AWS Recent Announcements

Today, Amazon Web Services (AWS) announced general availability of a new resource-level distributed denial of service (DDoS) mitigation capability for Application Load Balancers (ALB). This new WAF DDoS protection is directly integrated with ALB as an on-host agent to detect and mitigates DDoS attacks from known malicious sources within seconds while maintaining service quality for legitimate traffic. The WAF resource-level DDoS protection for ALBs is built on upon existing IP reputation rule group to provide rapid protection against known attack sources through static rules. This feature efficiently rate limits the traffic based on both direct client IP addresses and proxy networks by inspecting DDoS indicators in X-Forwarded-For (XFF) headers. Resource-level DDoS protection for ALBs can be configured to be active at all times or to be active only during high load conditions. You can enable this feature in AWS WAF for any Web ACL that is associated with ALB in all supported AWS Regions. See the AWS WAF pricing page for more details on Web ACL pricing. To learn more about AWS WAF’s resource level DDoS protection, visit the AWS WAF documentation or the AWS WAF console. To get started, refer to our technical documentation for detailed information about enabling this feature to protect your web applications.  

We are excited to announce the general availability of AWS Elastic Beanstalk in the Middle East (UAE) region. AWS Elastic Beanstalk is a service that simplifies application deployment and management on AWS. The service automatically handles deployment, capacity provisioning, load balancing, auto-scaling, and application health monitoring, allowing developers to focus on writing code. For a complete list of regions and service offerings, see AWS Regions. To get started on AWS Elastic Beanstalk, see the AWS Elastic Beanstalk Developer Guide. To learn more about Elastic Beanstalk, visit the Elastic Beanstalk product page.

Amazon Cognito introduces AWS Web Application Firewall (AWS WAF) support in Cognito Managed Login. This new capability allows customers to protect their Managed Login endpoints configured in Cognito user pools from unwanted or malicious requests and web-based attacks. Managed Login, a fully-managed, hosted sign-in and sign-up experience that customers can personalize to align with their company or application branding, now offers an additional layer of protection against threat vectors through integration with AWS WAF web access control lists (web ACLs). This integration provides customers with powerful new capabilities to safeguard their applications against malicious attacks. With AWS WAF support, you can now define rules that enforce rate limits, gain visibility into web traffic to your applications, and allow or block traffic to Cognito Managed Login based on your specific business or security requirements. Additionally, the AWS WAF integration enables you to optimize costs by controlling bot traffic to your Cognito user pools. Managed Login and WAF support in Managed Login are offered as part of the Cognito Essentials and Plus tiers and are available in all AWS Regions where Amazon Cognito is available. Please note that AWS WAF charges apply for the inspection of user pool requests. For more information, see AWS WAF Pricing. To learn more, see Using AWS WAF to protect Amazon Cognito User Pools, and to get started, visit the Amazon Cognito console.  

AWS Backup adds support to copy your Amazon S3 backups across AWS Regions and accounts in the AWS GovCloud (US) Regions. With Amazon S3 backup copies in multiple AWS Regions, you can maintain separate, protected copies of your backup data to help meet compliance requirements for data protection and disaster recovery. Amazon S3 backup copies across accounts offers an additional layer of protection against inadvertent or unauthorized actions. The capability to copy Amazon S3 backups across AWS Regions and accounts, supported in all AWS Commercial Regions, is now available in the AWS GovCloud (US) Regions. For more information on regional availability and pricing, see AWS Backup pricing page. To learn more about AWS Backup for Amazon S3, visit the product page and technical documentation. To get started, visit the AWS Backup console.  

Amazon WorkSpaces Personal now allows you to route streaming traffic privately between your Amazon Virtual Private Cloud (VPC) and WorkSpaces virtual desktops using AWS PrivateLink, without the data ever traversing the public internet. With this new capability, you can now stream your WorkSpaces through private IP addresses within your VPC, or from on-premises environments using AWS VPN or AWS Direct Connect. The feature helps you to meet your compliance requirements by keeping streaming traffic within the trusted networks. To get started using PrivateLink with WorkSpaces, create a WorkSpaces VPC endpoint for DCV streaming protocol in the chosen Amazon VPC, then specify the VPC endpoint when creating a new WorkSpaces Personal directory or modifying an existing one. Your users will then use the VPC endpoint when they stream their DCV WorkSpaces. The feature is available for WorkSpaces Personal running DCV protocol in all AWS Regions where Amazon WorkSpaces is supported, except China (Ningxia) Region. You can configure this feature through the AWS Management Console, AWS Command Line Interface (CLI), or Amazon WorkSpaces APIs. For detailed configuration instructions and requirements, please refer to the Amazon WorkSpaces documentation.  

