Amazon Redshift RG instances powered by AWS Graviton now available in additional regions

Amazon Redshift is expanding the general availability of RG instances — powered by AWS Graviton processors — to three additional AWS Regions: Africa (Cape Town), Asia Pacific (Bangkok), and Mexico (Central). Amazon Redshift’s new Graviton-based RG instances deliver up to 4.2X better price-performance for data warehouse workloads compared to other data warehouses, run workloads up to 2.4x faster than previous-generation RA3 instances, and cost 30% less per vCPU. Customers in Cape Town (af-south-1), Bangkok (ap-southeast-7), and Mexico Central (mx-central-1) can provision rg.xlarge and rg.4xlarge node types — ideal for a wide range of workloads from smaller development environments to production data warehouse deployments. Customers can upgrade their existing RA3 provisioned instances to RG instances and immediately benefit from improved query performance and reduced compute costs. RG instances come with additional cost savings built in by default. With Amazon Redshift incremental manual snapshots, customers now pay less for backup storage as snapshot costs are metered based on unique data blocks rather than total snapshot size. Additionally, RG instances eliminate Redshift Spectrum scanning charges, meaning customers no longer pay for data scanned in Amazon S3 via Spectrum — further reducing the total cost of running data lake queries. To get started, visit the Amazon Redshift documentation and the RG instances pricing page.
Quelle: aws.amazon.com

AWS Sign-in now supports resource-based policies and resource control policies

AWS Sign-in now supports resource-based policies and resource control policies (RCPs) for the AWS Management Console. You can use these policies to restrict console sign-in to expected networks. Policies are evaluated during sign-in and whenever the console session requests new credentials.
Resource-based policies apply to individual AWS accounts. Resource control policies apply organization-wide through AWS Organizations. You can combine these policies with AWS Management Console Private Access to control both which networks users can sign in from and which accounts they can access.
AWS Sign-in resource-based policies and RCPs are available at no additional cost in all AWS commercial Regions. To learn more, see the AWS Sign-in User Guide. For API details, see the AWS Sign-in API Reference.
Quelle: aws.amazon.com

Amazon CloudWatch introduces Log Analytics for unified log analysis

Amazon CloudWatch now offers Log Analytics, a unified console experience that brings together CloudWatch Logs Insights for querying and analyzing log data, Live Tail for real-time log streaming, and Contributor Insights for identifying top contributors – all in one place. With this launch, customers can execute multiple queries in different tabs and use all existing Logs Insights features such as patterns, saved queries with parameters, facets for interactive log exploration, natural language query generation, and visualizations. Live Tail and Contributor Insights are also accessible from within Log Analytics, which is the default experience. Customers who opt out will see Logs Insights, Live Tail, and Contributor Insights alongside Log Analytics. Log Analytics is available in all commercial AWS Regions. Log Analytics uses the same pricing as its underlying capabilities – Logs Insights queries, Live Tail, and Contributor Insights. For pricing details, see CloudWatch pricing. To get started, select Log Analytics in the CloudWatch console. Learn more in the CloudWatch Logs documentation.
Quelle: aws.amazon.com

Amazon FSx for OpenZFS now supports on-demand data replication across AWS opt-in Regions

Amazon FSx for OpenZFS now supports on-demand data replication across AWS opt-in Regions, enabling you to easily and efficiently transfer incremental point-in-time snapshots of your volumes beyond AWS Regions that are enabled by default. On-demand data replication provides a simple and resilient way to implement disaster recovery, replicate production data to a different Region or account, and enable lower latency data access for your global customer base or workforce.
Amazon FSx for OpenZFS provides fully managed, cost-effective, shared file storage powered by the popular OpenZFS file system, with rich data management capabilities like snapshots, data cloning, and compression, along with sub-millisecond latencies and up to 10 GB/s of throughput. Opt-in Regions are AWS Regions that are disabled by default, in contrast to regions that are enabled by default. Previously, on-demand data replication was supported only between accounts in AWS Regions that are enabled by default. Starting today, you can replicate snapshots to and from opt-in Regions, expanding the AWS Regions where you can build cross-Region disaster recovery and data distribution architectures.
On-demand data replication across opt-in Regions is available in all AWS Regions where Amazon FSx for OpenZFS is offered, including the supported opt-in Regions. There is no additional charge for on-demand data replication. Standard AWS data transfer charges apply when replicating across AWS Regions or accounts. To get started, visit the Amazon FSx console or refer to the on-demand replication documentation. To learn more, visit the Amazon FSx for OpenZFS product page.
Quelle: aws.amazon.com

