AWS Recent Announcements

AWS Payment Cryptography has expanded its global presence with availability in South America (São Paulo). This expansion enables customers with latency-sensitive payment applications to build, deploy or migrate into additional AWS Regions without depending on cross-region support. AWS Payment Cryptography is a fully managed service that simplifies payment-specific cryptographic operations and key management for cloud-hosted payment applications. The service scales elastically with your business needs and is assessed as compliant with PCI PIN and PCI P2PE requirements, eliminating the need to maintain dedicated payment HSM instances. Organizations performing payment functions – including acquirers, payment facilitators, networks, switches, processors, and banks can now position their payment cryptographic operations closer to their applications while reducing dependencies on auxiliary data centers with dedicated payment HSMs. AWS Payment Cryptography is available in the following AWS Regions: Canada (Montreal), US East (Ohio, N. Virginia), US West (Oregon), Europe (Ireland, Frankfurt, London, Paris), South America (São Paulo), Africa (Cape Town) and Asia Pacific (Singapore, Tokyo, Osaka, Mumbai, Hyderabad). To start using the service, please download the latest AWS CLI/SDK and see the AWS Payment Cryptography user guide for more information.

Quick Sight in Amazon Quick now supports sheet tooltips, enabling authors to surface rich, contextual detail when viewers hover over data points — without disrupting their analysis flow. Sheet tooltips allow authors to create dedicated tooltip sheets containing visuals, text boxes, and images arranged in a free-form layout. When a viewer hovers over a data point, the tooltip sheet automatically inherits all filters from the source visual and applies an additional filter for the specific data point, delivering an instant, focused breakdown. This enhancement helps organizations build more intuitive dashboards that reduce the need for multiple sheets or manual navigation. For example, a bar chart showing sales by product category can surface a trend line of monthly sales, a year-over-year growth KPI, and a text box with the category name — all filtered to whichever category the viewer hovers over. Authors can assign one tooltip sheet to multiple visuals, switch between basic, detailed, and sheet tooltip types at any time, and tables and pivot tables are also supported. Sheet tooltips are available on interactive sheets only. This feature is now available in all Amazon Quick regions where Quick Sight is supported. Learn more about how to use sheet tooltips in Amazon Quick and read more about this new feature in our blog post.

Starting today, Amazon Elastic Cloud Compute (Amazon EC2) P6-B300 instances are available in the AWS GovCloud (US-East) Region. P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory. P6-B300 instances deliver 2x networking bandwidth, 1.5x GPU memory size, and 1.5x GPU TFLOPS (at FP4, without sparsity) compared to P6-B200 instances, making them well suited to train and deploy large trillion-parameter foundation models (FMs) and large language models (LLMs) with sophisticated techniques. The higher networking and larger memory deliver faster training times and more token throughput for AI workloads. P6-B300 instances are now available in p6-b300.48xlarge size in the following AWS Regions: US West (Oregon) and AWS GovCloud (US-East). To learn more about P6-B300 instances, visit Amazon EC2 P6 instances.

AWS Transform is now available through two additional developer tools — including Kiro and VS Code. AWS Transform is an agentic migration and modernization factory designed to compress enterprise transformation timelines from years to months — handling everything from large-scale infrastructure migrations to continuous tech debt reduction, without the manual handoffs and lost context that commonly stall these programs.. With today’s launch, you can get started with AWS Transform custom transformations from wherever you already work: install the AWS Transform Power in Kiro, or install the AWS Transform extension in VS Code . AWS Transform custom transformations help you crush tech debt at scale — choose from AWS-managed transformations for common patterns like Java, Python, and Node.js version upgrades, AWS SDK migrations (boto2 to boto3, Java SDK v1 to v2, JS SDK v2 to v3), or define your own. These new surfaces make it easier to discover additional capabilities as they become available, build and iterate on your own custom transformations, and run any agent repeatedly or across thousands of repositories at once. The custom transformations are the first in a growing library of playbooks coming to developer tools, complementing the existing AWS Transform web console and CLI so you can start a job in your IDE, track progress in the web console, and finish transformations wherever it makes sense — with job state and context shared across every surface. AWS Transform supports deploying to all AWS commercial regions,and AWS Transform custom is available in US East (N. Virginia) and Europe (Frankfurt). To learn more, visit the AWS Transform product page and user guide.

