Aug 2018

AWS Database Migration Service (DMS) now enables you to migrate and replicate data from any AWS DMS supported sources to Amazon Elasticsearch Service and Amazon Kinesis Data Streams.  Replicating data from your data sources directly into Amazon Elasticsearch Service and Amazon Kinesis Data Streams reduces latency so you can search and analyze your data in near real time.

Moving your data to Amazon Elasticsearch Service provides you with near real-time search capabilities, at scale. It enables you to perform search on your data faster as compared to searching for data in a relational database source. For example, an e-commerce company can stream customer order data to Amazon Elasticsearch Service using AWS DMS and combine data fields in transit using mappings to get real-time customer insights.

Moving your data to Amazon Kinesis Data Streams enables you to start analyzing your data immediately without any delay. It enables you to perform real time analytics on your data to get insights faster than what you would normally see with relational database sources. For example, you can use AWS DMS to stream point-of-sale data from an on-premises Microsoft SQL Server database to Amazon Kinesis Data Streams to analyze purchasing trends in real time.

For more information, see Amazon Kinesis Data Streams as a target and Amazon Elasticsearch Service as a target.

For AWS DMS availability, refer to the AWS Region Table. 

 

You can now view, manage, and monitor your serverless applications directly from the AWS Lambda console using the new Applications menu. This allows you to perform application level actions such as viewing all resources that together make up your application, and monitoring performance, errors, and traffic metrics for the application.

Amazon Connect now provides a new contact API that lets you update or add attributes to a contact. Contact attributes are key-value pairs of data about a contact, such as the name of the caller, why they called, or the quality of service they received. Until now, these attributes could only be set within a contact flow which ran before the call was connected to an agent. With this API, you can add or update attributes programmatically from your business apps like CRM, either during or after the customer interaction occurs. For example an agent might add an attribute to indicate the caller should be called back, or a manager might update an attribute after the call ends to grade the quality of service. You can even update the contact attributes months later to flag contacts for training or legal reviews. To learn more, see the API documentation.

AWS CodeBuild now supports build projects with multiple input sources and output artifacts. Your projects can now use one or more sources from Amazon S3, AWS CodeCommit, GitHub, GitHub Enterprise, or Bitbucket and can upload multiple sets of artifacts to one or more Amazon S3 buckets. You can also configure your project to have no input source. You can now use the AWS CodePipeline integration with CodeBuild to create a pipeline with multiple input and output artifacts to a CodeBuild project.

The Amazon Kinesis Video Streams Producer SDK is now available for Microsoft Windows to help you stream video into AWS from sources such as webcams, USB cameras, or RTSP (network) cameras connected to your Microsoft Windows machine.

Amazon Kinesis Video Streams makes it easy to securely stream video from millions of connected devices to AWS for real-time machine learning (ML), storage, and batch-oriented processing and analytics. It also durably stores, encrypts, and indexes video data in your streams, and allows you to access your data through easy-to-use APIs.

Amazon Kinesis Video Streams provides Producer SDKs in C++ and Java that you can build, configure, and install on devices. This software makes it easier to securely and reliably stream video into AWS frame-by-frame in real-time. In addition to Mac OS, Android, Linux, and Raspbian, the C++ Producer SDK is now also available for Microsoft Windows. Developers can use the Minimal GNU for Windows (MinGW) or the Microsoft Visual Studio C++ Compiler (MSVC) to build the producer SDK from source and start streaming from cameras connected to a Microsoft Windows machine. Additionally, we have also packaged the Producer SDK GStreamer Plug-in for Windows as a Docker image so you can simply do a Docker pull and get started with streaming video in minutes. Please refer the developer documentation to learn more.

Refer to the AWS global region table for Amazon Kinesis Video Streams availability. 

AWS WAF now supports full logging of all web requests inspected by the service. Customers can store these logs in Amazon S3 for compliance and auditing needs as well as use them for debugging and additional forensics. The logs will help customers understand why certain rules are triggered and why certain web requests are blocked. Customers can also integrate the logs with their SIEM and log analysis tools. 

Amazon Elastic Container Service (Amazon ECS) now includes integrated service discovery in EU (Frankfurt), EU (London), Asia Pacific (Tokyo), Asia Pacific (Sydney), and Asia Pacific (Singapore) regions.

Amazon ECS service discovery makes it easy for your containerized services to discover and connect with each other. Amazon ECS creates and manages a registry of service names using the Route53 Auto Naming API so you can refer to a service by name in your code and write DNS queries to have the service name resolve to the service’s endpoint at runtime.

Today, service discovery is availablefor all networking modes for EC2 launch type or with AWS Fargate.

To learn more, visit the Amazon ECS Service Discovery documentation.  

You can use Amazon ECS Service Discovery in all AWS regions where Amazon ECS and Amazon Route 53 Auto Naming are available. These now include EU (Frankfurt), EU (London), Asia Pacific (Tokyo), Asia Pacific (Sydney), and Asia Pacific (Singapore) regions in addition to US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), and EU (Ireland) regions where ECS service discovery was already available.

Amazon MQ is now available in ten regions with the addition of the Asia Pacific (Singapore) region. 

Amazon Elastic Container Service for Kubernetes (EKS) platform version eks.2 is now available. This update enables API Aggregation for EKS clusters, adding support for Horizontal Pod Auto Scaling and the Kubernetes Metrics Server.

The AWS Serverless Application Model (SAM) Command Line Interface (CLI) lets you locally build, test, and debug serverless applications defined by AWS SAM templates. You can now use SAM CLI to debug Lambda functions written in Go in addition to those written in Java, Python, and Node.js. You can also use the sam local generate-event command to generate sample event payloads for 50+ events.

Amazon Route 53 Auto Naming is now available in five additional AWS regions: EU (Frankfurt), EU (London), Asia Pacific (Tokyo), Asia Pacific (Singapore), and Asia Pacific (Sydney).

