Amazon CloudWatch Logs now supports log events up to 1 MB in size, a 4x increase from the previous 256 KB limit. This enhancement applies to the CloudWatch Logs PutLogEvents API and OpenTelemetry Protocol (OTLP) endpoint.

Customers can now capture richer log data while maintaining data integrity, eliminating the need to truncate large events or split them across multiple entries. It is especially valuable for use cases such as stack traces, debug outputs, and detailed application and security audit logs, enabling simplified troubleshooting, enhanced security audit capabilities, and better visibility into application behavior.

The increased limit is automatically available in all AWS Regions where CloudWatch Logs is available, including the AWS GovCloud (US) Regions. For more information, visit the CloudWatch Logs documentation.
 

 

​Amazon CloudWatch Logs now supports log events up to 1 MB in size, a 4x increase from the previous 256 KB limit. This enhancement applies to the CloudWatch Logs PutLogEvents API and OpenTelemetry Protocol (OTLP) endpoint. Customers can now capture richer log data while maintaining data integrity, eliminating the need to truncate large events or split them across multiple entries. It is especially valuable for use cases such as stack traces, debug outputs, and detailed application and security audit logs, enabling simplified troubleshooting, enhanced security audit capabilities, and better visibility into application behavior. The increased limit is automatically available in all AWS Regions where CloudWatch Logs is available, including the AWS GovCloud (US) Regions. For more information, visit the CloudWatch Logs documentation.    

Amazon Web Services (AWS) announces the general availability of the AWS Cloud Development Kit (AWS CDK) L2 construct for Amazon Cognito Identity Pools. This library enables developers to programmatically define and deploy Identity Pool resources using familiar programming languages, making it easier to grant users secure access to AWS services in their applications.

With this construct library, you can define Identity Pools as infrastructure as code, configure authentication providers like Amazon Cognito User Pools, social identity providers (Facebook, Google, Apple, Amazon), and SAML 2.0 providers. The library helps you implement security best practices by default and reduces the complexity of managing authentication and authorization for your web and mobile applications.

The AWS CDK construct library for Amazon Cognito Identity Pools is available in all AWS Regions where Amazon Cognito is available.

To get started, visit the following resources:

• Amazon Cognito Identity Pools documentation
• AWS CDK API Reference

 

​Amazon Web Services (AWS) announces the general availability of the AWS Cloud Development Kit (AWS CDK) L2 construct for Amazon Cognito Identity Pools. This library enables developers to programmatically define and deploy Identity Pool resources using familiar programming languages, making it easier to grant users secure access to AWS services in their applications. With this construct library, you can define Identity Pools as infrastructure as code, configure authentication providers like Amazon Cognito User Pools, social identity providers (Facebook, Google, Apple, Amazon), and SAML 2.0 providers. The library helps you implement security best practices by default and reduces the complexity of managing authentication and authorization for your web and mobile applications. The AWS CDK construct library for Amazon Cognito Identity Pools is available in all AWS Regions where Amazon Cognito is available. To get started, visit the following resources:

Amazon Cognito Identity Pools documentation
AWS CDK API Reference  

Amazon Web Services (AWS) announces the general availability of the AWS Cloud Development Kit (AWS CDK) L2 construct library for Amazon EventBridge Scheduler. This construct library allows developers to programmatically create, configure, and manage scheduled tasks using infrastructure as code with their preferred programming language, simplifying the process of building event-driven applications.

The EventBridge Scheduler construct library enables you to define schedules using cron or rate expressions, configure target destinations including AWS Lambda functions, Amazon SQS queues, and other AWS services, and manage execution windows and retry policies. Developers can now leverage type-safe programming languages to define their scheduling infrastructure, improving code maintainability and reducing configuration errors.

The AWS CDK construct library for Amazon EventBridge Scheduler is available in all AWS Regions where Amazon EventBridge Scheduler is available.