Today, AWS announced the expansion of 100 Gbps dedicated connections at the AWS Direct Connect location in the NTT Jakarta 2 data center center near Jakarta, Indonesia. You can now establish private, direct network access to all public AWS Regions (except those in China), AWS GovCloud Regions, and AWS Local Zones from this location. This is the second AWS Direct Connect location in Jakarta to provide 100 Gbps connections with MACsec encryption capabilities. The Direct Connect service enables you to establish a private, physical network connection between AWS and your data center, office, or colocation environment. These private connections can provide a more consistent network experience than those made over the public internet. For more information on the over 142 Direct Connect locations worldwide, visit the locations section of the Direct Connect product detail pages. Or, visit our getting started page to learn more about how to purchase and deploy Direct Connect.

Today, Amazon Braket introduced experimental support for dynamic circuits on IQM’s Garnet quantum processing unit (QPU). This capability enables mid-circuit measurements (MCM) and feed-forward operations, allowing quantum researchers and developers to implement more advanced quantum algorithms. Dynamic circuits are a key building block for quantum error mitigation and correction. They can improve resource efficiency via qubit reuse, as well as enable experimentation with algorithms and protocols that require conditional logic. With dynamic circuits, customers can now perform active qubit reset to reuse qubits within a single circuit execution and apply conditional operations based on measurement outcomes. These techniques can reduce circuit depth requirements unlocking new capabilities on Amazon Braket. To use dynamic circuits, customers can submit verbatim programs that include mid-circuit measurement and conditional rotation instructions. These programs can be written using using OpenQASM, the Amazon Braket SDK, or the Amazon Braket Qiskit Provider. This experimental capability is available to all customers using an IQM device in the Europe (Stockholm) Region without requiring any special access permissions. For more information, visit our Experimental Capabilities documentation page and read our launch blog post.  

AWS is expanding service reference information to include annotations for service actions, starting with action properties. Action properties provide context to indicate what an action is capable of, such as write or list capabilities, when you use it in a policy. Service reference information streamlines automation of policy management workflows, helping you retrieve available actions across AWS services from machine-readable files. Whether you are a security administrator establishing guardrails for workloads or a developer ensuring appropriate access to applications, you can now more easily identify the scope for each AWS service. You can automate the retrieval of service reference information, eliminating manual effort and ensuring your policies align with the latest service updates. You can also incorporate this service reference directly into your policy management tools and processes for a seamless integration. This feature is offered at no additional cost. To get started, refer to the documentation on programmatic service reference information.  

AWS Glue Data Catalog now offers usage metrics for APIs in Amazon CloudWatch, enabling you to monitor, troubleshoot, and optimize your API usage with greater visibility. The insights from these API usage metrics will help you better understand your lakehouse runtime API usage in production environments. Customers seek better observability of their API usage to identify bottlenecks, detect anomalies, and understand usage patterns in their lakehouse architecture. With Data Catalog Usage Metrics in CloudWatch, you can track critical API usage performance indicators per minute, including reads, updates, and deletions of lakehouse resources such as catalogs, tables, partitions, connections, and statistics. You can set up CloudWatch alarms to receive notifications when metrics exceed specified thresholds, allowing proactive management of your lakehouse. You can get started by navigating to Metrics in the CloudWatch console and filter usage by AWS Glue resource. You can then graph the metrics and configure alarms that alert you when usage approaches specified thresholds. This feature is available in all AWS Regions where Data Catalog is available. To get started, read the launch blog and read Data Catalog documentation.  

Today, we are excited to announce that Amazon Connect Outbound Campaigns is now available in Asia Pacific (Seoul), Asia Pacific (Tokyo), Asia Pacific (Singapore). With this launch, customers can initiate proactive outbound communications for real-time service updates, promotional offers, product usage tips, and appointment reminders at just the right moments throughout your customer’s experience from the right channel. Outbound Campaigns empowers businesses to create targeted and personalized outreach strategies through key capabilities including segmentation, omnichannel orchestration, content personalization and built-in analytics. Outbound Campaigns supports predictive and progressive voice dialing, AI-powered call classification, retry strategies based on contact outcomes, time zone detection, and communication limits. These features ensure that businesses can optimize their outreach while adhering to regulatory requirements and customer preferences. Additionally, businesses can fine tune audience segments, personalize message templates and start event-based campaigns across voice and digital channels like SMS and email. By leveraging these features, businesses can significantly enhance their customer engagement strategies and improve overall communication effectiveness. To learn more and get started, visit the Amazon Connect Outbound Campaigns product page and documentation.  