Amazon Route 53 Auto Naming simplifies the management of DNS names and health checks for microservices that run on top of AWS when microservices scale up and down. You can call the Auto Naming APIs to create a service, and then register instances of that service with a single API call. Amazon Route 53 Auto Naming will automatically populate the DNS records and optionally create a health check for the service endpoint. When a new service instance is registered, you can access it by making a simple DNS query for the service name.

Amazon Route 53 Auto Naming API powers Amazon Elastic Container Service (Amazon ECS) service discovery functionality and enables unified service discovery for services managed by Amazon ECS and Kubernetes.

You can use Amazon Route 53 Auto Naming APIs in the following AWS regions: US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), EU (Ireland), EU (Frankfurt), EU (London), Asia Pacific (Tokyo), Asia Pacific (Singapore), and Asia Pacific (Sydney) regions. For more information on AWS regions and services, please visit the AWS global region table.

To learn more about Amazon Route 53 Auto Naming, please see our documentation and product page.

Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. Amazon GuardDuty is now a HIPAA Eligible Service.  

Starting today, AWS IoT Core is enabling customers to create additional AWS IoT Core endpoints for their account in each region that will serve an Amazon Trust Services (ATS) signed certificate instead of a VeriSign signed certificate. Using ATS endpoints will help customers avoid potential issues resulting from the upcoming distrust of Symantec Certificate Authorities (CAs) by Google (announcement), Apple (announcement), and Mozilla (announcement) as the ATS root CAs are trusted by default in most popular browsers and operating systems. For more information on how to get started with ATS endpoints refer to this blog post.

You can now control the rate at which your application records the service requests through X-Ray console, AWS SDKs, and X-Ray API. This helps you control costs and adjust sampling rate during an operational event without the need to redeploy or restart your application. 

Starting today, you can use AWS Secrets Manager to rotate credentials for Oracle, Microsoft SQL Server, or MariaDB databases hosted on Amazon Relational Database Service (Amazon RDS) automatically. Rotating credentials is a security best practice that helps you meet your security and compliance requirements.

You can now use Amazon Simple Queue Service (SQS) with encrypted queues in the AWS GovCloud (US) Region. The addition of server-side encryption (SSE) to SQS helps you to protect sensitive data with encrypted queues.  

Amazon WorkSpaces Web Access is now available for WorkSpaces running Windows 10, previously available only for Windows 7. You can access your Windows 10 WorkSpaces via Chrome or Firefox web browsers running on Windows, Mac OS, Linux, or Chrome OS. With Web Access, you don't have to download or install anything, and you can securely access your WorkSpace from a public computer without leaving any private or cached data behind.

The AWS Serverless Application Repository enables developers across teams and organizations to discover, deploy, store, and share serverless apps. Today, we added sorting functionality and launched improvements to our search ranking algorithm so you can find pre-built applications that match your use case faster than before.

AWS Systems Manager, which provides a unified user interface and allows you to automate operational tasks across your AWS resources, now supports calling a broad range of AWS APIs in your Systems Manager Automation workflows. You can author workflows using three new AWS API Actions – Execute, Assert, and Wait, while utilizing the benefits of Automation service such as safe at-scale operation with approvals.

Amazon WorkDocs users can now share files from Microsoft Windows with a single click.

Amazon RDS Performance Insights, an advanced database performance monitoring feature that makes it easy to diagnose and solve database performance challenges, is now generally available for Amazon Relational Database Service (RDS) for MySQL. This release supports MySQL version 5.7.22 and higher.

AWS Direct Connect is now live at its first location in the Middle East in Dubai, United Arab Emirates at Equinix DX1. In the Management Console, this location can be found under its home region of EU (Ireland). Customers in the Middle East can now establish a dedicated network connection from their premises to AWS. With global access for AWS Direct Connect, you can use this location and reach AWS resources in any global AWS region using global public VIFs and Direct Connect Gateway. When connecting to any AWS region, your data will not hairpin via the home region of EU (Ireland) if it is not in the shortest path to your desired AWS region.

Amazon DynamoDB global tables are now available in the US West (N. California) and EU (London) Regions. With global tables, you can give massively scaled, global applications local access to an Amazon DynamoDB table for fast read and write performance. You also can use global tables to replicate DynamoDB table data to additional AWS Regions for higher availability.

Global tables build upon the global footprint of DynamoDB to deliver a fully managed, multi-region, multi-master database. Global tables enable you to replicate table updates automatically across the AWS Regions you select, and you can set them up with just a few clicks in the AWS Management Console or by using the AWS SDK. There are no upfront costs or long-term commitments required. You pay only for the resources you provision.

With this launch, DynamoDB global tables are now available in the US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), EU (Frankfurt), EU (Ireland), and EU (London) Regions.

For global tables pricing in the EU (London) and US West (N. California) Regions, see Global Tables Pricing.

AWS Direct Connect has added new locations in Paris at Interxion PAR7 and in Taipei at Chunghwa Telecom. In the Management Console, these sites can be found under their respective home regions of EU West (Paris) and Asia Pacific (Tokyo). With global access for AWS Direct Connect, these sites can reach AWS resources in any global AWS region using global public VIFs and Direct Connect Gateway. Customers connecting to any AWS region will not have their data hairpin via the home regions if it is not in the shortest path to their desired AWS region.

You can now index your thing groups within your AWS IoT Device Management Fleet Index, allowing you to quickly find your thing groups based upon name, attribute, description, and/or parent group name. For example, you can query your fleet index to find your groups that have a firmware version attribute between V1 - V4, or find all child groups under your “TestDevices” parent group.

The AWS Deep Learning AMIs for Ubuntu and Amazon Linux now come with newer versions of the following deep learning frameworks and interfaces: TensorFlow 1.10 optimized for AWS for higher performance, Horovod 0.13.11 with OpenMPI 3.1.0 optimized for distributed multi-GPU TensorFlow training on Amazon EC2 P3 instances, PyTorch with CUDA 9.2 optimized for model training on Amazon EC2 P3 instances, Chainer 4.3.1, and Keras 2.2.2.  

