AWS Recent Announcements

Amazon Lightsail now offers a new WordPress blueprint, making it easier than ever to launch and manage a WordPress website on the cloud. With just a few clicks, you can create a Lightsail virtual private server (VPS) preinstalled with WordPress, and follow a guided setup wizard to get your site fully configured and running in minutes. This new blueprint has Instance Metadata Service Version 2 (IMDSv2) enforced by default. With Lightsail, you can easily get started on the cloud by choosing a blueprint and an instance bundle to build your web application. Lightsail instance bundles include instances preinstalled with your preferred operating system, storage, and monthly data transfer allowance, giving you everything you need to get up and running quickly. The new WordPress blueprint includes a step-by-step setup workflow that walks you through connecting a custom domain, configuring DNS, attaching a static IP address, and enabling HTTPS encryption using a free Let’s Encrypt SSL/TLS certificate — all from within the Lightsail console. This new blueprint is now available in all AWS Regions where Lightsail is available. For more information on blueprints supported on Lightsail, see Lightsail documentation. For more information on pricing, or to get started with your free trial, click here.

EC2 Image Builder, a service that helps you automate the creation, distribution, and management of customized Amazon Machine Images, now supports wildcard patterns in lifecycle policies and simplifies IAM role creation. You can now use wildcard patterns to manage images from multiple recipes within a single lifecycle policy, and create IAM roles with pre-populated default permissions directly from the console. Previously, you had to create separate lifecycle policies for each new recipe or manually select individual recipes, making it difficult to scale as new recipes were added. Now with wildcard pattern support, you can specify patterns like my-recipe-1.x.x to automatically apply lifecycle policies to all matching recipes—including new recipes created in the future. Additionally, creating IAM roles for lifecycle management previously required manually configuring the required permissions. Now when creating a new role in the console, EC2 Image Builder automatically populates the required default permissions, reducing setup time and potential configuration errors. Together, these capabilities simplify onboarding and ongoing maintenance, enabling you to manage your image lifecycle at scale with less operational overhead. Lifecycle Policies are available in all commercial AWS regions. To learn more, refer to the documentation.

Amazon Application Recovery Controller (ARC) Region switch helps customers orchestrate the failover of their multi-Region applications to achieve a bounded recovery time in the event of a Regional impairment. It automates multi-Region disaster recovery, reducing engineering effort and eliminating operational overhead when recovering applications across multiple AWS accounts and Regions. Region switch now includes three new capabilities: post-recovery workflows, native RDS execution blocks, and AWS provider for Terraform support. Post-recovery workflows. Disaster recovery doesn’t end when customers failover to a standby Region. After orchestrating a failover or failback, customers must prepare the other Region for the next recovery event. Today, this requires manual coordination of scaling, recreating read replicas, and validating configurations. Post-recovery workflows help customers automate these preparation steps. With this launch, post-recovery workflows support the custom action Lambda execution block, Amazon RDS create read replica execution block, ARC Region switch plan execution block, and the manual approval execution block. Customers can create read replicas, run custom logic via Lambda functions, add manual approval gates, and embed child plans for complex orchestration as part of post-recovery. Post-recovery workflows are available for active/passive deployments and can be triggered manually. RDS execution blocks. Coordinating Amazon RDS database recovery during Regional failover requires manual steps to promote read replicas and recreate replication, introducing delays and errors. Region switch now natively supports two Amazon RDS execution blocks that automate RDS recovery orchestration. The RDS promote read replica execution block orchestrates promotion of a read replica to a standalone instance during failover. The RDS create read replica execution block orchestrates replica creation as part of post-recovery workflows. AWS provider for Terraform support. Region switch is now supported by the AWS provider for Terraform, enabling customers to manage disaster recovery plans as Infrastructure-as-Code and integrate them into CI/CD pipelines alongside application deployments. To learn more, about AWS provider support for Terraform, visit Terraform provider documentation. To learn about post-recovery workflows in action, read the post-recovery workflow tutorial. To get started with Region switch, read our launch blog or documentation.

