Today, AWS announces new features for AWS Network Firewall: The ability to generate alerts on traffic that matches pass action rules and JA4 fingerprinting support in firewall rules. AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC). These new capabilities enhance the security and visibility of your network traffic, allowing for more granular control and improved threat detection.

The ability to generate alert log events on traffic that matches pass action rules provides enhanced visibility into your network traffic without a need to add an alert action rule before the pass action rule. This can help you detect anomalies or potential security issues in traffic that would otherwise be permitted without additional scrutiny. JA4 filtering rules enables AWS Network Firewall to analyze network traffic based on JA4 fingerprints, which are used to identify client and server applications. This feature allows for more precise traffic identification and control, helping you to better secure your network against potential threats.

Pass action rule alert and JA4 filtering rules are available in all AWS Regions where AWS Network Firewall is offered. To see which regions AWS Network Firewall is available in, visit the AWS Region Table.

To learn more about these new features and how to implement them in your AWS Network Firewall setup, visit the AWS Network Firewall documentation. You can start using these new capabilities today to enhance your network security posture and gain deeper insights into your VPC traffic patterns.

 

​Today, AWS announces new features for AWS Network Firewall: The ability to generate alerts on traffic that matches pass action rules and JA4 fingerprinting support in firewall rules. AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC). These new capabilities enhance the security and visibility of your network traffic, allowing for more granular control and improved threat detection. The ability to generate alert log events on traffic that matches pass action rules provides enhanced visibility into your network traffic without a need to add an alert action rule before the pass action rule. This can help you detect anomalies or potential security issues in traffic that would otherwise be permitted without additional scrutiny. JA4 filtering rules enables AWS Network Firewall to analyze network traffic based on JA4 fingerprints, which are used to identify client and server applications. This feature allows for more precise traffic identification and control, helping you to better secure your network against potential threats. Pass action rule alert and JA4 filtering rules are available in all AWS Regions where AWS Network Firewall is offered. To see which regions AWS Network Firewall is available in, visit the AWS Region Table. To learn more about these new features and how to implement them in your AWS Network Firewall setup, visit the AWS Network Firewall documentation. You can start using these new capabilities today to enhance your network security posture and gain deeper insights into your VPC traffic patterns.  

Today AWS announced role-based access control, multi-account and multi-region support, and Fleet Management Portal (Preview) for the Connected Mobility Solution (CMS) on AWS. Role-based access control enables customers to manage and restrict access to developer portal of CMS based on security roles assigned to users. In addition, customers can use CMS to deploy AWS and partner provided software components in multiple accounts and multiple regions based on customer’s organization structure and various lifecycle stage of the features. Lastly, customers can use the CMS Fleet Management Portal to visualize fleet data collected using AWS IoT FleetWise, making it easier to assemble a holistic view of fleet events, and easily integrate and visualize AWS and AWS partner provided software components.

You can restrict access to CMS’s developer portal by defining roles and permissions with appropriate level of access within your organization, ensuring access is granted to users based on the ‘principle of least privilege’ to reduce security risks. You can easily deploy AWS and AWS partner provided connected mobility software components across multiple accounts and regions to enable alignment with your organizational requirements and enhance scalability and resilience. You can accelerate the build of your fleet management solution, visualize consolidated fleet data, and quickly integrate insights and analytics solutions provided by AWS and connected mobility partners using the CMS-provided API Gateway and Smithy Framework.

CMS is available in the following AWS regions: Asia-Pacific (Tokyo, Sydney), Europe (Frankfurt, Ireland), US-East (N.Virginia, Ohio), US-West (Oregon).

Visit CMS on AWS Product Page to learn more.

 