Amazon FreeRTOS over-the-air (OTA) update feature is now generally available. You can use OTA updates to remotely deploy security updates, bug fixes, and new firmware images to microcontroller-based devices in the field.

Amazon SageMaker now supports version 1.9 in its pre-built TensorFlow containers. This makes it easier to run TensorFlow scripts, while taking advantage of the capabilities Amazon SageMaker offers, including a library of high-performance algorithms, managed and distributed training with automatic model tuning, one-click deployment, and managed hosting.  

Available today, in addition to a JavaScript library, AWS Amplify now provides a complete CLI (Command Line Interface) Toolchain for developing mobile and web applications in the cloud with Serverless backend components. These features allow developers to build, customize, and deploy applications in a familiar, category-based style with architectural best-practices built in.

Starting today, Amazon EC2 T2 Unlimited instances are available in the AWS GovCloud (US-West) Region.

The AWS Quick Start team and solutions architects, in collaboration with AWS partners, have published three new Amazon Connect integrations that offer contact center solutions.

You can now containerize your custom analysis code, automate its execution on a set schedule, and analyze only the incremental data you need when you need it.  

Amazon Rekognition is a deep learning-based image and video analysis service that can identify objects, people, text, scenes, and activities, as well as detect any inappropriate content. Amazon Rekognition now includes a DescribeCollection API that allows you to discover information about your face collections, such as the number of faces stored or the face model version you are currently using, to make it easier to manage collections. Given a face collection identifier known as a CollectionId, the DescribeCollection API returns the following information:

Amazon Elastic Container Service for Kubernetes (EKS) now has an updated EKS-optimized Amazon Machine Image (AMI) and CloudFormation template that make it easier to provision worker nodes for your Amazon EKS cluster on AWS.

Amazon Elastic Container Service for Kubernetes (EKS) now supports running containers on GPU-enabled EC2 instances.

Today, Amazon Lightsail announces a significant price drop of up to 50% for all of its virtual server plans. Now, you can run a full virtual server, including SSD disk and a healthy allowance of free data transfer, starting at $3.50/month. As a Lightsail customer, you'll automatically benefit from the new, lower prices, with no action required. The new prices apply to all Lightsail instances starting August 1, 2018.

This Quick Start deploys a visual effects (VFX) workstation environment with AWS services and Teradici software on the AWS Cloud in about 30 minutes.

AWS CloudFormation now supports AWS PrivateLink , enabling you to use CloudFormation APIs inside of your Amazon Virtual Private Cloud (VPC) and route data between your VPC and CloudFormation entirely within the AWS network.

With AWS PrivateLink, you can provision and use VPC endpoints to access supported services hosted in the AWS Cloud. AWS PrivateLink is a purpose-built technology designed to access AWS services in a highly available and scalable manner, while keeping all the network traffic within the AWS network. By using CloudFormation with Amazon VPC endpoints, your VPC resources can communicate with CloudFormation within the AWS network, which helps you meet your requirements to limit public internet connectivity.

CloudFormation support for AWS PrivateLink is available in US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Canada (Central), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Frankfurt), EU (Ireland), EU (London), and South America (Sao Paulo) Regions.

For more information about PrivateLink, see Accessing Services Through AWS PrivateLink in the Amazon VPC User Guide. For more information on how to create a VPC endpoint, see Interface VPC Endpoints (AWS PrivateLink) in the AWS CloudFormation user guide.

To learn more about AWS CloudFormation, please visit our documentation page.
 

Now, it’s easier to use Amazon DynamoDB local, the downloadable version of DynamoDB, to help you develop and test your DynamoDB applications by using the new DynamoDB local Docker image.

With the new DynamoDB local Docker image, you can build and prototype applications quickly by using a version of DynamoDB running in your development environment with all the dependencies and necessary configuration built in. The new Docker image also enables you to include DynamoDB local in your containerized builds and as part of your continuous integration testing. Using DynamoDB local does not require an internet connection and DynamoDB local works with your existing DynamoDB API calls. There are no provisioned throughput, data storage, or data transfer costs with DynamoDB local.

DynamoDB local is now available to download as a self-contained Docker image or a .jar file that can run on Microsoft Windows, Linux, macOS, and other platforms that support Java.

To learn more about the new DynamoDB local Docker image, see the DynamoDB local public repository on Docker Hub.

Amazon Chime call me is a new audio feature that makes it more convenient for you to join Chime meetings by phone. Whether you’re working from home or on the go from any device, you can simply enter your telephone number into the Chime web application, and Chime will call you and add you to the meeting. With the call me feature, you can join your meetings on time, even if you need to join from a telephone and not using the Chime application. Chime also remembers the last number you entered, so you won’t need to re-enter it for future meetings.

AWS Key Management Service (KMS) has increased the request rate limit for a core set of KMS API operations, including Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, GenerateRandom, and ReEncrypt. The request rate limits have been increased from 1,200 requests per second to 10,000 requests per second in US East (Northern Virginia), US West (Oregon), and EU (Ireland) regions. In all other regions where KMS is available, the limits are increased to 5,500 requests per second. These limit increases make it easier for you to scale your KMS operations.

Amazon Web Services (AWS) is introducing the next generation Amazon Elastic Compute Cloud (EC2) burstable general-purpose instances, T3. T3 instances offer a balance of compute, memory, and network resources and are designed to provide a baseline level of CPU performance with the ability to burst above the baseline when needed. T3 instances are powered by the AWS Nitro System which includes a lightweight hardware-accelerated hypervisor, delivering practically all of the compute and memory resources of the host hardware to the instances. T3 instances also feature the latest high frequency Intel Xeon Scalable processors which combined with the AWS Nitro System result in up to a 30% better price to performance improvement over T2 instances. These new Xeon Scalable processors feature new AVX-512 instructions that can further accelerate performance. T3 instances also support Enhanced Networking with up to 5 Gbps in network bandwidth using the Amazon Elastic Network Adaptor.

