July 2022

Amazon Nimble Studio adds support for on-demand Amazon Elastic Compute Cloud (EC2) G3 and G5 instances, allowing customers to utilize additional GPU instance types for their creative projects. Artists depend on a mix of CPUs, RAM, and GPUs for their their creative needs. You can now access additional instance types such as the EC2 G3 and G5 instances (EC2 G5 instances utilize the NVIDIA A10G Tensor Core GPU), providing Nimble Studio customers greater flexibility to use the right resources for the project.

Amazon Lookout for Vision now provides anomaly localization through semantic segmentation. You can use Lookout for Vision’s segmentation models to identify the locations on an image where different types of anomalies (such as a scratch, dent, or tear) are present, the label of the anomaly and the size of the anomaly, which you can then use to make decisions such as classify, grade, bin product and ship, rework, or scrap the part. You can deploy the trained semantic segmentation models for inference in the AWS Cloud via the AWS SDK or CLI. You can also deploy them to an edge hardware device of your choice and run inference locally on the device.

AWS Network Firewall supports AWS Managed Threat Signatures to detect threats and block attacks against known vulnerabilities so you can stay up to date on the latest security threats without writing and maintaining your own rules. Starting today, you can enable AWS managed rules to protect against coin mining malware, credential phishing, and malware for mobile operating systems (OS). 

AWS Console Mobile Application users can now easily view and access their recently visited AWS services that are supported in the mobile application for iOS and Android. A user’s recently visited AWS services are synchronized between their mobile and web experiences. The recently visited services feature is available at the bottom of the Dashboard screen which presents users with a swipeable list of their ten most recently visited AWS services. Users can tap on any AWS service shown in the list to be taken to that AWS service’s details screen in the mobile app.

AWS Lambda support for AWS X-Ray is now available in the AWS GovCloud (US) Regions. With AWS Lambda support for AWS X-Ray, you can easily enable X-Ray tracing for your functions.

AWS Cloud Map is now available in Asia Pacific (Osaka) and Asia Pacific (Jakarta) AWS Regions. AWS Cloud Map is a cloud resource discovery service. With AWS Cloud Map, you can define custom names for your application resources, such as Amazon Elastic Container Services (Amazon ECS) tasks, Amazon Elastic Compute Cloud (Amazon EC2) instances, Amazon DynamoDB tables, or other cloud resource. You can then use these custom names to discover the location and metadata of cloud resources from your applications using AWS SDK and authenticated API queries.

AWS Control Tower now includes AWS CloudTrail organization logging as part of landing zone version 3.0. With this new feature, an organization-level AWS CloudTrail trail will be deployed in your organization’s management account to automatically log the actions of all member accounts in your organizations. AWS Control Tower does not configure any parameters for logging other than a mandatory detective guardrail that checks logging is configured for all AWS Control Tower governed accounts. AWS Control Tower with organization logging offers users the latest standard and best practice for unified account logging.

Application Manager, a capability of AWS Systems Manager, announces today a simplified onboarding experience for customers. Application Manager is a central hub on AWS to create, view and operate applications from a single console. With Application Manager, customers can discover and manage their resources across multiple AWS services like AWS CloudFormation, AWS Launch Wizard, AWS Service Catalog App Registry, AWS Resource Groups, Amazon Elastic Kubernetes Service (Amazon EKS), and Amazon Elastic Container Service (Amazon ECS). Using this feature, IT professionals can now follow a guided low-touch process to setup the Application Manager dashboards.

We’re excited to announce the support for encryption at rest for datasets and machine learning (ML) models on Amazon SageMaker Canvas using customer managed keys with AWS Key Management Service (KMS). Amazon SageMaker Canvas is a visual point-and-click interface that enables business analysts to generate accurate ML predictions on their own — without requiring any machine learning experience or having to write a single line of code. SageMaker Canvas makes it easy to access and combine data from a variety of sources, automatically clean data, and build ML models to generate accurate predictions with a few clicks.

AWS IoT SiteWise is now available in US East (Ohio) and Canada (Central) AWS Regions, extending the footprint to 12 AWS Regions.

You can now run OpenSearch and OpenSearch Dashboards version 1.3 on Amazon OpenSearch Service. This version includes several new features and improvements around observability, SQL and PPL, Alerting and Anomaly Detection. You can upgrade your domain seamlessly to OpenSearch version 1.3 from any of the previous OpenSearch versions, or from Elasticsearch versions 6.8 or 7.x directly, using the OpenSearch Service console or APIs.

AWS Backup for Amazon S3 now enables you to copy your Amazon S3 backups across AWS Regions and AWS accounts. With backups of Amazon S3 in multiple AWS Regions, you can maintain separable, protected copies of your backup data to help meet the compliance requirements for data protection and disaster recovery. In addition, backups across AWS accounts provide an additional layer of protection against inadvertent or unauthorized actions.

AWS Control Tower has updated its Region deny guardrail to include additional AWS global service APIs to assist in retrieving configuration settings, dashboard information, and support for an interactive chat agent. The Region deny guardrail, ‘Deny access to AWS based on the requested AWS Region', assists you in limiting access to AWS services and operations for enrolled accounts in your AWS Control Tower environment. The AWS Control Tower Region deny guardrail helps ensure that any customer data you upload to AWS services is located only in the AWS Regions that you specify. You can select the AWS Region or Regions in which your customer data is stored and processed.

AWS Control Tower now helps reduce redundant AWS Config configuration items by limiting recording of global resources to home Regions only. Previously, AWS Control Tower configured AWS Config to record global resources in all Regions. Since global resources are not tied to a specific AWS Region, changes to global resources are identical across Regions. Limiting recording for global resources (such as IAM users, groups, roles, and customer managed polices) means redundant copies of global resource changes are no longer stored in every Region. This update brings resource recording into conformance with AWS Config best practices. A full list of global resources is available in AWS Config documentation.

AWS Global Accelerator now offers dual-stack accelerators that enable you to route IPv6 traffic to Regional Application Load Balancer endpoints. Starting today, you can get the availability, security and performance benefits of AWS Global Accelerator for both IPv4 and IPv6 traffic while routing traffic towards Application Load Balancer endpoints.

AWS ParallelCluster 3.2 release is now generally available. AWS ParallelCluster is a fully supported and maintained open source cluster management tool that makes it easy for scientists, researchers, and IT administrators to deploy and manage High Performance Computing (HPC) clusters in the AWS cloud. HPC clusters are collections of tightly coupled compute, storage, and networking resources that enable customers to run large scale scientific and engineering workloads.

Amazon OpenSearch Service now supports Amazon Elastic Block Store (Amazon EBS) volume type gp3 (General Purpose SSD), in addition to the existing gp2, Magnetic and PIOPS (io1) volumes. You can use gp3 volumes on our latest generation T3, R5, R6g, M5, M6g, C5 and C6g instance families. Amazon EBS gp3 enables customers to provision performance independent of storage capacity, provides better baseline performance, at a 9.6% lower price point per GB than existing gp2 volumes on OpenSearch Service. In addition, with gp3 you now get denser storage on R5, R6g, M5, M6g instance families, which can help you to further optimize your costs. 