AWS Secrets Manager now supports hybrid post-quantum key exchange using ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) to secure TLS connections for retrieving and managing secrets. This protection is automatically enabled in Secrets Manager Agent (version 2.0.0+), AWS Lambda Extension (version 19+), and Secrets Manager CSI Driver (version 2.0.0+). For SDK-based clients, hybrid post-quantum key exchange is available in supported AWS SDKs including Rust, Go, Node.js, Kotlin, Python (with OpenSSL 3.5+), and Java v2 (v2.35.11+). With this launch, your applications retrieve secrets over TLS connections that combine classical key exchange with post-quantum cryptography, helping protect against both traditional cryptographic attacks and future quantum computing threats known as “harvest now, decrypt later” (HNDL). No code changes, configuration updates, or migration effort are required for customers using the latest client versions except for Java v2. For example, a microservice requiring multiple secrets at startup can now retrieve them over quantum-resistant TLS connections by simply upgrading to the latest Secrets Manager Agent version. You can verify hybrid post-quantum key exchange is active by checking CloudTrail logs for the “X25519MLKEM768” key exchange algorithm in the tlsDetails field of GetSecretValue API calls. Hybrid post-quantum key exchange using ML-KEM for AWS Secrets Manager is available in all AWS Regions where AWS Secrets Manager is supported. To learn more, visit the AWS Secrets Manager documentation and the AWS Post-Quantum Cryptography migration page.

AWS announces general availability (GA) of AWS Interconnect – multicloud, providing simple, resilient, high-speed private connections to other cloud service providers (CSPs). With GA comes Google Cloud as the first launch partner, with Microsoft Azure and Oracle Cloud Infrastructure (OCI) coming later in 2026. Customers have been adopting multicloud strategies while migrating more applications to the cloud. They do so for many reasons including interoperability requirements, the freedom to choose technology that best suits their needs, and the ability to build and deploy applications on any environment with greater ease and speed. Previously, when interconnecting workloads across multiple cloud providers, customers had to go the route of a ‘do-it-yourself’ multicloud approach, leading to complexities of managing global multi-layered networks at scale. AWS Interconnect – multicloud is the first purpose-built product of its kind and a new way of how clouds connect and talk to each other. Simplifying connectivity into AWS, Interconnect – multicloud enables customers to quickly establish private, secure, high-speed network connections with dedicated bandwidth and built-in resiliency between their Amazon VPCs and other cloud environments. Interconnect – multicloud makes it easy to connect AWS resources or VPCs to other CSPs. Customers can also quickly scale connectivity to multiple VPCs or Regions via associating Interconnect with other networking services such as AWS Transit Gateway and AWS Cloud WAN, instead of taking weeks or months. Interconnect – multicloud introduces a new, single-fee pricing structure based on the customer’s selected bandwidth and the geographical scope of the connectivity to other CSPs. Customers can also use one free, local 500Mbps interconnect per Region starting in May. To learn more please see the Interconnect – multicloud Pricing documentation page. Interconnect – multicloud is available in five AWS Regions. You can enable this capability using the AWS Management Console, Command Line Interface (CLI), or API, and CSPs can also adopt via a published open API package on GitHub. For more information, see the AWS Interconnect – multicloud documentation and pricing pages.

Today, AWS announces increased Amazon Elastic Block Store (Amazon EBS) performance for Amazon EC2 C8gn, M8gn, and R8gn instances in 48xlarge and metal-48xl sizes. EC2 C8gn, M8gn, and R8gn instances are network optimized instances powered by AWS Graviton4 processors and latest 6th generation AWS Nitro Cards. With the latest enhancements to AWS Nitro System, we have doubled the maximum EBS performance on these instances in 48xlarge and metal-48xl sizes, from 60 Gbps of EBS bandwidth and 240,000 IOPS to 120 Gbps of EBS bandwidth and 480,000 IOPS. Customers running network-intensive workloads while requiring additional block storage performance such as data analytics and high-performance file systems can benefit from the improved EBS performance. All existing and new C8gn, M8gn, and R8gn instances in 48xlarge and metal-48xl sizes launched starting today will benefit from this performance increase at no additional cost. For running instances, customers can stop and start instances to enable this performance increase. The higher EBS performance is available in all AWS regions where these instance types are generally available today. To learn more, see Amazon C8gn, M8gn, and R8gn Instances and EBS-optimized instance types. 