Today, AWS announced the general availability of managed integrations, a feature of AWS IoT Device Management designed to simplify the control and management of IoT devices across multiple manufacturers and connectivity protocols. Developers can now onboard and manage diverse IoT devices through a single unified interface regardless of connection type – direct, hub-based, or third-party cloud-based. Managed integrations can also use Cloud-to-Cloud (C2C) connectors and device data model templates. At preview, developers had access to a catalog of pre-built C2C connectors from partners and vendors along with 80+ device data model templates. Now, with expanded functionality, developers can create and list their own connectors and customize the templates to create new data models. Using the managed integrations feature, developers can accelerate their IoT solution development. The unified interface, combined with device and hub SDKs that support ZigBee, Z-Wave, and Wi-Fi protocols, streamlines device management and onboarding across multiple devices, vendors, and connectivity standards. Development is further accelerated by a catalog of pre-built C2C connectors and custom connector building capabilities to enable integration with various third-party cloud-based devices. Moreover, a comprehensive library of over 80+ device data model templates, based on AWS’s implementation of the Matter data model standard, paired with the ability to create new data models, provides developers a flexible and scalable approach to define device capabilities. Managed integrations gives developers a powerful way to integrate devices into applications that are designed to provide a seamless experience for their end users, and empowers the creation of value-added services, such as home security, energy management, and elderly care monitoring. The managed integrations feature is available in Canada (Central) and Europe (Ireland). To learn more, refer to the developer guide and get started on the AWS IoT console.  

Today, AWS Security Incident Response announces integration with Amazon EventBridge. This integration enables customers to react, monitor, and orchestrate events associated with cases and memberships within AWS Security Incident Response. Amazon EventBridge is a service that can provide near real-time access to changes in data in AWS services, your own applications, and software as a service (SaaS) applications without writing code. With Amazon EventBridge acting as a central hub for changes in AWS Security Incident Response cases and memberships, customers can either route these events via Rules (for fan-out scenarios to one or more targets) or through Pipes (for point-to-point integrations with enhanced filtering, enrichment, and transformation capabilities). With the Amazon EventBridge integration, customers can now create integrations between AWS Security Incident Response and third-party tooling or aggregate data to analyze using generative AI and other AWS tooling. For example, when AWS Security Incident Response proactively creates a case, Amazon EventBridge automation can trigger systems to notify stakeholders, which enables quicker response and minimizes barriers to engaging customer teams during potential security incidents. Customers and partners who manage multiple AWS environments can now leverage the Amazon EventBridge integration to monitor AWS Security Incident Response memberships, helping ensure their environments maintain a strong security posture for incident response. Support for Amazon EventBridge is available in all regions where AWS Security Incident Response is available. To learn more, see the AWS Security Incident Response documentation. Get started today by visiting AWS Security Incident Response via the console, AWS Command Line Interface, or APIs. For additional information on EventBridge, visit the Amazon EventBridge page.  

Amazon EventBridge now supports AWS CodeBuild batch builds as a target. This enhancement allows you to trigger concurrent and coordinated builds of a CodeBuild project using EventBridge, providing greater flexibility and control over your build processes. The Amazon EventBridge Event Bus is a serverless event broker for creating scalable event-driven applications by routing events between your own applications, third-party SaaS applications, and other AWS services. AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. While the EventBridge Event Bus has long supported standard CodeBuild builds as targets, you can now also trigger batch builds. With batch builds, you can trigger features like build graphs, build lists, build matrices, and build fanouts in response to events from AWS services, SaaS partner applications, or your own applications. By combining EventBridge and batch builds, you can automate and orchestrate complex build workflows more effectively, leveraging concurrent and coordinated builds that automatically scale to meet your needs. This feature is now available in all AWS Regions including the AWS GovCloud (US) Regions. To learn more, see CodeBuild projects as targets in the Amazon EventBridge documentation and Create AWS CodeBuild triggers programmatically in the AWS CodeBuild documentation.  

