and associated image streams that align with origin content specifications. This delivers a consistent experience when viewers fast-forward or rewind through content. A custom transcode profile is no longer required to enable this capability. Compact DASH Manifest Support: MediaTailor now supports compact DASH manifests via dynamic transcoding. This optimization elevates the SegmentTemplate element from individual Representation elements to the AdaptationSet level, reducing overall manifest size. Thise results ins more efficient manifest delivery and improved compatibility with players and workflows that rely on compact manifest structures. A custom transcode profile is no longer required to enable this capability.  AWS Elemental MediaTailor’s ad trickplay personalization and compact DASH manifest optimization are available in all AWS Regions where MediaTailor is available, including US East (Ohio), US East (N. Virginia), US West (Oregon); Africa (Cape Town); Asia Pacific (Hyderabad, Malaysia, Melbourne, Mumbai, Osaka, Seoul, Singapore, Sydney, Tokyo); Canada (Central); Europe (Frankfurt, Ireland, London, Paris, Stockholm); Middle East (UAE); and South America (São Paulo). There is no additional cost for this feature. To learn more, visit the AWS Elemental MediaTailor User Guide.

Today, AWS is launching the Agent Toolkit for AWS, a production-ready suite of tools and guidance that helps AI coding agents build on AWS with fewer errors, lower token costs, and enterprise-grade security controls. The Agent Toolkit for AWS is the successor to the MCP servers, plugins, and skills available on AWS Labs. Developers using coding agents to build on AWS often find that their agents struggle with complex multi-service workflows, rely on outdated knowledge of AWS services, and are difficult to govern — leading to wasted time, wasted tokens, and a reluctance to deploy agents in production. The Agent Toolkit for AWS addresses these challenges through agent skills, a fully-managed MCP server, and easy-to-install plugins. Agent skills give agents validated, up-to-date procedures for tasks like authoring CloudFormation templates, configuring data pipelines, and building serverless applications — so agents follow best practices rather than improvising from general knowledge. Today, we are launching more than 40 skills across infrastructure-as-code, storage, analytics, serverless, containers, and AI services, and we plan to release more in the coming weeks: including for databases, networking, and IAM. Each skill has been rigorously evaluated to ensure that it helps agents complete tasks more accurately and reliably. The AWS MCP Server, now generally available, is a fully-managed MCP server that allows coding agents to interact with any AWS service. It offers IAM-based guardrails on which actions agents can perform, Amazon CloudWatch and AWS CloudTrail observability, and sandboxed code execution for multi-step operations. The AWS MCP server also equips agents with tools to efficiently search and retrieve documentation, so they always have the latest knowledge and guidance. Agent plugins bundle the AWS MCP server and curated sets of skills into a single install. Today, we are releasing three agent plugins: AWS Core, to help application developers build and manage full-stack applications on AWS, AWS Data Analytics, which helps data analysts and business intelligence engineers create data pipelines and load and query data, and AWS Agents, which helps AI engineers build production-ready agents using Amazon Bedrock AgentCore. The MCP servers, skills, and plugins available on AWS Labs will continue to be available, and over time the best of AWS Labs will be transitioned to the Agent Toolkit for AWS to ensure that customers can access the broadest array of tooling and guidance for their agents. The Agent Toolkit for AWS is available at no additional charge; you pay only for the AWS resources your agents use. To learn more, see Agent Toolkit for AWS. To get started, visit the Quick Start guide or browse the available skills and plugins on GitHub.

Today, AWS announces the general availability of the AWS MCP Server, a managed server that gives AI coding agents secure, auditable access to AWS services through the Model Context Protocol (MCP). The AWS MCP Server is a core component of the Agent Toolkit for AWS, which helps coding agents build on AWS more effectively. With the AWS MCP Server, organizations can let coding agents interact with AWS while maintaining visibility and control through IAM-based guardrails, Amazon CloudWatch metrics, and AWS CloudTrail logging. Since the preview launch at re:Invent 2025, the AWS MCP Server has added several capabilities. Agents can now call any AWS API through a single tool, including operations that require file uploads or long-running execution. Sandboxed script execution lets agents run Python code against AWS services for multi-step operations, without access to your local filesystem or shell tools. Agent skills replace agent SOPs with a more flexible format: agents discover and load curated guidance on demand, keeping context window usage low while providing tested procedures for complex tasks. Additionally, documentation search and skill discovery no longer require AWS credentials, removing a common barrier to getting started. The AWS MCP Server is available at no additional charge; you pay only for the AWS resources your agents use. To learn more, see Agent Toolkit for AWS. To get started, visit the Agent Toolkit for AWS Quick Start guide.

Customers in the Asia Pacific (New Zealand) Region can now use AWS Transfer Family web apps to provide their workforce with a fully managed, branded portal for browsing, uploading, and downloading data in Amazon S3 through a web browser. AWS Transfer Family web apps provide a simple interface for accessing your data in Amazon S3 through a web browser. With Transfer Family web apps, you can provide your workforce with a fully managed, branded, and secure portal for your end users to browse, upload, and download data in S3. To learn more about AWS Transfer Family web apps, visit the Transfer Family User Guide. For the full list of supported regions, visit the AWS Capabilities tool in Builder Center.

AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) now has expanded its security settings to include STIG-aligned configurations for high-impact security areas. These new security settings help customers meet their organizations requirements for directory-level security and compliance configurations. For regulated or security-focused customers, these settings align with the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG) for Windows Server and Active Directory. These expanded STIG-aligned security settings are available today through a self-service interface, both programmatically and via the AWS Management Console. Security and Identity Management professionals can now ensure consistent configuration across multiple managed directories by declaring their desired configuration and letting AWS implement and persist these configurations. When expanding to additional regions or scaling out with additional domain controllers, AWS Managed Microsoft AD automatically applies these settings to all new instances. For information about AWS Regions where AWS Directory Service is available, see the AWS Region table. To learn more about configuring these security settings, see the AWS Directory Service Administration Guide.

Amazon ElastiCache now supports Valkey 9.0, bringing new capabilities to customers building real-time, AI-driven, and high-throughput applications on AWS. As applications grow more data-intensive and latency-sensitive, teams often face the overhead of managing separate search infrastructure, throughput ceilings that force over-provisioning, and complex workarounds for data lifecycle management and multi-tenant architectures. Valkey 9.0 addresses these challenges directly with built-in search, engine-level performance improvements, and new operational flexibility. Valkey 9.0 for Amazon ElastiCache introduces full-text and hybrid search that expands on existing vector similarity functionality to provide real-time full-text search, semantic retrieval, filtering, and aggregations over terabytes of data with microsecond latency and throughput up to millions of requests per second. Valkey 9.0 also delivers up to 40% higher throughput for pipelined workloads through engine-level optimizations including faster command parsing and improved memory prefetching. Valkey 9.0 also introduces hash field expiration that allow TTLs to be applied to individual fields within a hash for fine-grained data lifecycle management and multi-database support in cluster mode enabled deployments, providing lightweight logical namespaces to simplify multi-tenant architectures and migrations from standalone environments. These and more than 100 additional enhancements together bring the performance, functionality, and operational flexibility needed to power increasingly demanding real-time and AI-driven workloads. Valkey 9.0 is available for ElastiCache node-based clusters and serverlesss caches at no additional cost in all commercial AWS Regions, AWS GovCloud (US) Regions, and China Regions. Valkey is the most permissive open source and vendor-neutral alternative to Redis and the recommended engine on ElastiCache. To get started, create a new Valkey 9.0 cluster or upgrade an existing cluster using the AWS Management Console, AWS SDK, or AWS CLI. To learn more, visit the Amazon ElastiCache documentation.

AWS Elemental MediaTailor now automatically authenticates server-to-server connections with Google Ad Manager (GAM), Google Campaign Manager (GCM), and Google Display & Video 360 (DV360). This delivers a seamless integration experience for customers using Google's ad platforms. MediaTailor provides server-side ad insertion (SSAI) to personalize ads in video streams. Google requires SSAI providers to establish a secure, authenticated connection when making ad requests and firing ad tracking events. Previously, MediaTailor customers needed to request activation of this integration through an AWS support case and be added to an allow list. With this update, MediaTailor automatically detects requests destined for Google's ad servers and establishes the required secure connection — no customer action required. Specifically: Google Ad Manager (GAM): Server-side ad requests to Google's ad server for publishers are automatically secured, which is required for access to Authorized Buyers — Google's real-time ad sales marketplace and ad exchange. Google Campaign Manager (GCM) and DV360: Server-side impression tracking requests are automatically routed through Google's authenticated endpoint and secured, supporting advertisers who run campaigns on these platforms with more accurate reporting and fewer rejected impressions. All other ad requests: continue to operate without modification. AWS Elemental MediaTailor’s automatic server-to-server Google integration is available in all AWS Regions where MediaTailor is available, including US East (Ohio), US East (N. Virginia), US West (Oregon); Africa (Cape Town); Asia Pacific (Hyderabad, Malaysia, Melbourne, Mumbai, Osaka, Seoul, Singapore, Sydney, Tokyo); Canada (Central); Europe (Frankfurt, Ireland, London, Paris, Stockholm); Middle East (UAE); and South America (São Paulo). There is no additional cost for this feature. To learn more, visit the AWS Elemental MediaTailor documentation.

AWS Serverless Application Model Command Line Interface (SAM CLI) now supports BuildKit for building container images from Dockerfiles, enabling faster, more efficient container image builds for Lambda functions packaged as container images. SAM CLI is a command-line tool for building, testing, debugging, and packaging serverless applications locally before deploying to AWS Cloud. Developers packaging Lambda functions as container images often need advanced build features provided by BuildKit to optimize their images for production. However, SAM CLI previously did not support BuildKit features. Now, with BuildKit support in SAM CLI, you can utilize multi-stage builds to create smaller final images without development dependencies, improved caching to reduce rebuild times, and better parallelization of build steps. BuildKit also enables cross-architecture builds, allowing you to build container images targeting both x86_64 and arm64 (AWS Graviton2) instruction set architectures from the same development machine. You can also use Docker secrets during builds, keeping sensitive data such as credentials and API keys out of your final image layers. To get started, download or update SAM CLI to version 1.159.0 or later and use the --use-buildkit flag with sam build. This feature works regardless of whether you are using Docker or Finch with SAM CLI, unlocking the full set of BuildKit capabilities. To learn more, visit the SAM CLI developer guide.