NVIDIA’s Nemotron-3-Super-120B, Qwen3.5-9B, and Qwen3.5-27B models are now available on Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These three models bring specialized capabilities spanning agentic reasoning, multilingual coding, and advanced instruction following, enabling customers to deploy high-performance, scalable AI solutions on AWS infrastructure. These models address different enterprise AI challenges with specialized capabilities: Nemotron-3-Super-120B is optimized for collaborative agents and high-volume workloads such as IT ticket automation. It employs a hybrid Latent Mixture-of-Experts (LatentMoE) architecture with Mamba-2 and MoE layers, enabling strong agentic, reasoning, and conversational capabilities useful for multi-agent applications like software development and cybersecurity triaging. Qwen 3.5 9B excels in multilingual coding, instruction following, and long-horizon planning, automating software development workflows and executing complex, multi-step office tasks. Its compact design balances efficiency and performance for resource-constrained environments. Qwen 3.5 27B provides deeper contextual understanding, extended reasoning capabilities, and enhanced spatial/complex scenario comprehension, ideal for advanced multimodal reasoning and large-scale document processing. With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases. To get started with these models, navigate to the SageMaker JumpStart model catalog in the SageMaker console or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.

Amazon OpenSearch Serverless introduces support for Derived Source, a new feature that can help reduce the amount of storage required for your OpenSearch Service collections. With derived source support, you can skip storing source fields and dynamically derive them when required.  With Derived Source, OpenSearch Serverless reconstructs the _source field on the fly using the values already stored in the index, eliminating the need to maintain a separate copy of the original document. This can significantly reduce storage consumption, particularly for time-series and log analytics collections where documents contain many indexed fields. You can enable derived source at the index level when creating or updating index mappings. Derived Source support is available today in all AWS Regions where Amazon OpenSearch Serverless is supported. For more information, see the Amazon OpenSearch Serverless documentation.

Amazon Redshift further optimizes the processing of top-k queries (queries with ORDER BY and LIMIT clauses) by intelligently skipping irrelevant data blocks to return results faster, dramatically reducing the amount of data processed. This optimization reorders and efficiently adjusts the data blocks to be read based on the ORDER BY column’s min/max values, maintaining only the K most qualifying rows in memory. When the ORDER BY column is sorted or partially sorted, Amazon Redshift now processes only the minimal data blocks needed rather than scanning entire tables, eliminating unnecessary I/O and compute overhead. This enhancement particularly benefits top-k queries when the data permanently stores in descending order (ORDER BY … DESC LIMIT K) on large tables where qualifying rows are appended at the end of the data storage. Common examples include: Finding the k most recent orders from millions or billions of transactions Retrieving top-k best performing products or k worst performing products (top-k in descending order) from your sales catalog containing hundreds of thousands stock keeping units (SKUs) and millions or billions of sales transactions associated with all product SKUs in your sales catalog Finding the top-k most recent or top-k oldest (top k in descending order) prompts inferred by a foundational large language model (LLM) out of billions of prompts. With this new optimization, top-k query performance improves dramatically. This optimization for top-k queries is now available in Amazon Redshift at no additional cost starting with patch release P199 across all AWS regions where Amazon Redshift is available. This optimization automatically applies to eligible queries without requiring any query rewrites or configuration changes.

Amazon Quick now supports document-level access controls (ACLs) for Google Drive knowledge bases, enabling organizations to maintain native Google Drive permissions when indexing content. Quick combines ACL replication for efficient pre-retrieval filtering with an additional layer of real-time permission checks directly with Google Drive at query time. This dual approach means you get the performance benefits of indexed ACLs while also guarding against stale or incorrectly mapped permission data. When a user submits a query, Quick verifies their current permissions with Google Drive before generating a response—ensuring answers are based on live access rights. With document-level access controls, Amazon Quick now respects individual file and folder permissions from Google Drive. This feature is available in all AWS Regions where Amazon Quick is available. To get started, create or update a Google Drive knowledge base in the Amazon Quick console and configure document-level access controls in your integration settings. For more information, see Google Drive integration in the Amazon Quick User Guide.

