Amazon SageMaker HyperPod now supports AMI versioning and auto-patching

Amazon SageMaker HyperPod now gives you visibility into the Amazon Machine Image (AMI) versions running across your clusters and automatically applies security patches without disrupting your workloads. SageMaker HyperPod is purpose-built infrastructure for training and deploying foundation models at scale. Cluster administrators previously had limited insight into which AMI versions were running, making drift hard to detect and security patching a manual, reactive process that was difficult to run on long multi-day training jobs and that risked changing bundled software in the AMI such as NVIDIA drivers or CUDA. These new capabilities on HyperPod help you keep clusters secure and consistent while removing the operational burden of manual patching.
With AMI versioning, you can see the exact AMI version on every instance group and node in the semantic versioning (major.minor.patch) format, quickly detect version drift, and roll back to a previous version—including the prior NVIDIA driver, CUDA, and other software stack—using the UpdateClusterSoftware API. Auto-patching is an opt-in, per-instance-group capability that applies only backward-compatible security patches as nodes become idle, so your running workloads stay undisrupted and critical AI/ML packages such as NVIDIA driver, CUDA version, and operating system kernels are never upgraded to a different major or minor version; you can enable it through the CreateCluster or UpdateCluster API. A new AMI support policy also publishes support timelines for different AMI versions after which HyperPod stops publishing security patches.
Both AMI versioning and auto-patching are available for HyperPod clusters orchestrated by Amazon EKS, in all AWS Regions where SageMaker HyperPod is supported. To learn more, see the HyperPod AMI management documentation and the new HyperPod AMI support policy.
Quelle: aws.amazon.com

Amazon EC2 X8i instances are now available in additional regions

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) X8i instances are available in the Asia Pacific (Seoul), Asia Pacific (Malaysia) and Asia Pacific (Tokyo) regions. These instances are powered by custom Intel Xeon 6 processors available only on AWS. X8i instances are SAP-certified and deliver the highest performance and fastest memory bandwidth among comparable Intel processors in the cloud. They deliver up to 43% higher performance, 1.5x more memory capacity (up to 6TB), and 3.3x more memory bandwidth compared to previous generation X2i instances. X8i instances are designed for memory-intensive workloads like SAP HANA, large databases, data analytics, and Electronic Design Automation (EDA). Compared to X2i instances, X8i instances offer up to 50% higher SAPS performance, up to 47% faster PostgreSQL performance, 88% faster Memcached performance, and 46% faster AI inference performance. X8i instances come in 14 sizes, from large to 96xlarge, including two bare metal options. To get started, visit the AWS Management Console. X8i instances can be purchased via Savings Plans, On-Demand instances, and Spot instances. For more information visit X8i instances page.
Quelle: aws.amazon.com

Amazon SageMaker Unified Studio now supports Terraform for provisioning

Amazon SageMaker Unified Studio now supports Terraform for provisioning. Customers can use the open-source terraform-aws-sagemaker-unified-studio module to deploy a SageMaker Unified Studio domain through version-controlled templates. With this launch, platform teams can bring SageMaker Unified Studio into their existing infrastructure-as-code pipelines, maintaining consistency across development, staging, and production accounts.
Amazon SageMaker Unified Studio is a unified development environment where data teams can build end-to-end data and AI workflows using familiar tools—from data integration and analytics to machine learning and generative AI—all governed by a shared catalog. Administrators provision domains to give their organization a single, managed workspace with built-in access control, data governance, and cross-service connectivity. With this launch, the Terraform module handles the infrastructure of SageMaker Unified Studio domain with provisioned IAM roles. Sub-modules let teams enable blueprints, compose blueprints into project profiles, and create projects independently. Customers can also create projects with existing IAM roles. This integration is enabled through the Terraform AWS Cloud Control Provider.
This feature is available in all AWS Regions where Amazon SageMaker Unified Studio is available. To get started, see examples provided in terraform-aws-sagemaker-unified-studio module on GitHub and the Amazon SageMaker Unified Studio documentation.
Quelle: aws.amazon.com

AWS Config now supports 8 new resource types

AWS Config now supports 8 additional AWS resource types across key services including Amazon API Gateway, Amazon EC2, and Amazon S3 Vectors. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources.
With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators.
You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the resources are available:
Resource Types:

AWS::ApiGateway::DomainNameV2
AWS::ApiGatewayV2::VpcLink
AWS::EC2::VPCEncryptionControl
AWS::NetworkFirewall::ContainerAssociation
AWS::OpenSearchServerless::SecurityPolicy
AWS::OSIS::Pipeline
AWS::S3Vectors::VectorBucket
AWS::S3Vectors::VectorBucketPolicy

Quelle: aws.amazon.com

Amazon EC2 Dedicated Hosts now support AMD SEV-SNP

Amazon EC2 is announcing support for AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) on Dedicated Hosts, enabling customers to run their confidential computing workloads on physical servers fully dedicated to their use. Customers can allocate a Dedicated Host with SEV-SNP enabled and launch SEV-SNP instances on it. This gives customers the benefits of Dedicated Hosts for confidential computing workloads, including control over instance placement, and host affinity that allows customers to deploy instances to the same physical server over time. The physical host is provisioned with AMD security firmware during allocation, ensuring a customer’s confidential computing environment is up to date. Dedicated Host SEV-SNP is available in all AWS commercial Regions with AMD instances. To learn more, visit our documentation.
Quelle: aws.amazon.com