To get started, visit the following resources:

• Amazon EventBridge Scheduler documentation
• AWS CDK API Reference for EventBridge Scheduler
• AWS CDK Developer Guide

 

​Amazon Web Services (AWS) announces the general availability of the AWS Cloud Development Kit (AWS CDK) L2 construct library for Amazon EventBridge Scheduler. This construct library allows developers to programmatically create, configure, and manage scheduled tasks using infrastructure as code with their preferred programming language, simplifying the process of building event-driven applications. The EventBridge Scheduler construct library enables you to define schedules using cron or rate expressions, configure target destinations including AWS Lambda functions, Amazon SQS queues, and other AWS services, and manage execution windows and retry policies. Developers can now leverage type-safe programming languages to define their scheduling infrastructure, improving code maintainability and reducing configuration errors. The AWS CDK construct library for Amazon EventBridge Scheduler is available in all AWS Regions where Amazon EventBridge Scheduler is available. To get started, visit the following resources:

Amazon EventBridge Scheduler documentation
AWS CDK API Reference for EventBridge Scheduler
AWS CDK Developer Guide  

In November 2024, CloudFront Functions introduced origin modifications, allowing you to conditionally change origin servers on each request. Starting today, you can now use this capability with VPC Origins and origin groups, enabling you to create even more sophisticated routing policies for your applications delivered from CloudFront.

You can now create dynamic routing policies that direct individual requests between any origin, including VPC Origins, by simply providing the ID for the origin. For example, you can automatically route each request to different applications by creating weights to send a certain percentage of traffic to multiple backend services, all without updating your distribution configuration. You can also create new origin groups dynamically, with the ability to set multiple origins with failover criteria. For example, you can create custom failover logic to update the primary and failover origins based on viewer location or request headers to ensure viewers have the lowest possible latency.

These features are now available within CloudFront Functions at no additional charge. For more information, see the CloudFront Developer Guide. For examples of how to use origin modification, see our GitHub examples repository.
 

 

​In November 2024, CloudFront Functions introduced origin modifications, allowing you to conditionally change origin servers on each request. Starting today, you can now use this capability with VPC Origins and origin groups, enabling you to create even more sophisticated routing policies for your applications delivered from CloudFront. You can now create dynamic routing policies that direct individual requests between any origin, including VPC Origins, by simply providing the ID for the origin. For example, you can automatically route each request to different applications by creating weights to send a certain percentage of traffic to multiple backend services, all without updating your distribution configuration. You can also create new origin groups dynamically, with the ability to set multiple origins with failover criteria. For example, you can create custom failover logic to update the primary and failover origins based on viewer location or request headers to ensure viewers have the lowest possible latency. These features are now available within CloudFront Functions at no additional charge. For more information, see the CloudFront Developer Guide. For examples of how to use origin modification, see our GitHub examples repository.    

Amazon OpenSearch Ingestion now supports enhanced autoscaling capabilities, allowing pipelines to scale dynamically based on additional parameters, including Amazon SQS queue size, persistent buffer lag, and the number of incoming HTTP connections. These enhancements improves upon the existing scaling mechanism, which previously relied only on memory and CPU utilization, providing a more comprehensive and responsive scaling mechanism for your data ingestion workloads.

With these improvements, customers can build more resilient and efficient data ingestion pipelines that automatically adapt to varying workloads. The new autoscaling parameters help optimize resource utilization, reduce ingestion bottlenecks, and improve overall pipeline performance, making it easier to handle high-throughput data streams for log analytics, observability, and security analytics use cases.

The enhanced autoscaling capabilities are now available in all AWS Regions where Amazon OpenSearch Ingestion is currently offered. You can take advantage of these improvements by updating your existing pipelines or creating new pipelines through the Amazon OpenSearch Service console or APIs at no additional cost.

To learn more, see the Amazon OpenSearch Ingestion webpage and the Amazon OpenSearch Service Developer Guide.

 

​Amazon OpenSearch Ingestion now supports enhanced autoscaling capabilities, allowing pipelines to scale dynamically based on additional parameters, including Amazon SQS queue size, persistent buffer lag, and the number of incoming HTTP connections. These enhancements improves upon the existing scaling mechanism, which previously relied only on memory and CPU utilization, providing a more comprehensive and responsive scaling mechanism for your data ingestion workloads.
With these improvements, customers can build more resilient and efficient data ingestion pipelines that automatically adapt to varying workloads. The new autoscaling parameters help optimize resource utilization, reduce ingestion bottlenecks, and improve overall pipeline performance, making it easier to handle high-throughput data streams for log analytics, observability, and security analytics use cases.
The enhanced autoscaling capabilities are now available in all AWS Regions where Amazon OpenSearch Ingestion is currently offered. You can take advantage of these improvements by updating your existing pipelines or creating new pipelines through the Amazon OpenSearch Service console or APIs at no additional cost.
To learn more, see the Amazon OpenSearch Ingestion webpage and the Amazon OpenSearch Service Developer Guide.  

