AWS Bedrock

AWS Secrets Manager adds hybrid post-quantum TLS for quantum-resistant secrets

AWS Secrets Manager now supports hybrid post-quantum key exchange using ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) to secure TLS connections for retrieving and managing secrets. This protection is automatically enabled in Secrets Manager Agent (version 2.0.0+), AWS Lambda Extension (version 19+), and Secrets Manager CSI Driver (version 2.0.0+). For SDK-based clients, hybrid post-quantum key exchange is available in supported AWS SDKs including Rust, Go, Node.js, Kotlin, Python (with OpenSSL 3.5+), and Java v2 (v2.35.11+). With this launch, your applications retrieve secrets over TLS connections that combine classical key exchange with post-quantum cryptography, helping protect against both traditional cryptographic attacks and future quantum computing threats known as "harvest now, decrypt later" (HNDL). No code changes, configuration updates, or migration effort are required for customers using the latest client versions except for Java v2. For example, a microservice requiring multiple secrets at startup can now retrieve them over quantum-resistant TLS connections by simply upgrading to the latest Secrets Manager Agent version. You can verify hybrid post-quantum key exchange is active by checking CloudTrail logs for the "X25519MLKEM768" key exchange algorithm in the tlsDetails field of GetSecretValue API calls. Hybrid post-quantum key exchange using ML-KEM for AWS Secrets Manager is available in all AWS Regions where AWS Secrets Manager is supported. To learn more, visit the AWS Secrets Manager documentation and the AWS Post-Quantum Cryptography migration page .

Date not specified

AWS Transform now available in Kiro and VS Code

AWS Transform is now available through two additional developer tools — including Kiro and VS Code. AWS Transform is an agentic migration and modernization factory designed to compress enterprise transformation timelines from years to months — handling everything from large-scale infrastructure migrations to continuous tech debt reduction, without the manual handoffs and lost context that commonly stall these programs.. With today’s launch, you can get started with AWS Transform custom transformations from wherever you already work: install the AWS Transform Power in Kiro , or install the AWS Transform extension in VS Code . AWS Transform custom transformations help you crush tech debt at scale — choose from AWS-managed transformations for common patterns like Java, Python, and Node.js version upgrades, AWS SDK migrations (boto2 to boto3, Java SDK v1 to v2, JS SDK v2 to v3), or define your own. These new surfaces make it easier to discover additional capabilities as they become available, build and iterate on your own custom transformations, and run any agent repeatedly or across thousands of repositories at once. The custom transformations are the first in a growing library of playbooks coming to developer tools, complementing the existing AWS Transform web console and CLI so you can start a job in your IDE, track progress in the web console, and finish transformations wherever it makes sense — with job state and context shared across every surface. AWS Transform supports deploying to all AWS commercial regions,and AWS Transform custom is available in US East (N. Virginia) and Europe (Frankfurt). To learn more, visit the AWS Transform product page and user guide .

Date not specified

Amazon EC2 P6-B300 instances now available in AWS GovCloud (US-East)

Starting today, Amazon Elastic Cloud Compute (Amazon EC2) P6-B300 instances are available in the AWS GovCloud (US-East) Region. P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory. P6-B300 instances deliver 2x networking bandwidth, 1.5x GPU memory size, and 1.5x GPU TFLOPS (at FP4, without sparsity) compared to P6-B200 instances, making them well suited to train and deploy large trillion-parameter foundation models (FMs) and large language models (LLMs) with sophisticated techniques. The higher networking and larger memory deliver faster training times and more token throughput for AI workloads. P6-B300 instances are now available in p6-b300.48xlarge size in the following AWS Regions: US West (Oregon) and AWS GovCloud (US-East). To learn more about P6-B300 instances, visit Amazon EC2 P6 instances .

Date not specified

Amazon Quick introduces Sheet Tooltips for Enhanced Data Exploration

Quick Sight in Amazon Quick now supports sheet tooltips, enabling authors to surface rich, contextual detail when viewers hover over data points — without disrupting their analysis flow. Sheet tooltips allow authors to create dedicated tooltip sheets containing visuals, text boxes, and images arranged in a free-form layout. When a viewer hovers over a data point, the tooltip sheet automatically inherits all filters from the source visual and applies an additional filter for the specific data point, delivering an instant, focused breakdown. This enhancement helps organizations build more intuitive dashboards that reduce the need for multiple sheets or manual navigation. For example, a bar chart showing sales by product category can surface a trend line of monthly sales, a year-over-year growth KPI, and a text box with the category name — all filtered to whichever category the viewer hovers over. Authors can assign one tooltip sheet to multiple visuals, switch between basic, detailed, and sheet tooltip types at any time, and tables and pivot tables are also supported. Sheet tooltips are available on interactive sheets only. This feature is now available in all Amazon Quick regions where Quick Sight is supported. Learn more about how to use sheet tooltips in Amazon Quick and read more about this new feature in our blog post .