Amazon Web Services (AWS) announces expansion of AWS Ground Station to the Asia Pacific (Singapore) Region. This is the 11th AWS Ground Station antenna location connected to the AWS Global Network. AWS Ground Station is a fully managed service that lets customers control satellite communications, process satellite data, and scale satellite operations. Global expansion to Singapore enables increased opportunities for satellite operators to connect with their satellites and process their space workloads. An additional mid-latitude AWS Ground Station antenna location reduces the time between contacts for Low-Earth Orbit (LEO) satellites and offers increased utility for customers whose operations require payload downlink. Governments, businesses, and universities can benefit from more timely satellite data to make precise, data-driven decisions.

Amazon WorkSpaces now offers an API to create a new WorkSpace Image from a WorkSpace instance. Previously, this functionality was available only through the Amazon WorkSpaces console. After this launch, you can apply all the applications and operating system updates on a WorkSpace and use this API to create a new Image. Once the new image is created, you can test it before updating your production bundles or sharing the image with other AWS accounts. With this launch you can fully automate your WorkSpaces CI/CD pipelines and keep your WorkSpaces images up-to-date as per your regulatory standards.

You can now create up to 10,000 Amazon S3 Access Points per region per account to manage granular access permissions across your different applications. In addition, access points now support Amazon SageMaker, Amazon Redshift, and Amazon CloudFront, helping you use access point aliases directly with your applications as a replacement for S3 bucket names.

You can now configure fine grained access control for data plane actions when using AWS Identity and Access Management (IAM) to connect to Amazon Neptune.  

AWS AppSync is a fully managed service that makes it easy to create and manage GraphQL and Pub/Sub APIs, allowing developers to securely access, manipulate, and combine data from one or more data sources via a single API endpoint. With GraphQL, developers write resolvers that fetch data from backend data sources such as Amazon DynamoDB, AWS Lambda, HTTP APIs, and more. To “resolve” a GraphQL query at run-time, AppSync evaluates the resolver code with the contextual information about the query (e.g.: the context). AppSync resolvers are written in the Velocity Template Language (VTL) and support flexible integrated utilities that allow developers to parse (e.g.: $util.parseJson), convert (e.g.: $util.toJson), generate (e.g.: $util.autoId and $util.autoUlid), and log data (e.g.: $util.log).

Amazon Polly is a service that turns text into lifelike speech. Today, we are excited to announce the general availability of Kajal, a new bilingual neural text to speech (TTS) voice supporting Hindi and Indian English.

AWS Outposts rack is now supported in AWS Asia Pacific (Jakarta) Region. AWS Outposts rack is a fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any on-premises data center or co-location space for a truly consistent hybrid experience.

Amazon Neptune now supports Global Database, allowing a single Neptune database to span multiple AWS Regions to provide disaster recovery in case of region-wide outages and enable low-latency global reads for applications with a global footprint. Neptune Global Database is available in the US East (Ohio), US East (N. Virginia), US West (Oregon), US West (N. California), Europe (Ireland), Europe (London), and Asia Pacific (Tokyo) regions.

Starting today, customers can use the Organizational Units (OUs) account groupings feature within AWS Organizations when creating their billing groups in the AWS Billing Conductor (ABC) console. For customers who are new to ABC and interested in segmenting, computing, and viewing their cost and usage data by OU, the new point-in-time OU import capability reduces the level of effort needed to achieve account parity between OUs and ABC billing groups.

Amazon Connect now allows agents to view Contact Lens transcripts, detected issues, and matched categories in the Contact Control Panel (CCP) and the Salesforce CTI Adapter. At the end of a customer call, an agent will see an unredacted call transcript they can reference and copy over needed information into their customer or case notes. The transcript will display contact category labels and issues detected by Contact Lens once the call ends. In addition, if an agent receives a transferred call, they will see a transcript of the prior agent’s conversation with the customer so that they can understand the context of that interaction without needing to repeat themselves.

AWS Step Functions expands its AWS SDK integrations with support for 3 more AWS Services and 195 more AWS API actions which brings the total to 223 AWS Services and 10,000+ API Actions.

Amazon Detective now helps to analyze, investigate, and identify the root cause of security findings or suspicious control plane activity on Amazon Elastic Kubernetes Service (Amazon EKS) clusters. Amazon Detective uses Amazon EKS audit logs to automatically extract new entities, such as EKS clusters, container pods, and user accounts, and then builds a profile for each of the entities based on their activity history. Detective then layers the entity profiles with Amazon GuardDuty Kubernetes Protection findings that are created when potential threats or suspicious behavior are identified on your Amazon EKS clusters. This new Detective capability can assist you to more quickly answers questions such as: which Kubernetes API methods were called by a Kubernetes user account showing signs of compromise, which pods are hosted in an Amazon Elastic Compute Cloud (Amazon EC2) instance that was included in a Amazon GuardDuty finding, or which containers were spawned from a potentially malicious container image.

AWS Config now supports compliance scores as an enhancement to conformance packs. A compliance score is a percentage-based score that helps you quickly discern the level to which your resources are compliant for a set of requirements that are captured within the scope of a conformance pack. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an AWS account or AWS Region, or across an organization in AWS Organizations.

We are excited to announce AWS Security Competency has been re-Launched with new consolidated categories to help customers more easily discover AWS Partner solutions validated by AWS. Partners with Security Competency provide solutions to help customers elevate their security in the cloud at any stage in their cloud journey. Of the eight new consolidated categories, six contain a complimentary collection of AWS-validated partner software and services offerings to help customers with their cloud security software tool choices and follow-on implementation and training services: application security, compliance and privacy, data protection, identity and access management, infrastructure protection, threat detection and response.

We are excited to announce specialization categories for the AWS Level 1 MSSP Competency. These six new specialized managed security services for the Level 1 MSSP Competency help customers discover partner solutions validated by AWS security experts to provide 24x7 monitoring and response services that include and extend beyond AWS’s Level 1 Managed Security Services (Level 1 MSS) baseline. AWS introduced the Level 1 MSS baseline detailing ten foundational capabilities for MSSP partners to align their managed services to in August 2021, along with the Level 1 MSSP Competency, establishing an industry-first quality standard for customers to measure their security operations to.

AWS Security Hub has added two new integration partners to help customers with their cloud security posture monitoring.

AWS Security Hub now automatically receives Amazon GuardDuty Malware Protection findings. Amazon GuardDuty Malware Protection delivers agentless detection of malware on your Amazon Elastic Cloud Compute (EC2) instance and container workloads. This integration between Security Hub and GuardDuty expands the centralization and single pane of glass experience in Security Hub by consolidating your malware findings alongside your other security findings, allowing you to more easily search, triage, investigate, and take action on your security findings. GuardDuty Malware Protection findings within Security Hub also contain an investigation link that allows you to quickly dive deeper to investigate the finding in Amazon Detective. 