Amazon Bedrock batch inference now supports the Converse API as a model invocation type, enabling you to use a consistent, model-agnostic input format for your batch workloads. Previously, batch inference required model-specific request formats using the InvokeModel API. Now, when creating a batch inference job, you can select Converse as the model invocation type and structure your input data using the standard Converse API request format. Output for Converse batch jobs follows the Converse API response format. With this feature, you can use the same unified request format for both real-time and batch inference, simplifying prompt management and reducing the effort needed to switch between models. You can configure the Converse model invocation type through both the Amazon Bedrock console and the API. This capability is available in all AWS Regions that support Amazon Bedrock batch inference. To get started, see Create a batch inference job and Format and upload your batch inference data in the Amazon Bedrock User Guide.

AWS Network Firewall now integrates with Amazon EventBridge to provide real-time notifications for firewall state changes and configuration updates. This new capability enables you to monitor critical firewall operations including firewall configuration updates and endpoint status modifications across your network security infrastructure. You gain immediate visibility into changes affecting AWS Managed Rules, Partner Managed Rules, and firewall configurations. With EventBridge integration, you gain enhanced visibility into your firewall operations in real-time. You can build automated workflows to send notifications through Amazon SNS, create tickets in your IT service management (ITSM) systems, or integrate with third-party security information and event management (SIEM) solutions. This integration helps you maintain better operational awareness of your network security infrastructure and respond quickly to configuration changes or potential issues. AWS Network Firewall state change notifications through Amazon EventBridge are available in all AWS Regions where AWS Network Firewall and Amazon EventBridge is currently available. To learn more about AWS Network Firewall EventBridge integration, visit the AWS Network Firewall documentation. For information about Amazon EventBridge, see the Amazon EventBridge documentation.

Amazon CloudWatch now supports customizing destination log group names when creating CloudWatch log centralization rules. Organizations managing logs across multiple accounts can now use attributes to organize centralized logs into meaningful hierarchies — by account ID, region, organizational unit, or other AWS Organizations metadata — that match how their organization operates and what their compliance requirements demand. You can define a destination log group name structure using attributes that CloudWatch Logs automatically replaces with actual values when logs are copied. For example, using the pattern ${source.accountId}/${source.region}/${source.logGroup} creates destination log groups like 123456789012/us-east-1/cloudtrail/managementevent, making it easy to identify which account and region logs originated from. You can use attributes, including source account ID, region, log group name, organization ID, organizational unit ID, root ID, and the full organizational path. Customizable destination log group names are available in all centralization rules supported regions. Customers can use centralization rules to centralize one copy of logs for free (ingestion). Additional copies are charged at $0.05/GB of logs centralized (the backup region feature is considered an additional copy). Storage charges apply. To learn more, visit the CloudWatch Logs Centralization documentation.

AWS Resource Access Manager (RAM) now supports a resource share configuration that allows you to maintain resource sharing continuity when accounts move between AWS Organizations. With the new RetainSharingOnAccountLeaveOrganization parameter and corresponding ram:RetainSharingOnAccountLeaveOrganization condition key, security administrators can configure resource shares to retain access when accounts leave the organization and enforce consistent policies across their organization using Service Control Policies (SCPs). This capability helps organizations undergoing mergers, acquisitions, or restructuring maintain access to shared resources like Route53 Resolver Rules, Transit Gateways, and IPAM pools without disruption. Security teams can use SCPs to enforce the RetainSharingOnAccountLeaveOrganization configuration organization-wide. When enabled, RAM treats organization accounts as external accounts, requiring explicit invitation acceptance and preserving resource access during account transitions between organizations. This feature is available in all AWS commercial Regions at no additional cost. To learn more about resource share configurations, see the AWS RAM documentation or visit the AWS RAM product page.

Starting today, AWS customers based in the United Kingdom can use Bacs Direct Debit to pay for their AWS services. This new feature provides a convenient and automated way to manage your cloud spend directly from your GBP-based bank account. Customers can securely connect any personal or business bank account that supports the Bacs standard. Previously, AWS only  accepted credit or debit cards and EUR-based bank accounts in the UK. During sign-up, customers can choose “Bacs Direct Debit” from the AWS sign-up page, select their bank, and authenticate using their bank’s mobile app or online banking credentials. This securely verifies ownership and links the bank account to the AWS account. By default, this account will be used for future AWS invoices. Existing customers can add Bacs Direct Debit by navigating to the Payment Preferences page in the AWS Billing console. They choose “Add payment method,” select “Bacs Direct Debit,” and follow the same bank selection and authentication flow. Once verified, the bank account is available as a payment method for future invoices. Bacs Direct Debit is available to customers in UK regions at not additional cost. To learn more, see Managing your Bacs direct debit payment method. 