Date not specified

AWS Payment Cryptography now available in São Paulo, South America

AWS Payment Cryptography has expanded its global presence with availability in South America (São Paulo). This expansion enables customers with latency-sensitive payment applications to build, deploy or migrate into additional AWS Regions without depending on cross-region support. AWS Payment Cryptography is a fully managed service that simplifies payment-specific cryptographic operations and key management for cloud-hosted payment applications. The service scales elastically with your business needs and is assessed as compliant with PCI PIN and PCI P2PE requirements, eliminating the need to maintain dedicated payment HSM instances. Organizations performing payment functions - including acquirers, payment facilitators, networks, switches, processors, and banks can now position their payment cryptographic operations closer to their applications while reducing dependencies on auxiliary data centers with dedicated payment HSMs. AWS Payment Cryptography is available in the following AWS Regions: Canada (Montreal), US East (Ohio, N. Virginia), US West (Oregon), Europe (Ireland, Frankfurt, London, Paris), South America (São Paulo), Africa (Cape Town) and Asia Pacific (Singapore, Tokyo, Osaka, Mumbai, Hyderabad). To start using the service, please download the latest AWS CLI/SDK and see the AWS Payment Cryptography user guide for more information.

Date not specified

Amazon Quick now supports multi-account sign-in

Today, AWS announces multi-session support for Amazon Quick, which enables customers to access up to five Amazon Quick accounts simultaneously within the same browser. The feature also includes the Amazon Quick account name in all URLs, enabling users to easily access the correct account when opening agents, spaces, flows, research reports, dashboards, and other assets. Customers use multiple accounts for different environments such as development, testing, and production, and compare insights and resource configurations across multiple accounts for troubleshooting and other application-related jobs. Using multi-session capability in Amazon Quick, customers can now sign in to multiple accounts and manage their resources in a single browser. You can sign in to another account by accessing the Amazon Quick top right menu and selecting the option to sign in to another account. For users accessing global URLs without an account name, Amazon Quick presents an account input page that pre-populates the accounts they are logged into, allowing them to select the desired account. You have the option to log out of the current session in the specific browser tab or log out of all sessions. Amazon Quick multi-account sign-in is available in all supported Amazon Quick regions . To learn more about this, visit Amazon Quick Signing In

Date not specified

AWS launches EC2 C8in and C8ib instances with Intel Xeon Scalable processors

AWS is announcing the general availability of Amazon EC2 C8in and C8ib instances powered by custom, sixth generation Intel Xeon Scalable processors, available only on AWS. These instances feature the latest sixth generation AWS Nitro cards. C8in and C8ib instances deliver up to 43% higher performance compared to previous generation C6in instances. C8in and C8ib instances deliver larger sizes and scale up to 384 vCPUs. C8in instances deliver 600 Gbps network bandwidth—the highest among enhanced networking EC2 instances—making them ideal for network-intensive workloads like distributed compute and large-scale data analytics. C8ib instances deliver up to 300 Gbps EBS bandwidth, the highest among non-accelerated compute instances, making them ideal for high-performance commercial databases and file systems. C8in instances are available in US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo), and Europe (Spain) regions. C8ib instances are available in US East (N. Virginia) and US West (Oregon). Both, C8in and C8ib instances are available via Savings Plans, On-Demand, and Spot instances. For more information, visit the Amazon EC2 C8i instance page .

Date not specified

Amazon FSx for Lustre Persistent-2 available in 4 new AWS Regions

You can now create Amazon FSx for Lustre Persistent-2 file systems in four additional AWS Regions: Asia Pacific (Hyderabad, Jakarta), Europe (Zurich), and South America (São Paulo). Amazon FSx for Lustre Persistent-2 file systems are built on AWS Graviton processors and provide higher throughput per terabyte (up to 1 GB/s per terabyte) and lower cost of throughput compared to previous generation FSx for Lustre file systems. Using FSx for Lustre Persistent-2 file systems, you can accelerate execution of machine learning, high-performance computing, media & entertainment, and financial simulations workloads while reducing your cost of storage. To get started with Amazon FSx for Lustre Persistent-2 in these new regions, create a file system through the AWS Management Console . To learn more about Amazon FSx for Lustre, visit our product pag e , and see the AWS Region Table for complete regional availability information.

Date not specified

Amazon WorkSpaces Personal and Core now available in US East (Ohio) and Asia Pacific (Malaysia)

Amazon WorkSpaces Personal and Amazon WorkSpaces Core are now available in US East (Ohio) and Asia Pacific (Malaysia) AWS Regions. You can now provision WorkSpaces closer to your users, helping to provide in-country data residency and a more responsive experience. In US East (Ohio), organizations can also now implement disaster recovery solutions, meet local data residency compliance mandates, and support regional workforces with consistent, low-latency access to their virtual desktop environments across varying network conditions. Amazon WorkSpaces Personal provides users with instant access to their desktops from anywhere. It allows users to stream desktops from AWS to their devices, and WorkSpaces Personal manages the AWS resources required to host and run your desktops, scales automatically, and provides access to your users on demand. Amazon WorkSpaces Core provides cloud-based, fully managed virtual desktop infrastructure (VDI) accessible to third-party VDI management solutions via API. To get started with Amazon WorkSpaces Personal or Amazon WorkSpaces Core, sign into the WorkSpaces management console and select the AWS Region of your choice. To learn more about Amazon WorkSpaces offerings, visit the product page and technical documentation .