Amazon GuardDuty Malware Protection is now available, in Amazon GuardDuty, to help detect malicious files residing on an instance or container workload running on Amazon Elastic Compute Cloud (Amazon EC2) without deploying security software or agents. Amazon GuardDuty Malware Protection adds file scanning for workloads utilizing Amazon Elastic Block Store (EBS) volumes to detect malware that can be used to compromise resources, modify access permissions, and exfiltrate data. Malicious files that contain trojans, worms, crypto miners, rootkits, bots, and the like can be used to compromise workloads, repurpose resources for malicious use, and gain unauthorized access to data. Existing customers can enable the GuardDuty Malware Protection feature with a single click in the GuardDuty console or through the GuardDuty API. When threats are detected, GuardDuty Malware Protection automatically sends security findings to AWS Security Hub, Amazon EventBridge, and Amazon Detective. These integrations help centralize monitoring for AWS and partner services, automate responses to malware findings, and perform security investigations from the GuardDuty console. With the launch of Amazon GuardDuty Malware Protection there are eight new threat detections:

1. Execution:EC2/MaliciousFile
2. Execution:ECS/MaliciousFile
3. Execution:Kubernetes/MaliciousFile
4. Execution:Container/MaliciousFile
5. Execution:EC2/SuspiciousFile
6. Execution:ECS/SuspiciousFile
7. Execution:Kubernetes/SuspiciousFile
8. Execution:Container/SuspiciousFile

AWS Transfer Family now supports the Applicability Statement 2 (AS2) protocol, complementing existing protocol support for SFTP, FTPS, and FTP. Customers across verticals such as healthcare and life sciences, retail, financial services, and insurance that rely on AS2 for exchanging business-critical data can now use AWS Transfer Family’s highly available, scalable, and globally available AS2 endpoints to more cost effectively and securely exchange transactional data with their trading partners. Exchanged data is natively accessible in AWS for processing, analysis, and machine learning, as well as for integrations with business applications running on AWS.

We are pleased to announce a new capability in Amazon Macie that allows for one-click, temporary retrieval of up to 10 examples of sensitive data found in Amazon Simple Storage Service (Amazon S3) by Amazon Macie. This new capability enables you to more easily view and understand which contents of an S3 objects were identified to be sensitive, so you can review, validate, and quickly take action as needed. All sensitive data examples captured with this new capability are encrypted using customer-managed AWS Key Management Service (AWS KMS) keys and are temporarily viewable within the Amazon Macie console after being retrieved.

Amazon RDS Proxy, a fully managed, highly available database proxy for Amazon Relational Database Service (RDS), now support for Amazon RDS for MariaDB databases running on major versions 10.3, 10.4, or 10.5. With Amazon RDS Proxy, customers can make applications more scalable, more resilient to database failures, and more secure.

AWS Wickr is an end-to-end encrypted enterprise communication service that allows secure collaboration across messaging, voice and video calling, file sharing, and screen sharing. The service is now in preview. AWS Wickr helps organizations address evolving threats and regulations by combining security and administrative features designed to safeguard sensitive communications, enforce information governance policies, and retain information as required. Encryption takes place locally, on the endpoint. Every call, message, and file is encrypted with a new random key, and no one but intended recipients—not even AWS—can decrypt them.

AWS Marketplace Vendor Insights helps streamline the complex third-party software risk assessment process by enabling sellers to make security and compliance information available through AWS Marketplace. A unified web-based dashboard gives governance, risk, and compliance (GRC) teams access to security and compliance information, such as data privacy and residency, application security, and access control. The dashboard also provides evidence backed by AWS Config and AWS Audit Manager assessments, external audit reports (such as ISO 27001 and SOC2 Type 2), and software vendor self-assessments. Vendor Insights serves buyers who need help to efficiently validate that third-party software meets their business compliance needs. Vendor Insights also serves sellers who want to showcase their strong security posture, while reducing the operational burden from responding to buyer requests for risk assessment information.

AWS WAF now supports setting sensitivity levels for SQL injection (SQLi) rule statements, giving you greater control over how AWS WAF evaluates requests to your applications for SQLi attacks.

AWS Single Sign-On (AWS SSO) is now AWS IAM Identity Center. It is where you create, or connect, your workforce users once and centrally manage their access to multiple AWS accounts and applications. You can create user identities directly in IAM Identity Center, or you can connect your existing identity source, including Microsoft Active Directory and standards-based identity providers, such as Okta Universal Directory or Azure AD. You can choose to manage access just to AWS accounts, just to cloud applications, or to both. Your users can utilize their existing credentials for one-click access to their assigned AWS accounts, AWS applications, like Amazon SageMaker Studio, and other standards-based cloud applications, like Salesforce, Box, and Microsoft 365.

Today, we are making it easier for customers to view and update primary contact information on their AWS accounts using the AWS Command Line Interface (CLI) and AWS SDK. We previously released the Accounts SDK that enables customers to programmatically manage billing, operations, and security contacts for their accounts. Starting today, customers can use the same SDK to additionally update their primary contact information saving them the time and effort of doing it through the management console.

Amazon Relational Database Service (Amazon RDS) for MariaDB now supports R5b database (DB) instances. R5b DB instances support up to 3x the I/O operations per second (IOPS) and 3x the bandwidth on Amazon Elastic Block Store (Amazon EBS) compared to the x86-based memory-optimized R5 DB instances. R5b DB instances are a great choice for IO-intensive DB workloads.

Amazon DocumentDB (with MongoDB compatibility) now allows you to create clones to enable fast creation of a new cluster that uses the same DocumentDB cluster volume and has the same data as the original.

AWS Fault Injection Simulator (FIS) now supports ChaosMesh and Litmus experiments for containerized applications running on Amazon Elastic Kubernetes Service (EKS). Using the new Kubernetes custom resource action for AWS FIS, you can control ChaosMesh and Litmus chaos experiments from within an AWS FIS experiment, enabling you to coordinate fault injection workflows among multiple tools. For example, you can run a stress test on a pod’s CPU using ChaosMesh or Litmus faults while terminating a randomly selected percentage of cluster nodes using AWS FIS fault actions.

AWS Backup Audit Manager now allows you to audit and report on the compliance of your data protection policies for Amazon FSx for NetApp ONTAP. Using AWS Backup Audit Manager, you can now continuously evaluate the data protection activity of your Amazon FSx for NetApp ONTAP resources and generate audit reports that can help you demonstrate compliance with organizational best practices or regulatory standards.

AWS Lambda announces support for lambda:SourceFunctionArn. A new IAM condition key that can be used for IAM policy conditions that specify the ARN of the function from which a request is made. Starting today, when a function is invoked, Lambda will automatically add the new lambda:SourceFunctionArn condition key to the request context of all AWS API calls made by function code. You can use the Condition element in your IAM policy to compare the lambda:SourceFunctionArn condition key in the request context with values that you specify in your policy.