AWS Serverless Application Model (AWS SAM) now supports WebSocket APIs for Amazon API Gateway, enabling you to define complete WebSocket APIs with minimal configuration in your SAM template. AWS SAM is a collection of open-source tools that make it easy for you to build and manage serverless applications. WebSocket APIs are critical for real-time applications such as chat, live dashboards, AI/LLM streaming, and IoT. However, SAM previously did not support WebSocket APIs, requiring you to manually configure all of the underlying resources in AWS CloudFormation. This made it difficult to debug common issues such as missing IAM permissions for Lambda functions. Now, SAM handles all of this automatically, generating the required resources and permissions from your template. The new resource provides feature parity with API Gateway WebSocket APIs, including IAM and Lambda authorization, custom domains, RouteSettings, Models, and StageVariables. Globals support lets you share common configuration across multiple WebSocket APIs. To get started, add the AWS::Serverless::WebSocketApi resource type to your SAM template. Define your routes by specifying Lambda function handlers for $connect, $disconnect, and $default routes, along with any custom routes your application requires. SAM automatically wires up the integrations and permissions for each route. You can also configure authorization, stage settings, and custom domains directly within the resource definition. To learn more, visit the SAM developer guide.

Amazon ElastiCache customers can now detect network throttling, memory fragmentation, and connection exhaustion, using thirteen new Amazon CloudWatch metrics for node-based clusters. You can monitor these host-level and engine-level diagnostics directly from CloudWatch without running INFO commands on individual nodes or calculating baselines from raw byte counters. Network capacity: NetworkBaselineUsageInPercentage, NetworkBaselineUsageOutPercentage, NetworkBaselineMaxUsageInPercentage, and NetworkBaselineMaxUsageOutPercentage report network utilization relative to instance baseline, enabling portable alarms that remain valid across instance type changes. Values above 100 percent signal that a host is consuming burst credits, a leading indicator that a sustained workload will eventually lead to credit exhaustion and throttling. The variants capturing max report per-second bursts that averaged metrics can hide. Memory health: UsedMemoryDataset shows memory consumed by actual stored data excluding engine overhead. AllocatorFragmentationBytes and AllocatorFragmentationRatio isolate fragmentation that the activedefrag parameter can address. MajorPageFaults captures OS-level page faults that indicate memory pressure beyond what the engine can surface. Connectivity health: BlockedConnections and RejectedConnections surface connections waiting on blocking commands and connections turned away when the maxclients limit is reached. When RejectedConnections is non-zero, raise maxclients or diagnose client-side connection pool leaks. Pub/sub workloads: PubSubChannels and PubSubShardChannels expose active classic and sharded channels on each node. When classic channel counts are growing with utilization, consider switching to sharded pub/sub to scale horizontally. Command throughput: ProcessedCommands provides total command throughput across all command types. These metrics are available for node-based clusters in all commercial AWS Regions and the AWS China and AWS GovCloud (US) Regions where ElastiCache is supported, at no additional cost. To get started, view the new metrics in the ElastiCache console monitoring tab or in the AWS/ElastiCache namespace in the CloudWatch console. To learn more, see Host-Level Metrics and Metrics for Valkey and Redis OSS.

Amazon WorkSpaces, AWS's fully managed cloud desktop service, now enables AI agents to securely access and operate desktop applications through managed WorkSpaces environments. Many enterprises run critical business processes on desktop applications—mainframes, ERP systems, and proprietary tools—that lack modern APIs, creating a "last-mile challenge" for AI agents. WorkSpaces now allows organizations to automate everyday workflows at scale while maintaining full enterprise-grade governance and compliance. AI agents built on any framework and running anywhere—cloud-hosted, on-premises, or hybrid—can now connect to business applications with minimal code using industry-standard Model Context Protocol (MCP) integration. Builders gain fast time-to-value without standing up new infrastructure, while IT administrators maintain centralized permissions, logging, and auditing controls identical to human WorkSpaces environments. Enterprise observability features including screenshots and metrics provide full visibility into agent activities. Organizations can automate workflows spanning claims processing, trade settlement, candidate screening, and back-office operations across financial services, healthcare, and other regulated industries—all without requiring application modernization. WorkSpaces delivers secure environments where agents can point, click, and navigate on desktop applications just like humans. With pay-as-you-go pricing and elastic scale built on AWS's global infrastructure, enterprises reduce IT overhead while expanding what's possible when people and AI work together. To learn more, visit the WorkSpaces documentation.

Amazon WorkSpaces now lets AI agents securely operate legacy desktop applications—without APIs or modernization—using IAM authentication, MCP support, and computer vision within existing security frameworks.