Today we are announcing the release of the Aurora DSQL Connector for PHP (PDO_PGSQL) that makes it easy to build PHP applications on Aurora DSQL. The PHP Connector streamlines authentication and eliminates security risks associated with traditional user-generated passwords by automatically generating tokens for each connection, ensuring valid tokens are always used while maintaining full compatibility with existing PDO_PGSQL features. The connector handles IAM token generation, SSL configuration, and connection pooling, enabling customers to scale from simple scripts to production workloads without changing their authentication approach. It also provides opt-in optimistic concurrency control (OCC) retry with exponential backoff, custom IAM credential providers, and AWS profile support, making it easier to develop client retry logic and manage AWS credentials. To get started, visit the Connectors for Aurora DSQL documentation page. For code examples, visit our GitHub page for the PHP connector. Get started with Aurora DSQL for free with the AWS Free Tier. To learn more about Aurora DSQL, visit the webpage.    

Starting today, Amazon EC2 M8i and M8i-flex instances are now available in AWS GovCloud (US-West) Region. These instances are powered by custom Intel Xeon 6 processors, available only on AWS, delivering the highest performance and fastest memory bandwidth among comparable Intel processors in the cloud. The M8i and M8i-flex instances offer up to 15% better price-performance, and 2.5x more memory bandwidth compared to previous generation Intel-based instances. They deliver up to 20% better performance than M7i and M7i-flex instances, with even higher gains for specific workloads. The M8i and M8i-flex instances are up to 30% faster for PostgreSQL databases, up to 60% faster for NGINX web applications, and up to 40% faster for AI deep learning recommendation models compared to M7i and M7i-flex instances. M8i-flex are the easiest way to get price performance benefits for a majority of general-purpose workloads like web and application servers, microservices, small and medium data stores, virtual desktops, and enterprise applications. They offer the most common sizes, from large to 16xlarge, and are a great first choice for applications that don’t fully utilize all compute resources. M8i instances are a great choice for all general purpose workloads, especially for workloads that need the largest instance sizes or continuous high CPU usage. The SAP-certified M8i instances offer 13 sizes including 2 bare metal sizes and the new 96xlarge size for the largest applications. To get started, sign in to the AWS Management Console. For more information about the new instances, visit the M8i and M8i-flex instance page or visit the AWS News blog.

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) R8i and R8i-flex instances are available in the AWS GovCloud (US-West) Region. These instances are powered by custom Intel Xeon 6 processors, available only on AWS, delivering the highest performance and fastest memory bandwidth among comparable Intel processors in the cloud. The R8i and R8i-flex instances offer up to 15% better price-performance, and 2.5x more memory bandwidth compared to previous generation Intel-based instances. They deliver 20% higher performance than R7i instances, with even higher gains for specific workloads. They are up to 30% faster for PostgreSQL databases, up to 60% faster for NGINX web applications, and up to 40% faster for AI deep learning recommendation models compared to R7i. R8i-flex, our first memory-optimized Flex instances, are the easiest way to get price performance benefits for a majority of memory-intensive workloads. They offer the most common sizes, from large to 16xlarge, and are a great first choice for applications that don’t fully utilize all compute resources. R8i instances are a great choice for all memory-intensive workloads, especially for workloads that need the largest instance sizes or continuous high CPU usage. R8i instances offer 13 sizes including 2 bare metal sizes and the new 96xlarge size for the largest applications. R8i instances are SAP-certified and deliver 142,100 aSAPS, delivering exceptional performance for mission-critical SAP workloads. To get started, sign in to the AWS Management Console. For more information about the R8i and R8i-flex instances visit the AWS News blog.