AWS Artifact now includes Assurance Assistant for compliance inquiries

AWS Artifact now includes Assurance Assistant, an AI-powered capability that generates citation-backed responses to security and compliance questions about AWS services. AWS Artifact is the service through which AWS provides compliance reports, certifications, and agreements to customers. Assurance Assistant helps third-party risk managers, compliance officers, security engineers, and auditors accelerate vendor assessments and due diligence questionnaire (DDQ) completion by providing sourced answers grounded in verified AWS compliance documentation. Assurance Assistant offers two modes: single-question mode for immediate on-screen responses, and questionnaire upload mode for bulk processing of XLSX files including industry-standard formats such as CAIQ, SIG, and custom DDQs. All responses include citations from AWS compliance documentation — including SOC reports, ISO certifications, and C5 attestation packages — so customers can independently verify information against source materials. Responses can be exported selectively or in full, with or without citations, in the original file format. To control access, two new IAM managed policies are available: AWSArtifactComplianceInquiriesReadOnlyAccess and AWSArtifactComplianceInquiriesFullAccess. Assurance Assistant is available at no additional charge through the AWS Artifact console in all commercial AWS Regions. AWS Artifact is a globally accessible service; customers do not need to select a specific Region to use Assurance Assistant. To learn more about Assurance Assistant, see Managing compliance inquiries in the AWS Artifact User Guide. For general information about AWS Artifact, see the AWS Artifact product page.
Quelle: aws.amazon.com

Amazon ECS now provides real-time deployment observability in the AWS Management Console

Amazon Elastic Container Service (Amazon ECS) now provides real-time deployment observability in the Amazon ECS Console. With this launch, customers can track deployment progress, monitor deployment health, and diagnose failures directly from the console, and understand exactly what is happening during a deployment, identify issues as they occur, and reduce the time it takes to troubleshoot and resolve deployment failures.
The enhanced deployment observability introduces a live deployment timeline that shows each phase, service events, and task launch and termination progress with automatic refresh. You can monitor deployment health in real time using circuit breaker status with live task failure proximity and threshold tracking, deployment alarm state, and health checks at both the container and load-balancer level. To diagnose deployment failures faster, you can view failed tasks directly in the deployment timeline with diagnostic context and deep links to related services such as AWS CloudTrail, reducing the need to navigate across multiple tools to pinpoint the root cause of a failure.
These capabilities are available at no additional charge in all AWS commercial Regions, and AWS GovCloud (US) Regions for all Amazon ECS services using the rolling update deployment type. To get started, navigate to any Amazon ECS service in the Amazon ECS Console and select the Deployments tab. 
Quelle: aws.amazon.com

ECS Service Connect now supports Zone-Aware routing

Amazon Elastic Container Service (Amazon ECS) introduces zone-aware routing for ECS Service Connect, enabling customers to reduce cross Availability Zone (AZ) data transfer costs and latency by automatically prioritizing service-to-service traffic within the same AZ. With this launch, ECS Service Connect preferentially routes requests to endpoints in the same AZ as the originating task while dynamically adjusting traffic weights as endpoints scale to maintain balanced load across target services. Previously, as customers distributed their applications across AZs for resiliency, service-to-service traffic led to significant cross-zone data transfer, requiring trade-offs between cost and resilience. Zone-aware routing eliminates this trade-off, and when local endpoints become unhealthy or fall below capacity thresholds, traffic automatically redistributes across healthy AZs to maintain availability without overloading any single zones. Zone-aware routing is enabled by default for all new and existing services and requires no additional infrastructure or application code changes. Existing services require a one-time redeployment to enable the new routing behavior. You can use Amazon VPC Flow Logs with AZ metadata to monitor cross-AZ traffic patterns and validate routing effectiveness. This feature is available in all AWS commercial and AWS GovCloud (US) Regions, where ECS Service Connect is supported at no additional cost. For more details, refer to our documentation and launch blog post.
Quelle: aws.amazon.com

Amazon CloudWatch supports creating alarms from log queries

Amazon CloudWatch allows you to create alarms on log data using log queries, and get alerted on anomalies without leaving your log analysis workflow.
With today’s launch, you can configure an alarm on log query and specify the alarm threshold directly, thereby eliminating the need to first create metric filters or custom metrics as intermediate steps. This streamlines the path to actively monitoring the data in your logs, and monitoring and alerting on it. For example, you can write a query to count error rates by service, set a threshold, and receive an alarm notification with log context when errors spike – all in a single workflow. Alarms created from log queries support all standard CloudWatch Alarm actions, including Amazon SNS notifications, and Amazon EventBridge integrations.
This feature is available in all commercial AWS Regions except Middle East (UAE), and Middle East (Bahrain). You can create log query-based alarms using the Amazon CloudWatch console, AWS Command Line Interface (AWS CLI), AWS CloudFormation, and AWS SDKs. For pricing details and documentation, see the Amazon CloudWatch pricing and visit the Amazon CloudWatch documentation.
Quelle: aws.amazon.com

Amazon Bedrock AgentCore increases default runtime quota limits

Amazon Bedrock AgentCore has increased the default runtime quota limits, giving customers greater capacity to scale their agent-based workloads. AgentCore is the platform for developers to build, connect, and optimize AI agents.
The new default limits support up to 5,000 active concurrent sessions in US East (N. Virginia) and US West (Oregon), and 2,500 in all other supported Regions. All AWS Regions where AgentCore is available now support 200 agent interactions per second and 25 new sessions created per second. This means customers can run more AI agents simultaneously while handling high-throughput workloads out of the box.
To learn more, visit the AgentCore product page or see the AgentCore Developer Guide. For all quota limits, see the AgentCore Quotas documentation.
 
Quelle: aws.amazon.com