AWS IoT Core for Device Location now supports two enhancements that give developers greater control over location resolution and richer metadata for resolved device locations. Customers using the Cell ID, Wi-Fi, or Cell+Wi-Fi solvers can now specify a desired confidence level between 50% and 99% when resolving device locations. The confidence level represents the statistical probability that the actual device location falls within the reported accuracy radius. A higher confidence level (for example, 95%) increases certainty that the device falls within the reported radius but produces a larger accuracy radius. A lower confidence level (for example, 50%) yields a smaller radius with less certainty. Customers can now configure this value to balance accuracy and confidence based on their specific requirements. This feature is currently supported for HTTP-based location resolution. This update also introduces a measurement type field in resolved location metadata, giving developers greater visibility into how each device location was determined — whether through GNSS, Wi-Fi or BLE location resolvers. This make it easier to assess location data quality, debug positioning issues, and make more informed decisions based on how each location was determined. These updates are available in all AWS IoT Core for Device Location supported regions. For detailed guidance and implementation instructions, visit the AWS IoT Core Device Location and IoT Wireless Developer Guide .

Amazon MQ now supports in-place version upgrades for RabbitMQ brokers, enabling you to upgrade your brokers to RabbitMQ 4 without creating a new broker or migrating your data. You can now upgrade from RabbitMQ 3.13 to 4.2, directly from the Amazon MQ console, AWS CLI, or API. In-place upgrades preserve your broker configuration, queues, exchanges, bindings, users, and policies. RabbitMQ 4.2 introduces breaking changes including the removal of classic mirrored queues and migration from Mnesia to the Khepri metadata store. Brokers must be running on M7G (Graviton) instance types and must not have classic mirrored queues to be eligible for the upgrade. A queue migration tool is available to convert classic mirrored queues to quorum queues before upgrading. During a major version upgrade, your broker will be unavailable while Amazon MQ performs the upgrade. To upgrade your broker, simply select RabbitMQ 4.2 as your version through the AWS Management console, AWS CLI, or AWS SDKs. Amazon MQ automatically manages patch version upgrades for your RabbitMQ 4.2 brokers, so you need to only specify the major.minor version. To learn more about RabbitMQ 4.2 and the upgrade process, see the Amazon MQ release notes and the Amazon MQ developer guide. This capability is available in all regions where RabbitMQ 4 instances are available today.

Amazon Quick, your AI assistant for work, now integrates with New Relic's AI agents, enabling on-call engineers, SREs, and engineering leaders to investigate incidents, generate root cause analysis briefs, and create tracked tasks without leaving their Amazon Quick workspace. After connecting to New Relic's remote model context protocol (MCP) server, you can invoke New Relic's AI agents directly from a conversational prompt in Quick – including alert insights, user impact analysis, log analysis, transaction diagnostics, and natural language NRQL queries. In a single chat exchange, you can investigate an incident across your observability data, generate a root cause analysis (RCA) document with evidence links, and send it as an email attachment. Quick Flows can also invoke New Relic AI agents to automate recurring triage runbooks or escalation workflows. Because Quick surfaces responses alongside enterprise knowledge stored in Spaces - such as runbooks, architecture docs, and on-call policies—every answer reflects both live telemetry and organizational context.  The New Relic integration with Amazon Quick is available in all AWS Regions where Amazon Quick is available. To get started with Amazon Quick, visit the website and sign up in minutes. To learn more about the New Relic integration, read the New Relic integration guide, and explore more Quick integrations on the integrations page.

Amazon Elastic Kubernetes Service (Amazon EKS) now supports using the Amazon EKS console, and AWS Command Line Interface (CLI) to install and manage the Amazon Elastic Cloud Compute (EC2) Container Storage Interface (CSI) driver. This launch enables a simple experience for attaching a EC2 local instance store to an EKS cluster. The Amazon EC2 Instance Store CSI driver is a plugin that enables Kubernetes to use EC2 instance store volumes. Instance store volumes provide ephemeral block-level storage that is physically attached to the host computer. The driver manages the lifecycle of these NVMe storage volumes and makes them available as Kubernetes persistent volumes.  This feature is available in all commercial regions. To get started and learn more visit the Amazon EKS documentation.

Amazon Connect Cases now automatically reassociates cases when duplicate customer profiles are merged, so agents always see a complete case history for each customer. When the same customer has multiple profiles, such as when they reach out through different channels or provide different contact details, Identity Resolution in Amazon Connect Customer Profiles detects and merges those duplicates, and Cases now brings all associated cases together under the unified profile. Agents no longer have to search across profiles or piece together a customer's history manually. Amazon Connect Cases is available in the following AWS regions: US East (N. Virginia), US West (Oregon), Canada (Central), Europe (Frankfurt), Europe (London), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and Africa (Cape Town). To learn more and get started, visit the Amazon Connect Cases webpage and documentation.

Amazon Bedrock AgentCore brings enterprise-grade agentic AI capabilities to workloads with elevated compliance needs in the AWS GovCloud (US-West) Region. AgentCore is a platform for building, deploying, and operating AI agents securely at scale—without managing infrastructure. With AgentCore, organizations can accelerate agents from prototype to production using any framework and any model, while maintaining the security and compliance controls required for government and regulated workloads. AgentCore provides composable services that work together or independently. AgentCore Runtime deploys agents with complete session isolation and support for long-running workloads. AgentCore Gateway converts existing Application Programming Interfaces (APIs) and Lambda functions into agent-ready tools through the Model Context Protocol (MCP), giving agents secure access to enterprise data and services. AgentCore Identity integrates with existing identity providers for automated authentication and permission delegation, while AgentCore Observability and Evaluations provide real-time monitoring and continuous quality assessment of agent performance in production. To learn more about Amazon Bedrock AgentCore, visit the AgentCore product page. For details about AgentCore in AWS GovCloud (US), visit the GovCloud documentation.