Amazon Bedrock AgentCore Memory now supports strictly consistent metadata for long-term memory

Amazon Bedrock AgentCore Memory extracts useful information from short-term memory and stores it as long-term memory records. Metadata on these records helps organize, filter, and route them for retrieval. Previously, metadata values could only be inferred by the LLM during extraction. Now, you can also attach metadata values directly from your application, ensuring they pass through extraction and consolidation exactly as supplied with no LLM inference. When you set a metadata key’s extraction type to STRICTLY_CONSISTENT, the value you provide on the short-term memory event is the value that lands on the resulting long-term memory record unchanged.
Strictly consistent metadata also isolates how events are grouped. Events sharing the same values are extracted together and consolidated together. Records with different values are never merged, even if semantically similar. This enables department-scoped retrieval, compliance boundaries between regulated and standard records, and multi-tenant memory where each tenant’s data is processed independently.
You can configure up to three strictly consistent keys per strategy. The feature is supported on semantic, user preference, and episodic strategies, including custom overrides. Keys must be of type STRING and declared in the memory’s indexed keys. Both LLM-inferred and strictly consistent keys can coexist on the same memory resource. To get started, see Long-term memory metadata. Amazon Bedrock AgentCore Memory strictly consistent metadata is available in all AWS Regions where AgentCore Memory is supported.
Quelle: aws.amazon.com

Grok 4.3 from xAI now available in Amazon Bedrock

Today, AWS announces the availability of xAI’s Grok 4.3 model on Amazon Bedrock. With this launch, xAI joins Amazon Bedrock as a model provider, giving you even more choice as you build generative AI applications across reasoning, agentic, and enterprise workflows.
Grok 4.3 is a reasoning-first model that offers always-on and configurable reasoning effort (none, low, medium, high). Because reasoning is always active rather than optional, it behaves more consistently across multi-step agent loops than models that can skip thinking. It also offers strong tool use and instruction-following capabilities for building multi-step agents, and token efficiency to help keep high-volume inference cost-effective. Grok 4.3 is especially well suited to enterprise workloads such as contract review, case law research, credit agreement analysis, and financial document Q&A, while delivering consistent, high-quality results across conversational AI, search, chat, and multi-turn workflows. Grok 4.3 runs on Mantle, a new inference engine in Amazon Bedrock designed for price performance, with support for tool calling, structured output, and response streaming.
See region availability of Grok 4.3 for list of supported regions. To get started, visit the Grok 4.3 model detail page in our documentation.
Quelle: aws.amazon.com

AWS Management Console Private Access now works without internet connectivity

AWS Management Console Private Access now enables customers to access the AWS Console from VPCs without internet connectivity, allowing enterprises to manage their AWS infrastructure through the console while maintaining strict network security controls in air-gapped environments. Previously, AWS Management Console Private Access allowed customers to restrict console access to authorized AWS accounts and corporate networks but still required internet connectivity. With this launch, AWS Console traffic can flow through VPC endpoints for the supported service consoles, eliminating the need for any internet access. This capability is particularly valuable for customers in regulated industries such as financial services, government and defense, and healthcare, and for enterprises with strict security requirements who need to access sensitive data only from controlled environments and use the console in classified or networks without internet connectivity. AWS Management Console Private Access uses AWS PrivateLink to establish secure network paths between customer VPCs and the console. Customers can apply VPC endpoint policies to restrict access to specific AWS accounts and organizations, and use IAM, Service Control, and Resource Control policies to require that employees access resources only from authorized networks.
This capability is available in all AWS commercial regions. You pay only for the underlying AWS PrivateLink VPC endpoint usage and data processing. To get started and learn about the supported services, visit the Management Console Private Access documentation.
Quelle: aws.amazon.com