You can now use the ‘Verified Provider’ label on the EC2 Console to pick public Amazon Machine Images (AMIs) that are owned by Amazon verified accounts. Previously, customers would need to check the owner IDs of AMIs that were publicly shared to identify the source of the AMI. IDs of verified sources were not always easily available. The new label on the console helps you easily identify trusted sources for publicly-shared AMIs. These trusted sources can be Amazon and its partners or AMI providers from AWS Marketplace.

We are excited to announce the new Organization page in AWS Control Tower with a hierarchical view of all Organizational units (OUs) and accounts. Customers now have the ability to view, group, and manage their entire organizational structure through a single page.

The Amazon Relational Database Service (Amazon RDS) Multi-AZ deployment option with one primary and two readable standby database (DB) instances across three Availability Zones (AZs) is now available in Asia Pacific (Sydney) Region. This deployment option give you up to 2x faster transaction commit latency, automated fail overs typically under 35 seconds, and readable standby instances.

We are excited to launch two new features that help enforce access controls with Amazon EMR on EC2 clusters (EMR Clusters). These features are supported with jobs that are submitted to the cluster using the EMR Steps API. First is Runtime Role with EMR Steps. A Runtime Role is an AWS Identity and Access Management (IAM) role that you associate with an EMR Step. An EMR Step uses this role to access AWS resources. The second is integration with AWS Lake Formation to apply table and column-level access controls for Apache Spark and Apache Hive jobs with EMR Steps.

Today, we are excited to announce that Amazon Fraud Detector (AFD) now supports Account Takeover Insights (ATI) model, a low-latency fraud detection machine learning (ML) model specifically designed to detect accounts that have been compromised through stolen credentials, phishing, social engineering, or other forms of account takeover. The ATI model is designed to detect up to 4 times more ATI fraud than traditional rules-based account takeover solutions while minimizing the level of friction for legitimate users.

Amazon Relational Database Service (Amazon RDS) Performance Insights is now available in the Asia Pacific (Jakarta) Region. Amazon RDS Performance Insights is a database performance tuning and monitoring feature of RDS and Aurora that helps you quickly assess the load on your database and determine when and where to take action.

Amazon Interactive Video Service (Amazon IVS) web broadcast SDK gives you the ability to capture live video from web browsers and send as an input to an Amazon IVS channel. You can include it on new and existing websites, with support for both desktop and mobile web browsers.

AWS Network Firewall now supports Amazon Virtual Private Cloud (VPC) prefix lists to simplify management of your firewall rules and policies across your VPCs. Prefix lists enable you to group one or more CIDR blocks into a single object. You can group IP addresses that you frequently use in a prefix list, and reference this list in AWS Network Firewall rule groups. Previously you needed to update individual firewall rules when scaling your network to add new IP addresses, which can be time-consuming and error-prone. Now you can update the relevant prefix list and all AWS Network Firewall rule groups that reference the prefix list are automatically updated. As you scale your network, you can use prefix lists to simplify management of your firewall rule groups and policies across multiple VPCs and accounts in the same AWS Region. You can use AWS-managed prefix lists or you can create and manage your own prefix lists.

Amazon Athena users can now analyze and tune their queries using interactive, visual tools. Optimizing queries and debugging failures are challenging tasks that often require knowledge of query behavior and a careful approach to tuning query logic. With today’s launch, you can now use the Athena console to analyze your queries with tools that make it simpler to debug errors and improve performance.

Starting today, Amazon EC2 C6i, M6i and R6i instances are available in the Europe (Stockholm, Milan), and Asia Pacific (Hong Kong). Additionally, the Amazon EC2 C6i and M6i instances are now available in Middle East (Bahrain) and R6i instance is now available in Europe (Frankfurt). These instances are powered by 3rd Gen Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz, offering up to 15% better compute price performance over comparable Gen5 instances for a wide variety of workloads, and always-on memory encryption using Intel Total Memory Encryption (TME).

AWS Transfer Family customers can now use ED25519 and ECDSA keys to authenticate users connecting to an AWS Transfer Family server. Previously, Transfer Family only supported RSA keys for user authentication.

The AWS IoT Device Client is a free, open-source, and modular device-side reference implementation written in C++ that you can compile and install on IoT devices. It allows device developers to access AWS IoT Core, AWS IoT Device Management, and AWS IoT Device Defender features with minimal device side code. The Device Client works on devices with common microprocessors (x86_64 and ARM architectures), and common Embedded Linux software environments (e.g. Debian, Ubuntu, and RHEL).

AWS Managed Services (AMS) Accelerate Operations Plan is now available in Asia Pacific (Hong Kong) and Middle East (Bahrain) Regions. AMS helps you operate AWS efficiently and securely. It provides proactive, preventative, and detective capabilities that raise the operational bar and help reduce risk without constraining agility, allowing you to focus on innovation. AMS extends your team with operational capabilities including monitoring, incident detection and management, security, patch, backup, and cost optimization.

AWS IoT Device Management Fleet Indexing now provides integration with two additional data sources, AWS IoT Core named shadows and AWS IoT Device Defender detect violations. Customers can now select specific named shadows to index only the data that is required for search queries. Also, detected violations can be indexed to target devices for troubleshooting or monitor the fleet-level anomalies trends with Fleet Metrics. These two additional data sources will help IoT customers who store IoT fleet data across different services and systems and regularly access the data for fleet monitoring, health checks, over-the-air (OTA) updates, and troubleshooting. With this release, supported data sources for Fleet Indexing increased to 5 from 3 (AWS IoT Core registry, shadows, and connectivity lifecycle events).

Changes to AWS CloudFormation-based stacks and resources are now available as event notifications in Amazon EventBridge. Customers can use these event notifications to build and scale loosely-coupled event-driven applications. With this feature, customers can trigger actions in real-time after they create, update, or delete either their CloudFormation stacks or resources in their CloudFormation stacks without having to write single-use custom code or develop new software.

AWS Backup now allows you to protect your Amazon Relational Database Service (Amazon RDS) Multi-AZ clusters with two readable standbys. Amazon RDS Multi-AZ clusters with one primary and two readable standby database (DB) instances across three Availability Zones (AZs) is designed to provide you up to 2x faster transaction commit latency, automated failovers, and readable standby instances. Now, all of the data protection capabilities in AWS Backup including automated lifecycle management, separate backup access policies, immutable backups with AWS Backup Vault Lock, and compliance monitoring with AWS Backup Audit Manager are available for Amazon RDS Multi-AZ clusters.

AWS Snowball Edge (SBE) Storage Optimized devices now support high performance Network File System (NFS) data-transfer operations in the AWS GovCloud (US) Regions. With this launch, AWS GovCloud (US) customers can now transfer up to 80-TBs of data onto Snowball Edge Storage Optimized devices through file or object interfaces. The file interface exposes a Network File System (NFS) mount point for each Amazon S3 bucket on your AWS Snowball Edge Storage Optimized device. After mounting the file share, you can drag and drop files from your computer into S3 buckets on the Snowball Edge device.

re:Post now expands the capability for experts community members to share technical guidance and knowledge beyond answering questions through the Articles feature. Using this feature, community members can share best practices, troubleshooting processes, and address customer needs around AWS technology in greater depth. The Articles feature is unlocked for community members who have achieved Rising Star status on re:Post or subject matter experts who built their reputation in the community based on their contributions and certifications. Every article published on re:Post contributes to the growth of AWS public knowledge, improving self-service guidance for all customers and helps accelerate their cloud journey.