AWS announces that Amazon SageMaker has contributed a custom transport ‘AmazonDataZoneTransport’ to the OpenLineage community and enhanced automated lineage capabilities. These lineage enhancements include improvements to automation from sources such as AWS Glue, Amazon Redshift, and automated lineage capture from tools, enabling data scientists and engineers to work more efficiently with their data and models. The new ‘custom transport’ contribution to the OpenLineage community allows builders to download the transport along with OpenLineage plugins to augment and automate lineage events captured from OpenLineage-enabled systems. With this, customers can automate lineage capture and send these lineage events to the SageMaker Unified Studio domain, enhancing data governance and traceability within their data workflows. Amazon SageMaker has also introduced enhanced automated lineage capabilities from various sources. These improvements include better support for lineage events from AWS Glue, Amazon Redshift, and automated lineage capture from tools such as vETL processes and notebooks. Additionally, SageMaker has improved its SQL lineage support, particularly for Amazon Redshift, with new features including support for stored procedures and materialized views. These enhancements enable automatic lineage capture of complex data operations, providing a more comprehensive view of data transformations and dependencies. This feature is available all AWS Regions where Amazon SageMaker is available. To learn more about the custom transport contribution and enhanced lineage capabilities, visit the Amazon SageMaker. page. For detailed information on how to get started with lineage using these new features, refer to the user documentation.

AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, and AD Connector are now available in the Asia Pacific (Taipei) Region. Built on actual Microsoft Active Directory (AD), AWS Managed Microsoft AD enables you to migrate AD-aware applications while reducing the work of managing AD infrastructure in the AWS Cloud. You can use your Microsoft AD credentials to domain join EC2 instances, and also manage containers and Kubernetes clusters. You can keep your identities in your existing Microsoft AD or create and manage identities in your AWS managed directory. AD Connector is a proxy that enables AWS applications to use your existing on-premises AD identities without requiring AD infrastructure in the AWS Cloud. You can also use AD Connector to join Amazon EC2 instances to your on-premises AD domain and manage these instances using your existing group policies. Please see all AWS Regions where AWS Managed Microsoft AD and AD Connector are available. To learn more, see AWS Directory Service.  

You can now attach Amazon Simple Storage Service (Amazon S3) Access Points to your Amazon FSx for OpenZFS file systems so that you can access your file data as if it were in S3. With this new capability, your file data in FSx for OpenZFS is accessible for use with the broad range of artificial intelligence, machine learning, and analytics services and applications that work with S3 while your file data continues to reside on the FSx for OpenZFS file system. An S3 Access Point is an endpoint that helps control and simplify how different applications or users can access data. S3 Access Points now work with FSx for OpenZFS so that applications and services can access file data in FSx for OpenZFS using the S3 API and as if the data were in S3. You can discover new insights, innovate faster, and make even better data-driven decisions with your data in FSx for OpenZFS. For example, you can use your file data to augment generative AI applications with Amazon Bedrock, train machine learning models with Amazon SageMaker, run analyses using Amazon Glue, a wide range of AWS Data and Analytics Competency Partner solutions, and S3-based cloud-native applications. Get started with this capability by creating and attaching S3 Access Points to your FSx for OpenZFS file systems using the Amazon FSx console, the AWS Command Line Interface (AWS CLI), or the AWS Software Development Kit (AWS SDK) in the following AWS Regions: US East (N. Virginia, Ohio), US West (Oregon), Europe (Frankfurt, Ireland, Stockholm), and Asia Pacific (Hong Kong, Singapore, Sydney, Tokyo). To learn more, visit the product page, user guide, and AWS News Blog. 

Today, AWS announces a new feature for Amazon SageMaker Unified Studio that automatically synchronizes files from project Git repositories to Amazon Simple Storage Service (Amazon S3) buckets. Amazon SageMaker Unified Studio is a single data and AI development environment that brings together functionality and tools from AWS Analytics and AI/ML services services. It facilitates building, deploying, executing, and monitoring workflows from a single interface. Automatic synchronization keeps production environments in sync with code changes, eliminating manual intervention and streamlining developers’ workflows. This is particularly valuable for developers using the unified scheduling for visual extract, transform, load (ETL) flows and SQL query books, where having the latest code artifacts readily available in Amazon S3 buckets is crucial for successful execution. This new feature is now available in all AWS regions where Amazon SageMaker Unified Studio is available. Access the supported region list for the most up-to-date availability information. To learn more, visit our Amazon SageMaker documentation.