Amazon OpenSearch Service has enhanced Cluster Insights with two new insights — Cluster Overload and Suboptimal Sharding Strategy. Suboptimal Sharding Strategy provides instant visibility into shard imbalances that cause uneven workload distribution, while Cluster Overload surfaces elevated cluster resource utilization that can lead to request throttling or rejections. Both insights come with details of affected resources along with actionable mitigation recommendations. Previously, identifying resource constraints and shard imbalances required manually correlating multiple metrics and logs, making it difficult to detect issues early. With these new insights, you can proactively monitor cluster health and take timely action. Suboptimal Sharding Strategy detects shard imbalances caused by indices with too few shards relative to the number of data nodes, or by shards carrying disproportionately large amounts of data compared to others. It identifies the root cause of uneven workload distribution and provides recommendations to help you achieve optimal shard distribution for improved query performance and resource utilization. Similarly, Cluster Overload helps you identify elevated resource utilization, including CPU, memory, disk I/O, disk throughput, and disk utilization that can potentially lead to request throttling or rejections. It also provides scale-up recommendations so you can take timely action to protect your critical workloads. These new insights are available at no additional cost for OpenSearch version 2.17 or later in all Regions where the OpenSearch UI is available. See the complete list of supported Regions here. To learn more, visit the Cluster Insights documentation or view the complete catalog of available insights.

Oracle Database@AWS is now available in EU-West-1 (Dublin), starting with one Availability Zone (AZ). Oracle Database@AWS enables customers to access database services on Oracle Cloud Infrastructure (OCI) managed Oracle Exadata systems within AWS data centers. As a result, customers can easily migrate their on-premises Oracle Exadata and Oracle Real Application Clusters (RAC) applications to a like-for-like environment on AWS, and also benefit from integrations with AWS services such as AWS Key Management Service (KMS) for data encryption and AWS CloudWatch for monitoring. With expansion to the Dublin region, customers with data residency requirements in that region can migrate their on-premises Oracle Exadata and RAC applications to AWS. With this expansion, Oracle Database@AWS services are now available in eight Regions: US-East-1 (N. Virginia), US-West-2 (Oregon), US-East-2 (Ohio), CA-Central-1 (Canada Central), EU-Central-1 (Frankfurt), EU-West-1 (Dublin), AP-Northeast-1 (Tokyo), and AP-Southeast-2 (Sydney). To use Oracle Database@AWS services, request a private offer from Oracle through the AWS Marketplace, and use AWS Management Console to setup and use your databases. To learn more, visit Oracle Database@AWS overview and documentation.

Amazon Relational Database Service (RDS) for PostgreSQL now supports the latest minor versions 18.3, 17.9, 16.13, 15.17, and 14.22. These versions address the regression from the February 12, 2026 PostgreSQL community release. We recommend that you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of PostgreSQL, and to benefit from the bug fixes added by the PostgreSQL community. You can upgrade your databases during scheduled maintenance windows using automatic minor version upgrades. To simplify operations at scale, enable automatic minor version upgrades and use the AWS Organizations Upgrade Rollout Policy to orchestrate thousands of upgrades in phases, first to development environments before upgrading production systems. You can also use Amazon RDS Blue/Green deployments with physical replication to minimize downtime for minor version upgrades. Amazon RDS for PostgreSQL makes it simple to set up, operate, and scale PostgreSQL deployments in the cloud. See Amazon RDS for PostgreSQL Pricing for pricing details and regional availability. Create or update a fully managed Amazon RDS database in the Amazon RDS Management Console or by using the AWS Command Line Interface (CLI).

Amazon Bedrock now supports OpenAI-compatible Projects API in the Mantle inference engine in Amazon Bedrock. Amazon Bedrock is a fully managed service that offers a broad selection of best-in-class foundation models from leading AI companies like Anthropic, Meta, and OpenAI, along with a broad set of specialized developer tools that make it easy to build and scale compelling generative AI applications. Mantle is Amazon Bedrock’s distributed inference engine for large-scale model serving that supports OpenAI-compatible APIs. With Projects API, customers who have more than one application, environment, or team can now create individual projects to achieve better isolation across all of them. You can assign different IAM-based access control to each project and add tags to each project for better cost visibility. Projects are available for all customers using the OpenAI-compatible APIs, the Responses API and Chat Completions API, through the Mantle inference engine in Amazon Bedrock. There is no additional charge for using the Projects API. You pay only for the underlying model inference you consume. To get started with the Projects API in Amazon Bedrock, visit the Amazon Bedrock documentation. 

