Kategorie: Amazon AWS

Amazon DynamoDB global tables now support replication across multiple AWS accounts

Amazon DynamoDB global tables now support replication across multiple AWS accounts. DynamoDB global tables is a fully managed, serverless, multi-Region, and multi-active database used by tens of thousands of customers to power business-critical applications. With this new capability, you can replicate tables across AWS accounts and Regions to improve resiliency, isolate workloads at the account level, and apply distinct security and governance controls. For multi-account global tables, DynamoDB automatically replicates tables across AWS accounts and Regions. This capability allows you to strengthen fault tolerance and helps ensure applications remain highly available even during account-level disruptions, while allowing customers to align data placement with organizational and security requirements. Multi-account global tables are ideal for customers that adopt multi-account strategies or use AWS Organizations to improve security isolation, enforce data perimeter guardrails, implement disaster recovery (DR), or separate workloads by business unit. Multi-account global tables is available in all AWS Regions and is billed according to existing global tables pricing. To get started, see the DynamoDB global tables documentation, and visit the AWS developer guide to learn more about the benefits of using a multi-account strategy for your AWS environment.
Quelle: aws.amazon.com

AWS Marketplace introduces localized billing for Professional Services from AWS EMEA

AWS Marketplace now offers a more localized experience for Europe, Middle East, and Africa (EMEA) customers purchasing Professional Service solutions via AWS EMEA Marketplace Operator. Customers can now procure Professional Services using localized payment methods and receive invoices from AWS EMEA. This removes previous procurement barriers caused by complex payment remittance processes between different AWS entities, which made it difficult for EMEA customers to purchase Professional Services through AWS Marketplace. Key benefits include support for SEPA (Single Euro Payment Area) payment methods and invoicing consistency from the same AWS entity covering all AWS Marketplace purchases via AWS EMEA Marketplace Operator. This capability is ideal for EMEA customers purchasing consulting, implementation, or managed services through AWS Marketplace. It also benefits organizations that prefer local payment methods such as SEPA direct debit, want to consolidate AWS and Marketplace billing, or are seeking a simpler procurement experience for Professional Services. This capability is available for EMEA customers who purchase professional services solutions in AWS Marketplace, with AWS EMEA as the Marketplace Operator. To learn more about purchasing Professional Services products in AWS Marketplace and receive invoices issued by AWS EMEA, visit the AWS Marketplace Buyer Guide and AWS EMEA Marketplace FAQs. For more information on how to add a bank account for SEPA, see Managing Your SEPA Direct Debit Payment Method in the AWS Billing and Cost Management user guide. 
Quelle: aws.amazon.com

AWS IAM Identity Center enables account access and application use in multiple AWS Regions

IAM Identity Center helps you configure the single sign-on experience of your workforce to AWS accounts and applications. You can now replicate IAM Identity Center from the primary AWS Region where you first enabled it to additional Regions of your choice. This feature enhances resilience of user access to AWS accounts and helps you deploy AWS applications in the AWS Regions that best align with your business needs such as application data residency and proximity to users.
When you enable this feature, IAM Identity Center automatically replicates your identities, entitlements, and other information from the primary Region to additional Regions. If IAM Identity Center is affected by a disruption in the primary Region, IAM Identity Center users continue to have access to their AWS accounts using the already provisioned entitlements in the additional Regions. 
AWS application administrators can use the standard application deployment workflow to deploy their application in an additional Region. They can assign users to the application in that Region, while you continue to administer IAM Identity Center in the primary Region. IAM Identity Center multi-Region support is currently available in the 17 enabled-by-default commercial AWS Regions for organization instances of IAM Identity Center connected to an external identity provider, such as Okta. The IAM Identity Center organization instance must be configured with a multi-Region customer managed KMS key (CMK). To find out which AWS applications support deployment in additional Regions, visit AWS applications that you can use with IAM Identity Center. Standard AWS KMS charges apply for storing and using CMKs. IAM Identity Center is provided at no additional cost. To learn more about IAM Identity Center, visit the product detail page. To get started, see the IAM Identity Center User Guide. 
Quelle: aws.amazon.com

AWS Management Console now displays Account Name on the Navigation bar for easier account identification

Today, AWS announces the general availability of displaying account name in AWS Management Console across all Public Regions. AWS customers now have an easy way to identify their accounts at a glance. Users can now quickly distinguish between accounts visually using the account name that appears in the navigation bar for all authorized users in that account. AWS customers manage multiple accounts to separate their workloads, such as maintaining distinct accounts for development and production environments or for different business units. Previously, users had to rely on account numbers to identify accounts. With this new feature, all authorized users can quickly identify the account using its name on the navigation bar. The account name display feature is available at no additional cost in all public AWS Regions. To get started, make sure your administrator has enabled the feature (visit our managed policy documentation) and sign in to AWS Management Console. 
Quelle: aws.amazon.com

Amazon Connect launches an appeals workflow for agent performance evaluations

Amazon Connect now provides an integrated workflow to capture and resolve agent appeals of performance evaluations, enhancing evaluation fairness and agent engagement. When agents disagree with an evaluation, they can appeal the evaluation along with their reasoning directly within the Connect UI. For example, an agent who received a low evaluation score for active listening on a conversation, may appeal their evaluation by citing specific examples where they actively listened and acknowledged the customer’s problem. Designated managers then receive automated email notifications to review and resolve the appeal. Additionally, managers can monitor which evaluations have been appealed, and track their status, ensuring timely resolution of appeals. This feature is available in all regions where Amazon Connect is offered. To learn more, please visit our documentation and our webpage.
Quelle: aws.amazon.com