​Today AWS announced role-based access control, multi-account and multi-region support, and Fleet Management Portal (Preview) for the Connected Mobility Solution (CMS) on AWS. Role-based access control enables customers to manage and restrict access to developer portal of CMS based on security roles assigned to users. In addition, customers can use CMS to deploy AWS and partner provided software components in multiple accounts and multiple regions based on customer’s organization structure and various lifecycle stage of the features. Lastly, customers can use the CMS Fleet Management Portal to visualize fleet data collected using AWS IoT FleetWise, making it easier to assemble a holistic view of fleet events, and easily integrate and visualize AWS and AWS partner provided software components.
You can restrict access to CMS’s developer portal by defining roles and permissions with appropriate level of access within your organization, ensuring access is granted to users based on the ‘principle of least privilege’ to reduce security risks. You can easily deploy AWS and AWS partner provided connected mobility software components across multiple accounts and regions to enable alignment with your organizational requirements and enhance scalability and resilience. You can accelerate the build of your fleet management solution, visualize consolidated fleet data, and quickly integrate insights and analytics solutions provided by AWS and connected mobility partners using the CMS-provided API Gateway and Smithy Framework.
CMS is available in the following AWS regions: Asia-Pacific (Tokyo, Sydney), Europe (Frankfurt, Ireland), US-East (N.Virginia, Ohio), US-West (Oregon).
Visit CMS on AWS Product Page to learn more.  

Today, AWS CloudFormation introduced a new resource scanning workflow for the CloudFormation IaC generator, further simplifying the process of generating Infrastructure-as-Code (IaC) templates for existing resources in your AWS account. IaC generator allows you to onboard existing resources to CloudFormation in three easy steps. First, you initiate a scan of resources in your AWS account. Second, you select resources for template generation and review suggestions for related resources. Third, a CloudFormation template is generated for selected resources. You can then import resources into a CloudFormation stack, download the template for deployment, or convert the template into a CDK app in your preferred programming language, such as TypeScript or Python.

With this launch, you can specify the resource types that IaC generator will cover in the resource scanning step. Instead of scanning all resources by default, you can now focus only on the resources relevant to your workload, reducing scan time and effort. This improves the efficiency of the template generation process and streamlines iterative workflows, such as migration of a prototype workload to CloudFormation.

To get started, open the AWS CloudFormation Console and select IaC generator in the navigation panel. You can also use IaC generator from the AWS CLI and AWS SDK. Learn more:

• User guide

The IaC generator is available in AWS Regions where CloudFormation is available.

• CloudFormation documentation for Partial Scanning

 

​Today, AWS CloudFormation introduced a new resource scanning workflow for the CloudFormation IaC generator, further simplifying the process of generating Infrastructure-as-Code (IaC) templates for existing resources in your AWS account. IaC generator allows you to onboard existing resources to CloudFormation in three easy steps. First, you initiate a scan of resources in your AWS account. Second, you select resources for template generation and review suggestions for related resources. Third, a CloudFormation template is generated for selected resources. You can then import resources into a CloudFormation stack, download the template for deployment, or convert the template into a CDK app in your preferred programming language, such as TypeScript or Python. With this launch, you can specify the resource types that IaC generator will cover in the resource scanning step. Instead of scanning all resources by default, you can now focus only on the resources relevant to your workload, reducing scan time and effort. This improves the efficiency of the template generation process and streamlines iterative workflows, such as migration of a prototype workload to CloudFormation. To get started, open the AWS CloudFormation Console and select IaC generator in the navigation panel. You can also use IaC generator from the AWS CLI and AWS SDK. Learn more:

User guide

The IaC generator is available in AWS Regions where CloudFormation is available.

CloudFormation documentation for Partial Scanning  

Starting today, Amazon Q Business is available in Asia Pacific (Sydney) AWS Region. Amazon Q Business revolutionizes the way that employees interact with organizational knowledge and enterprise systems. Q Business customers in this region can get answers from enterprise RAG knowledge bases and uploaded files (e.g. pdf’s, images) and run tabular search on small tables. Customers can also get answers from LLM knowledge and generate content using their Q Business assistant. Amazon Q Business connects seamlessly to over 40 popular enterprise systems, including Amazon Simple Storage Service (Amazon S3), Microsoft 365, and Salesforce. It ensures that users access content securely with their existing credentials using single sign-on, according to their permissions, and enterprise-level access controls.

With this regional expansion, Amazon Q is now available in the following regions: US East (N. Virginia), US West (Oregon), Europe West (Ireland), and Asia Pacific Southeast (Sydney) AWS Regions.

To learn more about the Amazon Q Business features available in this region, go to Q Business service regions.

For more information, see Amazon Q Business.