Amazon Elastic Container Service (Amazon ECS) Managed Instances now integrates with Amazon EC2 Capacity Reservations, enabling you to leverage your reserved capacity for predictable workload availability, while ECS handles all infrastructure management. This integration helps you balance reliable capacity scaling with cost efficiency, helping achieve high availability for mission‑critical workloads. Amazon ECS Managed Instances is a fully managed compute option designed to eliminate infrastructure management overhead, dynamically scale EC2 instances to match your workload requirements, and continuously optimize task placement to reduce infrastructure costs. With today’s launch, you can configure your ECS Managed Instances capacity providers to use capacity reservations by setting the capacityOptionType parameter to reserved, in addition to the existing spot and on-demand options. You can also specify reservation preferences to optimize cost and availability: use reservations-only to launch EC2 instances exclusively in reserved capacity for maximum predictability, reservations-first to prefer reservations while maintaining flexibility to fall back to on-demand capacity when needed, or reservations-excluded to prevent your capacity provider from using reservations altogether. To get started, you can use the AWS Management Console, AWS CLI, AWS CloudFormation, or AWS SDKs to configure your ECS Managed Instances capacity provider by choosing capacityOptionType=reserved and providing a capacity reservation group and reservation strategy. This feature is now available in all AWS Regions. For more details, refer to the documentation.

AWS Marketplace now supports Concurrent Agreements for SaaS and Professional Services products, enabling buyers to make multiple purchases for the same product within a single AWS account. Previously, buyers could only maintain one active agreement per product per AWS account, requiring sellers to use workarounds to support expansion deals. Concurrent Agreements removes this constraint, allowing different business units to procure independently with their own negotiated terms and pricing. Both buyers and sellers benefit from the flexibility Concurrent Agreements provides. Buyers can accept multiple offers for the same product without disrupting existing agreements, supporting multi-team procurement within centralized AWS accounts, mid-term expansions, and repeat purchases. Sellers can close multi-business unit deals that couldn’t happen before, transact expansions immediately instead of waiting for renewal cycles, and eliminate the operational overhead of managing workarounds.  Concurrent Agreements is enabled by default for all Professional Services listings starting today, with no seller action required. For SaaS listings, sellers must update their AWS Marketplace integration to handle multiple active subscriptions, including updating subscription notifications to use EventBridge and updating entitlement and metering APIs. Starting June 1, 2026, support for Concurrent Agreements will be required for new SaaS products. Sellers who have completed the integration work can opt in to enable Concurrent Agreements for their SaaS products now.  This capability is available in all AWS Regions where AWS Marketplace is supported. Concurrent Agreements purchasing is available on SaaS products where sellers have completed the integration, and is enabled by default for all Professional Services listings. To learn more about enabling Concurrent Agreements as a seller of SaaS products, review the Concurrent Agreements integration lab.

Today, AWS announces the general availability of dynamic dialing mode switching for Amazon Connect Outbound Campaigns, which allows contact center administrators to change between preview and non-preview dialing modes during active campaign execution. Previously, campaigns were locked into their initial dialing mode once started, requiring administrators to stop and restart campaigns to adjust strategies. This launch solves the problem of inflexible dialing strategies that couldn’t adapt to real-time business needs and agent availability changes. Dynamic dialing mode switching enables contact centers to optimize agent productivity and campaign efficiency in real-time without campaign interruptions. For example, you can automatically switch from progressive dialing to preview mode when handling high-priority contacts that require additional context, then revert back when traffic returns to normal patterns. This flexibility is particularly valuable for campaigns with varying contact priorities or fluctuating agent availability throughout the day. Dynamic dialing mode switching is available at no additional cost in all AWS Regions where Amazon Connect Outbound Campaigns is supported: US East (N. Virginia), US West (Oregon), Canada (Central), Europe (Frankfurt), Europe (London), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and Africa (Cape Town). To learn more, see the Amazon Connect Administrator Guide or visit the Amazon Connect website. 