Amazon CloudWatch Logs Insights saved queries now support parameters, allowing you to pass values to reusable query templates with placeholders. This eliminates the need to maintain multiple copies of nearly identical queries that differ only in specific values such as log levels, service names, or time intervals. You can define up to 20 parameters in a query, with each parameter supporting optional default values. For example, you can create a single template to query logs by severity level (such as ERROR or WARN) and pass different service names each time you run it. To execute a query with parameters, invoke it using the query name prefixed with $ and pass your parameter values, such as $ErrorsByService(logLevel=”ERROR”, serviceName=”OrderEntry”). You can also use multiple saved queries with parameters together for complex log analysis, significantly reducing query maintenance overhead while improving reusability. Saved queries with parameters are available in all commercial AWS regions. You can create and use saved queries with parameters using the Amazon CloudWatch console, AWS Command Line Interface (AWS CLI), AWS Cloud Development Kit (AWS CDK), and AWS SDKs. To learn more, see the Amazon CloudWatch Logs documentation.

AWS IoT Core and AWS IoT Device Management services are now available in the Israel (Tel Aviv) and Europe (Milan) AWS Regions. With this expansion, organizations operating in these regions can better serve their local customers and unlock multiple benefits, including faster response times, stronger data residency controls, and reduced data transfer expenses. AWS IoT Core is a managed cloud service that lets you securely connect billions of Internet of Things (IoT) devices to the cloud and manage them at scale. It routes trillions of messages to IoT devices and AWS endpoints, through bi-directional industry standard protocols, such as MQTT, HTTPS, LoRaWAN (select regions). AWS IoT Device Management allows customers to search, organize, monitor and remotely manage connected devices at scale. With the expansion to these regions, AWS IoT is now available in 27 AWS Regions worldwide. To get started and to learn more, refer to the technical documentation for AWS IoT Core and AWS IoT Device Management.

Amazon FSx now supports copying file system backups across opt-in Regions (AWS Regions that are disabled by default) for Amazon FSx for Windows File Server, Amazon FSx for Lustre, and Amazon FSx for OpenZFS. This launch makes it easier for customers to meet business continuity, disaster recovery, and compliance requirements by extending cross-Region, cross-account backup and recovery capabilities beyond AWS Regions that are enabled by default. Amazon FSx is a fully managed service that makes it easy and cost-effective to launch, run, and scale feature-rich, high-performance file systems in the AWS Cloud. Opt-in Regions are AWS Regions that are disabled by default, in contrast to regions that are enabled by default. Previously, customers could copy Amazon FSx file system backups across regions enabled by default, within the same AWS account or across AWS accounts in the same AWS Organization. Starting today, you can copy backups into and out of opt-in Regions within the same AWS account using the Amazon FSx console, API, or CLI, or across AWS accounts in the same AWS Organization using AWS Backup. This allows you to design resilient, multi-account, cross-Region backup and recovery architectures across a broader set of AWS Regions. To get started, visit the Amazon FSx console or the AWS Backup console. For more details, see the Amazon FSx product page and the AWS Backup product page.

AWS Elastic Disaster Recovery (AWS DRS) now supports IPv6 for both data replication and control plane connections. Customers operating in IPv6-only or dual-stack network environments can now configure AWS DRS to replicate using IPv6, eliminating the need for IPv4 addresses in their disaster recovery setup. AWS DRS minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery. Previously, AWS DRS required IPv4 connectivity for all replication and service communication. Now, customers can set the internet protocol to IPv6 in their replication configuration to use dual-stack endpoints for agent-to-service communication and data replication. This helps customers meet network modernization requirements and enables disaster recovery in environments where IPv4 addresses are unavailable or restricted. Existing replication configurations are not affected and continue to use IPv4 by default. This capability is available in all AWS Regions where AWS DRS is available and where Amazon EC2 supports IPv6. See the AWS Regional Services List for the latest availability information. To learn more about AWS DRS, visit our product page or documentation. To get started, sign in to the AWS Elastic Disaster Recovery Console.