Amazon Bedrock Flows enables you to link foundation models (FMs), Amazon Bedrock Prompts, Amazon Bedrock Agents, Amazon Bedrock Knowledge Bases, Amazon Bedrock Guardrails and other AWS services together to build and scale pre-defined generative AI workflows. Today, we announce the preview of persistent execution for long running workflows, and inline-code execution support within the flows. Bedrock Flows customers currently encounter three key limitations when authoring, executing and monitoring workflows: a two-minute idle timeout restriction per step, the need for custom API-based monitoring solutions, and the requirement to create Lambda functions for basic data processing tasks. Starting today, we’re addressing these challenges with new preview features that extend workflow step execution times to 15 minutes. The new capabilities include built-in execution tracking directly in the AWS Management Console, eliminating the need for custom monitoring code. You can now execute Python scripts using the new inline-code node type, removing the overhead of setting up Lambda functions for simple data processing. These enhancements significantly streamline workflow development and management in Amazon Bedrock Flows, helping you focus on building your generative AI applications. Long-running Flows executions are now available in all supported commercial regions where Flows operates. The inline code node is available in US East (N. Virginia), US West (Oregon), and Europe (Frankfurt). To get started, see the AWS user guide.

AWS Glue now supports read and write operations from AWS Glue 5.0 Apache Spark jobs on AWS Lake Formation registered tables when the job role has full table access. This capability enables Data Manipulation Language (DML) operations including CREATE, ALTER, DELETE, UPDATE, and MERGE INTO statements on Apache Hive and Iceberg tables from within the same Apache Spark application. While Lake Formation’s fine-grained access control (FGAC) offers granular security controls at row, column, and cell levels, many ETL workloads simply need full table access. This new feature enables AWS Glue 5.0 Spark jobs to directly read and write data when full table access is granted, removing limitations that previously restricted certain Extract, Transform, and Load (ETL) operations. You can now leverage advanced Spark capabilities including Resilient Distributed Datasets (RDDs), custom libraries, and User Defined Functions (UDFs) with Lake Formation tables. Additionally, data teams can run complex, interactive Spark applications through SageMaker Unified Studio in compatibility mode while maintaining Lake Formation’s table-level security boundaries. This feature is available in all AWS Regions where AWS Glue and AWS Lake Formation are supported. To learn more, visit the AWS Glue product page and documentation.

Amazon S3 Tables are now available in two additional AWS Regions: Asia Pacific (Thailand) and Mexico (Central). S3 Tables deliver the first cloud object store with built-in Apache Iceberg support, and the easiest way to store tabular data at scale. With this expansion, S3 Tables are now generally available in thirty-two AWS Regions. To learn more, visit the product page, documentation, and the S3 pricing page.  

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) C7g instances are available in the AWS Israel (Tel Aviv) Region. These instances are powered by AWS Graviton3 processors that provide up to 25% better compute performance compared to AWS Graviton2 processors, and built on top of the the AWS Nitro System, a collection of AWS designed innovations that deliver efficient, flexible, and secure cloud services with isolated multi-tenancy, private networking, and fast local storage. Amazon EC2 Graviton3 instances also use up to 60% less energy to reduce your cloud carbon footprint for the same performance than comparable EC2 instances. For increased scalability, these instances are available in 9 different instance sizes, including bare metal, and offer up to 30 Gbps networking bandwidth and up to 20 Gbps of bandwidth to the Amazon Elastic Block Store (EBS). To learn more, see Amazon EC2 C7g. To explore how to migrate your workloads to Graviton-based instances, see AWS Graviton Fast Start program and Porting Advisor for Graviton. To get started, see the AWS Management Console.

Amazon GameLift Servers, a fully managed service for deploying, operating, and scaling game servers for multiplayer games, is now available in two additional AWS Regions: Asia Pacific (Thailand) and Asia Pacific (Malaysia). With this launch, customers can now deploy GameLift fleets closer to players in Thailand and Malaysia, helping reduce latency and improve gameplay responsiveness. This regional expansion supports both Amazon GameLift Servers managed EC2 and container-based hosting options. Developers can take advantage of features such as FlexMatch for customizable matchmaking, FleetIQ for cost-optimized instance management, and auto-scaling to manage player demand dynamically. The addition of these new regions enables game developers and publishers to better server growing player communities across Southeast Asia while maintaining high performance and reliability. To get started, visit the Amazon GameLift console or refer to the Amazon GameLift Servers developer guide.