Amazon CloudWatch Database Insights now provides lock contention diagnostics for Amazon RDS for PostgreSQL instances. This feature helps you identify the root cause behind both ongoing and historical lock contention issues within minutes. The lock contention diagnostics feature is available exclusively in the Advanced mode of CloudWatch Database Insights. With this launch, you can visualize a locking condition in the Database Insights console, which shows the relationship between blocking and waiting sessions. The visualization helps you quickly identify the dominating sessions, queries, or objects causing lock contention. Additionally, this feature persists historical locking data for 15 months, allowing you to analyze and investigate historical locking conditions. You no longer need to manually run custom queries or rely on application logs to diagnose lock contention issues, streamlining the troubleshooting process. You can get started with this feature by enabling the Advanced mode of CloudWatch Database Insights on your Amazon RDS for PostgreSQL clusters using the RDS console, AWS APIs, or the AWS SDK. CloudWatch Database Insights delivers database health monitoring aggregated at the fleet level, as well as instance-level dashboards for detailed database and SQL query analysis. CloudWatch Database Insights is available in all public AWS Regions and offers vCPU-based pricing – see the pricing page for details. For further information, visit the Database Insights documentation.

Today, we’re announcing the general availability of AWS Security Hub Extended, a new plan that extends unified security operations across your enterprise through a single-vendor experience. This plan helps address the complexity of managing multiple vendor relationships and lengthy procurement cycles by bringing together the best of AWS detection services and curated partner security solutions. The Security Hub Extended plan delivers three critical advantages. First, it helps streamline procurement by consolidating solution usage into one bill—thereby reducing procurement complexity while preserving direct access to each provider’s domain expertise. AWS Enterprise Support Customers also benefit from unified Level 1 support from AWS. Second, it enables you to establish more comprehensive protection by bringing together the best of AWS detection services with curated partner solutions across endpoint, identity, email, network, data, browser, cloud, AI, and security operations. Third, it helps enhance operational efficiency by streamlining security findings in a standard format, providing centralized visibility across your security environment while reducing the burden of manual integration work. You can access and review partner solutions across security categories through the Security Hub console, selecting only the solutions you need with flexible pay-as-you-go or flat-rate pricing—no upfront investments or long-term commitments required. With AWS as the seller of record, the Extended plan may be eligible for AWS Private Pricing opportunities. This gives you the flexibility to add or remove security categories as your business needs evolve, while enabling you to streamline vendor contract negotiations and consolidate billing. For a list of AWS commercial Regions where Security Hub is available, see the AWS Region table. For more information about pricing, visit the AWS Security Hub pricing page. To get started, visit the AWS Security Hub console or product page.

Amazon Cognito enhances client secret lifecycle management for app clients of Cognito user pools by adding client secret rotation and support for custom client secrets. Cognito helps you implement secure sign-in and access control for users, AI agents, and microservices in minutes, and a Cognito app client is a configuration that interacts with one mobile or web application that authenticates with Cognito. Previously, Cognito automatically generated all app client secrets. With this launch, in addition to the automatically generated secrets, you have the option to bring your own custom client secrets for new or existing app clients. Additionally, you can now rotate client secrets on-demand and maintain up to two active client secrets per app client. The new client secret lifecycle management capabilities address needs for organizations with periodic credential rotation requirements, companies improving security posture, and enterprises migrating from other authentication systems to Cognito. Maintaining two active secrets per app client allows gradual transition to the new secret without application downtime. Client secret rotation and custom client secrets are available in all AWS Regions where Amazon Cognito user pools are available. To learn more, see the Amazon Cognito Developer Guide. You can get started using the new capabilities through the AWS Management Console, AWS Command Line Interface (CLI), AWS Software Development Kits (SDKs), or AWS CloudFormation.