AWS launches AWS Interconnect – last mile, a fully managed connectivity offering that allows customers to connect their branch offices, data centers, and remote locations to AWS with just a few clicks, eliminating the friction and complexity of network setup. As a milestone collaboration between AWS and Lumen, AWS Interconnect – last mile combines AWS cloud innovation with Lumen’s extensive network footprint to redefine how businesses connect to the cloud. Through the AWS Console, customers can now instantly establish private, high-speed connections to AWS by simply choosing their preferred AWS Region, bandwidth speed, Direct Connect Gateway ID and partner subscriber ID. Once initiated, AWS generates an activation key to complete provisioning with Lumen. The launch simplifies the connectivity experience by pre-provisioning capacity and automating complex network configuration including BGP peering, VLAN configuration, and ASN assignment. Customers can dynamically scale bandwidth from 1 Gbps to 100 Gbps through the AWS Console and benefit from zero down-time maintenance. The service is designed for high availability and backed by SLA. MACsec encryption is enabled by default for enhanced security between AWS and partner devices. AWS Interconnect – last mile is available in the US through our launch partner Lumen. Partners can also easily adopt via a published open API package on GitHub. For more information, see the AWS Interconnect – last mile documentation and pricing pages.

Amazon Web Services (AWS) is announcing the general availability of Amazon EC2 X8i instances, next-generation memory optimized instances powered by custom Intel Xeon 6 processors available only on AWS. X8i instances are SAP-certified and deliver the highest performance and fastest memory bandwidth among comparable Intel processors in the cloud. They deliver up to 43% higher performance, 1.5x more memory capacity (up to 6TB), and 3.3x more memory bandwidth compared to previous generation X2i instances. X8i instances are designed for memory-intensive workloads like SAP HANA, large databases, data analytics, and Electronic Design Automation (EDA). Compared to X2i instances, X8i instances offer up to 50% higher SAPS performance, up to 47% faster PostgreSQL performance, 88% faster Memcached performance, and 46% faster AI inference performance. X8i instances come in 14 sizes, from large to 96xlarge, including two bare metal options. X8i instances are available in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Stockholm) and Europe (Paris). To get started, visit the AWS Management Console. X8i instances can be purchased via Savings Plans, On-Demand instances, and Spot instances. For more information visit X8i instances page.

Amazon CloudWatch pipelines now supports conditional processing and a new drop events processor, giving you more control over how your log data is transformed. CloudWatch pipelines is a fully managed service that ingests, transforms, and routes log data to CloudWatch without requiring you to manage infrastructure. Until now, processors applied to all log entries uniformly. With conditional processing, you can define rules that determine when a processor runs and which individual log entries it acts on, so you only transform the data that matters. Conditional processing is available across 21 processors including Add Entries, Delete Entries, Copy Values, Grok, Rename Key, and more. For each processor, you can set a “run when” condition to skip the entire processor if the condition is not met, or an entry-level condition to control whether each individual action within the processor is applied. The new Drop Events processor lets you filter out unwanted log entries from third-party pipeline connectors based on conditions you define, helping reduce noise and lower costs. Conditional processing and the Drop Events processor are available at no additional cost in all AWS Regions where CloudWatch pipelines is generally available. Standard CloudWatch Logs ingestion and storage rates still apply. To get started, visit the CloudWatch pipelines page in the Amazon CloudWatch console. To learn more, see the CloudWatch pipelines documentation.

Today, AWS Deadline Cloud announces support for creating monitors in multiple AWS Regions without additional configuration of your IAM Identity Center instance. AWS Deadline Cloud is a fully managed service that helps creative teams manage and scale their rendering workloads in the cloud. You can now deploy render farms with monitors across multiple Regions without needing to adjust your existing IAM Identity Center configuration. You can operate more efficiently by placing rendering resources in regions closest to your artists and studios worldwide, and can run and compare workloads across regions to help optimize your rendering strategy or diversify your instance types. Deadline Cloud automatically routes authentication requests to your IAM Identity Center instance in its primary Region, so your identity data remains in place without replication and requires no changes to your identity management setup. To learn more, see Getting Started with Deadline Cloud in the AWS Deadline Cloud User Guide. 

