Sep 2018

You can now create read replicas for an Amazon Aurora database in up to five AWS regions. This capability is available for Amazon Aurora with MySQL compatibility.

Amazon CloudWatch Agent now supports the ability to publish custom StatsD or collectd metrics to CloudWatch. You can leverage these custom metrics to create alarms for triggering notifications and auto-scaling actions or save them to dashboards for quick viewing in CloudWatch. 

Starting today, AWS X-Ray is now available in Europe (Paris) Region. 

Amazon RDS enables you to use AWS Identity and Access Management (IAM) to manage database access for Amazon RDS for PostgreSQL DB instances. Database administrators can now associate database users with IAM users and roles. By using IAM, you can manage user access to all AWS resources from a single location, avoiding issues caused by permissions that are out of sync on different AWS resources.

You can choose to use IAM for database user authentication simply by selecting a checkbox during the DB instance creation process. Existing DB instances can also be modified to enable IAM authentication. Once this feature is enabled, database administrators can associate new and existing database users to IAM users and roles. Credentials can then be managed via IAM without needing to manage users in the database. This includes expanding and restricting permission levels, associating permissions with different roles, and revoking access. IAM authentication also allows easier and safer integration with your applications running on EC2.

After configuring the database for IAM authentication, client applications authenticate to the database engine by providing temporary security credentials generated by the IAM Security Token Service. These credentials are used instead of providing a password to the database engine.

Database IAM authentication is available for Amazon RDS database instances running PostgreSQL versions 9.5.13, 9.6.9, and 10.4 (and higher).

To learn more about enabling IAM authentication for your database instance, please refer to the Amazon RDS documentation. To learn more about IAM, refer to the AWS Identity and Access Management page.

 

Amazon Elastic Container Service (Amazon ECS) now includes integrated service discovery in Canada (Central), South America (São Paulo), Asia Pacific (Seoul), Asia Pacific (Mumbai), and EU (Paris) regions.

Amazon ECS service discovery makes it easy for your containerized services to discover and connect with each other. Amazon ECS creates and manages a registry of service names using the Route53 Auto Naming API so you can refer to a service by name in your code and write DNS queries to have the service name resolve to the service’s endpoint at runtime.

Today, service discovery is availablefor all networking modes for EC2 launch type or with AWS Fargate.

To learn more, visit the Amazon ECS Service Discovery documentation.

You can use Amazon ECS Service Discovery in all AWS regions where Amazon ECS and Amazon Route 53 Auto Naming are available. These now include Canada (Central), South America (São Paulo), Asia Pacific (Seoul), Asia Pacific (Mumbai), EU (Paris), EU (Frankfurt), EU (London), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Singapore), US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), and EU (Ireland) regions. 
 

Notifications about changes to tags are now available via Amazon CloudWatch Events. This allows you to monitor tag states on your AWS resources.

Starting today, Amazon API Gateway supports importing and exporting APIs using the OpenAPI 3.0 API specification.

The OpenAPI specification is a widely adopted standard for documenting APIs. OpenAPI 3.0 is the latest version of the OpenAPI specification and offers a number of improvements over OpenAPI 2.

Support for this specification will allow our customers to improve API development and better compatibility with other tools in the API ecosystem.

The OpenAPI 3.0 support is available in all regions where API Gateway is available. To see all regions where API Gateway is available, see the AWS region table. To learn more and for a sample of the OpenAPI 3.0 specification, please visit the documentation here.

Please visit our product page for more information about Amazon API Gateway.

Amazon SageMaker is now available in the AWS GovCloud (US) region, an isolated region designed to address specific regulatory and compliance requirements of US Government agencies, as well as contractors, educational institutions, and other US customers that run sensitive workloads in the cloud.

AWS CodeCommit enables you to directly delete a file, get contents of a file, and access a folder through the AWS CLI, and SDKs. Previously, you needed to install and configure a Git client to perform any of these operations. Now, you can save time by quickly performing these actions in any of your CodeCommit repositories using the CLI or SDKs.

AWS Resource Groups is service that helps customers organize AWS resources into logical groupings. These groups can represent an application, a software component, or an environment. With this release, resource groups can now include more than fifty additional resource types, bringing the overall number of supported resource types to seventy-seven. Some of these new resource types include Amazon DynamoDB tables, AWS Lambda functions, AWS CloudTrail trails, and many more. Customers can now create resource groups that accurately reflect their applications, and take action against those groups, rather than against individual resources. To learn more on how customers can automate tasks on resource groups, see AWS Systems Manager.

You can now launch Apache ActiveMQ 5.15.6 brokers on Amazon MQ. This minor version of ActiveMQ contains several fixes and new features compared to the previously supported version, ActiveMQ 5.15.0. 

Amazon Route 53 Auto Naming is now available in five additional AWS regions: Canada (Central), South America (São Paulo), Asia Pacific (Seoul), Asia Pacific (Mumbai), EU (Paris) Region.

Amazon Route 53 Auto Naming simplifies the management of DNS names and health checks for microservices that run on top of AWS when microservices scale up and down. You can call the Auto Naming APIs to create a service, and then register instances of that service with a single API call. Amazon Route 53 Auto Naming will automatically populate the DNS records and optionally create a health check for the service endpoint. When a new service instance is registered, you can access it by making a simple DNS query for the service name.

