AWS Marketplace now provides streamlined Private Marketplace management within the AWS Marketplace console. Administrators can create and manage custom Private Marketplace experiences, controlling what products can be procured from AWS Marketplace by users in their organization. These customized Private Marketplace experiences can be tailored for an entire organization, specific organizational units (OUs), or individual accounts providing flexible control over software procurement.

In addition to availability in the AWS Marketplace console, Private Marketplace has been updated to include an improved configuration and management experience that reduces setup time, improves visibility, and streamlines administration. Administrators can utilize a multi-step wizard for creating Private Marketplace experiences, and an enhanced wizard for bulk product approvals. All Private Marketplace management actions can be tracked through a new dedicated change sets page, providing real-time visibility and a comprehensive audit trail. With this launch, Private Marketplace also includes support for multiple languages.

To learn more about Private Marketplace, visit the Private Marketplace overview page. To get started, access the Private Marketplace buyer guide.
 

 

​AWS Marketplace now provides streamlined Private Marketplace management within the AWS Marketplace console. Administrators can create and manage custom Private Marketplace experiences, controlling what products can be procured from AWS Marketplace by users in their organization. These customized Private Marketplace experiences can be tailored for an entire organization, specific organizational units (OUs), or individual accounts providing flexible control over software procurement. In addition to availability in the AWS Marketplace console, Private Marketplace has been updated to include an improved configuration and management experience that reduces setup time, improves visibility, and streamlines administration. Administrators can utilize a multi-step wizard for creating Private Marketplace experiences, and an enhanced wizard for bulk product approvals. All Private Marketplace management actions can be tracked through a new dedicated change sets page, providing real-time visibility and a comprehensive audit trail. With this launch, Private Marketplace also includes support for multiple languages. To learn more about Private Marketplace, visit the Private Marketplace overview page. To get started, access the Private Marketplace buyer guide.    

Today, we are excited to announce support for service-linked AWS Config rules in AWS Control Towers detective controls. A service-linked AWS Config rule is managed entirely by AWS services and cannot be edited or deleted by users. To maintain consistency, prevent configuration drift, and simplify user experience, you can only update these rules through AWS Control Tower.

With this release, AWS Control Tower now deploys service-linked Config rules directly in managed accounts, replacing the previous AWS CloudFormation StackSets deployment method. This change delivers substantial improvements to deployment speed, significantly reducing the time required to enable service-linked Config rules across multiple AWS Control Tower managed accounts and regions. Additionally, these service-linked Config rules are designed to ensure consistent governance of your resources through detective controls by preventing unintentional configuration drift.

AWS Control Towers Config rules detect resource noncompliance within your accounts, such as policy violations, and provide alerts through the dashboard. You can deploy AWS Control Tower controls via the console or using AWS Control Tower control APIs. For a complete list of supported AWS Regions, please refer to the AWS Region Table.

 

​Today, we are excited to announce support for service-linked AWS Config rules in AWS Control Towers detective controls. A service-linked AWS Config rule is managed entirely by AWS services and cannot be edited or deleted by users. To maintain consistency, prevent configuration drift, and simplify user experience, you can only update these rules through AWS Control Tower. With this release, AWS Control Tower now deploys service-linked Config rules directly in managed accounts, replacing the previous AWS CloudFormation StackSets deployment method. This change delivers substantial improvements to deployment speed, significantly reducing the time required to enable service-linked Config rules across multiple AWS Control Tower managed accounts and regions. Additionally, these service-linked Config rules are designed to ensure consistent governance of your resources through detective controls by preventing unintentional configuration drift. AWS Control Towers Config rules detect resource noncompliance within your accounts, such as policy violations, and provide alerts through the dashboard. You can deploy AWS Control Tower controls via the console or using AWS Control Tower control APIs. For a complete list of supported AWS Regions, please refer to the AWS Region Table.  

Amazon EKS Pod Identity now provides a simplified experience for configuring application permissions to access AWS resources in separate accounts. With enhancements to EKS Pod Identity APIs, you can now seamlessly configure access to resources across AWS accounts by providing the resource account’s IAM details during the creation of the Pod Identity association. Your applications running in the EKS cluster automatically receive the required AWS credentials during runtime without requiring any code changes.