Amazon Athena is an interactive query service that makes it easy analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run. Today, we are releasing a new version (2.0.5) of the JDBC driver that can deliver up to 2x better performance when fetching results less than 10,000 rows, and approximately 5-6x better performance when fetching results larger than 10,000 rows, compared to the old driver. The feature is enabled by default.

Amazon ElastiCache adds support for in-place version upgrades for Redis Cluster, the sharded and highly-available Redis. Now you can upgrade your Redis Cluster environments to the latest version without manual steps or application changes. Amazon ElastiCache already supports in-place version upgrades for non-Redis Cluster mode Redis.

The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard that specifies the security requirements for cryptographic modules that protect sensitive information. FIPS validated cryptographic modules are used to provide FIPS 140-2 compliant endpoints. FIPS is also important for supporting FedRAMP High workloads, as cryptography must be employed in a FIPS-compliant manner throughout a FedRAMP solution in the cloud.

The following AWS services now offer FIPS 140-2 compliant end points in the AWS GovCloud (US) Region:
• Amazon Polly
• AWS Lambda
• Amazon Server Migration Service (SMS)
• Amazon API Gateway

See the FIPS 140-2 webpage for a full list of AWS services with FIPS 140-2 compliant end points.

Learn more with the Cryptographic Module Validation Program and AWS GovCloud (US) FIPS Documentation.  

AWS Systems Manager now supports new insights, giving you greater visibility into the inventory state of instances that you manage.

Amazon Aurora Auto Scaling automatically adds and removes Aurora Replicas in response to changes in performance metrics that you specify. This feature is now available in the PostgreSQL-compatible edition of Aurora.

AWS Device Farm now let’s you customize your test execution environment to match your specific needs. You can now specify the dependencies your project needs and the exact commands to be run during test execution, to ensure your tests run precisely like they do in your local environment. Device Farm is also introducing live log and video streaming to provide you instant feedback on your tests.

AWS CloudFormation now supports Secure String Parameter from AWS Systems Manager Parameter Store. A Secure String parameter is any sensitive data that needs to be stored and referenced in a secure manner. Now, you can use the Parameters section in your CloudFormation templates to dynamically reference Secure Strings into your templates each time you create or update your stack without exposing the values as clear text. CloudFormation retrieves the value of the specified Secure String Parameter from the Parameter Store when necessary and use it during stack operations.

To learn more about dynamic references and CloudFormation resources that support dynamic references for Secure String Parameter from AWS Systems Manager Parameter Store, please visit AWS CloudFormation documentation.

The CloudFormation support for Secure String as a parameter in templates is available in the following regions: US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Canada (Central), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Frankfurt), EU (Ireland), EU (London), EU (Paris), South America (São Paulo), and AWS GovCloud (US).
 

You can now use AWS CloudFormation templates to quickly deploy solutions that use Amazon Simple Notification Service (SNS) message filtering. 

You can now use the Elastic Beanstalk console to review all your pending configuration option changes before applying them to your Elastic Beanstalk application environment.

This Quick Start deploys a Corda Enterprise node on the Amazon Web Services (AWS) Cloud. The Quick Start was created by APN Partner R3 in collaboration with AWS.

This Quick Start deploys a Corda node on the Amazon Web Services (AWS) Cloud. The Quick Start was created by APN Partner R3 in collaboration with AWS.

Starting today, AWS Shield Advanced allows you to easily create Rate-Based Rules (RBRs) with just a few clicks in its upgraded onboarding wizard. Additionally, the wizard also enables you to better monitor your protected resources by allowing you to quickly setup Amazon CloudWatch alarms on Distributed Denial of Service (DDoS) metrics published by the service . 

Introducing email reports for QuickSight! Customers can now automatically send elegant reports directly to their users' inbox on a daily, weekly, or monthly schedule, keeping them up to date on the latest data. Now readers and authors can get access to their information delivered straight to their inbox. They can click into their QuickSight account when they need to dive in and explore their interactive dashboards. Email Reports are available today for all Enterprise Edition customers.

Starting today, Amazon Data Lifecycle Manager (DLM) for EBS Snapshots is available in 11 more AWS regions. DLM provides a simple, automated way to back up data stored on Amazon EBS volumes. With this feature, you no longer have to rely on custom scripts to create and manage your backups. 

This Quick Start builds a data lake environment for building, training, and deploying machine learning (ML) models with Amazon SageMaker on the Amazon Web Services (AWS) Cloud. The deployment takes about 10-15 minutes and uses AWS services such as Amazon Simple Storage Service (Amazon S3), Amazon API Gateway, Amazon Kinesis Data Streams, and Amazon Kinesis Data Firehose.

Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to discover insights and relationships in text. Starting today, Amazon Comprehend is available in the AWS Asia Pacific (Sydney) Region. 

Amazon CloudWatch Dashboards is now available in AWS GovCloud (US) region. This allows you to create re-usable graphs and have unified operational view across your cloud resources and applications. 

You can now develop your AWS Elastic Beanstalk applications using PHP 7.2. The latest PHP version comes with numerous improvements and new features such as counting of non-countable objects, object typehint, new sodium extensions, and improved TLS constants to sane values. For the complete list of PHP 7.2 features, including a PHP migration guide visit the official PHP 7.2 release announcement. You can upgrade your existing AWS Elastic Beanstalk PHP environment using the Elastic Beanstalk console or through the AWS CLI and Elastic Beanstalk API. See Migrating an Environement to a New Configuration for additional details.

AWS Elemental MediaPackage is a video origination and just-in-time packaging service that allows video distributors to securely and reliably deliver streaming content at scale. From a single video input, AWS Elemental MediaPackage creates video streams formatted to play on connected TVs, mobile phones, computers, tablets, and game consoles. It makes it easy to implement popular video features commonly found on DVRs, such as start-over, pause, and rewind. The service can also protect your content using Digital Rights Management (DRM) technologies.