 

​Starting today, Amazon Q Business is available in Asia Pacific (Sydney) AWS Region. Amazon Q Business revolutionizes the way that employees interact with organizational knowledge and enterprise systems. Q Business customers in this region can get answers from enterprise RAG knowledge bases and uploaded files (e.g. pdf’s, images) and run tabular search on small tables. Customers can also get answers from LLM knowledge and generate content using their Q Business assistant. Amazon Q Business connects seamlessly to over 40 popular enterprise systems, including Amazon Simple Storage Service (Amazon S3), Microsoft 365, and Salesforce. It ensures that users access content securely with their existing credentials using single sign-on, according to their permissions, and enterprise-level access controls. With this regional expansion, Amazon Q is now available in the following regions: US East (N. Virginia), US West (Oregon), Europe West (Ireland), and Asia Pacific Southeast (Sydney) AWS Regions. To learn more about the Amazon Q Business features available in this region, go to Q Business service regions. For more information, see Amazon Q Business.  

We are announcing the support of Amazon OpenSearch Managed cluster as a vector store in Amazon Bedrock Knowledge Bases. Amazon Bedrock Knowledge Bases securely connects foundation models (FMs) to internal company data sources for Retrieval Augmented Generation (RAG), to deliver more relevant and accurate responses.

Amazon Bedrock Knowledge Bases’ native integration with vector databases allows you to mitigate the need to build custom data source integrations. With this launch, you can use OpenSearch managed cluster as the vector database to take advantage of the suite of features available in Bedrock Knowledge Bases. This integration adds to the list of vector databases supported by Bedrock Knowledge Bases, including Amazon OpenSearch Serverless, Amazon Aurora, Amazon Neptune Analytics, Pinecone, MongoDB Atlas, and Redis.

The OpenSearch Managed cluster integration for Amazon Bedrock Knowledge Bases is now generally available in all existing Amazon Bedrock Knowledge Base and Opensearch service regions. To learn more, refer to the Knowledge Bases documentation.

 

​We are announcing the support of Amazon OpenSearch Managed cluster as a vector store in Amazon Bedrock Knowledge Bases. Amazon Bedrock Knowledge Bases securely connects foundation models (FMs) to internal company data sources for Retrieval Augmented Generation (RAG), to deliver more relevant and accurate responses. Amazon Bedrock Knowledge Bases’ native integration with vector databases allows you to mitigate the need to build custom data source integrations. With this launch, you can use OpenSearch managed cluster as the vector database to take advantage of the suite of features available in Bedrock Knowledge Bases. This integration adds to the list of vector databases supported by Bedrock Knowledge Bases, including Amazon OpenSearch Serverless, Amazon Aurora, Amazon Neptune Analytics, Pinecone, MongoDB Atlas, and Redis. The OpenSearch Managed cluster integration for Amazon Bedrock Knowledge Bases is now generally available in all existing Amazon Bedrock Knowledge Base and Opensearch service regions. To learn more, refer to the Knowledge Bases documentation.  

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) P5en instances powered by NVIDIA H200 GPUs are available in US East (N. Virginia) and Asia Pacific (Jakarta) regions. These instances are optimized for generative AI and high performance computing (HPC) applications.

P5en instances feature 8 H200 GPUs which have 1.7x GPU memory size and 1.4x GPU memory bandwidth than H100 GPUs featured in P5 instances. P5en instances pair the H200 GPUs with high performance custom 4^th Generation Intel Xeon Scalable processors, enabling Gen5 PCIe between CPU and GPU which provides up to 4x the bandwidth between CPU and GPU and boosts AI training and inference performance. P5en, with up to 3200 Gbps of third generation of EFA using Nitro v5, shows up to 35% improvement in latency compared to P5 that uses the previous generation of EFA and Nitro. This helps improve collective communications performance for distributed training workloads such as deep learning, generative AI, real-time data processing, and high-performance computing (HPC) applications. To address customer needs for large scale at low latency, P5en instances are deployed in Amazon EC2 UltraClusters, and provide market-leading scale-out capabilities for distributed training and tightly coupled HPC workloads.

With these additional regions, P5en instances are now available in the US East (N. Virginia, Ohio), US West (Oregon), Europe (Spain) and Asia Pacific (Jakarta, Mumbai, Seoul, Tokyo and Seoul) AWS Regions and US East (Atlanta) Local Zone us-east-1-atl-2a in the p5en.48xlarge size.

To learn more about P5en instances, see Amazon EC2 P5en Instances.