Auto Scaling in AWS Glue Streaming ETL is now generally available. AWS Glue Streaming ETL jobs can now dynamically scale resources up and down based on the input stream. Auto Scaling helps customers reduce the cost and manual effort required to optimize resources by allocating the right resources necessary for Streaming ETL jobs.

Today, AWS Marketplace announced that Independent Software Vendors (ISVs) can now add a reseller contract and leverage standard Reseller Contract for AWS Marketplace (RCMP) template when authorizing channel partners to resell ISV products to AWS Marketplace buyers. This launch will help reduce redundancy in legal contract reviews when the two parties (ISVs and channel partners/consulting partners) onboard with each other. ISVs and channel partners can now further optimize their resell operations with this self-service feature of reseller contracts that defines a Consulting Partner Private Offer (CPPO) transaction.

The AI Use Case Explorer is a business outcome centric web search tool that enables users to easily find the right artificial intelligence (AI) use cases, discover relevant customer success stories, and mobilize their teams towards AI deployments. The user friendly tool takes business problem descriptions as inputs and provides relevant, practical use cases and success stories as outputs.

AWS Lambda announces support for attribute-based access control (ABAC) for API actions that use Lambda function as the required resource. ABAC is an authorization strategy that defines access permissions based on tags which can be attached to IAM resources, such as IAM users and roles, and to AWS resources, like Lambda functions, to simplify permission management.

AWS CodeBuild’s support for Arm using Graviton2 is now available in: South America (São Paulo) and Europe (Stockholm).

On July 19th, 2022 Amazon announced quarterly security and critical updates for Amazon Corretto Long-Term Supported (LTS) versions of OpenJDK. Corretto 18.0.2, 17.0.4, 11.0.16, 8u342 are now available for download. Amazon Corretto is a no-cost, multi-platform, production-ready distribution of OpenJDK.

Amazon Braket, the quantum computing service from AWS, makes it easier for customers to conduct scientific research and software development with quantum computers. Today, we are excited to announce the launch of a new cost tracking function in our Braket SDK, providing customers the ability to monitor their quantum computing costs more easily and quickly. Rather than waiting for an AWS bill, by adding only a few lines of code, estimated costs are now available immediately after each quantum task is processed, either on a quantum processing unit (QPU) or on-demand simulator.

Today, we’re excited to announce Cloudscape Design System, an open source solution for building intuitive, engaging, and inclusive user experiences at scale. Cloudscape consists of an extensive set of guidelines to create web applications, along with the design resources and front-end components to streamline implementation.

Amazon QuickSight now supports Bookmarks in dashboards. Bookmarks allow QuickSight readers to save customized dashboard preferences into a list of Bookmarks for easy one-click access to specific views of the dashboard without having to manually make multiple filter and parameter changes every time. Combined with QuickSight’s “Share this view” functionality, readers can also now share their Bookmark views with other readers for easy collaboration and discussion. Bookmarks are available to all users of the QuickSight console interface. For further details, visit here.

AWS announces the general availability of Amazon EC2 R6a instances. Designed for memory-intensive workloads, R6a instances are built on the AWS Nitro System, which delivers almost all the compute and memory resources of the host hardware to your instances. R6a instances are powered by third-generation AMD EPYC processors with an all-core turbo frequency of up to 3.6 GHz. These memory-optimized instances, which are SAP certified, deliver up to 35% better compute price performance compared to R5a instances for a wide variety of workloads and offer 10% lower cost than comparable x86-based EC2 instances.

You can now use AWS PrivateLink to privately access the AWS Migration Hub Refactor Spaces APIs from your virtual private cloud (Amazon VPC). AWS PrivateLink provides private connectivity between VPCs, AWS services, and your on-premises networks. Starting today, you can manage your Refactor Spaces resources using AWS PrivateLink and meet your organization’s security and compliance requirements. To use AWS PrivateLink, create an interface VPC endpoint for Refactor Spaces in your VPC using the Amazon VPC console, SDK, or CLI. You can also access the VPC endpoint from on-premises environments or from other VPCs using AWS VPN, AWS Direct Connect, or VPC Peering.

AWS Single Sign-On (AWS SSO) now supports AWS Identity and Access Management (IAM) customer managed policies (CMPs) and permission boundary policies within AWS SSO permission sets. The new capability helps AWS SSO customers to improve their security posture by creating larger and finer-grained policies for least privilege access and by tailoring policies to reference the resources of the account to which they are applied. Using CMPs, AWS SSO customers can maintain the consistency of policies, as CMP changes apply automatically to all permission sets and roles that use the CMP. This enables customers to govern their CMPs and permissions boundaries centrally, and allows auditors to find, monitor, and review them. Customers, who have existing CMPs for roles they manage in AWS IAM, can reuse their CMPs without the need to create, review, and approve new in-line policies for permission sets.

The Amazon Redshift ODBC driver is now open source and available for the user community under the Apache-2.0 license. With this release, customers will gain enhanced visibility to the driver implementation and can contribute to its development. Users can browse the code for the ODBC driver on the relevant AWS GitHub repository, submit driver functionality enhancements through Github pull requests, and report issues for review.

As your application needs change, Amazon EBS Elastic Volumes allows you to easily increase capacity, tune performance, and change the type of Amazon EBS volumes. Customers are using EBS Elastic Volumes to migrate to gp3 volumes and save up to 20% per GB compared to gp2 volumes.

Porting Assistant for .NET now supports assessment and porting of legacy .NET Framework applications written in VB.NET language. With this release, Porting Assistant will translate VB.NET class libraries, web APIs, and console applications to .NET Core 3.1, .NET 5, or .NET 6 to simplify the modernization of legacy .NET Framework applications written in VB.NET . Developers can use the Porting Assistant for .NET standalone tool or Porting Assistant for .NET Visual Studio IDE extension to modernize their legacy VB.NET applications. Support for VB.NET is added in addition to existing support for assessment and porting of C# based .NET Framework applications.

Amazon WorkSpaces Web is now generally available in AWS Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Tokyo) Regions. Creating a WorkSpaces Web portal in a local region provides a more responsive experience for users when streaming web content. It also enables customers to meet local data residency obligations. WorkSpaces Web is now available in a total of 7 regions.

Amazon Timestream will no longer charge customers for the dimension names and measure names associated with ingesting, storing, and querying data written after July 8, 2022 00:00 UTC. Dimension names and measure names are metadata that is used to identify time series data. With this change, Amazon Timestream provides customers increased flexibility in dimension and measure naming, as well as improved cost-effectiveness of the service. Amazon Timestream will continue to charge for ingesting, storing, and querying the dimension values, measure values, and timestamps associated with time series data. To learn more about costs while using Amazon Timestream, visit our pricing page.