AWS is announcing the general availability of Amazon EC2 Storage Optimized I8g.metal-48xl instances. I8g instances are powered by AWS Graviton4 processors that deliver up to 60% better compute performance compared to previous generation I4g instances. I8g instances use the latest third generation AWS Nitro SSDs, local NVMe storage that deliver up to 65% better real-time storage performance per TB while offering up to 50% lower storage I/O latency and up to 60% lower storage I/O latency variability. These instances are built on the AWS Nitro System, which offloads CPU virtualization, storage, and networking functions to dedicated hardware and software enhancing the performance and security for your workloads. Amazon EC2 I8g instances are designed for I/O intensive workloads that require rapid data access and real-time latency from storage. These instances excel at handling transactional and real-time databases, including MySQL, PostgreSQL, and NoSQL solutions like ClickHouse, Apache Druid, and MongoDB. They’re also optimized for real-time analytics platforms such as Apache Spark. I8g instances are available in 11 different sizes with up to 48xlarge (including 2 metal sizes), 1,536 GiB of memory, and 45 TB local instance storage. They deliver up to 100 Gbps of network performance bandwidth, and 60 Gbps of dedicated bandwidth for Amazon Elastic Block Store (EBS). To learn more, visit EC2 I8g instances. To begin your Graviton journey, visit the Level up your compute with AWS Graviton page.

Starting today, Amazon EC2 M8i and M8i-flex instances are now available in US West (N. California), Europe (Paris), Asia Pacific (Hyderabad), and South America (Sao Paulo) regions. These instances are powered by custom Intel Xeon 6 processors, available only on AWS, delivering the highest performance and fastest memory bandwidth among comparable Intel processors in the cloud. The M8i and M8i-flex instances offer up to 15% better price-performance, and 2.5x more memory bandwidth compared to previous generation Intel-based instances. They deliver up to 20% better performance than M7i and M7i-flex instances, with even higher gains for specific workloads. The M8i and M8i-flex instances are up to 30% faster for PostgreSQL databases, up to 60% faster for NGINX web applications, and up to 40% faster for AI deep learning recommendation models compared to M7i and M7i-flex instances. M8i-flex are the easiest way to get price performance benefits for a majority of general-purpose workloads like web and application servers, microservices, small and medium data stores, virtual desktops, and enterprise applications. They offer the most common sizes, from large to 16xlarge, and are a great first choice for applications that don’t fully utilize all compute resources. M8i instances are a great choice for all general purpose workloads, especially for workloads that need the largest instance sizes or continuous high CPU usage. The SAP-certified M8i instances offer 13 sizes including 2 bare metal sizes and the new 96xlarge size for the largest applications. To get started, sign in to the AWS Management Console. For more information about the new instances, visit the M8i and M8i-flex page or visit the AWS News blog.

Amazon Simple Notification Service (Amazon SNS) now supports sending push notifications in the AWS Europe (Spain) Region.  Amazon SNS is a fully managed pub/sub service that provides message delivery to multiple endpoints, including AWS Lambda, Amazon SQS, Amazon Data Firehose, HTTP, SMS (via AWS End User Messaging), push notifications, and email. With this launch, customers in the Europe (Spain) Region can use Amazon SNS to send push notifications to the following supported push notification services: Amazon Device Messaging (ADM), Apple Push Notification Service (APNs), Baidu Cloud Push (Baidu), Firebase Cloud Messaging (FCM), Microsoft Push Notification Service for Windows Phone (MPNS), and Windows Push Notification Services (WNS).  With this expansion, Amazon SNS now supports sending push notifications from 25 regions. For the full list of regions from which you can send push notifications, see Supported Regions and Countries in the Amazon SNS Developer Guide. For more information, see the Amazon SNS push notifications documentation.

Today, AWS announces the developer preview of the AWS Lambda Durable Execution SDK for Java. With this SDK, developers can build resilient multi-step applications like order processing pipelines, AI-assisted workflows, and human-in-the-loop approvals using Lambda durable functions, without implementing custom progress tracking or integrating external orchestration services. Lambda durable functions extend Lambda’s event-driven programming model with operations that checkpoint progress automatically and pause execution for up to a year when waiting on external events. The new Durable Execution SDK for Java provides an idiomatic experience for building with durable functions and is compatible with Java 17+. This preview includes steps for progress tracking, waits for efficient suspension, and durable futures for callback-based workflows. To get started, see the Lambda durable functions developer guide and the AWS Lambda Durable Execution SDK for Java on GitHub. To learn more about Lambda durable functions, visit the product page. On-demand functions are not billed for duration while paused. For pricing details, see AWS Lambda Pricing. For information about AWS Regions where Lambda durable functions are available, see the AWS Regional Services List.

