Kategorie: Amazon AWS

AWS Backup now supports Amazon EKS

AWS Backup now supports Amazon Elastic Kubernetes Service (EKS), providing a fully-managed, centralized solution for backing up EKS cluster state and persistent application data. You can now use AWS Backup to help protect your entire EKS environments through a centralized, policy-driven backup service. You now get comprehensive data protection capabilities through AWS Backup across your Amazon EKS Clusters, including automated scheduling, retention management, immutable vaults, cross-Region and cross-account copies. AWS Backup delivers a new an agent-free solution that works natively with AWS, replacing custom scripts or third-party tools to perform backups for each cluster. You can restore entire EKS clusters, specific namespaces, or individual persistent volumes. Use AWS Backup to protect your clusters for disaster recovery, to help meet your compliance requirements, or for additional protection before EKS cluster upgrades. AWS Backup for EKS is available in all AWS Regions where both AWS Backup and Amazon EKS are available. For the most up-to-date information on Regional availability, please refer to the AWS Backup Regional availability. To get started with AWS Backup for Amazon EKS, visit the AWS Backup console, refer to the AWS Backup documentation, or read the AWS News Blog. 
Quelle: aws.amazon.com

Amazon CloudWatch agent adds Shared Memory Metrics

Amazon CloudWatch agent now supports collection of shared memory utilization metrics from Linux hosts running on Amazon EC2 or on-premises environments. This new capability enables you to monitor total shared memory usage in CloudWatch, alongside existing memory metrics like free memory, used memory, and cached memory. Enterprise applications such as SAP HANA and Oracle RDBMS make extensive use of shared memory segments that were previously not captured in standard memory metrics. By enabling shared memory metric collection in your CloudWatch agent configuration file, you can now accurately assess total memory utilization across your hosts, helping you optimize host and application configurations and make informed decisions about instance sizing. Amazon CloudWatch agent is supported in all commercial AWS Regions and AWS GovCloud (US) Regions. For Amazon CloudWatch custom metrics pricing, see the CloudWatch Pricing page. To get started, see Configuring the CloudWatch agent in the Amazon CloudWatch User Guide. 
Quelle: aws.amazon.com

Amazon SageMaker Unified Studio adds support for catalog notifications

Amazon SageMaker Unified Studio now provides real-time notifications for data catalog activities, enabling data teams to stay informed of subscription requests, dataset updates, and access approvals. With this launch, customers receive real-time notifications for catalog events including new dataset publications, metadata changes, and access approvals directly within the SageMaker Unified Studio notification center. This launch streamlines collaboration by keeping teams updated as datasets are published or modified. The new notification experience in SageMaker Unified Studio is accessible from a “bell” icon in the top right corner of the project home page. From here, you can access a short list of recent notifications including subscription requests, updates, comments, and system events. To see the full list of all notifications, you can click on “notification center” to see all notifications in a tabular view that can be filtered based on your preferences for data catalogs, projects and event types. Notifications within SageMaker Unified Studio is available in all regions where SageMaker Unified Studio is supported. To learn more, refer to the SageMaker Unified Studio guide.
Quelle: aws.amazon.com

Anthropic’s Claude Sonnet 4.5 is now in Amazon Bedrock in AWS GovCloud (US)

Customers can now use Claude Sonnet 4.5 in Amazon Bedrock in AWS GovCloud (US-West) and AWS GovCloud (US-East) via US-GOV Cross-Region Inference. Claude Sonnet 4.5 is Anthropic’s most intelligent model, excelling at building complex agents, coding, and long-horizon tasks while maintaining optimal speed and cost-efficiency for high-volume use-cases. Claude Sonnet 4.5 currently leads the SWE-bench Verified benchmarks with enhanced instruction following, better code improvement identification, stronger refactoring judgment, and more effective production-ready code generation. This model excels at powering long-running agents that tackle complex, multi-step tasks requiring peak accuracy—like autonomously managing multi-channel marketing campaigns or orchestrating cross-functional enterprise workflows. In cybersecurity, it can help teams shift from reactive detection to proactive defense by autonomously patching vulnerabilities. For financial services, it can handle everything from analysis to advanced predictive modeling. Through the Amazon Bedrock API, Claude can now automatically edit context to clear stale information from past tool calls, allowing you to maximize the model’s context. A new memory tool lets Claude store and consult information outside the context window to boost accuracy and performance. To get started with Claude Sonnet 4.5 in Amazon Bedrock, read the News Blog, visit the AWS GovCloud (US) console console, Anthropic’s Claude in Amazon Bedrock product page, and the Amazon Bedrock pricing page. 
Quelle: aws.amazon.com

AWS Control Tower supports automatic enrollment of accounts

AWS Control Tower customers can now simply move their accounts to an Organizational Unit (OU) to enroll them under AWS Control Tower governance. This feature helps customers maintain consistency across their AWS environment and simplifies the account creation and enrollment processes. When enrolled, member accounts receive best practice configurations, controls, and baseline resources required for AWS Control Tower governance. Customers are no longer required to manually update accounts or re-register OUs when migrating accounts or making changes to their OU structure. When an account is moved to a new OU, AWS Control Tower automatically enrolls the account, applying the baseline configurations and controls from the new OU and removing those from the original OU. With this feature, customers can further simplify their new account provisioning workflows by creating an account and then moving it into the right OU using the AWS Organizations console or the CreateAccount and MoveAccount APIs. Customers on landing zone version 3.1 and higher can opt in to this feature by toggling the automatically enroll accounts flag in their Landing Zone settings or using the Create or UpdateLandingZone APIs by setting the value of the RemediationTypes parameter to Inheritance_Drift. To learn more about this functionality, review Move and enroll accounts with auto-enrollment. For a list of AWS Regions where AWS Control Tower is available, see the AWS Region Table.
Quelle: aws.amazon.com