 

​Starting today, Amazon Elastic Compute Cloud (Amazon EC2) P5en instances powered by NVIDIA H200 GPUs are available in US East (N. Virginia) and Asia Pacific (Jakarta) regions. These instances are optimized for generative AI and high performance computing (HPC) applications. P5en instances feature 8 H200 GPUs which have 1.7x GPU memory size and 1.4x GPU memory bandwidth than H100 GPUs featured in P5 instances. P5en instances pair the H200 GPUs with high performance custom 4th Generation Intel Xeon Scalable processors, enabling Gen5 PCIe between CPU and GPU which provides up to 4x the bandwidth between CPU and GPU and boosts AI training and inference performance. P5en, with up to 3200 Gbps of third generation of EFA using Nitro v5, shows up to 35% improvement in latency compared to P5 that uses the previous generation of EFA and Nitro. This helps improve collective communications performance for distributed training workloads such as deep learning, generative AI, real-time data processing, and high-performance computing (HPC) applications. To address customer needs for large scale at low latency, P5en instances are deployed in Amazon EC2 UltraClusters, and provide market-leading scale-out capabilities for distributed training and tightly coupled HPC workloads. With these additional regions, P5en instances are now available in the US East (N. Virginia, Ohio), US West (Oregon), Europe (Spain) and Asia Pacific (Jakarta, Mumbai, Seoul, Tokyo and Seoul) AWS Regions and US East (Atlanta) Local Zone us-east-1-atl-2a in the p5en.48xlarge size. To learn more about P5en instances, see Amazon EC2 P5en Instances.  

Today, Amazon Elastic Kubernetes Service (EKS) announced a new control to prevent accidental cluster upgrades when issues are already detected that may impact application compatibility with the next Kubernetes version. This feature leverages EKS upgrade insights and is significant step towards giving cluster administrators confidence with Kubernetes version upgrades.

EKS upgrade insights automatically scan clusters against a list of potential Kubernetes version upgrade impacting issues such as deprecated Kubernetes API usage. EKS periodically updates the list of insight checks to perform, based on evaluations of changes in the Kubernetes project, as well as changes introduced in the EKS service along with new versions. With this new control, EKS will prevent you from upgrading the EKS clusters if there are any Kubernetes version upgrade impacting issues surfaced by EKS upgrade insights. Once the upgrade impacting issues are resolved, you will be able to upgrade the Kubernetes version of your cluster. EKS has also introduced an override flag which you can use to bypass upgrade insights checks on upgrades, which can useful for example in dev environments.

This feature is available in all AWS Regions, except the AWS GovCloud (US) Regions. To learn more visit the EKS documentation.

 

​Today, Amazon Elastic Kubernetes Service (EKS) announced a new control to prevent accidental cluster upgrades when issues are already detected that may impact application compatibility with the next Kubernetes version. This feature leverages EKS upgrade insights and is significant step towards giving cluster administrators confidence with Kubernetes version upgrades. EKS upgrade insights automatically scan clusters against a list of potential Kubernetes version upgrade impacting issues such as deprecated Kubernetes API usage. EKS periodically updates the list of insight checks to perform, based on evaluations of changes in the Kubernetes project, as well as changes introduced in the EKS service along with new versions. With this new control, EKS will prevent you from upgrading the EKS clusters if there are any Kubernetes version upgrade impacting issues surfaced by EKS upgrade insights. Once the upgrade impacting issues are resolved, you will be able to upgrade the Kubernetes version of your cluster. EKS has also introduced an override flag which you can use to bypass upgrade insights checks on upgrades, which can useful for example in dev environments. This feature is available in all AWS Regions, except the AWS GovCloud (US) Regions. To learn more visit the EKS documentation.  

You can now easily deploy pre-configured sample applications to connect your users to data in Amazon S3 using Storage Browser for S3. Once you select and deploy one of the sample apps, users can browse, download, upload, copy, and delete data they have access to in S3 through an intuitive file browser experience. You can host these sample apps with Amplify Hosting or any hosting provider of your choice.

Each sample application comes with preset integrations of AWS identity services with Storage Browser for S3 to help you quickly connect authorized end users to data in S3. Use these sample apps to accelerate cloud adoption for your organization without custom development work.

Visit the documentation to learn more and get started.
 