EKS Pod Identity enables applications in your EKS cluster to access AWS resources across accounts through a process called IAM role chaining. When creating a Pod Identity association, you can provide two IAM roles — an EKS Pod Identity role in the same account as your EKS cluster and a target IAM role from the account containing your AWS resources (like S3 buckets or DynamoDB tables). When your application pod needs to access AWS resources, it requests credentials from the EKS Pod Identity, which automatically assumes the roles through IAM role chaining to provide your pod with the necessary cross-account temporary credentials.

This feature is available in all AWS Regions where Amazon EKS is available. To learn more, see Access AWS Resources using EKS Pod Identity Target IAM Roles.

 

​Amazon EKS Pod Identity now provides a simplified experience for configuring application permissions to access AWS resources in separate accounts. With enhancements to EKS Pod Identity APIs, you can now seamlessly configure access to resources across AWS accounts by providing the resource account’s IAM details during the creation of the Pod Identity association. Your applications running in the EKS cluster automatically receive the required AWS credentials during runtime without requiring any code changes. EKS Pod Identity enables applications in your EKS cluster to access AWS resources across accounts through a process called IAM role chaining. When creating a Pod Identity association, you can provide two IAM roles — an EKS Pod Identity role in the same account as your EKS cluster and a target IAM role from the account containing your AWS resources (like S3 buckets or DynamoDB tables). When your application pod needs to access AWS resources, it requests credentials from the EKS Pod Identity, which automatically assumes the roles through IAM role chaining to provide your pod with the necessary cross-account temporary credentials. This feature is available in all AWS Regions where Amazon EKS is available. To learn more, see Access AWS Resources using EKS Pod Identity Target IAM Roles.  

AWS announces the general availability for Security Group (SG) Referencing and enhanced Domain Name System (DNS) support across Amazon Virtual Private Clouds (VPCs) connected by AWS Cloud WAN. With SG Referencing, customers can simplify management of Security Groups and gain a better security posture for cross-VPC connectivity via Cloud WAN. With enhanced DNS support, customers can enable the resolution of public DNS hostnames to private IP addresses for DNS queries from VPCs attached to Cloud WAN.

Customers can configure Security Groups by specifying a list of rules that allow network traffic based on criteria such as IP addresses, Prefix-Lists, Ports and SG references. Until now, customers were not able to use SG references for controlling traffic between VPCs connected via Cloud WAN. SG Referencing allows customers to specify other SGs as references, or matching criterion in inbound security rules to allow instance-to-instance traffic. With this capability, customers do not need to reconfigure security rules as applications scale up or down or if their IP addresses change. Rules with SG references also provide higher scale as a single rule can cover thousands of instances and prevents customers from over-running SG rule limits. Both SG Referencing and enhanced DNS support are regional features on Cloud WAN, meaning VPCs must be connected to the same Core network edge (CNE) for these features to work.

Security Group Referencing and enhanced DNS support on Cloud WAN are available in all AWS Regions where Cloud WAN is available. You can enable these features using the AWS Management Console, AWS Command Line Interface (CLI) and the AWS Software Development Kit (SDK). There is no additional charge for enabling SG Referencing or DNS support on Cloud WAN. For more information, see the AWS Cloud WAN documentation pages.

 

​AWS announces the general availability for Security Group (SG) Referencing and enhanced Domain Name System (DNS) support across Amazon Virtual Private Clouds (VPCs) connected by AWS Cloud WAN. With SG Referencing, customers can simplify management of Security Groups and gain a better security posture for cross-VPC connectivity via Cloud WAN. With enhanced DNS support, customers can enable the resolution of public DNS hostnames to private IP addresses for DNS queries from VPCs attached to Cloud WAN. Customers can configure Security Groups by specifying a list of rules that allow network traffic based on criteria such as IP addresses, Prefix-Lists, Ports and SG references. Until now, customers were not able to use SG references for controlling traffic between VPCs connected via Cloud WAN. SG Referencing allows customers to specify other SGs as references, or matching criterion in inbound security rules to allow instance-to-instance traffic. With this capability, customers do not need to reconfigure security rules as applications scale up or down or if their IP addresses change. Rules with SG references also provide higher scale as a single rule can cover thousands of instances and prevents customers from over-running SG rule limits. Both SG Referencing and enhanced DNS support are regional features on Cloud WAN, meaning VPCs must be connected to the same Core network edge (CNE) for these features to work. Security Group Referencing and enhanced DNS support on Cloud WAN are available in all AWS Regions where Cloud WAN is available. You can enable these features using the AWS Management Console, AWS Command Line Interface (CLI) and the AWS Software Development Kit (SDK). There is no additional charge for enabling SG Referencing or DNS support on Cloud WAN. For more information, see the AWS Cloud WAN documentation pages.  

