AWS Batch now supports configurable scale down delay

AWS Batch now allows you to configure a scale down delay for managed compute environments, helping reduce job processing delays for intermittent and periodic workloads. With the new minScaleDownDelayMinutes parameter, you can specify how long AWS Batch keeps instances running after their jobs complete (from 20 minutes to 1 week), preventing unnecessary instance terminations and relaunches that can delay subsequent job processing. You can configure the scale down delay when creating or updating a compute environment via the AWS Batch API (CreateComputeEnvironment or UpdateComputeEnvironment) or the AWS Batch Management Console. The delay is applied at the instance level, based on when each instance last completed a job. Scale down delay is supported today in all AWS Regions where AWS Batch is available. For more information, see the AWS Batch API Guide.
Quelle: aws.amazon.com

AWS Config now supports 30 new resource types

AWS Config now supports 30 additional AWS resource types across key services including Amazon Bedrock AgentCore and Amazon Cognito. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available: Resource Types:

AWS::AppSync::DataSource
AWS::Deadline::LicenseEndpoint

AWS::Batch::ConsumableResource
AWS::Deadline::QueueEnvironment

AWS::Bedrock::DataSource
AWS::Detective::OrganizationAdmin

AWS::BedrockAgentCore::Gateway
AWS::GameLift::ContainerFleet

AWS::BedrockAgentCore::Memory
AWS::GameLift::ContainerGroupDefinition

AWS::Cognito::IdentityPoolRoleAttachment
AWS::GameLift::GameServerGroup

AWS::Cognito::LogDeliveryConfiguration
AWS::GameLift::Location

AWS::Cognito::UserPoolUICustomizationAttachment
AWS::IoT::TopicRule

AWS::Connect::RoutingProfile
AWS::Omics::ReferenceStore

AWS::DataBrew::Dataset
AWS::PCAConnectorAD::Template

AWS::DataBrew::Job
AWS::PCAConnectorSCEP::Challenge

AWS::DataBrew::Project
AWS::ResourceExplorer2::View

AWS::DataBrew::Recipe
AWS::ResourceGroups::Group

AWS::DataBrew::Ruleset
AWS::Scheduler::ScheduleGroup

AWS::DataBrew::Schedule
AWS::VerifiedPermissions::IdentitySource

Quelle: aws.amazon.com

AWS announces pricing for VPC Encryption Controls

AWS is launching pricing for VPC Encryption Controls, a security and compliance feature that enables you to audit and enforce encryption-in-transit of all traffic flows within and across Virtual Private Clouds (VPCs) in a region. VPC Encryption controls can be enabled in two modes: Monitor mode detects presence of any unencrypted traffic within your VPCs, and Enforce Mode ensures all data-in-transit is encrypted and prevents the bring up of any resources that allow unencrypted traffic within your VPC.  Starting March 1, 2026, VPC Encryption Controls will transition from a free preview to a paid feature. You will be charged a fixed hourly rate for every non-empty VPC (VPC that has network interfaces in them) that has Encryption Controls enabled in either monitor or enforce mode. There will be no charge for empty VPCs that have encryption controls enabled. When you enable encryption support on a Transit Gateway, standard VPC Encryption Controls charges apply to all VPCs attached to that Transit Gateway irrespective of their encryption controls mode (monitor, enforce or off) even if they are empty.  To learn more about VPC Encryption Controls and view detailed regional pricing, visit the VPC Encryption Controls documentation and VPC pricing page.
Quelle: aws.amazon.com

AWS Network Firewall now supports firewall state change notifications through Amazon EventBridge

AWS Network Firewall now integrates with Amazon EventBridge to provide real-time notifications for firewall state changes and configuration updates. This new capability enables you to monitor critical firewall operations including firewall configuration updates and endpoint status modifications across your network security infrastructure. You gain immediate visibility into changes affecting AWS Managed Rules, Partner Managed Rules, and firewall configurations. With EventBridge integration, you gain enhanced visibility into your firewall operations in real-time. You can build automated workflows to send notifications through Amazon SNS, create tickets in your IT service management (ITSM) systems, or integrate with third-party security information and event management (SIEM) solutions. This integration helps you maintain better operational awareness of your network security infrastructure and respond quickly to configuration changes or potential issues. AWS Network Firewall state change notifications through Amazon EventBridge are available in all AWS Regions where AWS Network Firewall and Amazon EventBridge is currently available. To learn more about AWS Network Firewall EventBridge integration, visit the AWS Network Firewall documentation. For information about Amazon EventBridge, see the Amazon EventBridge documentation.
Quelle: aws.amazon.com