 

​You can now easily deploy pre-configured sample applications to connect your users to data in Amazon S3 using Storage Browser for S3. Once you select and deploy one of the sample apps, users can browse, download, upload, copy, and delete data they have access to in S3 through an intuitive file browser experience. You can host these sample apps with Amplify Hosting or any hosting provider of your choice. Each sample application comes with preset integrations of AWS identity services with Storage Browser for S3 to help you quickly connect authorized end users to data in S3. Use these sample apps to accelerate cloud adoption for your organization without custom development work. Visit the documentation to learn more and get started.    

Today, we are announcing the general availability of our Web Application Firewall Protection for AWS Amplify Hosting. This new feature allows customers to easily attach a web application firewall to their AWS Amplify apps, enhancing the security of their hosted applications. With this integration, customers can implement robust security measures without additional configuration steps or management overhead.

The AWS WAF integration with Amplify Hosting provides access to a full range of AWS WAF capabilities. Customers can now use managed rules to protect against common web exploits and vulnerabilities such as SQL injection and cross-site scripting (XSS). Additionally, they can create custom rules based on their specific application needs, implement rate-based rules to protect against DDoS attacks, and use geo-blocking to restrict access from specific countries. This integration enables customers to implement in-depth security strategies for their web applications to help safeguard against threats.

This new feature is available in all AWS Regions where Amplify Hosting operates. Customers can attach AWS WAF to their Amplify apps through a simple one-click integration in the Amplify console or by using infrastructure as code (IaC).

Amplify Hosting will charge a $15/month per app fee to use this feature, plus any costs incurred by the AWS WAF service. To get started with AWS WAF integration for Amplify Hosting, visit the Amplify console and navigate to your app settings. Select the Firewall tab to choose predefined rules or create custom configurations. Or you can refer to the documentation.
 

 

​Today, we are announcing the general availability of our Web Application Firewall Protection for AWS Amplify Hosting. This new feature allows customers to easily attach a web application firewall to their AWS Amplify apps, enhancing the security of their hosted applications. With this integration, customers can implement robust security measures without additional configuration steps or management overhead. The AWS WAF integration with Amplify Hosting provides access to a full range of AWS WAF capabilities. Customers can now use managed rules to protect against common web exploits and vulnerabilities such as SQL injection and cross-site scripting (XSS). Additionally, they can create custom rules based on their specific application needs, implement rate-based rules to protect against DDoS attacks, and use geo-blocking to restrict access from specific countries. This integration enables customers to implement in-depth security strategies for their web applications to help safeguard against threats. This new feature is available in all AWS Regions where Amplify Hosting operates. Customers can attach AWS WAF to their Amplify apps through a simple one-click integration in the Amplify console or by using infrastructure as code (IaC). Amplify Hosting will charge a $15/month per app fee to use this feature, plus any costs incurred by the AWS WAF service. To get started with AWS WAF integration for Amplify Hosting, visit the Amplify console and navigate to your app settings. Select the Firewall tab to choose predefined rules or create custom configurations. Or you can refer to the documentation.    

Starting today, AWS Network Firewall is available in the Asia Pacific (Thailand) and Mexico (Central) regions, enabling customers to deploy essential network protections for all their Amazon Virtual Private Clouds (VPCs).

AWS Network Firewall is a managed firewall service that is easy to deploy. The service automatically scales with network traffic volume to provide high-availability protections without the need to set up and maintain the underlying infrastructure. It is integrated with AWS Firewall Manager to provide you with central visibility and control over your firewall policies across multiple AWS accounts.

To see which regions AWS Network Firewall is available in, visit the AWS Region Table. For more information, please see the AWS Network Firewall product page and the service documentation.
 

 

​Starting today, AWS Network Firewall is available in the Asia Pacific (Thailand) and Mexico (Central) regions, enabling customers to deploy essential network protections for all their Amazon Virtual Private Clouds (VPCs).
AWS Network Firewall is a managed firewall service that is easy to deploy. The service automatically scales with network traffic volume to provide high-availability protections without the need to set up and maintain the underlying infrastructure. It is integrated with AWS Firewall Manager to provide you with central visibility and control over your firewall policies across multiple AWS accounts. To see which regions AWS Network Firewall is available in, visit the AWS Region Table. For more information, please see the AWS Network Firewall product page and the service documentation.