Cloud Computing Köln

Announcing general availability of Amazon EC2 M3 Ultra Mac instances

Amazon Web Services announces general availability of Amazon EC2 M3 Ultra Mac instances, powered by the latest Mac Studio hardware. Amazon EC2 M3 Ultra Mac instances are the next-generation EC2 Mac instances, that enable Apple developers to migrate their most demanding build and test workloads onto AWS. These instances are ideal for building and testing applications for Apple platforms such as iOS, macOS, iPadOS, tvOS, watchOS, visionOS, and Safari.    M3 Ultra Mac instances are powered by the AWS Nitro System, providing up to 10 Gbps network bandwidth and 8 Gbps of Amazon Elastic Block Store (Amazon EBS) storage bandwidth. These instances are built on Apple M3 Ultra Mac Studio computers featuring a 28-core CPU, 60-core GPU, 32-core Neural Engine, and 256GB of unified memory. Compared to EC2 M4 Max Mac instances, M3 Ultra Mac instances provide 2x the unified memory, 1.75x the CPU cores, 1.5x the GPU cores, and 2x the Neural Engine cores, giving Apple developers the headroom to run significantly more Xcode simulators in parallel and accelerate on-device ML workflows to improve product time to market. 
Amazon EC2 M3 Ultra Mac instances are available in US East (N. Virginia) and US West (Oregon). To learn more about Amazon EC2 M3 Ultra Mac instances, visit the Amazon EC2 Mac page.
Quelle: aws.amazon.com

Amazon Bedrock Introduces Advanced Prompt Optimization and Migration Tool

Customers spend days to weeks optimizing prompts and evaluating responses when they want to migrate to a new model or just get better performance out of their current model. They struggle with changing their prompts quickly and then testing them to prevent regressions and improve on underperforming tasks. These situations call for the same tool – a prompt optimizer with built-in evaluations. 
Today, Amazon Bedrock introduces Advanced Prompt Optimization, a new tool that allows customers to optimize their prompts for any model on Bedrock, while comparing their original prompts to their optimized prompts across up to 5 models simultaneously. Customers can use this if they are migrating to a new model or just want to get better performance on their current model. If they’re changing models, they can select their current model as a baseline and up to 4 other models. If they aren’t changing models, they just select their current model to see before and after optimization. The optimizer takes in prompt templates, example user inputs for the variable values, optional ground truth answers, and an evaluation metric or short natural language criteria to use as a guide. It’s even compatible with multimodal inputs such as jpg, png, or PDF. The prompt optimizer works in a feedback loop to steer the prompt and resulting model responses toward optimizing the evaluation metric, and outputs the original and final prompt templates with evaluation scores, cost estimates, and latency.
For region availability, see our documentation. For pricing, see the Bedrock pricing page. To get started, use the Bedrock APIs for Advanced Prompt Optimizer or visit the Bedrock Console.
Quelle: aws.amazon.com

Amazon CloudFront announces Passthrough Mode for mutual TLS (Viewer)

Amazon CloudFront now supports passthrough mode for viewer mutual TLS (mTLS) authentication, enabling customers to forward client certificates to their origin for validation without requiring CloudFront to perform certificate verification. Passthrough mode allows customers with existing mTLS implementations at their origins to use CloudFront without requiring to implement their validation logic at the edge.
CloudFront viewer mTLS already supports required mode and optional mode, which offload client certificate authentication to CloudFront using trust stores. Passthrough mode is designed for customers to maintain their existing mTLS validation infrastructure at their origin without requiring any trust store configuration on CloudFront. In passthrough mode, CloudFront forwards every request to the origin along with the client’s full certificate chain. Caching is not performed, ensuring each request is authenticated end-to-end by your origin. Connection functions which allow you to inspect or transform connection-level data are still invoked, enabling you to process certificate data before it reaches the origin.
CloudFront Mutual TLS (viewer) in passthrough mode is available at no additional cost. To learn more, refer to the documentation for CloudFront Mutual TLS (Viewer). 
Quelle: aws.amazon.com

Amazon CloudFront announces support for OCSP Revocation for Mutual TLS (Viewer)

Amazon CloudFront now supports Online Certificate Status Protocol (OCSP) revocation checking for viewer mTLS, enabling you to validate client certificate revocation status in real time during connection establishment. This enables customers using mutual TLS (mTLS) on CloudFront  to verify that client certificates haven’t been revoked before accepting connections—a common requirement for regulated industries and zero-trust architectures.
Previously, customers implemented certificate revocation using CloudFront Functions and KeyValueStore, maintaining static revocation lists that were only as current as the last manual update. With OCSP, CloudFront queries the responder URL embedded in the client certificate at connection time, validating revocation status directly with the issuing Certificate Authority. CloudFront caches OCSP responses for up to 30 minutes to minimize latency impact on subsequent connections. The OCSP result is exposed in the connection function, enabling customers to implement custom logic—such as grace periods for certificate rotation, IP-based exceptions, or combining OCSP with their own revocation lists.
OCSP revocation checking for viewer mTLS is available at no additional cost. To learn more, refer to the documentation for CloudFront Mutual TLS (Viewer).
Quelle: aws.amazon.com

ARC Region switch adds Lambda event source mapping execution block for event handling during failover

Amazon Application Recovery Controller (ARC) Region Switch helps customers orchestrate the failover of their multi-Region applications to achieve a bounded recovery time in the event of a Regional impairment. Today, we are announcing the Lambda event source mapping execution block, which automates the coordinated failover of event streams for multi-Region workloads. Customers running event-driven architectures use Lambda functions with event source mappings to process event streams from Kinesis, DynamoDB Streams, MSK, or SQS. For active-passive workloads, customers may maintain Lambda functions in each Region but process events in only one Region at a time. These event source mappings must be toggled during failover to avoid duplicate processing—a manual, error-prone step. The Lambda event source mapping execution block automates this by enabling or disabling event source mappings in either the activating or deactivating Region. To control duplicate processing, customers can configure two Lambda event source mapping execution blocks in sequence: a disable block to stop event processing in the deactivating Region, and an enable block to start it in the activating Region. The disable block can be overridden by running the plan in “ungraceful” mode for unplanned failovers where the deactivating Region may be impaired. Native cross-account support enables a single plan to handle event stream failover across multiple accounts. To get started, see the Lambda event source mapping execution block documentation. ARC Region switch is available in all commercial Regions. See ARC Region switch availability
Quelle: aws.amazon.com