AWS IAM Identity Center enhanced its session management and trusted identity propagation (TIP) capabilities for customers that connect Microsoft Active Directory (AD) as their identity source. The enhanced capabilities help customers manage user sessions, scale their use of AWS applications, such as Amazon Q Developer Pro, and implement use cases, such as for analytics, with trusted identity propagation.

With this release, customers who connect Microsoft AD to IAM Identity Center will be able to: (a) configure the session duration for AWS applications and the AWS access portal from a minimum of 15 minutes to a maximum of 90 days; (b) list and delete active user sessions; (c) configure an extended 90-day session duration for Amazon Q Developer Pro, while maintaining shorter session duration for other AWS applications; and (d) enable TIP from business intelligence applications that authenticate users via a third party identity provider to AWS services, such as Amazon Redshift and Amazon Q Business.

IAM Identity Center is the recommended service for managing workforce access to AWS applications and multiple AWS accounts. It enables you to connect your existing source of workforce identities to AWS once and offer your users single sign on experience across AWS. It powers the personalized experiences offered by AWS applications, such as Amazon Q; and the ability to define and audit user-aware access to data in AWS services, such as Amazon Redshift. It helps you manage access to multiple AWS accounts from a central place. IAM Identity Center is available at no additional cost in these AWS Regions. Learn more here.
 

 

​AWS IAM Identity Center enhanced its session management and trusted identity propagation (TIP) capabilities for customers that connect Microsoft Active Directory (AD) as their identity source. The enhanced capabilities help customers manage user sessions, scale their use of AWS applications, such as Amazon Q Developer Pro, and implement use cases, such as for analytics, with trusted identity propagation. With this release, customers who connect Microsoft AD to IAM Identity Center will be able to: (a) configure the session duration for AWS applications and the AWS access portal from a minimum of 15 minutes to a maximum of 90 days; (b) list and delete active user sessions; (c) configure an extended 90-day session duration for Amazon Q Developer Pro, while maintaining shorter session duration for other AWS applications; and (d) enable TIP from business intelligence applications that authenticate users via a third party identity provider to AWS services, such as Amazon Redshift and Amazon Q Business. IAM Identity Center is the recommended service for managing workforce access to AWS applications and multiple AWS accounts. It enables you to connect your existing source of workforce identities to AWS once and offer your users single sign on experience across AWS. It powers the personalized experiences offered by AWS applications, such as Amazon Q; and the ability to define and audit user-aware access to data in AWS services, such as Amazon Redshift. It helps you manage access to multiple AWS accounts from a central place. IAM Identity Center is available at no additional cost in these AWS Regions. Learn more here.    

Amazon Relational Database Service (RDS) Proxy now supports version 1.3 of the Transport Layer Security (TLS) protocol for Proxy connections to Amazon Aurora PostgreSQL and RDS for PostgreSQL database instances. TLS 1.3 provides improved security through stronger cryptographic algorithms and simplified handshake process as compared to older TLS versions.

With this release, RDS Proxy can use TLS 1.3 for connections to Aurora PostgreSQL and RDS for PostgreSQL databases. During connection establishment, Proxy will automatically negotiate the most secure supported TLS version supported with the database. Customers can also configure their PostgreSQL database to require TLS 1.3, by setting the ssl_min_protocol_version parameter in their parameter group. TLS 1.3 is already supported for connections to RDS Proxy, as well as for RDS Proxy connections to MySQL engines.

RDS Proxy is a fully managed and a highly available database proxy for RDS and Amazon Aurora databases. RDS Proxy helps improve application scalability, resiliency, and security. For information about TLS version support and related configuration on Aurora, please review Aurora documentation. For information on supported database engine versions and regional availability of RDS Proxy, refer to our RDS and Aurora documentations.
 

 

​Amazon Relational Database Service (RDS) Proxy now supports version 1.3 of the Transport Layer Security (TLS) protocol for Proxy connections to Amazon Aurora PostgreSQL and RDS for PostgreSQL database instances. TLS 1.3 provides improved security through stronger cryptographic algorithms and simplified handshake process as compared to older TLS versions. With this release, RDS Proxy can use TLS 1.3 for connections to Aurora PostgreSQL and RDS for PostgreSQL databases. During connection establishment, Proxy will automatically negotiate the most secure supported TLS version supported with the database. Customers can also configure their PostgreSQL database to require TLS 1.3, by setting the ssl_min_protocol_version parameter in their parameter group. TLS 1.3 is already supported for connections to RDS Proxy, as well as for RDS Proxy connections to MySQL engines. RDS Proxy is a fully managed and a highly available database proxy for RDS and Amazon Aurora databases. RDS Proxy helps improve application scalability, resiliency, and security. For information about TLS version support and related configuration on Aurora, please review Aurora documentation. For information on supported database engine versions and regional availability of RDS Proxy, refer to our RDS and Aurora documentations.    