We are pleased to announce the general availability of the Amazon S3 Transfer Manager for Swift – a high level file and directory transfer utility for the Amazon Simple Storage Service (Amazon S3) built with the AWS SDK for Swift. Using Transfer Manager’s simple API, you can perform accelerated uploads of local files and directories to […]

Last week, I took some time off in York, England, often described as the most haunted city in the country. I wandered through the ruins of abbeys that have stood for nearly a thousand years, walked along medieval walls, and spent an evening on a ghost tour hearing stories passed down through centuries. There’s something […]

Optimizing the Airflow worker pool configuration in Amazon Managed Workflows for Apache Airflow (Amazon MWAA), the AWS fully managed Apache Airflow service, is an important yet often overlooked strategy for scaling workflow operations. Tasks queued for longer periods can create the illusion that additional workers are the solution, when in reality the root cause might […]

When you deploy AWS Outposts racks, you can run AWS infrastructure and services in on-premises locations. Maintaining seamless connectivity, both to the AWS Region and your on-premises network, is fundamental to delivering consistent, uninterrupted service to your applications. Implementing an observability strategy that uses available network metrics is key to understanding the health of this […]

Stay current with the latest serverless innovations that can improve your applications. In this 32nd quarterly recap, discover the most impactful AWS serverless launches, features, and resources from Q1 2026 that you might have missed. In case you missed our last ICYMI, check out what happened in Q4 2025. 2026 Q1 calendar Serverless with Mama […]

At the "What's Next with AWS" 2026 event, AWS launched Amazon Quick—an AI assistant for work with a desktop app and expanded integrations—and expanded Amazon Connect into four agentic AI solutions for supply chain, hiring, customer experience, and healthcare. AWS also expended its partnership with OpenAI, bringing models like GPT-5.5, Codex, and Managed Agents to Amazon Bedrock in limited preview.

Amazon OpenSearch Service now brings application monitoring, native Amazon Managed Service for Prometheus integration, and AI agent tracing together in OpenSearch UI's observability workspace. In this post, we walk through two real-world scenarios using the OpenTelemetry sample app: a multi-agent travel planner facing slow processing, and a checkout flow quietly failing on one microservice.

In this post, we explain what's new in Amazon Managed Service for Apache Flink 2.2, provide a guided migration using CLI commands, console instructions, and code examples, and show you how to monitor the upgrade and roll back if needed.

In this post, we explore how Deloitte used Amazon EKS and vCluster to transform their testing infrastructure.

Late March took me to Seattle for the Specialist Tech Conference, one of the most energizing gatherings of AWS specialists from around the world. It was an incredible opportunity to connect with peers, exchange experiences, and go deep on the latest advancements in Generative AI and Amazon Bedrock — and a powerful reminder of something […]

This post extends IBM's approach to real-time KYC validation using generative AI, as previously discussed in the post IBM Digital KYC on AWS uses Generative AI to transform Client Onboarding and KYC Operations. It transforms compliance operations through autonomous decision-making and intelligent automation using agentic AI, event-driven architecture, and AWS serverless services. The solution addresses the fundamental limitations of traditional rule-based systems. It provides autonomous decision-making, dynamic adaptation, and intelligent automation that transforms compliance operations.

In this post, we explore how to use Apache Sedona with AWS Glue to process and analyze massive geospatial datasets.

In this post, we demonstrate how to use the metadata export capability in Amazon SageMaker Catalog and perform analytics such as historical changes, monitor asset growth and track metadata improvements.

This post explores how PACIFIC enables multi-tenant, sovereign PCF exchange on the Catena-X data space using Amazon Elastic Container Service (Amazon ECS) on AWS Fargate, Amazon Cognito, and AWS Identity and Access Management (IAM) to deliver measurable environmental impact and competitive advantage in a carbon-conscious marketplace.

This post explores how Oldcastle used AWS services to transform their analytics and AI capabilities by integrating Infor ERP with Amazon Aurora and Amazon Quick Sight. We discuss how they overcame the limitations of traditional cloud ERP reporting to deploy real-time dashboards and build a scalable analytics system. This practical, enterprise-grade approach offers a blueprint that organizations can adapt when extending ERP capabilities with cloud-native analytics and AI.

In the first part of Configure a custom domain name for your Amazon MSK cluster, we discussed about why custom domain names are important and provided details on how to configure a custom domain name in Amazon MSK when using SASL_SCRAM authentication. In this post, we discuss how to configure a custom domain name in Amazon MSK when using IAM authentication.

In this post, we walk you through how to replicate Apache Kafka data from your external Apache Kafka deployments to Amazon MSK Express brokers using MSK Replicator. You will learn how to configure authentication on your external cluster, establish network connectivity, set up bidirectional replication, and monitor replication health to achieve a low-downtime migration.