Amazon Route 53 Auto Naming API powers Amazon Elastic Container Service (Amazon ECS) service discovery functionality and enables unified service discovery for services managed by Amazon ECS and Kubernetes.

You can use Amazon Route 53 Auto Naming APIs in the following 15 AWS regions: US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), EU (Ireland), EU (Frankfurt), EU (London), EU (Paris), Canada (Central), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Seoul), Asia Pacific (Mumbai), and South America (São Paulo) regions. For more information on AWS regions and services, please visit the AWS global region table.

To learn more about Amazon Route 53 Auto Naming, see our documentation and product page.

Amazon GameLift is now available in the AWS China (Beijing) Region operated by Sinnet.

Amazon GameLift is a managed service for deploying, operating, and scaling dedicated game servers for session-based multiplayer games. You can deploy your first game server in the cloud in just minutes, saving up to thousands of engineering hours in upfront software development and lowering the technical risks that often cause developers to cut multiplayer features from their designs. Built on AWS’s proven computing environment, Amazon GameLift lets you scale high-performance game servers up and down to meet player demand. You pay only for the capacity you use, so you can get started whether you’re working on a new game idea or running a game with millions of players.

Amazon GameLift is also available in US East (N. Virginia and Ohio), US West (Oregon and N. California), Central Canada (Montreal), EU Central (Frankfurt), EU West (London and Ireland), Asia Pacific South (Mumbai), Asia Pacific Northeast (Seoul and Tokyo), Asia Pacific Southeast (Singapore and Sydney), and South America East (São Paulo).

Please visit the Amazon GameLift product page for more information.

AWS Elemental MediaConvert now offers a new reserved pricing model that lowers costs for predictable, non-urgent media workloads. By purchasing reserved transcoding slots, you get access to fixed parallel processing capacity for a set monthly rate, with an annual commitment. Each slot can run one video transcoding job at a time, and you can purchase multiple slots. To learn more about pricing and how it works, visit the documentation page.

Starting today, Amazon EC2 High Memory instances with up to 12 TB of memory are generally available.

Starting today, AWS IoT Analytics is available in the AWS Asia Pacific (Tokyo) Region. This is the fifth region where AWS IoT Analytics is available, joining the US East (N. Virginia), US East (Ohio), US West (Oregon), and Europe (Ireland) AWS regions. AWS IoT Analytics is a fully-managed service that makes it easy to run and operationalize sophisticated analytics on massive volumes of IoT data. The service can accept data from any source including Amazon Kinesis, S3, or third party tools, using a BatchPutMessage API and is fully integrated with AWS IoT Core, so it is easy to collect data and begin performing analytics. Asia Pacific is able to take advantage of the newest features of AWS IoT Analytics, launched in August 2018, including custom container integration, continuous analysis, and customizable time windows. Login to the AWS IoT Analytics Console to get started or for more information and details on pricing, visit the AWS IoT Analytics product page and documentation.

AWS IoT Device Management is now available in the Asia Pacific (Mumbai) region.

You can now enable deletion protection for your Amazon RDS database instances and Amazon Aurora database clusters. When a database instance or cluster is configured with deletion protection, the database cannot be deleted by any user. Deletion protection is available for Amazon Aurora and Amazon RDS for MySQL, MariaDB, Oracle, PostgreSQL, and SQL Server database instances in all AWS Regions.

Deletion protection is now enabled by default when you select the "production" option for database instances created through the AWS Console. You can also turn on or off deletion protection for an existing database instance or cluster with a few clicks in the AWS Console or the AWS Command Line Interface. Deletion protection is enforced in the AWS Console, the CLI, and API.

When you request the deletion of a database instance with deletion protection in the AWS Console, you are blocked and may not continue without first modifying the instance and disabling deletion protection.

Amazon Aurora database clusters can also be enabled for deletion protection. You will get an error when you attempt to delete the final database instance attached to a protected database cluster in the AWS Console. You may not continue unless you modify the DB Cluster and disable deletion protection.

Read more in the Deleting a Database Instance section of the Amazon RDS User Guide or Amazon Aurora User Guide.

Starting today, C5d instances are available in the AWS GovCloud (US) Region. C5d instances were first introduced in May 2018 and delivers C5 instances equipped with local NVMe-based SSD block level storage physically connected to the host server. C5d instances provide high-performance block storage for applications that need access to high-speed, low latency local storage like video encoding, image manipulation and other forms of media processing. It will also benefit applications that need temporary storage of data, such as batch and log processing and applications that need caches and scratch files.  

Starting today, M5d instances are available in the AWS GovCloud (US) Region. M5d instances were first introduced in June 2018 and delivers M5 instances equipped with local NVMe-based SSD block level storage physically connected to the host server. M5d instances are ideal for workloads that require a balance of compute and memory resources along with high-speed, low latency local block storage including data logging and media processing.

AWS Systems Manager Automation now supports conditional branching to other steps within the Automation enabling customers to create dynamic workflows.

Starting today, AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables you to share a single directory with multiple AWS accounts. This makes it easier and cost-effective for you to deploy your directory-aware workloads on Amazon EC2 instances by reducing the manual configuration to domain join your instances and, the need to deploy directories in each account and VPC. Amazon EC2 instances can now seamlessly join to a single directory from any AWS account and any Amazon VPC within an AWS Region.