AWS Outposts racks now support VifConnectionStatus and VifBgpSessionState Amazon CloudWatch metrics in AWS GovCloud (US) Regions. These metrics provide visibility into the connectivity status of your Outposts racks’ Local Gateway (LGW) and Service Link Virtual Interfaces (VIFs) with your on-premises devices. These metrics provide you with the ability to monitor Outposts VIF connectivity status directly within the CloudWatch console, without having to rely on external networking tools or coordination with other teams. You can use these metrics to set alarms, troubleshoot connectivity issues, and ensure your Outposts racks are properly integrated with your on-premises infrastructure. The VifConnectionStatus metric indicates whether an Outposts VIF is successfully connected, configured, and ready to forward traffic. A value of “1” means that the VIF is operational, while “0” means that it is not ready. The VifBgpSessionState metric shows the current state of the BGP session between the Outposts VIF and the on-premises device, with values ranging from 1 (IDLE) to 6 (ESTABLISHED). The VifConnectionStatus and VifBgpSessionState metrics are now available for all Outposts VIFs in AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions where Outposts racks are available. To get started, read this blog post and access the metrics in the CloudWatch console. To learn more, check out the CloudWatch metrics for Outposts documentation for first-generation Outposts racks.

AWS Security Agent now enables customers to run penetration tests against Virtual Private Cloud (VPC) resources shared from other AWS accounts within the same organization. This new capability allows security teams to perform comprehensive security assessments across their multi-account environments using AWS Security Agent. By leveraging AWS Resource Access Manager (RAM), customers can securely share VPC resources from sub-accounts to a central AWS account where penetration testing is conducted. This feature addresses the challenge of testing distributed architectures spanning multiple AWS accounts. Security professionals can now create an Agent Space in a central account and use RAM to access VPC resources from connected sub-accounts for testing. This streamlines security assessments for organizations with complex multi-account setups. The ability to comprehensively test shared VPC resources enhances an organization’s overall security posture. To get started, ensure your accounts are part of the same AWS Organization and configure resource sharing using RAM. Then launch AWS Security Agent in your central account to begin penetration testing across the shared VPC resources. For more information on AWS Security Agent and its penetration testing capabilities, visit the AWS Security Agent documentation. 

Today, AWS announces a browser-based playground that enables developers to interact with an Amazon Aurora DSQL database without requiring an AWS account. With zero setup or infrastructure configuration, developers can create schemas, load data, and execute SQL queries directly form their browser. The playground for Aurora DSQL provides an instant, ephemeral database environment, making it easy to experiment and learn. Built-in sample datasets help developers quickly explore core Aurora DSQL capabilities and get hands-on experience in minutes. To start exploring, visit the playground for Aurora DSQL. To get started with your production workloads and learn more visit Amazon Aurora DSQL.

Today we are announcing the release of the Aurora DSQL Driver for SQLTools and the Aurora DSQL Plugin for DBeaver Community Edition. These integrations allow customers to leverage popular database tools to run queries against Aurora DSQL clusters, explore database schemas, and manage their data. Both integrations simplify database connectivity by automatically handling IAM authentication and transparently managing access tokens, eliminating the need to write token generation code or manually supply IAM tokens. The SQLTools driver integrates Aurora DSQL with Visual Studio Code and is also available on Open VSX Registry for use with VS Code-compatible editors such as Cursor and Kiro. The DBeaver plugin is built on top of the Aurora DSQL Connector for JDBC. Both integrations eliminate security risks associated with traditional user-generated passwords by using AWS IAM credentials for secure, password-free authentication. To get started, visit the Aurora DSQL documentation page for VSCode and DBeaver. Get started with Aurora DSQL for free with the AWS Free Tier. To learn more about Aurora DSQL, visit the webpage.