In this post, you build a unified pipeline using Apache Iceberg and Amazon Managed Service for Apache Flink that replaces the dual-pipeline approach. This walkthrough is for intermediate AWS users who are comfortable with Amazon Simple Storage Service (Amazon S3) and AWS Glue Data Catalog but new to streaming from Apache Iceberg tables.

Claude Opus 4.7 arrives in Amazon Bedrock with improved agentic coding and a 1M token context window. AWS Interconnect reaches general availability with multicloud private connectivity and a new last-mile option. Plus, post-quantum TLS for Secrets Manager, new C8in/C8ib EC2 instances, and more.

AWS launches Claude Opus 4.7 in Amazon Bedrock, Anthropic's most intelligent Opus model for advancing performance across coding, long-running agents, and professional work. Claude Opus 4.7 is powered by Amazon Bedrock's next generation inference engine, purpose-built for generative AI inferencing and fine-tuning workloads.

Today, we’re announcing the general availability of AWS Interconnect – multicloud, a managed private connectivity service that connects your Amazon Virtual Private Cloud (Amazon VPC) directly to VPCs on other cloud providers. We’re also introducing AWS Interconnect – last mile, a new capability that simplifies how you establish high-speed, private connections to AWS from your […]

Organizations using AWS Outposts racks commonly manage capacity from a single AWS account and share resources through AWS Resource Access Manager (AWS RAM) with other AWS accounts (consumer accounts) within AWS Organizations. In this post, we demonstrate one approach to create a multi-account serverless solution to surface costs in shared AWS Outposts environments using Amazon […]

In my last Week in Review post, I mentioned how much time I’ve been spending on AI-Driven Development Lifecycle (AI-DLC) workshops with customers this year. A common theme in those sessions is the need for better cost visibility. Teams are moving fast with AI, but as they go from experimenting to full production, finance and […]

Building memory-intensive applications with AWS Lambda just got easier. AWS Lambda Managed Instances gives you up to 32 GB of memory—3x more than standard AWS Lambda—while maintaining the serverless experience you know. Modern applications increasingly require substantial memory resources to process large datasets, perform complex analytics, and deliver real-time insights for use cases such as […]

In this post, we demonstrate how you can build a scalable, multi-tenant configuration service using the tagged storage pattern, an architectural approach that uses key prefixes (like tenant_config_ or param_config_) to automatically route configuration requests to the most appropriate AWS storage service. This pattern maintains strict tenant isolation and supports real-time, zero-downtime configuration updates through event-driven architecture, alleviating the cache staleness problem.

Amazon S3 Files makes S3 buckets accessible as high-performance file systems on AWS compute resources, eliminating the tradeoff between object storage benefits and interactive file capabilities while enabling seamless data sharing with ~1ms latencies.

In this post, we walk through the new installation experience, demonstrate three deployment methods (console, CLI, and Terraform), and show how features like multi-instance-type deployment and native node affinity give you fine-grained control over inference scheduling

Smithy Java client code generation is now generally available. You can use it to build type-safe, protocol-agnostic Java clients directly from Smithy models. With Smithy Java, serialization, protocol handling, and request/response lifecycles are all generated automatically from your model. This removes the need to write or maintain any of this code by hand. In this […]

Last week, I visited AWS Hong Kong User Group with my team. Hong Kong has a small but strong community, and their energy and passion are high. They recently started a new AI user group, and we hope more people will join. I was able to strengthen my bond with the community through great food […]

Organizational safeguards are now generally available in Amazon Bedrock Guardrails, enabling centralized enforcement and management of safety controls across multiple AWS accounts within an AWS Organization.

Smithy Kotlin client code generation is now generally available. With Smithy Kotlin, you can keep client libraries in sync with evolving service APIs. By using client code generation, you can reduce repetitive work and instead, automatically create type-safe Kotlin clients from your service models. In this post, you will learn what Smithy Kotlin client generation is, how it works, and how you can use it.

Amazon ECS Managed Daemons gives platform engineers independent control over monitoring, logging, and tracing agents without application team coordination, ensuring consistent daemon deployment and comprehensive host-level observability at scale.

This post describes a solution that uses fixed camera networks to monitor operational environments in near real-time, detecting potential safety hazards while capturing object floor projections and their relationships to floor markings. While we illustrate the approach through distribution center deployment examples, the underlying architecture applies broadly across industries. We explore the architectural decisions, strategies for scaling to hundreds of sites, reducing site onboarding time, synthetic data generation using generative AI tools like GLIGEN, and other critical technical hurdles we overcame.

In this blog post, we take a building blocks approach. Starting with the tools like AWS Backup to protect your data, we then add protection for Amazon Elastic Compute Cloud (Amazon EC2) compute using AWS Elastic Disaster Recovery (AWS DRS). Finally, we show how to use the full capabilities of AWS to restore your entire workload—data, infrastructure, networking, and configuration, using Arpio disaster recovery automation.

This post shows you how to accelerate your AI inference workloads by up to 76% using Intel Advanced Matrix Extensions (AMX) – an accelerator that uses specialized hardware and instructions to perform matrix operations directly on processor cores – on Amazon Elastic Compute Cloud (Amazon EC2) 8th generation instances. You'll learn when CPU-based inference is cost-effective, how to enable AMX with minimal code changes, and which configurations deliver optimal performance for your models.