Amazon CloudWatch pipelines now includes new compliance and governance capabilities to help you maintain data integrity and control access when processing logs. CloudWatch pipelines is a fully managed service that ingests, transforms, and routes log data to CloudWatch without requiring you to manage infrastructure. Because pipeline processors modify log events during transformation, organizations with audit or regulatory requirements need ways to preserve original data and track what has been changed. These new tools address those needs directly. You can now enable a “keep original” toggle to automatically store a copy of your raw logs before any transformation takes place, ensuring the unmodified data is always available when needed. Pipelines also adds new metadata to processed log entries indicating that the log has been transformed, making it easy to distinguish between original and processed data during audits or investigations. Additionally, new IAM condition keys let administrators restrict who can create pipelines based on log source name and type, giving operators fine-grained control over pipeline creation across their organization. These compliance and governance features are available at no additional cost. Standard CloudWatch Logs storage rates apply to both the original and transformed copies of your log data when the keep original log option is enabled. You can use these features in all AWS Regions where CloudWatch pipelines is generally available. To get started, visit the CloudWatch Ingestion page in the Amazon CloudWatch console. To learn more, see the CloudWatch pipelines documentation.

Amazon FSx for NetApp ONTAP second-generation file systems are now available in 4 additional AWS Regions: Europe (London), Asia Pacific (Hyderabad), South America (Sao Paulo), and AWS GovCloud (US-West).  Amazon FSx makes it easier and more cost effective to launch, run, and scale feature-rich, high-performance file systems in the cloud. Second-generation FSx for ONTAP file systems give you more performance scalability and flexibility over first-generation file systems by allowing you to create or expand file systems with up to 12 highly-available (HA) pairs of file servers, providing your workloads with up to 72 GBps of throughput and 1 PiB of provisioned SSD storage. With this regional expansion, second-generation FSx for ONTAP file systems are available in the following AWS Regions: US East (N. Virginia, Ohio), US West (N. California, Oregon), Canada (Central), Europe (Frankfurt, Ireland, London, Spain, Stockholm, Zurich), South America (Sao Paulo), Asia Pacific (Hyderabad, Mumbai, Seoul, Singapore, Sydney, Tokyo), and AWS GovCloud (US-West). You can create second-generation Multi-AZ file systems with a single HA pair, and Single-AZ file systems with up to 12 HA pairs. To learn more, visit the FSx for ONTAP user guide.  

Amazon Quick now supports document-level access control lists (ACLs) for Amazon S3 knowledge bases, enabling you to manage granular permissions for documents stored in S3. With this feature, you can control which users and groups can access specific documents or folders within your knowledge base, ensuring that sensitive information is only available to authorized personnel. You can configure document-level ACLs using two methods optimized for different use cases. The global ACL configuration file provides centralized permission management at the folder level, ideal for organizations with stable permission structures. Alternatively, document-level metadata files enable faster permission updates by allowing you to define access controls for individual documents, requiring reindexing only for affected documents rather than entire folder structures. Document-level ACL configuration is permanent and must be set when creating a new knowledge base. For ACL-enabled knowledge bases, documents without an associated ACL entry are not ingested, ensuring comprehensive access control across your document repository. This Feature is available in all AWS Regions where Amazon Quick is available.  To get started with document-level ACLs for Amazon S3 knowledge bases, visit the Amazon Quick User Guide.

AWS Billing and Cost Management Dashboards now support scheduled email delivery for your reports. You can now automate report distribution on flexible recurring schedules, eliminating manual compilation work and ensuring financial insights reach decision-makers without requiring console access.” Scheduled email reports enable you to configure daily, weekly, or monthly delivery schedules for your dashboards. Recipients receive emails containing secure links to password-protected PDF reports optimized for offline viewing. Manage recipients through AWS User Notifications, and once configured, reports generate and distribute automatically on your chosen schedule. You can also access these capabilities programmatically through AWS SDKs and CLI tools. This feature is available at no additional cost in all commercial AWS Regions, excluding AWS China Regions. To get started, open the AWS Billing and Cost Management console, navigate to Dashboards, select a dashboard, and choose ‘Manage email reports’ from the Actions menu. For more information, see the Dashboards user guide and announcement blog post.