Today, AWS Amplify announces support for using the Vue.js framework to build cloud-powered web apps with JavaScript. Developers can use AWS Amplify's new package for Vue.js to add cloud features – such as authentication, user storage, analytics, and chatbots – to their apps with just with a few lines of code.

AWS Elastic Beanstalk now supports T3 instance. This is supported on all latest platform configurations and available in all corresponding regions. To learn more about T3 instance benefits and features, see Amazon EC2 T3 instance type.

The AWS Deep Learning AMIs for Ubuntu and Amazon Linux now come with newer versions of  MXNet 1.3 and CNTK 2.6. MXNet 1.3 provides improved support for Intel's Math Kernel Library for Deep Neural Networks (Intel MKL-DNN), new pre-trained computer vision models in the Gluon Model Zoo library, and support for Clojure programming language. CNTK 2.6 provides improved support for Open Neural Network Exchange (ONNX), which is an open data format that allows you to design, train, and deploy deep learning models with any framework you choose. Deep Learning AMIs automatically deploy the framework builds optimized for the EC2 instance you select when you activate the framework's virtual environment for the first time.

Now, you can allow easy authentication for your users by enabling YubiKey security key as your users’ MFA device. You can enable a single YubiKey security key (manufactured by Yubico, a third party provider) for multiple IAM and root users across AWS accounts making it easier to manage your MFA devices for access to multiple users. You can also use your existing YubiKey, which you use to authenticate to other third-party applications such as GitHub or Dropbox, to sign in to the AWS Management Console. 

Amazon Linux 2 now supports 32-bit libraries and compatibility packages, which enables customers to run 32-bit applications on Amazon Linux 2.  

On-premises applications can now securely access AWS PrivateLink endpoints over AWS VPN. AWS PrivateLink allows you to privately access services hosted on AWS, in a highly available and scalable manner, without using public IPs, and without requiring the traffic to traverse the Internet.

Previously, access to PrivateLink endpoints from on-premise networks was only available over AWS Direct Connect. With this release, you can also use AWS VPN to access your PrivateLink endpoints.

AWS PrivateLink is available in US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), EU (London), EU (Ireland), EU (Frankfurt), EU (Paris), Canada (Central), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo) and South America (São Paulo) AWS Regions. To learn more, visit the AWS PrivateLink documentation.

Network Load Balancers support connections from clients and to its targets over AWS managed VPN.

Previously, access to Network Load Balancer from on-premises networks was only available over AWS Direct Connect. With this launch, you can access NLB over AWS VPN tunnel.

This support on Network Load Balancers is available in all AWS Regions. To learn more, visit the Network Load Balancer guide.

Amazon Aurora with PostgreSQL Compatibility now supports PostgreSQL major version 10.4, and is available in US East (N. Virginia, Ohio), US West (Oregon), and Europe (Ireland) Regions.

PostgreSQL 10 includes various new features including native table partitioning, support for improved parallelism in query execution, ICU collation support, column group statistics, enhanced postgres_fdw extension, and many more. Additionally, this release includes updated versions of the PLV8, ip4r, and pg_repack extensions.

This release includes all patches from the PostgreSQL 10.1, PostgreSQL 10.2, and PostgreSQL 10.3 minor versions. It also includes all extensions that are supported in the Amazon Aurora with PostgreSQL Compatibility 9.6 release.

To use the new version, you can create an Amazon Aurora with PostgreSQL Compatibility database instance with just a few clicks in the AWS Management Console. You can also create an Amazon Aurora with PostgreSQL Compatibility 10.4 read replica using an RDS for PostgreSQL 10.4 master instance, and then fail over your connections and applications to Aurora when ready. Learn more about migrating to Aurora PostgreSQL 10.4 in the Amazon RDS User Guide.

Amazon Aurora combines the performance and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. It provides up to three times better performance than the typical PostgreSQL database, together with increased scalability, durability, and security.

Starting today, Amazon EC2 F1 instances are available with a new instance size, f1.4xlarge. The new f1.4xlarge size has two Xilinx UltraScale+ FPGAs in order to provide a new price/performance option between existing instance sizes f1.2xlarge which has a single FPGA and f1.16xlarge which has eight FPGAs.

Amazon Connect now provides a queue metrics API. You can now programmatically access real-time metrics for queues in your contact center, as well as near-real-time historical metrics from the preceding 24 hours. For example, you could use the queue metrics API to extend a custom dashboard with real-time data showing the number of contacts or available agents in a given queue. You could also use this API to retrieve historical queue metrics for use in a custom reporting platform or workforce management solutions. To get started, see the API documentation for GetCurrentMetricData for real-time queue metrics, and GetMetricData for near-real-time queue metrics.

Alexa for Business now allows organizations to connect select Echo devices managed by Alexa for Business to their corporate WPA2 Enterprise Wi-Fi network. Though Echo devices don't need direct access to services on enterprise networks, many organizations prefer to have all devices on their WPA2 enterprise protected network to simplify network and device management. This new feature, available in beta, lets you connect the Echo devices to your existing WPA2 wireless network without having to create a guest or WPA2 personal network.  

You can now retrieve snapshot of a CloudWatch graph to display on your websites, wikis, and custom dashboards outside of the AWS console for improved monitoring visibility.

Amazon Aurora (both MySQL and PostgreSQL compatible editions) now allow you to stop and start database clusters. This makes it easy and affordable to use database clusters for development and test purposes where the database is not required to be running all of the time.

