Monat: Mai 2026

Amazon Redshift Introduces Concurrency Scaling Support for auto-copy and zero-ETL

Amazon Redshift announces the general availability of Amazon Redshift concurrency scaling support for Amazon Redshift auto-copy and zero-ETL, enhancing the performance of data ingestion. This new feature combines the power of auto-copy’s seamless data ingestion from Amazon S3 and zero-ETL’s near real-time data replication from operational database, transactional database, and applications with the elasticity of concurrency scaling. The enhancement delivers benefits for high-volume, time-sensitive data operations. Auto-copy monitors S3 buckets and loads new data files automatically, while zero-ETL replicates data from operational and transactional databases in near real-time. When enabled, concurrency scaling adds compute capacity automatically to handle increased read and write queries, ensuring faster data ingestion without compromising performance during peak periods. This new enhancement is available in all AWS commercial regions and AWS GovCloud (US) regions where Amazon Redshift is available for Amazon Redshift Serverless and RA3 Provisioned data warehouses. You can implement this feature immediately to optimize their data ingestion workflows.
Quelle: aws.amazon.com

IAM Roles Anywhere now enforces VPC endpoint policies for the CreateSession API

AWS Identity and Access Management (IAM) Roles Anywhere now provides the capability to configure Virtual Private Cloud (VPC) endpoint policies for the IAM Roles Anywhere CreateSession API. You can update your VPC endpoint policies to allow or deny the CreateSession operation. If CreateSession is not explicitly included in the Allow statement of your VPC endpoint policy or if you don’t allow all operations (for example, by specifying “rolesanywhere:*“ as the action), IAM Roles Anywhere will not return temporary AWS credentials for requests made through your VPC endpoint. The CreateSession API enables workloads running outside of AWS to obtain temporary AWS credentials using X.509 certificates to access AWS resources. Previously, VPC endpoint policies applied to all IAM Roles Anywhere API operations except CreateSession. This launch closes that gap, giving you consistent, fine-grained access control across all IAM Roles Anywhere API operations. This feature is available in all AWS Regions where IAM Roles Anywhere is available, including the AWS GovCloud (US) Regions, AWS European Sovereign Cloud (Germany) Region, and China Regions. To learn more, see the IAM Roles Anywhere User Guide.
Quelle: aws.amazon.com

Amazon CloudFront Announces WebSocket Support for VPC Origins

Amazon CloudFront now supports WebSockets traffic through Virtual Private Cloud (VPC) origins, enabling you to use CloudFront as the single entry point for real-time applications hosted entirely in private subnets. WebSockets support extends VPC origins to applications that require persistent, bidirectional connections between clients and servers, such as chat platforms, collaborative editing tools, live dashboards, and IoT device management systems. Previously, customers running real-time applications over WebSockets had to keep their origins in public subnets and use Access Control Lists and other mechanisms to restrict access to their WebSockets-enabled servers. Customers had to spend ongoing effort to implement and maintain these solutions. Now, customers can place their Application Load Balancers (ALB), Network Load Balancers (NLB), and EC2 instances serving WebSockets traffic in private subnets accessible only through their CloudFront distributions. CloudFront serves as the single front door for both traditional HTTP traffic and real-time WebSockets connections, reducing attack surface, simplifying security management, and providing built-in DDoS protection. WebSockets support for VPC origins is available in all AWS Commercial Regions where VPC origins is supported. There is no additional cost for WebSockets traffic through VPC origins. To learn more, visit CloudFront VPC origins.
Quelle: aws.amazon.com

Amazon Bedrock AgentCore launches capabilities for optimizing agent performance in preview

Amazon Bedrock AgentCore launches recommendations and two ways to validate performance (batch evaluations and A/B tests). This completes the observe, evaluate, improve loop for AI agents in production. Until now, translating evaluation findings into concrete, validated improvements required manual developer intervention and intuition rather than a systematic approach. With recommendations, batch evaluations and A/B tests, developers now have the tools to act on what evaluations surface. As models evolve and user behavior shifts, agent quality degrades quietly over time. The recommendations capability analyzes production traces and evaluation outputs generated by AgentCore to create optimized system prompts and tool descriptions tailored to your specific workload. Batch evaluations are then used for validating the recommendations against pre-defined test cases. A/B tests further validate those recommendations through controlled A/B testing against pre-defined test sets or live production traffic, with statistical significance reported before any change is promoted. Every recommendation requires your approval before it ships. Together, these capabilities complete the performance improvement cycle for agents. Agents don’t just run, they get better, on your terms. You can use optimization capabilities in all AWS Regions where AgentCore Evaluations is available. To learn more, visit the AgentCore documentation.
Quelle: aws.amazon.com

Amazon Bedrock AgentCore Identity now supports On-Behalf-Of (OBO) token exchange

Amazon Bedrock AgentCore Identity now supports On-Behalf-Of (OBO) token exchange, enabling developers to build agents that securely access protected resources on behalf of authenticated users — without requiring users to complete multiple consent flows. Previously, developers building agents that needed to act on behalf of a user had to manage separate consent flows for each protected resource, adding friction for end users and complexity for builders. With OBO token exchange, developers can exchange an access token for a new scoped-down access token that carries both the original user identity and the agent identity. This token is targeted specifically to the outbound protected resource, granting just-in-time, least-privilege access without prompting the user for additional consent. Amazon Bedrock AgentCore Identity OBO token exchange is now generally available in 14 AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), and Europe (Stockholm). To learn more, visit the Amazon Bedrock AgentCore Identity documentation .
Quelle: aws.amazon.com