Today, AWS announces an enhancement to Amazon S3 DeleteObjects API logging in AWS CloudTrail, bringing additional visibility into the bulk delete operations to help you better protect and monitor the usage of your Amazon S3 buckets.

Amazon S3’s DeleteObjects API enables bulk object deletion in a single operation and serves as the default method for console-based deletions.

Earlier, when you deleted multiple S3 objects using the DeleteObjects API call, CloudTrail logged the DeleteObjects API call as a single event, giving you the visibility on who initiated the call and on which bucket. However, this event does not contain information on what objects were included or successfully deleted. With this update, CloudTrail will provide granular visibility by logging:

1. The overall DeleteObjects API call event (as before)
2. Individual DeleteObject events for each object included in the bulk delete request (new)

This enhancement provides visibility into the individual S3 objects that were deleted as part of bulk delete request. These detailed records strengthen your security posture and support your compliance requirements with more complete information about deletion activities in your S3 buckets. You can also use advanced events selectors to log only the most relevant data events for your use case. To learn how to use advanced event selectors to exclude these additional DeleteObject data events, review our documentation.

 

​Today, AWS announces an enhancement to Amazon S3 DeleteObjects API logging in AWS CloudTrail, bringing additional visibility into the bulk delete operations to help you better protect and monitor the usage of your Amazon S3 buckets. Amazon S3’s DeleteObjects API enables bulk object deletion in a single operation and serves as the default method for console-based deletions. Earlier, when you deleted multiple S3 objects using the DeleteObjects API call, CloudTrail logged the DeleteObjects API call as a single event, giving you the visibility on who initiated the call and on which bucket. However, this event does not contain information on what objects were included or successfully deleted. With this update, CloudTrail will provide granular visibility by logging:

The overall DeleteObjects API call event (as before)
Individual DeleteObject events for each object included in the bulk delete request (new)

This enhancement provides visibility into the individual S3 objects that were deleted as part of bulk delete request. These detailed records strengthen your security posture and support your compliance requirements with more complete information about deletion activities in your S3 buckets. You can also use advanced events selectors to log only the most relevant data events for your use case. To learn how to use advanced event selectors to exclude these additional DeleteObject data events, review our documentation.  

Amazon Bedrock Custom Model Import now supports Qwen models. You can now import custom weights for Qwen-based architectures, including models like Qwen 2.5 Coder, Qwen 2.5 VL, and QwQ 32B. This enables you to bring your own customized Qwen models into Bedrock and deploy them in a fully managed, serverless environment—without having to manage infrastructure or model serving.

Qwen models are known for their strong performance across a wide range of modalities and tasks. Qwen 2.5 Coder is optimized for code generation and understanding, making it well-suited for tasks like code completion, bug fixing, and code translation. Qwen 2.5 VL is a multimodal model capable of both text and vision tasks such as visual question answering, image captioning, and document analysis. QwQ 32B, excels in complex reasoning tasks and achieving performance comparable to larger models while being more efficient.

You can get started by importing your custom Qwen model in the custom models page of the Amazon Bedrock console or by referring to this guide. To see what all architectures are supported visit the documentation page. Amazon Bedrock Custom Model Import is generally available in the US-East (N. Virginia), US-West (Oregon), and Europe (Frankfurt) AWS regions.

 

​Amazon Bedrock Custom Model Import now supports Qwen models. You can now import custom weights for Qwen-based architectures, including models like Qwen 2.5 Coder, Qwen 2.5 VL, and QwQ 32B. This enables you to bring your own customized Qwen models into Bedrock and deploy them in a fully managed, serverless environment—without having to manage infrastructure or model serving. Qwen models are known for their strong performance across a wide range of modalities and tasks. Qwen 2.5 Coder is optimized for code generation and understanding, making it well-suited for tasks like code completion, bug fixing, and code translation. Qwen 2.5 VL is a multimodal model capable of both text and vision tasks such as visual question answering, image captioning, and document analysis. QwQ 32B, excels in complex reasoning tasks and achieving performance comparable to larger models while being more efficient. You can get started by importing your custom Qwen model in the custom models page of the Amazon Bedrock console or by referring to this guide. To see what all architectures are supported visit the documentation page. Amazon Bedrock Custom Model Import is generally available in the US-East (N. Virginia), US-West (Oregon), and Europe (Frankfurt) AWS regions.  