Visual ETL in Amazon SageMaker now offers 9 new built-in transforms: “Derived column”, “Flatten”, “Add current timestamp”, “Explode array or map into rows”, “To timestamp”, “Array to columns”, “Intersect”, “Limit” and “Concatenate columns”.

Visual ETL in Amazon SageMaker provides a drag-and-drop interface for building ETL flows and authoring flows with Amazon Q Developer. With these new transforms, ETL developers can quickly build more sophisticated data pipelines without having to write custom code for common transform tasks. Each of these new transforms address a unique data processing need. For example, use “Derived column” to define a new column based on a math formula or SQL expression, use “To timestamp” to convert a column to timestamp type, or build a new string column using the values of other columns with an optional spacer with the “Concatenate columns” transform.

This new feature is now available in all AWS regions where Amazon SageMaker is available. Access the supported region list for the most up-to-date availability information.

To learn more, visit our Amazon SageMaker documentation.

 

​Visual ETL in Amazon SageMaker now offers 9 new built-in transforms: “Derived column”, “Flatten”, “Add current timestamp”, “Explode array or map into rows”, “To timestamp”, “Array to columns”, “Intersect”, “Limit” and “Concatenate columns”. Visual ETL in Amazon SageMaker provides a drag-and-drop interface for building ETL flows and authoring flows with Amazon Q Developer. With these new transforms, ETL developers can quickly build more sophisticated data pipelines without having to write custom code for common transform tasks. Each of these new transforms address a unique data processing need. For example, use “Derived column” to define a new column based on a math formula or SQL expression, use “To timestamp” to convert a column to timestamp type, or build a new string column using the values of other columns with an optional spacer with the “Concatenate columns” transform. This new feature is now available in all AWS regions where Amazon SageMaker is available. Access the supported region list for the most up-to-date availability information. To learn more, visit our Amazon SageMaker documentation.  

Amazon Connect now allows supervisors to take additional actions on in-progress chats directly from the Amazon Connect UI, accelerating issue resolution and improving customer satisfaction. For example, supervisors can now end chats with inactive customers or reassign chats to specific agents or queues.

To learn more, please refer to the help documentation or visit the Amazon Connect website. This feature is available in all commercial AWS regions where Amazon Connect is available.

 

​Amazon Connect now allows supervisors to take additional actions on in-progress chats directly from the Amazon Connect UI, accelerating issue resolution and improving customer satisfaction. For example, supervisors can now end chats with inactive customers or reassign chats to specific agents or queues. To learn more, please refer to the help documentation or visit the Amazon Connect website. This feature is available in all commercial AWS regions where Amazon Connect is available.  

Amazon QuickSight launches highlighting, a new interaction capability for analysis and dashboards. Highlighting allows authors and readers to emphasize and track specific data points across visuals, making it easier to compare data elements throughout a sheet and explore insights more effectively.

With highlighting, simply select or hover over a data point in a visual, and related data across other visuals will stand out, while unrelated data is dimmed or greyed out. This seamless interaction helps users understand correlations, spot patterns, trends and outliers, facilitating faster and more informed analysis.

Highlighting is now available in all supported Amazon QuickSight regions – see here for QuickSight regional endpoints.

This can be turned on under Analysis or Sheet Settings. For more details refer to documentation for analysis settings or sheet settings.
 

 

​Amazon QuickSight launches highlighting, a new interaction capability for analysis and dashboards. Highlighting allows authors and readers to emphasize and track specific data points across visuals, making it easier to compare data elements throughout a sheet and explore insights more effectively. With highlighting, simply select or hover over a data point in a visual, and related data across other visuals will stand out, while unrelated data is dimmed or greyed out. This seamless interaction helps users understand correlations, spot patterns, trends and outliers, facilitating faster and more informed analysis. Highlighting is now available in all supported Amazon QuickSight regions – see here for QuickSight regional endpoints. This can be turned on under Analysis or Sheet Settings. For more details refer to documentation for analysis settings or sheet settings.