AWS Glue launches G.025X, a new quarter DPU worker type for streaming extract, transform, and load (ETL) jobs. This smaller worker type is suitable to process low volume and sporadic data streams.

We are excited to announce the general availability of AWS Lambda Powertools for TypeScript, an open-source developer library to help you incorporate Well-Architected Serverless best practices into your Lambda function code as early and as fast as possible.

Amazon SageMaker Automatic Model Tuning enables you to find the most accurate version of a machine learning (ML) model by finding the optimal set of hyperparameter configurations for your dataset. SageMaker Automatic Model Tuning now supports increased limits for two service quotas, with up to 50% higher number of total training jobs that can be run per tuning job and maximum number of hyperparameters that can be searched per tuning job.

Amazon Aurora now supports R6i instances powered by 3rd generation Intel Xeon Scalable processors. R6i instances are the 6th generation of Amazon EC2 memory optimized instances, designed for memory-intensive workloads. These instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances. R6i instances are currently available when using Amazon Aurora PostgreSQL-Compatible Edition.

Amazon SageMaker expands access to new ML instances so customers can deploy models on the best instance for their workloads. Now, customers can use ml.g5, ml.p4d, and ml.c6i instances for Asynchronous and Real-time model deployment options.

Starting today, you can use Amazon Route 53 Resolver DNS Firewall in the Asia Pacific (Jakarta) Region.

Amazon Connect Customer Profiles now provides a JavaScript library (CustomerProfilesJS) to integrate Customer Profiles into your homegrown or third-party agent application, equipping your contact center agents with the customer information they need to provide more personalized customer service. Amazon Connect Customer Profiles makes it easier for you to provide agents with quick access to unified customer data by combining contact history from Amazon Connect with data from disparate third-party applications (e.g., CRMs) and homegrown systems, leveraging machine learning based identity resolution to create a single, unified profile for each of your customers. 

Starting today, Amazon VPC Flow Logs adds support for Transit Gateway. With this feature, Transit Gateway can export detailed telemetry information such as source/destination IP addresses, ports, protocol, traffic counters, timestamps and various metadata for all of its network flows. This feature provides you with an AWS native tool to centrally export and inspect flow-level telemetry for all network traffic that is traversing between Amazon VPCs and your on-premises networks via your Transit Gateway.

AWS announces AWS AppConfig Extensions, a new capability that allows customers to enhance and extend the capabilities of feature flags and dynamic runtime configuration data. AWS AppConfig, a capability of AWS Systems Manager, allows customers to configure, validate, and deploy configuration data to more safely and quickly update application behavior. The AppConfig Extensions framework exposes action points along the lifecycle of feature flags and configuration data; customers can hook new functionality onto each action point. Action points are exposed during the creation, validation, deployment, and rollback of feature flag and configuration data.

Amazon Redshift has improved the performance of Redshift’s classic resize feature and increased the flexibility of the cluster snapshot restore operation. Redshift classic resize is used to resize a cluster in scenarios where you need to change the instance type or transition to a configuration that cannot be supported by elastic resize. Previously, this can take the cluster offline for many hours during resize, but now the cluster can typically be available to process queries in minutes. Clusters can also be resized when restoring from a snapshot and in those cases there could be restrictions.

AWS Firewall Manager now enables you to centrally deploy AWS Network Firewalls with additional strict rule order, default deny, and default drop configurations.

Effective July 31, 2022, Amazon QuickSight is ending support for IE11. After that date, we can no longer guarantee that the features and webpages of Amazon QuickSight will function properly on IE 11. We recommend customers use one of our supported browsers: Microsoft Edge (Chromium), Google Chrome, or Mozilla Firefox.

AWS Fault Injection Simulator (FIS) is now available in the AWS GovCloud (US-East and US-West) Regions. The expansion of AWS FIS into the AWS GovCloud (US) Regions allows US government agencies and contractors to create and run fault injection experiments that reveal how their applications respond to stress under real world conditions.

Amazon Redshift announces GA of Automated Materialized View (AutoMV) that helps you to lower query latency for repeatable workloads. AutoMV minimizes your effort for manually creating and managing materialized views and provides you the same performance benefits of user-created materialized views. Dashboard queries used to provide quick views of key performance indicators (KPIs), events, trends, and other metrics are some examples of workloads that can benefit from AutoMV. Reporting queries scheduled at various frequencies may also benefit from AutoMV.

Amazon Redshift now supports Row-Level Security (RLS), a new enhancement that simplifies design and implementation of fine-grained access to the rows in tables. With RLS, you can restrict access to a subset of rows within a table based on the users’ job role or permissions and level of data sensitivity with SQL commands. By combining column-level access control and RLS, Amazon Redshift customers can provide comprehensive protection by enforcing granular access to their data.

Today, we are announcing the general availability of a new feature, Log Anomaly Detection and Recommendations for Amazon DevOps Guru. As part of this feature, DevOps Guru will ingest Amazon CloudWatch Logs for AWS resources that make up your application, with Lambda being first. Logs will provide new enrichment data in an insight to enable more accurate understanding of the root cause behind an application issue, and provide more precise remediation steps.

Today, AWS announced the general availability of AWS Cloud WAN, a wide area networking (WAN) service that helps you build, manage, and monitor a unified global network. The service manages traffic running between your AWS resources and your on-premises environments.

Amazon Redshift Serverless, which allows you to run and scale analytics without having to provision and manage data warehouse clusters, is now generally available. With Amazon Redshift Serverless, all users—including data analysts, developers, and data scientists—can now use Amazon Redshift to get insights from data in seconds. Amazon Redshift Serverless automatically provisions and intelligently scales data warehouse capacity to deliver high performance for all your analytics. You only pay for the compute used for the duration of the workloads on a per-second basis. You can benefit from this simplicity without making any changes to your existing analytics and business intelligence applications.

Amazon Nimble Studio now allows you to attach AWS Identity Access Management (IAM) roles to be attached to Nimble Studio components (including custom configurations), giving workstations access to AWS services, such as Amazon Simple Storage Service (S3) and Amazon FSx, without manual credential management. Now you can manage permissions for every AWS service across all workstations in your studio.

AWS Firewall Manager now supports centrally distributing VPC security group tags when creating a common security group policy.

re:Post has launched a new functionality for community members to add a profile picture or avatar to their account. re:Post members will now be able to better personalize their accounts by uploading a photo or image of their choice. The ability to add a profile image creates a visual identifier for the account and helps members form connections, build relationships, and foster learning in the community.

Today, Amazon Athena announced enhancements to its console and API which provide more flexibility when using parameterized queries. You can now run parameterized queries directly from the Athena console and an enhanced API that no longer requires you to prepare SQL statements in advance. With today’s launch, it is now easier than before to take advantage of the reusability, simplification, and security benefits of parameterized queries.