Amazon S3 adds S3 Tables storage cost information for individual tables in AWS Cost Explorer and AWS Cost and Usage Reports (AWS CUR). You can now track and analyze all S3 Tables costs, including storage, API requests, and maintenance operations for each table in your data lake. This helps you to make decisions about resource optimization and to attribute costs to specific projects and business units.

To view your S3 Tables storage cost at the table level, enable resource-level data in your cost management preferences, then access table-level cost data through AWS Cost Explorer. For more comprehensive cost and usage data, configure AWS CUR to show resource-level details, then set up daily reports to be sent to your specified S3 bucket.

This enhanced cost visibility for S3 Tables is rolling out in the coming weeks in all AWS Regions where S3 Tables are available, at no additional charge. To learn more, visit the product page and documentation.
 

 

​Amazon S3 adds S3 Tables storage cost information for individual tables in AWS Cost Explorer and AWS Cost and Usage Reports (AWS CUR). You can now track and analyze all S3 Tables costs, including storage, API requests, and maintenance operations for each table in your data lake. This helps you to make decisions about resource optimization and to attribute costs to specific projects and business units. To view your S3 Tables storage cost at the table level, enable resource-level data in your cost management preferences, then access table-level cost data through AWS Cost Explorer. For more comprehensive cost and usage data, configure AWS CUR to show resource-level details, then set up daily reports to be sent to your specified S3 bucket. This enhanced cost visibility for S3 Tables is rolling out in the coming weeks in all AWS Regions where S3 Tables are available, at no additional charge. To learn more, visit the product page and documentation.    

Amazon Q Developer now allows users with AWS Builder IDs to upgrade to the Pro Tier, giving them higher usage limits in their IDEs and on the command line interface. See here for Amazon Q Developer pricing and usage limit information.

AWS Builder IDs enable developers using free tier to leverage Amazon Q Developer’s agentic capabilities for code generation, analysis, and problem-solving directly within their development environments. With this update, free tier users can now upgrade to the Amazon Q Developer Pro tier to get additional usage without requiring any additional configuration or management. As users reach free tier limits for Amazon Q Developer, they will be prompted to subscribe to the Pro tier by connecting their AWS account. Users can then connect their Builder ID in the Amazon Q Developer console, and sign up for Pro tier subscription.

Amazon Q Developer Pro tier upgrades for Builder ID are currently available in all regions where Amazon Q Developer is supported. To learn more about using Builder IDs with Amazon Q Developer, including detailed information on limitations and upgrade options, visit the Amazon Q Developer documentation. Get started today by signing up for a free Builder ID and installing Amazon Q in your preferred IDE or command line interface.

 

​Amazon Q Developer now allows users with AWS Builder IDs to upgrade to the Pro Tier, giving them higher usage limits in their IDEs and on the command line interface. See here for Amazon Q Developer pricing and usage limit information. AWS Builder IDs enable developers using free tier to leverage Amazon Q Developer’s agentic capabilities for code generation, analysis, and problem-solving directly within their development environments. With this update, free tier users can now upgrade to the Amazon Q Developer Pro tier to get additional usage without requiring any additional configuration or management. As users reach free tier limits for Amazon Q Developer, they will be prompted to subscribe to the Pro tier by connecting their AWS account. Users can then connect their Builder ID in the Amazon Q Developer console, and sign up for Pro tier subscription. Amazon Q Developer Pro tier upgrades for Builder ID are currently available in all regions where Amazon Q Developer is supported. To learn more about using Builder IDs with Amazon Q Developer, including detailed information on limitations and upgrade options, visit the Amazon Q Developer documentation. Get started today by signing up for a free Builder ID and installing Amazon Q in your preferred IDE or command line interface.  