AWS IoT Core and AWS IoT Device Management are now available in the AWS GovCloud (US) Region.

Amazon Elastic File System (Amazon EFS) is now available in the Asia Pacific (Singapore) region.

Details: Amazon CloudFront announces two new Edge locations in Oslo, Norway, and Copenhagen, Denmark. Both of these Edge locations are the first in their respective countries and increase CloudFront’s capacity in the Nordics by 55%. CloudFront’s expansion across the Nordics further improves the availability and performance of content delivery to users in the region. Compared to CloudFront’s performance before the new locations were added, we expect that CloudFront end users will see a 35% reduction in latency for content delivery within Norway and Denmark.

A full list of CloudFront’s global locations is available on the CloudFront Details webpage.

We are pleased to announce the general availability of the latest release of AWS Thinkbox Deadline, v10.0.19. This release includes support for Clarisse CNode usage based licensing (UBL) via the AWS Thinkbox Marketplace for all customers globally. Clarisse CNode is part of the Clarisse suite of products that help 3D professionals create and render computer graphics (CG) content. The addition of Clarisse CNode expands customer options for rendering applications with the ability to quickly provision hundreds or thousands of Clarisse CNode render nodes without the need to procure permanent infrastructure and licenses. Using AWS Thinkbox Deadline, customers can combine existing software licenses with usage based licenses that are purchased by the hour from the Thinkbox Marketplace and metered by the minute.

To download the latest version of Deadline, visit the Downloads page. For more details on this release, please see the Deadline 10.0.19 release notes.

All Amazon SageMaker APIs are now fully supported on AWS PrivateLink, which increases the security of data shared with cloud-based applications by reducing the exposure of data to the public Internet. All communication between applications and Amazon SageMaker can be secured inside a Virtual Private Cloud (VPC).

Today, AWS AppSync launched a new quick-start that walks you through connecting AppSync to your Amazon Aurora database to create a new blog application. AWS AppSync is a serverless backend service for web and mobile applications that supports real-time data synchronization and offline capabilities. AppSync supports multiple data storage options, including Amazon DynamoDB, Amazon ElasticSearch Service, AWS Lambda, and HTTP data sources.

Lambda@Edge provides you access to various HTTP attributes such as URI, headers and query strings to customize the content delivered to your end-users. Starting today, you can also access the HTTP request body in your Lambda functions enabling you to execute custom logic and generate a response directly from the edge.

Developers typically use Web/HTML forms or Web Beacons/Bugs as a mechanism to collect data from end users and then process that data at their origins servers. With access to request body from your Lambda functions, you can now offload this logic to the edge and improve end-user latency. For example, if you have a static website with a ‘contact us’ web form, you can make a network call to an Amazon DynamoDB global table to save the data from your Lambda function. Or, if you are collecting end user behavior data through a web beacon on your website, you can directly log it to an Amazon Kinesis Firehose endpoint from the Lambda function, thereby simplifying your origin infrastructure.

There’s no additional fee for using this feature. To learn more about Lambda@Edge, visit the product page. For more information on how to use this new feature, see the following resources:

• To get started, see examples of Lambda functions showing how to access and modify request body
• Read the blogpost on how to build global data ingestion passthrough with Amazon CloudFront, Lambda@Edge and Amazon Kinesis Firehose
• For more information, see the documentation here. 

Amazon DynamoDB Backup and Restore provides the capability to easily create on-demand and continuous backups of your DynamoDB tables and restore from these backups, if needed. You can back up tables from a few megabytes to hundreds of terabytes of data, with no impact on the performance or availability of your production applications.

With on-demand backup and restore, you can create full backups of your DynamoDB table for data archiving and retention, helping you meet your corporate and governmental regulatory requirements. Point-in-time recovery (PITR) provides continuous backups of your DynamoDB table data, protecting you against accidental writes or deletes. When you enable PITR, you can recover that table from backup at any point in time from the moment you enable it to a maximum of the 35 preceding days.

DynamoDB backup and restore is now available in 16 AWS Regions: US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), EU (Paris), South America (Sao Paulo), and China (Beijing) region operated by Sinnet.

You can enable backup and restore for your DynamoDB table data with a single click in the AWS Management Console, a simple API call, or with the AWS Command Line Interface (CLI). To learn more about DynamoDB backup and restore, see Backup and Restore.
 

Amazon Elasticsearch Service now supports versions 5.6 and 6.3 for both open-source Elasticsearch and Kibana. Elasticsearch 5.6 includes a number of bug fixes and optimizations to improve search performance. Elasticsearch 6.3 offers autocomplete for Kibana queries and improvements to aggregation and ranking APIs. 

Amazon Elasticsearch Service now lets you easily upgrade your Elasticsearch clusters to newer versions without any downtime, using in-place version upgrades. With this new feature, you no longer need to go through the hassle of taking a manual snapshot, restoring it to a new cluster running the newer version of Elasticsearch, and updating all of your endpoint references. Instead, you can easily trigger the in-place version upgrade and Amazon Elasticsearch Service takes care of all the necessary steps in the background, ensuring that your cluster continues to operate while the upgrade is in process. 

AWS Direct Connect is now live in Kansas City, MO at the Netrality Properties 1102 Grand facility. This site can be found under its home region US East (Ohio) in the AWS Management Console. With global access for AWS Direct Connect, this site can reach AWS resources in any global AWS region using global public VIFs and Direct Connect Gateway. If you are connecting to any AWS region outside of the home region US East (Ohio), your traffic will take the shortest path to your desired AWS region and not hairpin via US East (Ohio).

Amazon Inspector expands Center for Internet Security's CIS Benchmarks support for Amazon Linux (v2018.03 and earlier), Red Hat Enterprise Linux (v6 and 7), CentOS Linux (v6 and 7), and Ubuntu Linux (v14.04 and 16.04). You can now run Inspector CIS assessments on these Linux distributions to check the configuration of your Amazon EC2 instances against the security configuration best practices developed by CIS.  