AWS Security Hub has added four new integration partners to help customers with their cloud security posture monitoring. Integrations from Lacework, Juniper Networks, SentinelOne, and K9 Security bring Security Hub to 79 integrations. Lacework sends findings from their Polygraph Data Platform (PDP) to Security Hub to help manage AWS posture and compliance events. Juniper Networks' vSRX Virtual Next Generation Firewall sends security events observed by the firewall to Security Hub. SentinelOne sends security findings, identified by SentinelOne endpoints running in your AWS environment, to Security Hub. K9 Security sends findings to Security Hub related to important access changes within your AWS Identity and Access Management (IAM) configuration.

The Amazon EMR runtime for Apache Spark is a performance optimized runtime environment for Apache Spark, available and turned on by default on Amazon EMR clusters 5.28 onward. Amazon EMR runtime for Spark is up to 3x faster with 100% API compatibility with open source Spark.

Amazon CloudFront now supports a maximum of 1024 characters across all header names in cache, origin request, and origin response policies. With 1024 characters, customers now have 512 extra characters to add header metadata to their policies.

Today, we’re pleased to announce that Amazon SageMaker Autopilot experiments run up to 2x faster to generate ML models with high model performance. Amazon SageMaker Autopilot is a low-code machine learning (ML) product that automatically builds, trains, and tunes the best ML models based on your data while allowing you to maintain full control and visibility. However, as dataset sizes grow, training and tuning models can become computationally expensive. 

Amazon SageMaker model training now supports heterogeneous clusters, which enables launching training jobs that use multiple instance types in a single job. This new capability can improve your training cost by running different parts of the model training on the most suitable instance type. For example, we recently trained a ResNet-50 computer vision model on a heterogeneous cluster with ml.g5.xl and ml.c5n.2xl instances. This training job resulted in 13% lower cost than training the same model on a cluster with only ml.g5.xl instances with the same accuracy.

Starting today, Amazon EC2 I4i Instances are available in additional Amazon Web Services (AWS) Regions - US West (N. California), Asia Pacific (Hong Kong, Singapore, Sydney, Tokyo), Canada (Central), Europe (Frankfurt, London, Paris). Designed for storage I/O intensive workloads, I4i instances are powered by 3rd generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz, offer up to 30% better compute price performance over I3 instances, and always-on memory encryption using Intel Total Memory Encryption (TME).

Amazon Relational Database Service (Amazon RDS) for MariaDB now supports MariaDB minor versions 10.6.8, 10.5.16, 10.4.25, 10.3.35 and 10.2.44. We recommend that you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of MariaDB, and, to benefit from the numerous bug fixes, performance improvements, and new functionality added by the MariaDB community.

Amazon Keyspaces (for Apache Cassandra) is a scalable, serverless, highly available, and fully managed Apache Cassandra-compatible database service.

EC2 Auto Scaling now publishes predictive scaling policy’s forecasts as a CloudWatch metric, enabling you to analyze, monitor, and set alarms on the accuracy of predictive scaling. Predictive Scaling is a scaling policy that proactively increases the capacity of your Auto Scaling group ahead of predicted demand, improving the availability of your application while reducing the need to stay overprovisioned that otherwise would have increased your EC2 bill. As predictive scaling only increases the capacity for your Auto Scaling groups, applying it to your current scaling configurations strictly enhances your application availability. However, an inaccurate prediction can potentially increase your cost. Now, you can use the extensive list of CloudWatch features to measure accuracy of predictions, view forecasts using the familiar CloudWatch graphs, and also set automatic alarms and notifications when predictions are above your desired levels.

Today, AWS announced the general availability of a new feature of AWS IoT Core that simplifies the registration of certificate authorities (CAs) necessary for device provisioning and makes it easier to move devices between customers' multiple AWS accounts within the same AWS region and between different regions. This reduces the complexity of registering devices to AWS IoT Core and helps customers accelerate the development lifecycle for their IoT implementations when using AWS IoT Core Just-in-Time Provisioning (JITP) and Just-in-Time Registration (JITR) device provisioning methods of AWS IoT Core.

AWS CloudFormation has expanded the availability of StackSets to the AWS Asia Pacific (Jakarta) Region. StackSets allows you to provision and manage deployment of cloud resources to multiple AWS accounts and Regions in a single operation. StackSets is integrated with AWS Organizations, so you can take advantage of automatic deployments whenever an AWS account enters an organization.

Amazon Elastic Compute Cloud (Amazon EC2) M1 Mac instances are now generally available (GA). Built on Apple Silicon Mac mini computers and powered by the AWS Nitro System, Amazon EC2 M1 Mac instances deliver up to 60% better price performance over x86-based EC2 Mac instances for building and testing iOS and macOS applications. You still enjoy the same elasticity, scalability, and reliability that the secure, on-demand AWS infrastructure has offered to millions of customers for more than a decade. EC2 M1 Mac instances also enable native Arm64 macOS environments for the first time on AWS to develop, build, test, deploy, and run applications for Apple devices. As a developer who is rearchitecting your macOS applications to natively support Apple Silicon Macs, you can now provision Arm64 macOS environments within minutes, dynamically scale capacity as needed, and benefit from pay-as-you-go pricing to enjoy faster builds and convenient distributed testing. To learn more or get started, see Amazon EC2 Mac Instances.

AWS CloudFormation StackSets launched a new feature that allows you to deploy stack sets to selected AWS accounts in an Organizational Unit (OU) in a single operation. You can use this feature to target or skip stack sets deployment to AWS accounts within an OU. For example, you can use this feature to skip deployment of an AWS Config policy in AWS accounts that already have the policy within an OU. In a few clicks, you can re-deploy stack sets to those AWS accounts in which the earlier stack sets deployment had failed. Similarly, you can skip stack set deployment to suspended AWS accounts in an OU.

Amazon QuickSight now supports APIs for QuickSight account creation. Administrators and developers can automate deployment of QuickSight accounts in their organization at scale. You can now programmatically create accounts with QuickSight Enterprise and Enterprise + Q editions. For more information, visit here.

Amazon SageMaker Feature Store is a fully managed, purpose-built repository to store, update, search, and share machine learning (ML) features. The service provides feature management capabilities such as enabling easy feature reuse, low latency serving, time travel, and ensuring consistency between features used in training and inference workflows. A feature group is a logical grouping of ML features whose organization and structure is defined by a feature group schema. Until today, the features in a feature group were defined at the time of feature group creation, and the feature group schema was immutable.

Amazon SageMaker Feature Store is a fully managed,  purpose-built repository to store, update, search, and share machine learning (ML) features. The service provides feature management capabilities such as enabling easy feature reuse, low latency serving, time travel, and ensuring consistency between features used in training and inference. Until today, SageMaker Feature Store monitoring was limited to consumed read and write units, which gave a limited view of the operational efficiency of the feature store.

AWS Security Hub has released 36 new controls for its Foundational Security Best Practice standard (FSBP) to enhance your Cloud Security Posture Management (CSPM). These controls conduct fully-automatic checks against security best practices for AWS Auto Scaling, AWS CloudFormation, Amazon CloudFront, Amazon Elastic Compute Cloud (EC2), Amazon Elastic Container Registry (ECR), Amazon Elastic Container Service (ECS), Amazon Elastic File System (EFS), Amazon Elastic Kubernetes Service (EKS), Elastic Load Balancing (ELB), Amazon Kinesis, AWS Network Firewall, Amazon OpenSearch Service, Amazon Redshift, Amazon Simple Storage Service (S3), Amazon Simple Notification Service (SNS), and AWS WAF. If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these controls are enabled for you by default. Security Hub now supports 223 security controls to automatically check your security posture in AWS.