Stopping and starting a database cluster requires just a few clicks in the AWS Management Console, or a single call using the AWS API or AWS Command Line Interface, and takes just a few minutes. Stopping a database cluster stops the primary instance and any Aurora Replicas. While your database cluster is stopped, you are charged for cluster storage, manual snapshots and automated backup storage within your specified retention window, but not for database instance hours.

While a database cluster is stopped, you can do a point-in-time restore to any point within your specified automated backup retention window. Starting a database cluster restores it to the same configuration as it had when stopped, including its endpoint, replica instances, parameter groups, VPC security groups, and option group settings.

You can stop a database cluster for up to 7 days at a time. After 7 days, it will be automatically started. For more details on stopping and starting a database cluster, please refer to Stopping and Starting a DB Cluster in the Amazon RDS User Guide.

Amazon Aurora combines the performance and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. It provides up to three times better performance than the typical PostgreSQL database, and five times better than the typical MySQL database, together with increased scalability, durability, and security. See the AWS Region Table for complete regional availability.

Oracle Patch Set Updates contain critical security updates and other important updates. The July 2018 PSUs are now available for 11g on Amazon RDS for Oracle. To learn more about the Oracle PSUs supported on Amazon RDS, visit the Amazon RDS patch update documentation.

Today, we’re launching a new guided API builder for AWS AppSync. Before today, knowing GraphQL was a pre-requisite for building an AWS AppSync API. This is because, AWS AppSync is powered by GraphQL, a powerful API query language that allows your backend and applications to perform complex data fetching in a single round trip for efficient network operations. The “no-code” GraphQL API builder, we release in July 2018, was a step in relaxing this requirement. With today’s launch, we are making it even easier to create a powerful, serverless API for your mobile and web apps without any prior knowledge of GraphQL.

The AWS command line interface (CLI) now allows you to create a kubeconfig file during Amazon Elastic Container Service for Kubernetes (EKS) cluster creation with a single command.

The AWS Amplify JavaScript library now supports Amazon Sumerian, enabling developers to securely embed virtual reality (VR), augmented reality (AR), and 3D scenes into web applications.

Amazon Aurora Parallel Query is a feature of the Amazon Aurora database that provides faster analytical queries over your transactional data. It can speed up your queries by up to 2 orders of magnitude, while maintaining high throughput for your core transactional workload. Read about it on the AWS Blog.

Starting September 27, AWS Organizations requires you to verify the email address associated with your organization’s master account prior to inviting AWS accounts to join your organization. This feature provides additional assurance about your organization’s identity to accounts that you invite.

Amazon SageMaker now supports tagging for hyperparameter tuning jobs. With this new capability, customers can now add one or more tags to a tuning job that is launched with Automatic Model Tuning.

Amazon EC2 Spot Console now supports scheduled scaling for Application Auto Scaling, enabling you to plan scaling activities based on predictable workload patterns. Using the Spot Console, now you can create scheduled actions for your Spot Fleet request to scale the capacity up and down at specified times.

When you create a scheduled action, you can specify when the scaling activity should occur, the minimum capacity, and the maximum capacity. At the specified time, Auto Scaling scales your Fleet based on the new capacity values. You can create scheduled actions that scale one time only, or that scale on a recurring basis.

Support for scheduled scaling in the EC2 Spot Console is now available in all public AWS regions. You can learn more about this feature by reading the documentation page and learn about Spot Instances here.
 

AWS Database Migration Service (AWS DMS) and the AWS Schema Conversion Tool (AWS SCT) make it easier for you to migrate your Apache Cassandra NoSQL databases to Amazon DynamoDB. Using AWS DMS and the AWS SCT, you can now migrate your Cassandra databases to DynamoDB and then replicate ongoing changes to your DynamoDB tables. After you have migrated a Cassandra database, you can benefit from the consistent, single-digit millisecond latency at any scale of DynamoDB.

Migrating from Cassandra to DynamoDB enables developers to focus on building products rather than managing and maintaining database infrastructure. The DynamoDB serverless provisioning model eliminates the need to overprovision database infrastructure. In addition, DynamoDB does not require specialized resourcing or licensing. As a result, customers run their DynamoDB-backed applications with up to a 70% TCO savings compared with Cassandra. Finally, DynamoDB global tables, backup and restore, and encryption at rest provide developers similar functionality as Cassandra, but with the benefits of these capabilities being easier to implement and without overhead or downtime.

Starting today, Amazon EC2 R5 instances are available in the Asia Pacific (Seoul, Sydney, Tokyo), Europe (Frankfurt, London), US West (N. California), Canada (Central), and GovCloud (US-West) AWS regions. This is in addition to the US East (N. Virginia), US East (Ohio), US West (Oregon), and Europe (Ireland) AWS regions where R5 instances were already available since July 25th, 2018.

You can now use TensorFlow 1.9.0, the popular machine and deep learning framework, and S3 Select with Apache Spark on Amazon EMR release 5.17.0. Tensorflow libraries can be combined with big data processing engines like Spark on EMR to speed up the model training process by parallelizing the tuning of training parameters. The trained model can then be broadcast to all the nodes of the cluster to perform distributed inference on a large amount of data that are too big to run on a single node. TensorFlow on EMR is packaged with TensorBoard, a visualization tool, that helps you visualize and debug the flow of tensor graph in real-time, understand the effects of your design choices, and further optimize your model. TensorFlow builds on EMR vary by the instance type you use for your cluster.