Starting today, domain name system (DNS) delegation for private hosted zone subdomains can be used with Route 53 inbound and outbound Resolver endpoints. This allows you to delegate the authority for a subdomain from your on-premises infrastructure to the Route 53 Resolver cloud service and vice versa, enabling a simplified cloud experience across namespaces in AWS and on your own local infrastructure. AWS customers allow multiple organizations within their enterprise to individually manage their respective subdomains and subzones, whereas apex domains and parent hosted zones are typically overseen by a central team. Previously, these customers had to create and maintain conditional forwarding rules in their existing network infrastructure to enable services to discover one another across subdomains. However, conditional forwarding rules are difficult to maintain across large organizations and, in many cases, are not supported by on-premises infrastructure. With today’s release, customers can instead delegate authority of subdomains to Route 53 using name server records and vice versa, achieving compatibility with common, on-premises DNS infrastructure and removing the need for teams to use conditional forwarding rules throughout their organization. Inbound and outbound delegation for Resolver endpoints is available globally in all AWS Regions, where Resolver endpoints are available, except in AWS GovCloud and Amazon Web Services in China. Inbound and outbound delegation is provided at no additional cost to Resolver endpoints usage. For more details on pricing, visit the Route 53 pricing page, and to learn more about this feature, visit the developer guide.  

Today, Amazon EMR on EKS announces support for Service Quotas, improving visibility and control over EMR on EKS quotas. Previously, to request an increase for EMR on EKS quotas, such as maximum number of StartJobRun API calls per second, customers had to open a support ticket and wait for the support team to process the increase. Now, customers can view and manage their EMR on EKS quota limits directly in the Service Quotas console. This enables automated limit increase approvals for eligible requests, improving response times and reducing the number of support tickets. Customers can also set up Amazon CloudWatch alarms to get automatically notified when their usage reaches a certain percentage of a maximum quota. Amazon EMR on EKS support for Service Quotas is available in all Regions where Amazon EMR on EKS is currently available. To get started, visit the Service Quotas User Guide.

Now generally available, Amazon CloudWatch helps you accelerate operational investigations across your AWS environment in just a fraction of the time. With a deep understanding of your AWS cloud environment and resources, CloudWatch investigations use an AI agent to look for anomalies in your environment, surface related signals, identify root-cause hypotheses, and suggest remediation steps, significantly reducing mean time to resolution (MTTR). This new CloudWatch investigations capability works alongside you throughout your operational troubleshooting journey from issue triage through remediation. You can initiate an investigation by selecting the Investigate action on any CloudWatch data widget across the AWS Management Console. You can also start investigations from more than 80 AWS consoles, configure to auto trigger from a CloudWatch alarm action, or initiate from an Amazon Q chat. The new investigation experience in CloudWatch allows teams to collaborate and add findings, view related signals and anomalies, and review suggestions for potential root cause hypotheses. This new capability also provides remediation suggestions for common operational issues across your AWS environment by surfacing relevant AWS Systems Manager Automation runbooks, AWS re:Post articles, and documentation. It also integrates with popular communication channels such as Slack and Microsoft Teams. The Amazon CloudWatch investigations capability is available in US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (Spain), and Europe (Stockholm). The CloudWatch investigations capability is now generally available at no additional cost. It was previously launched in preview as Amazon Q Developer operational investigations. To learn more, see getting started and best practice documentation.

Amazon Bedrock Guardrails announces tiers for content filters and denied topics, offering additional flexibility and ease of use towards choosing features and expanded language support depending on customer use cases. With a new Standard tier, Guardrails now detects and filters undesirable content with better contextual understanding including modifications such as typographical errors, and support for up to 60 languages. Bedrock Guardrails provides configurable safeguards to help detect and block harmful content and prompt attacks, define topics to deny and disallow specific topics, and helps redact personally identifiable information (PII) such as personal data from input prompts and model responses. Additionally, Bedrock Guardrails helps detect and block model hallucinations, and identify, correct, and explain factual claims in model responses using Automated Reasoning checks. Guardrails can be applied across any foundation model including those hosted with Amazon Bedrock, self-hosted models, and third-party models outside Bedrock using the ApplyGuardrail API, providing a consistent user experience and helping to standardize safety and privacy controls. The new Standard tier enhances the content filters and denied topics safeguards within Bedrock Guardrails by offering better robust detection of prompt and response variations, strengthened defense against all categories of content filters including prompt attacks, and broader language support. The improved prompt attacks filter clearly distinguishes between jailbreaks and prompt injection on the backend while protecting against other threats including output manipulation. To access the Standard tier’s capabilities, customers must explicitly opt in to cross-region inference with Bedrock Guardrails. To learn more, see the technical documentation and the Bedrock Guardrails product page.