AWS Elemental MediaConvert now supports a new video rate control mode, Quality-Defined Variable Bitrate (QVBR) encoding. QVBR is designed to deliver consistently high-quality video viewing experiences while keeping your bit budget under control, saving up to 50% on storage and delivery costs. QVBR can be used in both 1-pass and 2-pass modes with all quality settings and resolutions. It is supported with both the AVC and HEVC codecs, and is available at no additional charge. To learn more, please visit the QVBR documentation page.

AWS CloudHSM now provides audit logging for management commands executed on your CloudHSM instances. These audit logs are generated on each of your HSM instances, and then delivered by CloudHSM to Amazon CloudWatch on your behalf. You can learn more about monitoring AWS CloudHSM Audit Logs in Amazon CloudWatch Logs here.

If you provisioned your AWS CloudHSM cluster prior to January 20, 2018, you will need to configure a service-linked role to enable delivery of your HSM instance audit logs to Amazon CloudWatch. Instructions on creating the service-linked role for CloudHSM are here. Other than enabling the service-linked role for CloudHSM, no action is necessary on your part to begin receiving the logs.

CloudHSM audit logs complement the two existing types of CloudHSM logs. The first is AWS CloudTrail logging, which records the API calls you make to the AWS CloudHSM service such as create-cluster or delete-hsm. The second is AWS CloudHSM Client logging, which records operations you perform on your CloudHSM instances using the CloudHSM client.

Please note this feature is for the new CloudHSM only, and does not apply to CloudHSM Classic.

AWS IoT Core is pleased to announce increased default service limits for all customers in all regions. Customers will now be granted 20,000 inbound publish requests per second, increased from 10,000. The full list of AWS IoT Core limits can be found on the AWS Service Limits page. Customers needing further limit increases can request them by creating a Service Limit Increase request from the Support Center in the AWS Console.

Amazon Aurora Serverless is a new deployment option that automatically starts, scales, and shuts down an Amazon Aurora database. It offers database capacity without the need to provision, scale, and manage any database servers. Aurora Serverless makes it easy and cost-effective to run applications with intermittent or cyclical usage patterns, and is now generally available for Amazon Aurora with MySQL compatibility.

You can now easily configure your containerized application to access storage volumes backed by Local instance storage, Amazon Elastic Block Storage (EBS) or Amazon Elastic File System (EFS) volumes through the use of Docker volume drivers and volume plugins such as Rex-Ray and Portworx.

Previously, if you wanted to deploy containerized applications that required access to storage volumes, you had to manually manage your storage volume using custom tooling such as bash scripts, lambda functions, and manual configuration of Docker volumes.

Now, with the support for Docker volumes, you can deploy stateful and storage-intensive applications on Amazon ECS. You have the flexibility to configure the lifecycle of the Docker volume and specify whether it is a scratch space volume specific to a single instantiation of a task, or a persistent volume that persists beyond the lifecycle of a unique instantiation of the task. You can also choose to use a pre-provisioned Docker volume that you have created before launching your Task.

To get started with this feature, first install your preferred Docker volume plugin (if needed) and simply specify the volume name, the volume driver, and the parameters when setting up a task definition via the AWS management console, CLI or SDK.

To learn more, visit the Amazon ECS documentation.  

Please visit the AWS region table to see all AWS regions where Amazon ECS is available.
 

You can now record changes to patch and association compliance statuses of AWS Systems Manager Managed Instances using AWS Config. Previously, you could only view the most recent status of a patch or association compliance for a managed instance. Now, with AWS Config, you can maintain a history of all changes to this data over time, and use it for your audit and compliance needs.

Amazon DynamoDB Accelerator (DAX) now supports encryption at rest for new DAX clusters to help you accelerate reads from Amazon DynamoDB tables in security-sensitive applications that are subject to strict compliance and regulatory requirements.

DAX provides you a fully-managed, highly available, in-memory cache that is capable of accelerating reads from DynamoDB tables by up to 10x, even at millions of requests per second. You can use DAX without making changes to your existing application logic and using your existing DynamoDB APIs calls. DAX manages cache invalidation and data population on your behalf. With the new encryption at rest support, you can also encrypt the storage for your DAX clusters to help you protect data on your DAX nodes, such as configuration and log files. This data is encrypted using AWS Key Management Service (AWS KMS).

DAX is available in the US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), South America (São Paulo), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), and Asia Pacific (Mumbai) Regions.

To learn more about DAX and encryption at rest, see DAX Encryption at Rest.
 

You can now access AWS CloudTrail from within a Virtual Private Cloud (VPC) using AWS PrivateLink. This enables you to connect to and route data to AWS CloudTrail using private IP addresses in your VPC through the Amazon network.

Amazon Inspector expanded security assessments to include Debian 8 and Debian 9 for Common Vulnerabilities & Exposures (CVE) and Security Best Practices. To run security assessments, simply install the Amazon Inspector Agent on the desired Amazon EC2 instances, configure your assessment in the Inspector console, and run your assessment.
 

You can now record analytics and messaging events directly using the Amazon Pinpoint Events Ingestion API. The API supports submission of events individually or in batches, updating user endpoints along with events generated by the user that can be used to record user events from your backend in addition to events recorded by your client application.

Starting today, AWS Secrets Manager enables you to delete secrets without requiring a recovery window. With this capability, you can now delete and recreate secrets, making it easier for you to manage automation jobs that create secrets.

AWS Systems Manager now adds AWS Config support to record history and track changes in patch and configuration compliance status of managed instances.  

Amazon Rekognition is now available in the Asia Pacific (Seoul) and Asia Pacific (Mumbai) regions.