With EMR release 5.17.0, you can use S3 Select with Spark. This feature allows your Spark application to selectively query a subset of data from a large object in S3. This improves performance by reducing the amount of data that needs to be transferred to and processed by the EMR cluster. Additionally, with this release, you can configure JupyterHub on EMR to save and persist notebooks directly to S3. You can also use the upgraded versions of Apache Flink 1.5.2, Apache HBase 1.4.6 and Presto 0.206.

You can create an Amazon EMR cluster with the release 5.17.0 by choosing the release label “emr-5.17.0” from the AWS Management Console, AWS CLI, or SDK. You can select TensorFlow, Flink, HBase, and Presto to install these applications when you launch your EMR cluster. Please visit the Amazon EMR documentation for more information about EMR release 5.17.0, TensorFlow 1.9.0, S3 Select with Spark, Flink 1.5.2, HBase 1.4.6, and Presto 0.206.

Amazon EMR release 5.17.0 is now available in all supported regions for Amazon EMR.

You can stay up to date on EMR releases by subscribing to the feed for EMR release notes. Use the RSS icon at the top of the EMR Release Guide to link the feed URL directly to your favorite feed reader.

 

Introducing the new AWS Industrial Software Competency Program, helping customers identify and choose the top AWS Partner Network (APN) Partners for their AWS projects and workloads.

AWS Competency Partners have demonstrated proven customer success and deep specialization in the Industrial Software market segment, providing an end-to-end toolchain for product design, production design, and production/operations on Amazon Web Services (AWS).

With the help of AWS Industrial Software Competency Partners, AWS Customers can run design and manufacturing entities without the need of their own data centers, allowing them to leverage industry leaders' and innovative startups' most secure, high-performing, resilient, and efficient cloud infrastructure for industry applications.

Solutions from AWS Competency Partners support advanced software technology in a fully scalable model and at a significantly lower cost.

Work with one of our AWS Industrial Software Competency Partners today >>

The AWS Competency Program helps customers identify and choose the world’s top APN Partners that have demonstrated technical proficiency and proven customer success in specialized solution areas.

To receive the AWS Competency designation, APN Partners must undergo a rigorous technical validation related to industry-specific technology, as well as an assessment of the security, performance, and reliability of their AWS solutions. This validation gives customers complete confidence in choosing APN Partner solutions from the tens of thousands in the AWS Partner Network.

Amazon ElastiCache for Redis adds support for adding and removing read replica nodes for Redis Cluster, the sharded Redis. Now you can easily scale your reads and improve availability for your Redis Cluster environments without requiring manual steps or needing to make application changes. Amazon ElastiCache already supports adding and removing read replicas for unsharded Redis (non-Redis Cluster mode).

Amazon S3 Cross-Region Replication (CRR) now supports object filtering based on S3 object tags. This allows you to identify individual objects using S3 object tags for automatic replication across AWS Regions for compliance and/or data protection.

Starting today, Amazon EC2 G3 instances are available in the Canada (Central) AWS Region.

You can now launch M5 instances types when using Amazon Relational Database Service (RDS) for MySQL and Amazon RDS for MariaDB. Amazon EC2 M5 instances are the next generation of the Amazon EC2 General Purpose compute instances. M5 instance offers a balance of compute, memory, and networking resources for a broad range of database workloads. 

Amazon Rekognition is a deep learning-based image and video analysis service that can identify objects, people, text, scenes, and activities, as well as detect any inappropriate content. Using Amazon Rekognition’s new face filtering feature, you can now have control over the quality and quantity of faces indexed for face recognition, thus saving on cost, reducing development time, and improving face recognition accuracy.

The AWS Solutions team has updated the Data Lake Solution, an automated reference implementation that deploys a highly available, cost-effective data lake architecture on the AWS Cloud along with a user-friendly console for searching and requesting datasets. The solution now includes a federated template that allows you to launch a version of the solution that is ready to integrate with Microsoft Active Directory.  

AWS Application Discovery Service (ADS), which helps enterprise customers plan migration projects by gathering information about their on-premises data centers, launched a Data Exploration feature. This new feature allows you to easily query data that ADS agents pull from your on-premises servers in one single location, giving you the opportunity to better assess and plan for your migration project.

AWS Storage Gateway is now available pre-installed on a hardware appliance, which you can buy directly from amazon.com, and manage from the AWS console. The appliance is based on a Dell EMC PowerEdge server with a validated configuration, and provides you an additional deployment option to the existing VMware ESXi, Microsoft Hyper-V or Amazon EC2 virtual machines available today.

Amazon Elasticsearch Service now supports node-to-node encryption, enabling organizations to host sensitive workloads with stringent security and compliance requirements. The node-to-node encryption capability provides an additional layer of security by implementing Transport Layer Security (TLS) for all communications between Elasticsearch instances in a cluster. It ensures that any data you send to your Amazon Elasticsearch Service domain over HTTPS remains encrypted in-flight while it is being distributed and replicated between the nodes. Node-to-node encryption complements existing features provided by the service such as HTTPS client to cluster encryption, at-rest encryption, and Virtual Private Cloud (VPC) based network-level security and isolation for node-to-node communication. All certificates are deployed and rotated automatically by the service throughout the life of the domain, without any additional operational overhead. 