Amazon Bedrock batch inference now supports the Converse API format

Amazon Bedrock batch inference now supports the Converse API as a model invocation type, enabling you to use a consistent, model-agnostic input format for your batch workloads. Previously, batch inference required model-specific request formats using the InvokeModel API. Now, when creating a batch inference job, you can select Converse as the model invocation type and structure your input data using the standard Converse API request format. Output for Converse batch jobs follows the Converse API response format. With this feature, you can use the same unified request format for both real-time and batch inference, simplifying prompt management and reducing the effort needed to switch between models. You can configure the Converse model invocation type through both the Amazon Bedrock console and the API. This capability is available in all AWS Regions that support Amazon Bedrock batch inference. To get started, see Create a batch inference job and Format and upload your batch inference data in the Amazon Bedrock User Guide.
Quelle: aws.amazon.com

ARC Region switch adds three new capabilities: post-recovery workflows, RDS orchestration and AWS provider support for Terraform

Amazon Application Recovery Controller (ARC) Region switch helps customers orchestrate the failover of their multi-Region applications to achieve a bounded recovery time in the event of a Regional impairment. It automates multi-Region disaster recovery, reducing engineering effort and eliminating operational overhead when recovering applications across multiple AWS accounts and Regions. Region switch now includes three new capabilities: post-recovery workflows, native RDS execution blocks, and AWS provider for Terraform support. Post-recovery workflows. Disaster recovery doesn’t end when customers failover to a standby Region. After orchestrating a failover or failback, customers must prepare the other Region for the next recovery event. Today, this requires manual coordination of scaling, recreating read replicas, and validating configurations. Post-recovery workflows help customers automate these preparation steps. With this launch, post-recovery workflows support the custom action Lambda execution block, Amazon RDS create read replica execution block, ARC Region switch plan execution block, and the manual approval execution block. Customers can create read replicas, run custom logic via Lambda functions, add manual approval gates, and embed child plans for complex orchestration as part of post-recovery. Post-recovery workflows are available for active/passive deployments and can be triggered manually. RDS execution blocks. Coordinating Amazon RDS database recovery during Regional failover requires manual steps to promote read replicas and recreate replication, introducing delays and errors. Region switch now natively supports two Amazon RDS execution blocks that automate RDS recovery orchestration. The RDS promote read replica execution block orchestrates promotion of a read replica to a standalone instance during failover. The RDS create read replica execution block orchestrates replica creation as part of post-recovery workflows. AWS provider for Terraform support. Region switch is now supported by the AWS provider for Terraform, enabling customers to manage disaster recovery plans as Infrastructure-as-Code and integrate them into CI/CD pipelines alongside application deployments.
To learn more, about AWS provider support for Terraform, visit Terraform provider documentation. To learn about post-recovery workflows in action, read the post-recovery workflow tutorial. To get started with Region switch, read our launch blog or documentation.
Quelle: aws.amazon.com

EC2 Image Builder enhances lifecycle policies with wildcard support and simplified IAM

EC2 Image Builder, a service that helps you automate the creation, distribution, and management of customized Amazon Machine Images, now supports wildcard patterns in lifecycle policies and simplifies IAM role creation. You can now use wildcard patterns to manage images from multiple recipes within a single lifecycle policy, and create IAM roles with pre-populated default permissions directly from the console. Previously, you had to create separate lifecycle policies for each new recipe or manually select individual recipes, making it difficult to scale as new recipes were added. Now with wildcard pattern support, you can specify patterns like my-recipe-1.x.x to automatically apply lifecycle policies to all matching recipes—including new recipes created in the future. Additionally, creating IAM roles for lifecycle management previously required manually configuring the required permissions. Now when creating a new role in the console, EC2 Image Builder automatically populates the required default permissions, reducing setup time and potential configuration errors. Together, these capabilities simplify onboarding and ongoing maintenance, enabling you to manage your image lifecycle at scale with less operational overhead. Lifecycle Policies are available in all commercial AWS regions. To learn more, refer to the documentation.
Quelle: aws.amazon.com