Starting today, C5d instances are available in the AWS US West (N. California), Asia Pacific (Seoul), Asia Pacific (Singapore), Europe (Frankfurt), and Europe (London) Regions. C5d instances were first introduced in May 2018 and delivers C5 instances equipped with local NVMe-based SSD block level storage physically connected to the host server. C5d instances provide high-performance block storage for applications that need access to high-speed, low latency local storage like video encoding, image manipulation and other forms of media processing. It will also benefit applications that need temporary storage of data, such as batch and log processing and applications that need caches and scratch files.  

Starting today, M5d instances are available in the AWS US West (N. California) and Europe (Frankfurt) Regions. M5d instances were first introduced in June 2018 and delivers M5 instances equipped with local NVMe-based SSD block level storage physically connected to the host server. M5d instances are ideal for workloads that require a balance of compute and memory resources along with high-speed, low latency local block storage including data logging and media processing.

Amazon QuickSight now allows you to easily create rich metrics and calculations for dashboards without having to craft complex SQL statements and precompute at the data source. QuickSight authors can now create calculated fields and table calculations to evaluate running sum of measures, partitioned by set of dimension in a specified sort order, or calculate percentage contribution of a measure to the total within the partitioned dimension. Similarly, authors can create custom fields that measure the difference or percentage difference between preceding or succeeding metrics, partitioned by a dimension. Authors can also rank metrics or sub-dimensions within the partitioned dimension. Other functions enable authors to measure sum, average, count, minimum/maximum, and display leading and lagging values by an offset of 1 over partitioned dimension. All these functions are available in both SPICE and non-SPICE datasets.

Amazon Virtual Private Cloud (VPC) Flow Logs can now be directly delivered to Amazon Simple Storage Service (S3) using the AWS Command Line Interface (CLI) or through your Amazon EC2 or VPC console. You can now deliver VPC Flow Logs to both S3 and CloudWatch Logs.

Deliver VPC Flow Logs to S3 when you require simple, cost-effective archiving of your log events. Take advantage of the different storage classes of S3, such as Amazon S3 Standard-Infrequent Access, or write custom data processing applications using other solutions, such as Amazon Athena.

Deliver VPC Flow Logs to CloudWatch Logs to monitor your systems and applications. Generate and visualize metrics using Metric Filter Patterns and CloudWatch Dashboards, set up alerts on log-based metrics, or search log events using CloudWatch Logs while solving problems.

Learn about the pricing to export Amazon VPC Flow Logs to S3 or CloudWatch Logs here. Learn about how to send VPC Flow Logs to S3 and CloudWatch Logs here.

You can now use Amazon Redshift to directly query nested data in Apache Parquet, Apache ORC, JSON and Amazon Ion file formats stored in external tables in Amazon S3. Redshift Spectrum, a feature of Amazon Redshift, enables you to use your existing Business Intelligence tools and intuitive and powerful SQL extensions to analyze both scalar and nested data stored in your Amazon S3 data lake.

Amazon Redshift now enables short query acceleration by default to speed up execution of short-running queries such as reports, dashboards, and interactive analysis. Short query acceleration uses machine learning to provide higher performance, faster results, and better predictability of query execution times. 

Starting today, you can pay your AWS invoices with any US ACH enabled bank account. Adding a bank account is easy. Simply go to the Payment Methods page on the AWS Billing Console and provide your bank account number, routing number, billing address, and your driver’s license number (for personal accounts) or tax identification number (for business accounts).

AWS Config now enables you to delete your data by specifying a retention period for your configuration items. When you specify a retention period, AWS Config retains your configuration items for that specified period. You can choose a period between a minimum of 30 days and a maximum of 7 years (2,557 days). AWS Config automatically deletes configuration items older than your specified retention period. If you don’t specify a retention period, AWS Config continues to store configuration items for the default period of 7 years (2,557 days).

You can now record configuration changes to AWS Shield using AWS Config. AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. With Config, you can track changes to the protection settings, such as the resources being protected, and use this information to maintain a configuration change history for audit and operational troubleshooting purposes.

Introducing the AWS Nonprofit Competency Program, to help customers quickly, cost-efficiently, and securely leverage technology to scale mission impact and drive social change. 

The AWS Nonprofit Competency Program recognizes AWS Partner Network (APN) Partners who have demonstrated technical proficiency and proven customer success for nonprofit customers. 

Customers can now explore partner solutions across Donor Management and Marketing Tools, Fundraising and Operations Tools, and Consulting Partners. 

See our AWS Nonprofit Competency Partners. 

Amazon EC2 P3 instances are now available in the Europe (Frankfurt), Europe (London), Canada (Central), Asia Pacific (Sydney), Asia Pacific (Singapore) and China (Ningxia) AWS regions, bringing the total number of available regions to 14.

Amazon Redshift now enables you to write queries that refer to a column alias within the same query immediately after it is declared, improving the readability of complex SQL queries.

AWS Personal Health Dashboard now supports fine-grained access control so that you can setup permissions based on event metadata. This allows you to grant or deny access to an AWS Identity and Access Management (IAM) user based on such attributes as event types, event types of a particular service, or other role-based attributes.

You can now use AWS Glue in the Canada (Central) AWS region.

Amazon RDS for MySQL now supports delayed replication, which allows you to set a configurable time period for which a read replica lags behind the source database. In a standard MySQL replication configuration, there is minimal replication delay between the source and the replica. With delayed replication, you can introduce an intentional delay as a strategy for disaster recovery.

Amazon RDS for MySQL now supports MySQL Community Edition minor versions 5.6.40 and 5.7.22 in all AWS Regions. These new versions include a number of fixes and functionality improvements for the MySQL database engine.

Amazon Rekognition has launched improvements for Text-in-Image to increase the accuracy of text detection and to provide expanded support for text rotated -90 to +90 degrees from the horizontal axis.

Amazon RDS Performance Insights, an advanced database performance monitoring feature that makes it easy to diagnose and solve performance challenges on Amazon Relational Database Service (RDS) databases, is now available for Amazon Aurora with MySQL compatibility. It offers a free tier with 7 days of data retention and a paid long-term data retention option.