AWS Server Migration Service now supports migrating on-premises virtual machines with data volumes of up to 16 TB. This enables customers to migrate their large databases and content management servers to AWS using the simplicity and ease of use that Server Migration Service provides.

You can now use Amazon CloudWatch Events to view, search, download, archive, analyze, and respond to successful logins to your Amazon WorkSpaces. With this release, you can monitor client WAN IP addresses, Operating System, WorkSpaces ID, and Directory ID information for users’ logins to WorkSpaces.  

This Quick Start deploys WordPress High Availability by Bitnami, which includes WordPress with Amazon Aurora, in a highly available environment on AWS in about 40 minutes.

Amazon Aurora with PostgreSQL compatibility has been updated to version 1.3 in support of Release 9.6.9 of the PostgreSQL database. This release includes reliability and performance improvements, along with a number of bug fixes.

Amazon Polly is a service that turns text into lifelike speech. Today, we are excited to announce Zhiyu, the first Mandarin Chinese voice. Zhiyu is a clear, bright, and natural-sounding female voice.

You can now share your AppStream 2.0 application images with other AWS accounts in the same AWS Region. This lets you maintain one version of your application image and securely provide other AWS accounts access to it. For example, software vendors can now create an image with their applications installed, and share it with their customers as part of a SaaS or trial offering while maintaining control of the source image. Or, enterprises can configure images in their test account and then share them with their production account. You control whether the recipient can use your image with their fleets, to create new images, or both, and you can revoke access at any time.

To get started select Images, Image Registry from the AppStream 2.0 console. Select the image you wish to share and select Actions, Share. Choose Add account, and enter the AWS account ID you wish to share your image with. To stop sharing an image, select the Permissions tab, then choose Edit for the AWS account ID you wish to remove permissions from. To learn more about image sharing, see Administer Your Amazon AppStream 2.0 Images.  

You can share images for your users at no additional charge in all AWS Regions where AppStream 2.0 is offered. AppStream 2.0 offers pay-as-you-go pricing. Please see Amazon AppStream 2.0 Pricing for more information, and try our sample applications.

AWS CodeBuild is now available to customers in the AWS China (Beijing) Region, operated by Sinnet, and in the AWS China (Ningxia) Region, operated by NWCD 

Introducing the AWS Cloud Management Tools (CMT) Competency Program to help customers identify AWS Partner Network (APN) Partners that accelerate their AWS adoption by delivering operations and governance best practices.

IT organizations balance delivering the benefits of a cloud strategy; agility, scale, resiliency and cost savings, while maintaining governance, compliance and efficient use of resources. AWS Cloud Management Tools Partners have proven customer success in delivering both. Their customers can confidently manage AWS environments using a ‘guardrails’ approach while monitoring for any non-compliant activities that may occur. They specialize in providing solutions in the following areas: Administration & Provisioning, Cloud Governance and Resource & Cost Optimization. 

See our AWS Cloud Management Tools Competency Partners. 

AWS Firewall Manager now supports account inclusion or exclusion when defining the policy scope. This allows customers to enforce AWS WAF rules only on a subset of accounts instead of all accounts in their AWS Organizations.

Details: Amazon CloudFront announces the addition of a second Edge location in New Delhi, India. Adding this location doubles CloudFront’s capacity in the area for both processing viewer requests and caching content locally. For a full list of CloudFront’s global network, see the CloudFront Details webpage.

Encryption at rest helps enhance the security of your Amazon DynamoDB data by encrypting your data at rest using the service-default AWS Key Management Service key. Encryption at rest greatly reduces the operational burden and complexity involved in protecting sensitive data.

The new AWS Serverless Navigate enables APN Partners to gain a deeper understanding of the AWS Serverless Platform, including AWS Lambda, Amazon API Gateway, AWS Step Functions and Amazon Cognito.

Education content for Serverless covers topics such as how the services work together, best practices, how to identify potential workloads and how to correctly position Serverless during technical and selling motions with your customers.

Learn more about the AWS Serverless Navigate >>

This Quick Start deploys SIOS Protection Suite for Linux on the Amazon Web Services (AWS) Cloud. The Quick Start was created by APN Partner SIOS in collaboration with AWS.

Amazon Neptune is now a HIPAA Eligible Service and has been added to the AWS Business Associate Addendum (BAA).

You can now use AWS Config to record configuration changes to AWS CodePipeline, a continuous integration and continuous delivery service. With AWS Config, you can track changes to the pipeline configuration, such as the location of the artifacts, stages, actions included in a stage, and input and output artifacts. AWS Config maintains this configuration change history and you can access it through the console or APIs. Maintaining a change history can help you address audit and compliance requirements.

You can now develop your AWS Lambda functions in PowerShell Core 6.0 using the .NET Core 2.1 runtime. As a PowerShell developer, you can manage your AWS resources and craft rich automation scripts from within the PowerShell environment using AWS Lambda. 

AWS Systems Manager Session Manager is a new interactive shell and CLI that helps to provide secure, access-controlled, and audited Windows and Linux EC2 instance management. Session Manager removes the need to open inbound ports, manage SSH keys, or use bastion hosts.