Date not specified

AWS Elastic Disaster Recovery now in AWS European Sovereign Cloud (Germany)

AWS Elastic Disaster Recovery (AWS DRS) is now available in the AWS European Sovereign Cloud, enabling organizations with data sovereignty requirements to protect their mission-critical workloads with disaster recovery on AWS. AWS DRS minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery, with Recovery Point Objectives (RPOs) measured in seconds and Recovery Time Objectives (RTOs) typically in minutes. With AWS DRS, you can recover applications from physical infrastructure, VMware vSphere, Microsoft Hyper-V, and cloud infrastructure. AWS DRS uses a unified process for testing, recovery, and failback for a wide range of applications, including critical databases such as Oracle, MySQL, and SQL Server, and enterprise applications such as SAP. AWS Elastic Disaster Recovery is available in the AWS European Sovereign Cloud (Germany). See the AWS Regional Services List for the latest availability information. To learn more about AWS Elastic Disaster Recovery, visit our product page or documentation .

Date not specified

Amazon CloudWatch: Cross-Region Telemetry Auditing & Enablement Rules

Amazon CloudWatch now supports auditing telemetry configuration and enabling telemetry from AWS services such as Amazon EC2, Amazon VPC, and AWS CloudTrail across multiple AWS Regions from a single region. Customers can enable the telemetry auditing feature for their account or organization across all supported regions at once and create enablement rules that automatically apply to selected regions or all available regions. With today's launch, customers can scope enablement rules to specific regions or all supported regions. For example, a central security team can create a single organization-wide enablement rule for VPC Flow Logs that applies across all regions, ensuring consistent telemetry collection for every VPC across every account. Rules configured for all regions automatically expand to include new regions as they become available. CloudWatch's cross-region telemetry configuration and enablement rule is available in all AWS commercial regions. Standard CloudWatch pricing applies for telemetry ingestion. To learn more, visit the Amazon CloudWatch documentation .

Date not specified

Amazon CloudWatch RUM now available in AWS European Sovereign Cloud

Amazon CloudWatch RUM (Real User Monitoring) is a feature of Amazon CloudWatch that enables developers and operations teams to collect, view, and analyze client-side performance data from real end-user sessions in web and mobile applications. With its expansion to the AWS European Sovereign Cloud, customers operating under strict European data residency and sovereignty requirements can now monitor their web application performance without data leaving the sovereign boundary. This capability is designed for enterprises, public sector organizations, and regulated industries in Europe that require full control over where their data is stored and processed. CloudWatch RUM helps teams proactively identify and resolve performance bottlenecks across both web and mobile applications by surfacing real-time metrics such as page load times, JavaScript errors, HTTP failures, and mobile-specific signals like crash rates and network latency — enabling faster root cause analysis and improved end-user experience. For example, a European public sector organization can use CloudWatch RUM within the AWS European Sovereign Cloud to monitor citizen-facing web portals and mobile apps while maintaining full data sovereignty compliance. CloudWatch RUM in the AWS European Sovereign Cloud is available today in the EU Sovereign (eusc-de-east-1) region — to get started, visit the Amazon CloudWatch RUM documentation .

Date not specified

Amazon Verified Permissions adds policy store aliases and named policies support

Verified Permissions now supports policy store aliases, named policies, and policy templates for more flexible authorization management.

Date not specified

Amazon SageMaker Unified Studio adds notebook import/export and acceleration features

SageMaker Unified Studio introduces notebook import/export functionality and developer acceleration features for improved workflow efficiency.

Date not specified

AWS Cost Explorer adds Natural Language Query powered by Amazon Q

Cost Explorer now supports natural language queries powered by Amazon Q, enabling users to analyze costs using conversational AI instead of traditional query interfaces.

Date not specified

Amazon introduces EMR Spark troubleshooting agents as Kiro powers

Apache Spark troubleshooting and upgrade agents are now available as Kiro powers, providing AI-powered assistance for EMR Spark operations.

Date not specified

SageMaker Data Agent adds charting and materialized view support

Amazon SageMaker Data Agent now includes charting capabilities and support for materialized views, enhancing data analysis and visualization features.

Date not specified

Amazon Bedrock Guardrails cross-account safeguards GA

Cross-account safeguards feature in Amazon Bedrock Guardrails is now generally available, enabling security policies to be applied across AWS accounts for AI model outputs.

Date not specified

CloudWatch expands auto-enablement to CloudFront and 3 additional resources

CloudWatch now auto-enables logging for Amazon CloudFront and 3 additional resource types, reducing manual configuration requirements.

Date not specified

Amazon Lightsail launches compute-optimized instance bundles (U7i instances in Singapore)

New compute-optimized instance bundles available for Amazon Lightsail, providing improved performance options for compute-intensive applications.

Date not specified