Amazon S3 now supports sort and z-order compaction for Apache Iceberg tables, available both in Amazon S3 Tables and general purpose S3 buckets using AWS Glue Data Catalog optimization. Sort compaction in Iceberg tables minimizes the number of data files scanned by query engines, leading to improved query performance and reduced costs. Z-order compaction provides additional performance benefits through efficient file pruning when querying across multiple columns simultaneously. S3 Tables provide a fully managed experience where hierarchical sorting is automatically applied on columns during compaction when a sort order is defined in table metadata. When multiple query predicates need to be prioritized equally, you can enable z-order compaction through the S3 Tables maintenance API. If you are using Iceberg tables in general purpose S3 buckets, optimization can be enabled in the AWS Glue Data Catalog console, where you can specify your preferred compaction method. These additional compaction capabilities are available in all AWS Regions where S3 Tables or optimization with the AWS Glue Data Catalog are available. To learn more, read the AWS News Blog, and visit the S3 Tables maintenance documentation and AWS Glue Data Catalog optimization documentation.  

The Customer Carbon Footprint Tool (CCFT) and Data Exports now show emissions calculated using the location-based method (LBM), alongside emissions calculated using the market-based method (MBM) which were already present. In addition, you can now see the estimated emissions from CloudFront usage in the service breakdown, alongside EC2 and S3 estimates. LBM reflects the average emissions intensity of grids on which energy consumption occurs. Electricity grids in different parts of the world use various sources of power, from carbon-intense fuels like coal, to renewable energy like solar. With LBM, you can view and validate trends in monthly carbon emissions that more directly align to your cloud usage, and get insights into the carbon intensity of the underlying electricity grids in which AWS data centers operate. This empowers you to make more informed decisions about optimizing your cloud usage and achieving your overall sustainability objectives. To learn more about the differences between LBM and MBM see the GHG Protocol Scope 2 Guidance. Check out your LBM emissions today in the Customer Carbon Footprint Tool and Data Exports; the updates are explained in detail in the user guide.  

Today, Amazon SageMaker HyperPod announces the general availability of Amazon EC2 P6-B200 instances powered by NVIDIA B200 GPUs. Amazon EC2 P6-B200 instances offer up to 2x performance compared to P5en instances for AI training. P6-B200 instances feature 8 Blackwell GPUs with 1440 GB of high-bandwidth GPU memory and a 60% increase in GPU memory bandwidth compared to P5en, 5th Generation Intel Xeon processors (Emerald Rapids), and up to 3.2 terabits per second of Elastic Fabric Adapter (EFAv4) networking. P6-B200 instances are powered by the AWS Nitro System, so you can reliably and securely scale AI workloads within Amazon EC2 UltraClusters to tens of thousands of GPUs. The instances are available through SageMaker HyperPod flexible training plans in US West (Oregon) AWS Region. For on-demand reservation of B200 instances, please reach out to your account manager. Amazon SageMaker AI lets you easily train machine learning models at scale using fully managed infrastructure optimized for performance and cost. To get started with SageMaker HyperPod, visit the webpage and documentation.  

We’re excited to announce the general availability of UDP ping beacons for Amazon GameLift Servers, a new feature that enables game developers to measure real-time network latency between game clients and game servers hosted on Amazon GameLift Servers. With UDP ping beacons, you can now accurately measure latency for UDP (User Datagram Protocol) packet payloads across all AWS Regions and Local Zones where Amazon GameLift Servers is available. Most multiplayer games use UDP as their primary packet transmission protocol due to its performance benefits for real-time gaming and optimizing network latency is crucial for delivering the best possible player experience. UDP ping beacons provide a reliable way to measure actual UDP packet latency between players and game servers, helping make better decisions about player-to-server matching and game session placement. The beacon endpoints are available in all AWS Global Regions and Local Zones supported by Amazon GameLift Servers, except AWS China, and through the ListLocations API, making it easy to programmatically access the endpoints. To learn more, visit the Amazon GameLift Servers Release Notes.