AWS Lake Formation is now available in Asia Pacific (New Zealand) Region

AWS Lake Formation is now available in the Asia Pacific (New Zealand) Region, enabling you to centrally manage and scale fine-grained data access permissions and share data securely within and outside your organization. AWS Lake Formation is a service that allows you to define where your data resides and what data access and security policies you want to apply. Your users can then access the centralized AWS Glue Data Catalog which describes available data sets and their appropriate usage. Your users can then usethese data sets with their choice of analytics and machine learning services, like Amazon EMR for Apache Spark, Amazon Redshift, AWS Glue, Amazon QuickSight, and Amazon Athena. To learn more about Lake Formation, visit the documentation. For AWS Lake Formation Region availability, please see the AWS Region table.
Quelle: aws.amazon.com

Amazon CloudFront announces mutual TLS support for origins

Amazon CloudFront announces support for mutual TLS authentication (mTLS) for origins, a security protocol that enables customers to verify that requests to their origin servers come only from their authorized CloudFront distributions using TLS certificates. This certificate-based authentication provides cryptographic verification of CloudFront’s identity, eliminating the need for customers to manage custom security controls. Previously, verifying that requests came from CloudFront distributions required customers to build and maintain custom authentication solutions like shared secret headers or IP allow-lists, particularly for public or externally hosted origins. These approaches required ongoing operational overhead to rotate secrets, update allow-lists, and maintain custom code. Now with origin mTLS support, customers can implement a standardized, certificate-based authentication approach that eliminates this operational burden. This enables organizations to enforce strict authentication for their proprietary content, ensuring that only verified CloudFront distributions can establish connections to backend infrastructure ranging from AWS origins and on-premises servers to third-party cloud providers and external CDNs. Customers can leverage client certificates issued by AWS Private Certificate Authority or third-party private Certificate Authorities, which they import through AWS Certificate Manager. Customers can configure origin mTLS using the AWS Management Console, CLI, SDK, CDK, or CloudFormation. Origin mTLS is supported for all origins that support mutual TLS on AWS such as Application Load Balancer and API Gateway, as well as on-premises and custom origins. There is no additional charge for origin mTLS. Origin mTLS is also available in the Business and Premium flat-rate pricing plans. For detailed implementation guidance and best practices, visit the CloudFront origin mutual TLS documentation.
Quelle: aws.amazon.com

AWS STS now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and OCI

AWS Security Token Service (STS) now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and Oracle Cloud Infrastructure in IAM role trust policies and resource control policies for OpenID Connect (OIDC) federation into AWS via the AssumeRoleWithWebIdentity API. With this new capability, you can reference these custom claims as condition keys in IAM role trust policies and resource control policies, expanding your ability to implement fine-grained access control for federated identities and help you establish your data perimeters. This enhancement builds upon IAM’s existing OIDC federation capabilities, which allow you to grant temporary AWS credentials to users authenticated through external OIDC-compatible identity providers.
Quelle: aws.amazon.com

Announcing memory-optimized instance bundles for Amazon Lightsail

Amazon Lightsail now offers memory-optimized instance bundles with up to 512 GB memory. The new instance bundles are available in 7 sizes, with Linux and Windows operating system (OS) and application blueprints, for both IPv6-only and dual-stack networking types. You can create instances using the new bundles with pre-configured OS and application blueprints including WordPress, cPanel & WHM, Plesk, Drupal, Magento, MEAN, LAMP, Node.js, Ruby on Rails, Amazon Linux, Ubuntu, CentOS, Debian, AlmaLinux, and Windows. The new memory-optimized instance bundles enable you to run memory-intensive workloads that require high RAM-to-vCPU ratios in Lightsail. These high-memory instance bundles are ideal for workloads such as in-memory databases, real-time big data analytics, in-memory caching systems, high-performance computing (HPC) applications, and large-scale enterprise applications that process extensive datasets in memory. These new bundles are now available in all AWS Regions where Amazon Lightsail is available. For more information on pricing, click here.
Quelle: aws.amazon.com

DeepSeek OCR, MiniMax M2.1, and Qwen3-VL-8B-Instruct models are now available on SageMaker JumpStart

Today, AWS announced the availability of DeepSeek OCR, MiniMax M2.1, and Qwen3-VL-8B-Instruct in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These three models bring specialized capabilities spanning document intelligence, multilingual coding, advanced multimodal reasoning, and vision-language understanding, enabling customers to build sophisticated AI applications across diverse use cases on AWS infrastructure. These models address different enterprise AI challenges with specialized capabilities: DeepSeek OCR explores visual-text compression for document processing. It can extract structured information from forms, invoices, diagrams, and complex documents with dense text layouts. MiniMax M2.1 is optimized for coding, tool use, instruction following, and long-horizon planning. It automates multilingual software development and executes complex, multi-step office workflows, empowering developers to build autonomous applications. Qwen3-VL-8B-Instruct delivers ssuperior text understanding and generation, deeper visual perception and reasoning, extended context length, enhanced spatial and video dynamics comprehension, and stronger agent interaction capabilities. With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases. To get started with these models, navigate to the SageMaker JumpStart model catalog in the SageMaker console or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation. 
Quelle: aws.amazon.com