Last week, what excited me most was the launch of the 2026 AWS AI & ML Scholars program by Swami Sivasubramanian, VP of AWS Agentic AI, to provide free AI education to up to 100,000 learners worldwide. The program has two phases: a Challenge phase where you’ll learn foundational generative AI skills, followed by a […]

In this post, you will learn how Aigen modernized its machine learning (ML) pipeline with Amazon SageMaker AI to overcome industry-wide agricultural robotics challenges and scale sustainable farming. This post focuses on the strategies and architecture patterns that enabled Aigen to modernize its pipeline across hundreds of distributed edge solar robots and showcase the significant business outcomes unlocked through this transformation. By adopting automated data labeling and human-in-the-loop validation, Aigen increased image labeling throughput by 20x while reducing image labeling costs by 22.5x.

In this post, you will learn how to configure AWS Lambda Managed Instances by creating a Capacity Provider that defines your compute infrastructure, associating your Lambda function with that provider, and publishing a function version to provision the execution environments. We will conclude with production best practices including scaling strategies, thread safety, and observability for reliable performance.

In this post, we demonstrate how to architect AWS systems that enable AI agents to iterate rapidly through design patterns for both system architecture and code base structure. We first examine the architectural problems that limit agentic development today. We then walk through system architecture patterns that support rapid experimentation, followed by codebase patterns that help AI agents understand, modify, and validate your applications with confidence.

AWS introduces a new express configuration for Amazon Aurora PostgreSQL, a streamlined database creation experience with preconfigured defaults designed to help you get started in seconds. With Aurora PostgreSQL, start building quickly from the RDS Console or your preferred developer tool—with the ability to modify configurations anytime. Plus, Aurora PostgreSQL is now available with AWS Free Tier.

In this post, we look at how Generali is using Amazon EKS Auto Mode and its integration with other AWS services to enhance performance while reducing operational overhead, optimizing costs, and enhancing security.

This post walks through a fraud detection system built with durable functions. It also highlights the best practices that you can apply to your own production workflows, from approval processes to data pipelines to AI agent orchestration.

In this post, you'll learn how AWS DevOps Agent integrates with your existing observability stack to provide intelligent, automated responses to system events.

This post is part 3 of the three-part series ‘Enabling high availability of Amazon EC2 instances on AWS Outposts servers’. We provide you with code samples and considerations for implementing custom logic to automate Amazon Elastic Compute Cloud (EC2) relaunch on Outposts servers. This post focuses on guidance for using Outposts servers with third party storage for boot […]

In alignment with our V4.0 GA announcement and SDKs and Tools Maintenance Policy, version 3 of the AWS SDK for .NET will enter maintenance mode on March 1, 2026, and reach end-of-support on June 1, 2026. Starting March 1, 2026 we will stop adding regular updates to V3 and will only provide security updates until end-of-support begins.

In this post, we discuss how following the AWS Cloud Adoption Framework (AWS CAF) and AWS Well-Architected Framework can help reduce these risks through proper implementation of AWS guidance and best practices while taking into consideration the practical challenges organizations face in implementing these best practices, including resource constraints, evaluating trade-offs and competing business priorities.

In this post, you'll learn how to add the Apache 5 HTTP client to your project, configure it for your needs, and migrate from the 4.5.x version.

Amazon Web Services (AWS) is announcing two new features for the AWS Command Line Interface (AWS CLI) v2: structured error output and the “off” output format.

Santander faced a significant technical challenge in managing an infrastructure that processes billions of daily transactions across more than 200 critical systems. The solution emerged through an innovative platform engineering initiative called Catalyst, which transformed the bank's cloud infrastructure and development management. This post analyzes the main cases, benefits, and results obtained with this initiative.

This post describes why ProGlove chose a account-per-tenant approach for our serverless SaaS architecture and how it changes the operational model. It covers the challenges you need to anticipate around automation, observability and cost. We will also discuss how the approach can affect other operational models in different environments like an enterprise context.

Customers use AWS Lambda to build Serverless applications for a wide variety of use cases, from simple API backends to complex data processing pipelines. Lambda's flexibility makes it an excellent choice for many workloads, and with support for up to 10,240 MB of memory, you can now tackle compute-intensive tasks that were previously challenging in a Serverless environment. When you configure a Lambda function's memory size, you allocate RAM and Lambda automatically provides proportional CPU power. When you configure 10,240 MB, your Lambda function has access to up to 6 vCPUs.

This blog post shows you how to extend LZA with continuous integration and continuous deployment (CI/CD) pipelines that maintain your governance controls and accelerate workload deployments, offering rapid deployment of both Terraform and AWS CloudFormation across multiple accounts. You'll build automated infrastructure deployment workflows that run in parallel with LZA's baseline orchestration to help maintain your enterprise governance and compliance control requirements. You will implement built-in validation, security scanning, and cross-account deployment capabilities to help address Public Sector use cases that demand strict compliance and security requirements.

