Cloud Computing Köln

Amazon CloudFront now supports SHA-256 for signed URLs and signed cookies

Amazon CloudFront now supports SHA-256 as a hash algorithm for creating signed URLs and signed cookies. SHA-256 provides an improved security posture with stronger collision detection and alignment with modern cryptographic standards, giving you stronger cryptographic signing when restricting access to content. Previously, CloudFront signed URLs and signed cookies used SHA-1 exclusively for signature generation. This feature helps you meet security and compliance requirements that mandate SHA-256 for digital signatures, while also future-proofing your content delivery workflows. To use SHA-256, include the Hash-Algorithm=SHA256 query parameter in your signed URLs, or the CloudFront-Hash-Algorithm=SHA256 cookie attribute for signed cookies. Existing signed URLs and signed cookies that don’t specify a hash algorithm continue to use SHA-1, so this change is fully backwards compatible.
This feature is available in all edge locations where Amazon CloudFront is available. There is no additional cost to use SHA-256 signing. To learn more, see Create a signed URL using a canned policy or Set signed cookies using a canned policy in the Amazon CloudFront Developer Guide.
Quelle: aws.amazon.com

AWS VPC Encryption Controls now available in AWS GovCloud (US) Regions

AWS launches VPC Encryption Controls in AWS GovCloud (US) Regions to make it easy to audit and enforce encryption in transit within and across Amazon Virtual Private Clouds (VPC), and demonstrate compliance with encryption standards. You can turn it on your existing VPCs to monitor encryption status of traffic flows and identify VPC resources that are unintentionally allowing plaintext traffic. This feature also makes it easy to enforce encryption across different network paths by automatically (and transparently) turning on hardware-based AES-256 encryption on traffic between multiple VPC resources including AWS Fargate, Network Load Balancers, and Application Load Balancers.
To meet stringent compliance standards like HIPAA, PCI DSS, FedRAMP, and FIPS 140-2, government customers rely on both application layer encryption and the hardware-based encryption that AWS offers across different network paths. AWS provides hardware-based AES-256 encryption transparently between modern EC2 Nitro instances. AWS also encrypts all network traffic between AWS data centers in and across Availability Zones, and AWS Regions before the traffic leaves our secure facilities. All inter-region traffic that uses VPC Peering, Transit Gateway Peering, or AWS Cloud WAN receives an additional layer of transparent encryption before leaving AWS data centers. Prior to this release, customers had to track and confirm encryption across all network paths. With VPC Encryption Controls, customers can now monitor, enforce and demonstrate encryption within and across Virtual Private Clouds (VPCs) in just a few clicks. Your information security team can turn it on centrally to maintain a secure and compliant environment, and generate audit logs for compliance and reporting.
With this launch, VPC Encryption Controls is now available in AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. To learn more about this feature and its use cases, please see our documentation.
Quelle: aws.amazon.com

Amazon Managed Service for Apache Flink now supports Apache Flink 2.2

Amazon Managed Service for Apache Flink now supports Apache Flink version 2.2. This is a major upgrade that brings runtime improvements such as Java 17 support, RocksDB 8.10.0 for better I/O performance, and serialization enhancements. Additionally, Dataset API and Scala APIs are now deprecated. You can create a new application on Apache Flink 2.2 or use in-place version upgrades to adopt the Flink 2.2 runtime for a simpler and faster upgrade to compatible applications. Amazon Managed Service for Apache Flink makes it easier to transform and analyze streaming data in real time across various use cases, including real-time analytics, anomaly detection, and complex event processing. Amazon Managed Service for Apache Flink simplifies the setup, operation, and scaling of Apache Flink applications, allowing developers and data engineers to focus on building and running their streaming applications without managing the underlying infrastructure. Apache Flink 2.2 is available across AWS regions where Amazon Managed Service for Apache Flink is offered. You can learn more about Apache Flink 2.2 in Amazon Managed Service for Apache Flink in our documentation. 
Quelle: aws.amazon.com

AWS IAM Identity Center is now available in AWS European Sovereign Cloud (Germany) Region

You can now deploy AWS IAM Identity Center in the AWS European Sovereign Cloud (Germany) Region. The AWS European Sovereign Cloud is a new independent cloud for Europe entirely located within the European Union (EU), designed to help customers meet their evolving sovereignty requirements.
IAM Identity Center is the recommended service for managing workforce access to AWS applications. It enables you to connect your existing source of workforce identities once and to offer your users a single sign-on experience across the AWS European Sovereign Cloud. It powers the personalized experiences provided by AWS applications, and the ability to define and audit user-aware access to data in AWS services. It can also help you manage access to multiple AWS accounts from a central place. IAM Identity Center is available at no additional cost.
To learn more about IAM Identity Center, visit the product detail page. To get started, see the IAM Identity Center user guide.
Quelle: aws.amazon.com

Amazon OpenSearch Service introduces agentic AI for log analytics

Amazon OpenSearch Service now offers agentic AI capabilities that enable engineering and support teams to analyze log data through an agentic conversational interface. These agentic AI features help simplify log querying and accelerate incident investigations by allowing teams to interact with data using natural language, plan and initiate autonomous root cause analysis, and persist conversation as they navigate through their Observability workspace in OpenSearch UI. This launch introduces three key capabilities available at no additional cost (token-based usage limits apply). Agentic chat enables you to ask questions in natural language to analyze data, generate and iterate Piped Processing Language (PPL) queries in Discover, and analyze visualizations for insights. When deeper root cause analysis is needed, you can trigger the investigation agent to autonomously and iteratively plan for the investigation, execute queries, reflect on results, and then deliver structured root cause hypotheses ranked by likelihood with full transparency into its reasoning. With agent memory, you can seamlessly continue your conversation across different feature pages or in a new web session. You can use the agentic AI features in the following AWS Regions: Asia Pacific (Tokyo), Asia Pacific (Sydney), Europe (Frankfurt), Europe (Stockholm), Europe (Spain), Europe (Ireland), US East (N. Virginia), US East (Ohio), and US West (Oregon). To learn more, see Agentic AI in Amazon OpenSearch Service. For more information about Amazon OpenSearch Service, see the Amazon OpenSearch Service product page.
Quelle: aws.amazon.com