AWS KMS now supports Edwards-curve Digital Signature Algorithm (EdDSA)

AWS Key Management Service (KMS) announces support for the Edwards-curve Digital Signature Algorithm (EdDSA). With this new capability, you can create an elliptic curve asymmetric KMS key or data key pairs to sign and verify EdDSA signatures using the Edwards25519 curve (Ed25519). Ed25519 provides 128-bit security level equivalent to NIST P-256, faster signing performance, and small signature size (64 bytes) and public key sizes (32 bytes). Ed25519 is ideal for situations that require small key and signature sizes, such as Internet of Things (IoT) devices and blockchain applications like cryptocurrency. This new capability is available in all AWS Regions, including the AWS GovCloud (US) Regions and the China Regions. To learn more about this new capability, see Asymmetric key specs section in the AWS KMS Developer Guide.
Quelle: aws.amazon.com

Amazon Cognito user pools now supports private connectivity with AWS PrivateLink

Amazon Cognito user pools now supports AWS PrivateLink for secure and private connectivity. With AWS PrivateLink, you can establish a private connection between your virtual private cloud (VPC) and Amazon Cognito user pools to configure, manage, and authenticate against your Cognito user pools without using the public internet. By enabling private network connectivity, this enhancement eliminates the need to use public IP addresses or relying solely on firewall rules to access Cognito. This feature supports user pool management operations (e.g., list user pools, describe user pools), administrative operations (e.g., admin-created users), and user authentication flows (sign in local users stored in Cognito). OAuth 2.0 authorization code flow (Cognito managed login, hosted UI, sign-in via social identity providers), client credentials flow (Cognito machine-to-machine authorization), and federated sign-ins via SAML and OIDC standards are not supported through VPC endpoints at this time. You can use PrivateLink connections in all AWS Regions where Amazon Cognito user pools is available, except AWS GovCloud (US) Regions. Creating VPC endpoints on AWS PrivateLink will incur additional charges; refer to AWS PrivateLink pricing page for details. You can get started by creating an AWS PrivateLink interface endpoint for Amazon Cognito user pools using the AWS Management Console, AWS Command Line Interface (CLI), AWS Software Development Kits (SDKs), AWS Cloud Development Kit (CDK), or AWS CloudFormation. To learn more, refer to the documentation on creating an interface VPC endpoint and Amazon Cognito’s developer guide. 
Quelle: aws.amazon.com

Amazon VPC Lattice now supports custom domain names for resource configurations

Starting today, VPC Lattice allows you to specify a custom domain name for a resource configuration. Resource configurations enable layer-4 access to resources such as databases, clusters, domain names, etc. across VPCs and accounts. With this feature, you can use resource configurations for cluster-based and TLS-based resources. Resource owners can use this feature by specifying a custom domain for a resource configuration and sharing the resource configuration with consumers. Consumers can then access the resource using the custom domain, with VPC Lattice managing a private hosted zone in the consumer’s VPC. This feature also provides resource owners and consumers control and flexibility over the domains they want to use. Resource owners can use a custom domain owned by them, or AWS, or a third-party. Consumers can use granular controls to choose which domains they want VPC Lattice to manage private hosted zones for.
This feature is available at no additional cost in all AWS Regions where VPC Lattice resource configuration is available. For more information, please read our blog or visit the Amazon VPC Lattice product detail page and Amazon VPC Lattice documentation.
Quelle: aws.amazon.com

AWS Backup now supports AWS KMS customer managed keys with logically air-gapped vaults

AWS Backup now supports encrypting backups in logically air-gapped vaults with AWS Key Management Service (KMS) customer managed keys (CMKs). This enhancement provides additional encryption options beyond the existing AWS-owned keys, helping organizations meet their regulatory and compliance requirements. You can now create logically air-gapped vaults using your own customer managed keys (CMKs) in AWS KMS, giving you more control over your backup protection strategy. Whether you want to use keys from the same account or across accounts, you maintain centralized key management while preserving the security benefits of logically air-gapped vaults. This integration works seamlessly with your existing logically air-gapped vaults and other AWS Backup features, ensuring no disruption to your backup workflows. AWS KMS customer managed key support with logically air-gapped vaults is available in all AWS Regions where logically air-gapped vaults are currently supported. You can get started with logically air-gapped vault support for CMKs using the AWS Backup console, API, or CLI. When creating a new logically air-gapped vault, you can now choose between an AWS-owned key or your own CMK for encryption. For more information about implementing this feature, visit the AWS Backup product page, documentation, and blog.
Quelle: aws.amazon.com

AWS Advanced .NET Data Provider Driver is Generally Available

The Amazon Web Services (AWS) Advanced .NET Data Provider Driver is now generally available for Amazon RDS and Amazon Aurora PostgreSQL and MySQL-compatible databases. This advanced database driver reduces RDS Blue/Green switchover and database failover times, improving application availability. Additionally, it supports multiple authentication mechanisms for your database, including Federated Authentication, AWS Secrets Manager authentication, and token-based authentication with AWS Identity and Access Management (IAM). The driver builds on top of Npgsql PostgreSQL, native MySql.Data, and MySqlConnector drivers to further enhance functionality beyond standard database connectivity. The driver is natively integrated with Aurora and RDS databases, enabling it to monitor database cluster status and quickly connect to newly promoted writers during unexpected failures that trigger database failovers. Furthermore, the driver seamlessly works with popular frameworks like NHibernate and supports Entity Framework (EF) with MySQL databases. The driver is available as an open-source project under the Apache 2.0 license. Refer the instructions on the on the GitHub repository to get started. 
Quelle: aws.amazon.com