We are happy to announce the general availability of the new streamlined deployment experience for .NET applications. With sensible defaults for all deployment settings, you can now get your .NET application up and running in just one click, or with a few easy steps - without needing deep expertise in AWS. You will receive recommendations on the optimal compute for your application, giving you more confidence in your initial deployments. You can find it in the AWS Toolkit for Visual Studio using the new “Publish to AWS” wizard. It is also available via the .NET CLI by installing AWS Deploy Tool for .NET.

Key capabilities:

• Compute recommendations - get the compute recommendations and learn which AWS compute is best suited for your application.
• Dockerfile generation – the Dockerfile will be auto-generated if required by your chosen AWS compute.
• Auto packaging and deployment – your application will be built and packaged as required by the chosen AWS compute. The tooling will provision the necessary infrastructure and deploy your application using AWS CDK.
  
• Repeatable and shareable deployments – you can generate well organized and documented AWS CDK deployment projects and start modifying them to fit your specific use-case. Then version control them and share with your team for repeatable deployments.
• CI/CD integration – turn off the interactive features and use different deployment settings to push the same application bundle to different environments.
• Help with learning AWS CDK for .NET! – gradually learn the underlying AWS tools that it is built on, such as the AWS CDK.

Amazon GuardDuty has incorporated new machine learning techniques that are highly effective at detecting anomalous access to data stored in Amazon Simple Storage Service (Amazon S3) buckets. This new capability continuously models S3 data plane API invocations (e.g. GET, PUT, and DELETE) within an account, incorporating probabilistic predictions to more accurately alert on highly suspicious user access to data stored in S3 buckets, such as requests coming from an unusual geo-location, or unusually high volumes of API calls consistent with attempts to exfiltrate data. The new machine learning approach can more accurately identify malicious activity associated with known attack tactics, including data discovery, tampering, and exfiltration. The new threat detections are available for all existing Amazon GuardDuty customers that have GuardDuty S3 Protection enabled, with no action required and at no additional costs. If you are not using GuardDuty yet, S3 protection will be on by default when you enable the service. If you are using GuardDuty, and are yet to enable S3 Protection, you can enable this capability organization-wide with one-click in the GuardDuty console or through the API.

Amazon SageMaker Feature Store is a fully managed, purpose-built repository to store, update, search, and share machine learning (ML) features. The service provides feature management capabilities such as enabling easy feature reuse, low latency serving, time travel, and ensuring consistency between features used in training and inference workflows. A feature group is a logical grouping of ML features whose organization and structure is defined by a feature group schema. Until today, customers could add metadata tags only to feature groups which in turn enabled easy search and discovery of a feature group. To search for a specific feature however was more complicated. Customers needed to know which feature group the feature belongs and then scan for the relevant feature in the feature group, leading to additional overhead while searching for features..

Amazon Relational Database Service (Amazon RDS) Performance Insights now allows you to choose retention periods for your performance history that range from one month up to 24 months. You can also use the RDS Performance Insights free tier, which includes seven days of performance data history and one million API requests per month. We have also adjusted the pricing model, resulting in reduced pricing of 24-month retention for most instance types.

Amazon Location Service now supports quota management. Developers can create Amazon CloudWatch alarms that notify them when their usage of any API is close to their quota limit for that API. These alarms help developers ensure operational continuity, prevent service throttling, and protect from unintentional spend. Additionally, developers can use AWS Service Quotas to view, manage, and request quota increases, all in one user interface. For example, an eCommerce website can create a CloudWatch alarm to get notified when they have reached 80% usage on each of the Amazon Location APIs. When the alarm is initiated, they can request a quota increase to help scale their workloads, prevent their website from experiencing outages, and prevent a poor customer shopping experience.

Amazon OpenSearch Service now allows users to view default quota and applied quota information through Service Quotas. Quotas, also referred to as limits in AWS services, are the maximum values for the resources, actions, and items in your AWS account. Each AWS service defines its quotas and establishes default values for those quotas. Depending on your business needs, you might need to increase your service quota values. Service Quotas enables you to look up your service quotas and to request quota increase. AWS Support might approve, deny, or partially approve your requests.

AWS Identity and Access Management (IAM) now enables workloads that run outside of AWS to access AWS resources using IAM Roles Anywhere. IAM Roles Anywhere allows your workloads such as servers, containers, and applications to use X.509 digital certificates to obtain temporary AWS credentials and use the same IAM roles and policies that you have configured for your AWS workloads to access AWS resources.

AWS IoT Greengrass is an Internet of Things (IoT) edge runtime and cloud service that helps customers build, deploy, and manage device software. We are excited to announce our version 2.6 release, which adds edge support for MQTT version 5, an updated device-to-device communication specification that includes many additional feature improvements over the MQTT version 3.1.1 protocol.

AWS Outposts rack can now be shipped and installed at your data center and on-premises locations in Panama.

Today, AWS announced the ability to toggle routes on and off when using AWS Migration Hub Refactor Spaces. This feature lets customers create inactive routes which can be activated after creation once the route’s targeted service is ready to receive traffic. Customers can use route toggling to fine-tune their routing approach and deliver just-in-time route changes as applications are incrementally refactored.

AWS Launch Wizard now allows you to deploy SAP HANA in a scale-out architecture using Amazon EC2 x2idn and r6i instances. Customers can deploy up to 16 nodes (1 primary node and 15 secondary nodes) using these instance types.

AWS Database Migration Service (AWS DMS) now supports IBM Db2 z/OS as a source for the full load operational mode. Using AWS Schema Conversion Tool (SCT), you can convert schemas and code objects from IBM DB2 z/OS to Aurora MySQL, Aurora PostgreSQL, MySQL and PostgreSQL targets. Once you have the schema and objects in a format compatible with target database you can utilize AWS DMS to migrate data from IBM DB2 running on the z/OS operating system to any AWS DMS supported targets.

Amazon WorkMail now supports invoking AWS Lambda for user availability, through Custom Availability Provider Lambda (CAP Lambda). CAP Lambda are a new way for WorkMail to get availability information from external availability sources. A customer can use these CAP Lambda to give WorkMail access to availability information for users on other calendaring providers they own, even if their endpoints are private, or if they do not have an Exchange Web Services (EWS) endpoint.

AWS Database Migration Service (AWS DMS) has expanded functionality by adding support for Babelfish for Aurora PostgreSQL as a target. Babelfish for Aurora PostgreSQL is a new translation layer for Amazon Aurora PostgreSQL-Compatible Edition that enables Aurora to understand commands from applications written for Microsoft SQL Server. Using AWS DMS, you can now perform full load migrations to Babelfish for Aurora PostgreSQL with minimal downtime.