This post is co-written with Neel Patel, Abdullahi Olaoye, Kristopher Kersten, Aniket Deshpande from NVIDIA. Today, we’re excited to announce that the NVIDIA Evo-2 NVIDIA NIM microservice are now listed in Amazon SageMaker JumpStart. You can use this launch to deploy accelerated and specialized NIM microservices to build, experiment, and responsibly scale your drug discovery […]

Deploying applications to AWS typically involves researching service options, estimating costs, and writing infrastructure-as-code tasks that can slow down development workflows. Agent plugins extend coding agents with specialized skills, enabling them to handle these AWS-specific tasks directly within your development environment. Today, we’re announcing Agent Plugins for AWS (Agent Plugins), an open source repository of […]

We are excited to offer a preview of AWS Tools Installer V2 which addresses customer feedback for faster and more reliable bulk installation of AWS Tools for PowerShell modules.

The new multipart download support in AWS SDK for .NET Transfer Manager improves the performance of downloading large objects from Amazon Simple Storage Service (Amazon S3). Customers are looking for better performance and parallelization of their downloads, especially when working with large files or datasets. The AWS SDK for .NET Transfer Manager (version 4 only) […]

Business applications often coordinate multiple steps that need to run reliably or wait for extended periods, such as customer onboarding, payment processing, or orchestrating large language model inference. These critical processes require completion despite temporary disruptions or system failures. Developers currently spend significant time implementing mechanisms to track progress, handle failures, and manage resources when […]

In this post, we explore how the Amazon Key team used Amazon EventBridge to modernize their architecture, transforming a tightly coupled monolithic system into a resilient, event-driven solution. We explore the technical challenges we faced, our implementation approach, and the architectural patterns that helped us achieve improved reliability and scalability. The post covers our solutions for managing event schemas at scale, handling multiple service integrations efficiently, and building an extensible architecture that accommodates future growth.

Stay current with the latest serverless innovations that can transform your applications. In this 31st quarterly recap, discover the most impactful AWS serverless launches, features, and resources from Q4 2025 that you might have missed.

To support cloud applications that increasingly depend on rich contextual data, AWS is raising the maximum payload size from 256 KB to 1 MB for asynchronous AWS Lambda function invocations, Amazon Amazon SQS, and Amazon EventBridge. Developers can use this enhancement to build and maintain context-rich event-driven systems and reduce the need for complex workarounds such as data chunking or external large object storage.

AWS now supports multiple local gateway (LGW) routing domains on AWS Outposts racks to simplify network segmentation. Network segmentation is the practice of splitting a computer network into isolated subnetworks, or network segments. This reduces the attack surface so that if a host on one network segment is compromised, the hosts on the other network segments are not affected. Many customers in regulated industries such as manufacturing, health care and life sciences, banking, and others implement network segmentation as part of their on-premises network security standards to reduce the impact of a breach and help address compliance requirements.

Amazon Elastic Kubernetes Service (Amazon EKS) on AWS Outposts brings the power of managed Kubernetes to your on-premises infrastructure. Use Amazon EKS on Outposts rack to create hybrid cloud deployments that maintain consistent AWS experiences across environments. As organizations increasingly adopt edge computing and hybrid architectures, storage optimization and performance tuning become critical for successful workload deployment.

Amazon Web Services (AWS) Lambda now supports .NET 10 as both a managed runtime and base container image. .NET is a popular language for building serverless applications. Developers can now use the new features and enhancements in .NET when creating serverless applications on Lambda. This includes support for file-based apps to streamline your projects by implementing functions using just a single file.

In healthcare, generative AI is transforming how medical professionals analyze data, summarize clinical notes, and generate insights to improve patient outcomes. From automating medical documentation to assisting in diagnostic reasoning, large language models (LLMs) have the potential to augment clinical workflows and accelerate research. However, these innovations also introduce significant privacy, security, and intellectual property challenges.

This post is about AWS SDK for JavaScript v3 announcing end of support for Node.js versions based on Node.js release schedule, and it is not about AWS Lambda. For the latter, refer to the Lambda runtime deprecation policy. In the second week of January 2026, the AWS SDK for JavaScript v3 (JS SDK) will start […]

Organizations often have large volumes of documents containing valuable information that remains locked away and unsearchable. This solution addresses the need for a scalable, automated text extraction and knowledge base pipeline that transforms static document collections into intelligent, searchable repositories for generative AI applications.

e are pleased to announce the Developer Preview release of the Amazon S3 Transfer Manager for Swift —a high-level file and directory transfer utility for Amazon Simple Storage Service (Amazon S3) built with the AWS SDK for Swift.

Version 2.0 of the AWS Deploy Tool for .NET is now available. This new major version introduces several foundational upgrades to improve the deployment experience for .NET applications on AWS. The tool comes with new minimum runtime requirements. We have upgraded it to require .NET 8 because the predecessor, .NET 6, is now out of […]

The AWS SDK for Java 1.x (v1) entered maintenance mode on July 31, 2024, and will reach end-of-support on December 31, 2025. We recommend that you migrate to the AWS SDK for Java 2.x (v2) to access new features, enhanced performance, and continued support from AWS. To help you migrate efficiently, we’ve created a migration […]