AWS CloudHSM customers can now safely delete their CloudHSM backups on-demand, through the AWS SDK and CLI. Backups marked for deletion are held in escrow for a period of 7 days, giving customers a chance to restore their critical key data before it is permanently deleted. Calls to delete and restore backups are recorded in CloudTrail. This feature is available in all CloudHSM regions.

You can now authenticate container images from any private registry to run task with AWS Fargate.

Previously, if you wanted to run Amazon Elastic Container Service (Amazon ECS) tasks that used images from a private registry, you were restricted to the EC2 launch type configuration. This is because with EC2 launch type, you could authenticate the underlying instance to a private registry by modifying your instance's environment variables. Since Fargate allows you to run containers without having to manage underlying EC2 instances, you couldn’t authenticate these instances to any private registry except Amazon Elastic Container Registry (Amazon ECR).

Now, you can use any private registry of your choice with Fargate or EC2 launch types. You will first store your private registry credentials in AWS Secrets Manager. You will then provide the secret-manager ARN or the secret name as container level parameter while registering your task definition. To learn more about how you can use private registries with AWS Fargate, read our documentation or check out our blog.

Please visit the AWS region table to see all AWS regions where AWS Fargate is available.

The AWS Deep Learning AMIs for Ubuntu and Amazon Linux now come with newer versions of Chainer 4.4 and Theano 1.0.2. As with rest of the frameworks, Deep Learning AMIs offers optimized builds of Chainer 4.4 and Theano 1.0.2 that are fine-tuned and fully-configured for high performance deep learning on Amazon EC2 CPU and GPU instances. Deep Learning AMIs automatically deploy the framework builds optimized for the EC2 instance you select when you activate the framework's virtual environment for the first time.

You can now launch Amazon EMR clusters with the next generation of Compute Optimized C5d instances, General Purpose M5d instances and Memory Optimized R5 and R5d instances from the Amazon EC2 family. These instances are available for EMR clusters with release 5.13.0 and later. Compute Optimized C5d instances feature cost-effective high-performance compute processors and also comes equipped with local NVMe-based SSD storage. They are ideal for compute-intensive big-data applications that require ultra-low-latency local storage. General Purpose M5d instances offer a balance of compute, memory and networking and comes equipped with high-throughput local NVMe-based SSD storage to cater to a broad range of workloads. Memory Optimized R5 instances have high memory to vCPU ratio and are ideal for memory-intensive analytics workloads. R5d instances share their specs with R5 instances and also include local NVMe-based SSD storage. These instances are available in various sizes. To learn more about these instances please visit the Amazon EC2 instance page. For Amazon EMR pricing for these instances, visit the Amazon EMR pricing page.

Amazon EMR supports these instances in the following regions:

C5d and M5d instances are supported in US East (N.Virginia and Ohio), US West (Oregon), Europe(Ireland), and Canada regions.

R5 instances are supported in US East (N.Virginia and Ohio), US West(Oregon), and Europe(Ireland) regions.

R5d instances are supported in US East (N.Virginia and Ohio) and US West (Oregon) regions.

 

You can now specify three new docker flags as parameters in your Amazon Elastic Container Service (ECS) Task definition. These flags are sysctl (system controls), interactive, and tty (Pseudo terminal). You can also specify interactive and tty flags as parameters in your AWS Fargate Task definitions.

The sysctl parameter allows you to have fine grained control on your application's namespaced kernel parameters. Therefore, you can optimize the kernel's behavior to your application's needs without having to configure those parameters at the host-level or worry about impacting other applications.

The interactive and tty parameters, allow you to deploy containerized applications that require stdin or a tty to be allocated. This allows you to run some legacy applications that require these flags if you wanted to containerize them.

This feature is currently supported with EC2 launch-type. For more information about using Docker parameters in task definitions, visit the Amazon ECS documentation.

To view where Amazon ECS is available, please visit our region table.  

AWS CloudFormation Macros perform custom processing on CloudFormation templates from simple actions such as find-and-replace to transformation of entire templates. CloudFormation Macros use the same technology that powers AWS::Include and AWS::Serverless transforms. CloudFormation transforms help simplify template authoring by condensing the expression of AWS infrastructure as code and enabling reuse of template components.

Previously, you could use AWS::Include and AWS::Serverless transforms to process your templates that were hosted by CloudFormation. Now, you can use CloudFormation Macros to create your own custom transforms. For example, you can create common string functions for templates or define short-hand syntaxes for common CloudFormation resources. Click here to learn more about sample macros for your reference.

To learn more about CloudFormation Macros, please visit AWS CloudFormation documentation.

CloudFormation Macros are available in all AWS regions that have AWS Lambda. For a full list of AWS regions where AWS Lambda is available, please visit our Region table.

Starting today, AWS Batch supports running workloads on z1d, r5d, r5, m5d, c5d, p3, and x1e EC2 instances.

Amazon SageMaker now supports version 1.10 in its pre-built TensorFlow containers. This makes it easier to run TensorFlow scripts, while taking advantage of the capabilities Amazon SageMaker offers, including a library of high-performance algorithms, managed and distributed training with automatic model tuning, one-click deployment, and managed hosting.

You can now enable AWS X-Ray for your APIs in Amazon API Gateway, making it easier to trace and analyze user requests as they travel through the APIs to the underlining services.