AWS DevOps Agent expands with custom SRE agents and MCP/A2A protocols

AWS DevOps Agent now supports custom SRE agents, bring-your-own sub-agents, and headless access via MCP and A2A protocols. These capabilities enable teams to automate recurring SRE workflows, extend DevOps Agent by connecting it to other agents, and access its capabilities from the tools they already use, including Kiro, Claude, and other coding assistants. With custom SRE agents, teams can create and schedule agents within Agent Spaces that run on a cadence. For example, create a daily database health report that checks for slow queries and parameters that need tuning, or build an agent that reviews logs from the past 24 hours and flags anomalies. In headless mode, developers can invoke DevOps Agent from the tools and agents they already use via A2A or MCP protocols. For example, the Kiro power for AWS DevOps Agent lets developers check production health and investigate issues without leaving their IDE. Teams can also connect their own sub-agents built with Amazon Bedrock or third-party frameworks via A2A to extend DevOps Agent capabilities. AWS DevOps Agent also introduces chat enhancements, incident-skip support based on customer-defined rules, enhanced knowledge with memories and Git-managed skills, human labeling and customer-created dashboards for tracking task quality, and is available in five new Regions. See all the latest AWS DevOps Agent features on the recent improvements page. For the list of AWS Regions where AWS DevOps Agent is available, see the supported Regions table.
Quelle: aws.amazon.com

AWS Lambda Managed Instances now supports Tag Propagation for Managed Resources

AWS Lambda Managed Instances (LMI) now supports tag propagation, enabling you to automatically apply tags to managed resources such as Amazon EC2 instances, Amazon EBS volumes, and Amazon ENIs. This helps you enforce cost allocation, service control policies (SCPs), and compliance requirements across all resources provisioned by your capacity providers.
LMI lets you run Lambda functions on managed EC2 instances with built-in routing, load balancing, and auto scaling, giving you access to specialized compute configurations including the latest-generation processors and high-bandwidth networking, with no operational overhead. Organizations that use resource tagging for cost tracking, governance, or security previously had no way to propagate tags to the underlying managed resources that LMI provisions on their behalf. This made it difficult to track costs accurately, enforce SCPs, or meet compliance standards that require approved tags on all resources. Now, with tag propagation, you can specify a set of tags on your capacity provider configuration, and LMI automatically applies those tags to all managed resources it creates. This ensures consistent tagging across your EC2 instances, EBS volumes, and ENIs without requiring manual intervention or custom automation.
This feature is available in all AWS commercial Regions where LMI is generally available. To get started, configure the PropagateTags setting on your capacity provider using the CreateCapacityProvider or UpdateCapacityProvider APIs. Set the mode to Explicit and provide your desired tags as key-value pairs. Tag propagation applies to all new managed resources provisioned after the configuration is applied. You can configure these settings using the AWS Management Console, AWS CLI, AWS CloudFormation, AWS CDK, or AWS SAM. To learn more, visit the AWS Lambda Managed Instances product page and documentation.
Quelle: aws.amazon.com

AWS launches Cost Explorer historical data retention for accounts in billing groups

Today, AWS announces Cost Explorer historical data retention for accounts in billing groups.  
Customers can use AWS Billing Conductor and Billing Transfer to map accounts to billing groups, enabling them to view billing data priced at the pro forma rates supplied by the payer account or Bill-Transfer account. Previously, the billing group configuration resulted in restricted access to historical billing data (priced at AWS billable rates) for accounts mapped to billing groups.
With this launch, accounts included in billing groups retain access to their historical billing data in Cost Explorer at their original billable rates. Accounts previously on-boarded to Billing Conductor and Billing Transfer will gain access to their historical data with no additional action required. This enables reporting continuity for customers opting into AWS Billing Conductor and Billing Transfer.
Billing Transfer is available today in all AWS Regions, excluding the GovCloud, China (Beijing) and China (Ningxia) Regions.
To learn more about using Billing Transfer to centralize billing and cost management across your multi-organization environment, visit Billing Transfer product page, AWS Billing documentation, AWS Cost Management documentation, and news blog.
Quelle: aws.amazon.com