Amazon Lightsail expands blueprint selection with a new WordPress blueprint

Amazon Lightsail now offers a new WordPress blueprint, making it easier than ever to launch and manage a WordPress website on the cloud. With just a few clicks, you can create a Lightsail virtual private server (VPS) preinstalled with WordPress, and follow a guided setup wizard to get your site fully configured and running in minutes. This new blueprint has Instance Metadata Service Version 2 (IMDSv2) enforced by default. With Lightsail, you can easily get started on the cloud by choosing a blueprint and an instance bundle to build your web application. Lightsail instance bundles include instances preinstalled with your preferred operating system, storage, and monthly data transfer allowance, giving you everything you need to get up and running quickly. The new WordPress blueprint includes a step-by-step setup workflow that walks you through connecting a custom domain, configuring DNS, attaching a static IP address, and enabling HTTPS encryption using a free Let’s Encrypt SSL/TLS certificate — all from within the Lightsail console. This new blueprint is now available in all AWS Regions where Lightsail is available. For more information on blueprints supported on Lightsail, see Lightsail documentation. For more information on pricing, or to get started with your free trial, click here.
Quelle: aws.amazon.com

Amazon Bedrock announces OpenAI-compatible Projects API

Amazon Bedrock now supports OpenAI-compatible Projects API in the Mantle inference engine in Amazon Bedrock. Amazon Bedrock is a fully managed service that offers a broad selection of best-in-class foundation models from leading AI companies like Anthropic, Meta, and OpenAI, along with a broad set of specialized developer tools that make it easy to build and scale compelling generative AI applications. Mantle is Amazon Bedrock’s distributed inference engine for large-scale model serving that supports OpenAI-compatible APIs. With Projects API, customers who have more than one application, environment, or team can now create individual projects to achieve better isolation across all of them. You can assign different IAM-based access control to each project and add tags to each project for better cost visibility. Projects are available for all customers using the OpenAI-compatible APIs, the Responses API and Chat Completions API, through the Mantle inference engine in Amazon Bedrock. There is no additional charge for using the Projects API. You pay only for the underlying model inference you consume. To get started with the Projects API in Amazon Bedrock, visit the Amazon Bedrock documentation. 
Quelle: aws.amazon.com

Amazon OpenSearch Service adds new insights for improved cluster stability

Amazon OpenSearch Service has enhanced Cluster Insights with two new insights — Cluster Overload and Suboptimal Sharding Strategy. Suboptimal Sharding Strategy provides instant visibility into shard imbalances that cause uneven workload distribution, while Cluster Overload surfaces elevated cluster resource utilization that can lead to request throttling or rejections. Both insights come with details of affected resources along with actionable mitigation recommendations. Previously, identifying resource constraints and shard imbalances required manually correlating multiple metrics and logs, making it difficult to detect issues early. With these new insights, you can proactively monitor cluster health and take timely action. Suboptimal Sharding Strategy detects shard imbalances caused by indices with too few shards relative to the number of data nodes, or by shards carrying disproportionately large amounts of data compared to others. It identifies the root cause of uneven workload distribution and provides recommendations to help you achieve optimal shard distribution for improved query performance and resource utilization. Similarly, Cluster Overload helps you identify elevated resource utilization, including CPU, memory, disk I/O, disk throughput, and disk utilization that can potentially lead to request throttling or rejections. It also provides scale-up recommendations so you can take timely action to protect your critical workloads. These new insights are available at no additional cost for OpenSearch version 2.17 or later in all Regions where the OpenSearch UI is available. See the complete list of supported Regions here. To learn more, visit the Cluster Insights documentation or view the complete catalog of available insights.
Quelle: aws.amazon.com