Amazon Aurora is now available to customers in AWS China (Ningxia) region, operated by NWCD. Aurora is a MySQL and PostgreSQL compatible relational database built for the cloud, that combines the performance and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases.

Amazon SageMaker now provides the latest version 1.2 of Apache MXNet. The built-in MXNet container within Amazon SageMaker makes it easy to run your deep learning scripts by taking advantage of the capabilities of SageMaker including distributed & managed training and real-time deployment of machine learning models.

We are happy to announce the release of NICE DCV (Desktop Cloud Visualization) version 2017.1.

With AWS Elemental MediaPackage, you can now create Amazon CloudFront distributions for live channels from the AWS Management Console. MediaPackage reliably prepares and protects video for delivery over the Internet. From a single video input, MediaPackage creates video streams with DVR-like features and digital rights management (DRM) that are formatted to play on connected TVs, mobile phones, computers, tablets, and game consoles. You can now pair these benefits with the secure, high-performance, and cost-effective global distribution of Amazon CloudFront for delivering live video to viewers.

Now you can use AWS Single Sign-On (SSO) to manage SSO access to more pre-integrated business applications such as SmartSheet, Trello, and Expensify. This expands the list of already pre-integrated business applications, such as Salesforce, Google Suite, and Office 365. For the full list of business applications pre-integrated with AWS SSO, see Supported Applications.

Alexa for Business now lets IT administrators monitor when shared devices are deregistered from the Alexa for Business account. Shared devices are placed in common areas, such as conference rooms and building lobbies, and are managed centrally with the Alexa for Business console. By knowing when shared devices are deregistered, you can take corrective action and delete the deregistered devices from the console.  

At AWS re:Invent 2017, we announced AWS IoT Device Defender, a fully managed service that helps you secure your fleet of IoT devices. Today, we are excited to announce the general availability of AWS IoT Device Defender. You can use AWS IoT Device Defender to adhere to recommended security best practices, to continuously monitor device behavior, and to receive alerts so you know when to investigate and mitigate security issues.

Amazon Polly is an AWS service that turns text into lifelike speech. We're excited to announce new Hindi language support and the release of our first bilingual voice. Aditi is a female voice that speaks Hindi and Indian English fluently.

You can now use Apache Flink 1.5.0 and Apache Livy 0.5.0 on Amazon EMR release 5.16.0. Flink 1.5.0 has several new features, including a new deployment model that supports dynamic resource allocation on YARN for efficient resource utilization, support for a broadcast state that allows replication of configuration rules and patterns to all parallel instances of a function, a new SQL CLI client to run ad-hoc queries on data streams, ability to store state information on local disks for faster and efficient failure recovery, and other performance and throughput updates for streaming jobs. Livy 0.5.0 brings in support for SparkSQL interpreter for running interactive SQL queries, ability to use multiple languages and share the SparkContext in a single session, ability to share variables across jobs, and other improvements. Additionally, you can now use the upgraded version of Apache Hadoop 2.8.4, Apache Spark 2.3.1, Presto 0.203, Apache Phoenix 4.14.0 and Apache MXNet 1.2.0.

You can create an Amazon EMR cluster with the release 5.16.0 by choosing the release label “emr-5.16.0” from the AWS Management Console, AWS CLI, or SDK. You can choose Flink, Livy, Hadoop, Spark, Presto, Phoenix, and MXNet to install these applications when you launch your EMR cluster. Please visit the Amazon EMR documentation for more information about the EMR release 5.16.0, Flink 1.5.0, Livy 0.5.0, Spark 2.3.1, Presto 0.203, Hadoop 2.8.4, Phoenix 4.14.0, and MXNet 1.2.0

Amazon EMR release 5.16.0 is now available in all supported regions for Amazon EMR.

We are announcing two new Amazon Kinesis Data Streams features that boost the performance of your Kinesis Data Streams applications: a new HTTP/2 data retrieval API and enhanced fan-out.

Customers can now use AWS Key Management Service (KMS) to manage encryption of data stored in the cloud by AWS Storage Gateway.  AWS KMS is a managed service that makes it easy for you to create and control encryption keys used to encrypt your data. Storage Gateway now supports AWS KMS for encryption of data stored in AWS by all gateway types. This includes virtual tapes managed by Tape Gateway, in-cloud volumes and EBS Snapshots created by Volume Gateway, and files stored as objects in Amazon Simple Storage Service (S3) by File Gateway. 

Amazon Chime now lets you choose Okta for configuring single-sign on (SSO). This means you can add and remove users, and change Chime permissions using your Okta directory. Changes made in Okta will be pushed to Chime automatically, which simplifies the administration of your Chime users. With Okta, your users can log into any of the Amazon Chime client apps using their corporate credentials, and you can apply your existing password policies for use with Chime.

AWS Certificate Manager (ACM) Private Certificate Authority (CA) is now available in the EU (London) Region, increasing the number of AWS Regions where ACM Private CA is available to ten. The expansion into a new AWS Region provides you more options to provision your ACM Private CA with the other AWS services you use.

AWS Greengrass is now available to customers in EU (Ireland) region. 

AWS Greengrass is software that lets you run local compute, messaging, data caching, sync, and ML inference capabilities for connected devices in a secure way. With AWS Greengrass, connected devices can run AWS Lambda functions, keep device data in sync, and communicate with other devices securely – even when not connected to the Internet. Using AWS Lambda, Greengrass ensures your IoT devices can respond quickly to local events, use Lambda functions running on Greengrass Core to interact with local resources, operate with intermittent connections, stay updated with over the air updates, and minimize the cost of transmitting IoT data to the cloud. Learn more about AWS Greengrass here. See the AWS Region Table for complete regional availability.

Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for you to add speech-to-text capability to your applications. Amazon Transcribe now supports a feature called Channel Identification that processes audio featuring multiple channels, and produces a single transcript of the speech annotated by the channel on which it was spoken.