AWS AppSync is a serverless backend for web and mobile applications that supports real-time data synchronization and offline capabilities at enterprise scale. AWS AppSync simplifies data access across AWS services to a single endpoint and supports multiple data storage options, including Amazon DynamoDB, Amazon Elasticsearch Service, AWS Lambda, Amazon RDS (using Lambda resolvers), and HTTP data sources. AWS AppSync is powered by GraphQL, an open standard allowing applications to request, change and subscribe to the exact data they need in a single network request.

With today's launch, AWS AppSync is now available in 10 AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Frankfurt), and EU (Ireland).

To learn more, see the AWS AppSync webpage.

Starting today, C5d instances are available in the AWS Asia Pacific (Sydney) and Asia Pacific (Tokyo) Regions. C5d instances were first introduced in May 2018 and delivers C5 instances equipped with local NVMe-based SSD block level storage physically connected to the host server. C5d instances provide high-performance block storage for applications that need access to high-speed, low latency local storage like video encoding, image manipulation and other forms of media processing. It will also benefit applications that need temporary storage of data, such as batch and log processing and applications that need caches and scratch files.

Starting today, M5d instances are available in the AWS Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacfic (Tokyo), and Europe (London) Regions. M5d instances were first introduced in June 2018 and delivers M5 instances equipped with local NVMe-based SSD block level storage physically connected to the host server. M5d instances are ideal for workloads that require a balance of compute and memory resources along with high-speed, low latency local block storage including data logging and media processing.

AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources, announces seven new managed rules to help you evaluate whether your AWS resource configurations comply with common best practices. This allows you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.

Amazon Elastic Container Service for Kubernetes (EKS) is now available in the AWS Europe (Ireland) Region.

Amazon ElastiCache for Redis is now FedRAMP authorized with a Provisional Authority to Operate (P-ATO) at the High Impact Level provided by the Joint Authorization Board (JAB). United States government customers and their partners can now use the latest version of ElastiCache for Redis to process and store their FedRAMP systems, data, and mission-critical, high-impact workloads in the AWS GovCloud (US) Region, and at moderate impact level in AWS US East/West Regions.

Starting today, you can enable persistent application and Windows settings for your users on AppStream 2.0. With this launch, your users' plugins, toolbar settings, browser favorites, application connection profiles, and other settings will be saved and applied each time they start a streaming session. For example, your users can configure their plugins and toolbars for their CAD/CAM applications, and retain those settings every time they stream their application. Your users' settings are stored in an S3 bucket you control in your AWS account.

To get started, select Stacks from the AppStream 2.0 console. Below the stacks list, choose User Settings, Application Settings Persistence, Edit. In the Application Settings Persistence dialog box, choose Enable Application Settings Persistence. To learn more about persistent application settings, see Enable Application Settings Persistence for Your AppStream 2.0 Users.

You can enable persistent application settings for your users at no additional charge in all AWS Regions where AppStream 2.0 is offered. However, you will be billed for the S3 storage used to store your user’s settings data. To use this feature, the AppStream 2.0 agent software on your image must be dated August 29, 2018 or newer. AppStream 2.0 offers pay-as-you-go pricing. Please see Amazon AppStream 2.0 Pricing for more information, and try our sample applications.

Amazon S3 announces feature enhancements to S3 Select. S3 Select is an Amazon S3 capability designed to pull out only the data you need from an object, which can dramatically improve the performance and reduce the cost of applications that need to access data in S3.

Today, Amazon S3 Select works on objects stored in CSV and JSON format. Based on customer feedback, we’re happy to announce S3 Select support for Apache Parquet format, JSON Arrays, and BZIP2 compression for CSV and JSON objects. We are also adding support for CloudWatch Metrics for S3 Select, which lets you monitor S3 Select usage for your applications. 

We've updated three of our AWS training courses to map to the latest AWS service updates, current best practices, and exam domains. Classes are taught by accredited AWS instructors so you can learn best practices and get live feedback to your questions. 

You can now use a new capability for continuously aggregating data over time, stagger windows, in your Amazon Kinesis Data Analytics applications. Stagger windows enable you to emit timely and accurate SQL results in the face of late data.

Amazon CloudWatch Metrics for Amazon S3 now includes storage metrics for Amazon Glacier and S3 OneZone-Infrequent Access (S3 One Zone-IA) storage classes in the AWS GovCloud (US) Region. Storage that has been uploaded to S3 One Zone-IA or transitioned to S3 One Zone-IA or Amazon Glacier from S3 Standard or S3 Standard-IA storage classes using S3 Lifecycle policies will be available in CloudWatch storage metrics. These storage metrics will also include object overhead bytes applied to objects in Amazon Glacier and small objects in S3 Standard-IA and S3 One Zone-IA.

Application Auto Scaling is now available in AWS GovCloud (US).

Amazon SageMaker now supports a new HTTP header for the InvokeEndpoint API action called CustomAttributes, which can be used to provide additional information about an inference request or response. Using this header, it is easy to pass custom information such as trace ID, application specific identifier or other metadata to the inference request or response. This will help customers keep track of their requests or responses for audits or tracking metrics.

AWS Glue now supports data encryption at rest for ETL jobs and development endpoints. You can configure ETL jobs and development endpoints to use AWS Key Management Service (KMS) keys to write encrypted data at rest. You can also encrypt the metadata stored in the Glue Data Catalog using keys that you manage with AWS KMS. Additionally, you can use AWS KMS keys to encrypt job bookmarks and the logs generated by crawlers and ETL jobs.