Today we are announcing the release of Aurora DSQL integrations for popular ORM and database migration tools: an adapter for Tortoise (Python ORM), a dialect for Flyway (schema management tool), and CLI tools for Prisma (Node.js ORM). These integrations help developers use their preferred frameworks with Aurora DSQL while automatically handling IAM authentication and Aurora DSQL-specific compatibility requirements. The Aurora DSQL Adapter for Tortoise enables Python developers to build applications using Tortoise without writing custom authentication code. The adapter supports both asyncpg and psycopg drivers, integrates with the Aurora DSQL Connector for Python for automatic IAM token generation, and includes compatibility patches for rich migrations. The Flyway dialect adapts Flyway for Aurora DSQL’s distributed architecture by automatically handling Aurora DSQL-specific behaviors such as IAM-based authentication. The Prisma CLI tools help Node.js developers validate their Prisma schemas for Aurora DSQL compatibility and generate Aurora DSQL-compatible migrations, streamlining the path from development to production. To get started, visit the GitHub repositories for Tortoise ORM, Flyway, and Prisma. Get started with Aurora DSQL for free with the AWS Free Tier. To learn more about Aurora DSQL, visit the webpage.

Starting today, Amazon EC2 R8a instances are now available in Europe (Ireland) region. These instances, feature 5th Gen AMD EPYC processors (formerly code named Turin) with a maximum frequency of 4.5 GHz, deliver up to 30% higher performance, and up to 19% better price-performance compared to R7a instances. R8a instances deliver 45% more memory bandwidth compared to R7a instances, making these instances ideal for latency sensitive workloads. Compared to Amazon EC2 R7a instances, R8a instances provide up to 60% faster performance for GroovyJVM, allowing higher request throughput and better response times for business-critical applications. Built on the AWS Nitro System using sixth generation Nitro Cards, R8a instances are ideal for high performance, memory-intensive workloads, such as SQL and NoSQL databases, distributed web scale in-memory caches, in-memory databases, real-time big data analytics, and Electronic Design Automation (EDA) applications. R8a instances offer 12 sizes including 2 bare metal sizes. Amazon EC2 R8a instances are SAP-certified, and providing 38% more SAPS compared to R7a instances. To get started, sign in to the AWS Management Console. For more information about the new instances, visit the Amazon EC2 R8a instance page.

Starting today, Amazon EC2 M8i and M8i-flex instances are now available in Africa (Cape Town) region. These instances are powered by custom Intel Xeon 6 processors, available only on AWS, delivering the highest performance and fastest memory bandwidth among comparable Intel processors in the cloud. The M8i and M8i-flex instances offer up to 15% better price-performance, and 2.5x more memory bandwidth compared to previous generation Intel-based instances. They deliver up to 20% better performance than M7i and M7i-flex instances, with even higher gains for specific workloads. The M8i and M8i-flex instances are up to 30% faster for PostgreSQL databases, up to 60% faster for NGINX web applications, and up to 40% faster for AI deep learning recommendation models compared to M7i and M7i-flex instances. M8i-flex are the easiest way to get price performance benefits for a majority of general-purpose workloads like web and application servers, microservices, small and medium data stores, virtual desktops, and enterprise applications. They offer the most common sizes, from large to 16xlarge, and are a great first choice for applications that don’t fully utilize all compute resources. M8i instances are a great choice for all general purpose workloads, especially for workloads that need the largest instance sizes or continuous high CPU usage. The SAP-certified M8i instances offer 13 sizes including 2 bare metal sizes and the new 96xlarge size for the largest applications. To get started, sign in to the AWS Management Console. For more information about the new instances, visit the M8i and M8i-flex page or visit the AWS News blog.

Today, Amazon Location launched curated AI Agent context as a Kiro power, Claude Code plugin, and agent skill in the open Agent Skills format, usable by any compatible agent. Developers can use this context with generative AI tools such as Kiro, Claude Code, and Cursor to improve code accuracy, accelerate feature implementation, and reduce iteration time when adding Amazon Location-enabled capabilities to their applications. Amazon Location Service is a mapping service that offers geospatial data and location functionality such as maps, places search and geocoding, route planning, device tracking, and geofencing. Once loaded by AI development tools, the curated Amazon Location context accelerates development of common location-based solutions such as address entry forms for delivery applications, map display, nearest-store lookup, and route visualization. The context includes pre-validated implementation patterns and step-by-step instructions for these use cases, allowing developers to focus on application-specific logic rather than API integration details. Amazon Location Service is available in the following AWS Regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Malaysia), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Spain), Europe (Stockholm), South America (São Paulo), and AWS GovCloud (US-West). To get started, download and install the context to your agent of choice from the amazon-location-agent-context repository on GitHub, or learn more about using AI and LLMs to accelerate development with Amazon Location Service.