AWS RTB Fabric now supports health checks for real-time bidding workloads that use EC2 Auto Scaling groups (AGS). Health checks in AWS RTB Fabric continuously monitors and automatically routes traffic to healthy instances with configurable settings in RTB responder gateways. This helps eliminate failed real-time bidding transactions from bootstrapping, draining, or failed instances. With this launch, AWS RTB Fabric helps advertising technology (AdTech) companies improve uptime, reduce error rates, and prevent revenue loss from failed auctions. AWS RTB Fabric helps you connect with your AdTech partners such as Amazon Ads, GumGum, Kargo, MobileFuse, Sovrn, TripleLift, Viant, Yieldmo, and more in three steps while delivering single-digit millisecond latency through a private, high-performance network environment. RTB Fabric reduces standard cloud networking costs by up to 80% and does not require upfront commitments. AWS RTB Fabric is generally available in the following AWS Regions: US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Ireland). To learn more, visit the AWS RTB Fabric documentation or product page. 

AWS Backup is expanding support for Amazon FSx for Windows File Server, Amazon FSx for OpenZFS, and Amazon FSx for Lustre with two regional enhancements. First, AWS Backup now supports backup and restore of these FSx file systems in 5 additional AWS Regions: Asia Pacific (Malaysia, Taipei, Thailand), Canada West (Calgary), and Mexico (Central). You can now centrally manage FSx backup policies, automate backup schedules, and monitor backup activity through AWS Backup in these Regions. Second, AWS Backup now supports cross-Region and cross-account copy of FSx backups in 14 Regions: Africa (Cape Town), Asia Pacific (Hong Kong, Hyderabad, Jakarta, Malaysia, Melbourne, Taipei, Thailand), Canada West (Calgary), Europe (Milan, Spain, Zurich), Israel (Tel Aviv), and Mexico (Central). This capability is available for both on-demand copies and scheduled backup plans with copy rules. With support in opt-in Regions, you can also store FSx backups in AWS Backup logically air-gapped vaults, providing additional defense against inadvertent or malicious deletions and helping you recover from ransomware events. You can now configure cross-Region and cross-account copy rules to meet your compliance and business continuity requirements. To learn more, visit the AWS Backup feature availability page.

Amazon Relational Database Service (Amazon RDS) for SQL Server now supports the latest Cumulative Updates (CU) and General Distribution Release (GDR) updates for Microsoft SQL Server. This release includes support for Microsoft SQL Server 2016 SP3+GDR KB5077474 (RDS version 13.00.6480.4.v1), SQL Server 2017 CU31+GDR KB5077471 (RDS version 14.00.3520.4.v1), SQL Server 2019 CU32+GDR KB5077469 (RDS version 15.00.4460.4.v1) and SQL Server 2022 CU24 KB5080999 (RDS version 16.00.4245.2.v1). The GDR updates address vulnerabilities described in CVE-2026-21262 and CVE-2026-26115. For additional information on the improvements and fixes included in these updates, see Microsoft documentation for KB5077474, KB5077471, KB5077469, KB5080999. We recommend that you upgrade your Amazon RDS for SQL Server instances to apply these updates using Amazon RDS Management Console, or by using the AWS SDK or CLI. You can learn more about upgrading your database instance in the Amazon RDS SQL Server User Guide for upgrading your RDS Microsoft SQL Server DB engine.

Amazon Timestream for InfluxDB now supports customer-defined maintenance windows, giving you control over when routine maintenance is performed on your InfluxDB databases. This feature is available for both InfluxDB 2 instances and InfluxDB 3 clusters across all supported editions. With this launch, you can specify a weekly maintenance window using a day-and-time format in your preferred timezone. Timestream for InfluxDB supports IANA timezone identifiers such as America/New_York, Europe/London, and Asia/Tokyo, and automatically handles Daylight Saving Time transitions so you don’t need to manually adjust your schedule. If you don’t specify a maintenance window, the service continues to manage maintenance timing automatically. You can set or update your preferred maintenance window when creating or modifying a resource using the Amazon Timestream for InfluxDB console, AWS CLI, or AWS SDKs. You can use Amazon Timestream for InfluxDB Customer-Defined Maintenance Windows in all Regions where Timestream for InfluxDB is offered. To get started with Amazon Timestream for InfluxDB, visit the Amazon Timestream for InfluxDB console. For more information, see the Amazon Timestream for InfluxDB documentation and pricing page.