Amazon Relational Database Service (RDS) for DB2 now supports cross-region standby replicas, a new feature that helps customers reduce database down time during disaster recovery. In situations where a database in a region becomes unavailable, customers can immediately promote a standby replica in a different region to resume operations, and do not have to wait until a database backup is restored.

To use the feature, customers simply configure their RDS for DB2 database instance to maintain a standby replica in another AWS region. RDS automatically replicates changes asynchronously from the primary instance to the standby replica. In situations where the primary database instance becomes unavailable, customers can promote the standby replica to primary, and resume read and write operations. Customers can create up to three standby replicas for a database instance. Since standby replicas are not operable until promoted, customers need commercial database licenses for only two vCPUs per replica, regardless of the number of vCPUs on the instance. Customers can use either Bring Your Own License (BYOL) or Marketplace licensing models to use Amazon RDS for DB2 with standby replicas.

To learn more, refer to Amazon RDS for Db2 documentation and pricing pages.

 

​Amazon Relational Database Service (RDS) for DB2 now supports cross-region standby replicas, a new feature that helps customers reduce database down time during disaster recovery. In situations where a database in a region becomes unavailable, customers can immediately promote a standby replica in a different region to resume operations, and do not have to wait until a database backup is restored. To use the feature, customers simply configure their RDS for DB2 database instance to maintain a standby replica in another AWS region. RDS automatically replicates changes asynchronously from the primary instance to the standby replica. In situations where the primary database instance becomes unavailable, customers can promote the standby replica to primary, and resume read and write operations. Customers can create up to three standby replicas for a database instance. Since standby replicas are not operable until promoted, customers need commercial database licenses for only two vCPUs per replica, regardless of the number of vCPUs on the instance. Customers can use either Bring Your Own License (BYOL) or Marketplace licensing models to use Amazon RDS for DB2 with standby replicas. To learn more, refer to Amazon RDS for Db2 documentation and pricing pages.  

Today, AWS extended the availability of the AWS Financing program to help all US customers simplify and accelerate their AWS Marketplace software purchases directly through the AWS Billing and Cost Management console. US customers can now apply for, utilize, and manage financing within the console for AWS Marketplace software purchases.

The AWS Marketplace Financing program provides customers with a seamless experience to search for and apply for financing, while buying third-party software on AWS Marketplace, all while managing billing and payment within the AWS Console. The AWS Financing program gives you the flexibility to better manage your cash flow by spreading payments over time, while only paying financing cost on what you use. With thousands of software products available in AWS Marketplace, this financing program enables you to finance purchases ranging from $10,000 – $100,000,000, subject to credit approval. With near real-time decisions for loans up to $350,000, approved customers can finance AWS Marketplace software purchases with contract terms of at least 12 months. Financing can be applied to a variety of purchases from multiple AWS Marketplace sellers, giving you more flexibility across your software portfolio.

This financing program is available in the AWS Billing and Cost Management console for AWS Marketplace customers in the US, excluding NV, NC, ND, TN, & VT.

To learn more about financing options for AWS Marketplace purchases and details about the AWS Financing program, visit the AWS Marketplace financing page.

 

​Today, AWS extended the availability of the AWS Financing program to help all US customers simplify and accelerate their AWS Marketplace software purchases directly through the AWS Billing and Cost Management console. US customers can now apply for, utilize, and manage financing within the console for AWS Marketplace software purchases. The AWS Marketplace Financing program provides customers with a seamless experience to search for and apply for financing, while buying third-party software on AWS Marketplace, all while managing billing and payment within the AWS Console. The AWS Financing program gives you the flexibility to better manage your cash flow by spreading payments over time, while only paying financing cost on what you use. With thousands of software products available in AWS Marketplace, this financing program enables you to finance purchases ranging from $10,000 – $100,000,000, subject to credit approval. With near real-time decisions for loans up to $350,000, approved customers can finance AWS Marketplace software purchases with contract terms of at least 12 months. Financing can be applied to a variety of purchases from multiple AWS Marketplace sellers, giving you more flexibility across your software portfolio. This financing program is available in the AWS Billing and Cost Management console for AWS Marketplace customers in the US, excluding NV, NC, ND, TN, & VT. To learn more about financing options for AWS Marketplace purchases and details about the AWS Financing program, visit the AWS Marketplace financing page.