AWS Lake Formation is now available in the Asia Pacific (New Zealand) Region, enabling you to centrally manage and scale fine-grained data access permissions and share data securely within and outside your organization.

AWS Lake Formation is a service that allows you to define where your data resides and what data access and security policies you want to apply. Your users can then access the centralized AWS Glue Data Catalog which describes available data sets and their appropriate usage. Your users can then usethese data sets with their choice of analytics and machine learning services, like Amazon EMR for Apache Spark, Amazon Redshift, AWS Glue, Amazon QuickSight, and Amazon Athena.

To learn more about Lake Formation, visit the documentation. For AWS Lake Formation Region availability, please see the AWS Region table.

​AWS Lake Formation is now available in the Asia Pacific (New Zealand) Region, enabling you to centrally manage and scale fine-grained data access permissions and share data securely within and outside your organization. AWS Lake Formation is a service that allows you to define where your data resides and what data access and security policies you want to apply. Your users can then access the centralized AWS Glue Data Catalog which describes available data sets and their appropriate usage. Your users can then usethese data sets with their choice of analytics and machine learning services, like Amazon EMR for Apache Spark, Amazon Redshift, AWS Glue, Amazon QuickSight, and Amazon Athena. To learn more about Lake Formation, visit the documentation. For AWS Lake Formation Region availability, please see the AWS Region table.  

Amazon Connect now provides an integrated workflow to capture and resolve agent appeals of performance evaluations, enhancing evaluation fairness and agent engagement. When agents disagree with an evaluation, they can appeal the evaluation along with their reasoning directly within the Connect UI. For example, an agent who received a low evaluation score for active listening on a conversation, may appeal their evaluation by citing specific examples where they actively listened and acknowledged the customer’s problem. Designated managers then receive automated email notifications to review and resolve the appeal. Additionally, managers can monitor which evaluations have been appealed, and track their status, ensuring timely resolution of appeals.

This feature is available in all regions where Amazon Connect is offered. To learn more, please visit our documentation and our webpage.

​Amazon Connect now provides an integrated workflow to capture and resolve agent appeals of performance evaluations, enhancing evaluation fairness and agent engagement. When agents disagree with an evaluation, they can appeal the evaluation along with their reasoning directly within the Connect UI. For example, an agent who received a low evaluation score for active listening on a conversation, may appeal their evaluation by citing specific examples where they actively listened and acknowledged the customer’s problem. Designated managers then receive automated email notifications to review and resolve the appeal. Additionally, managers can monitor which evaluations have been appealed, and track their status, ensuring timely resolution of appeals. This feature is available in all regions where Amazon Connect is offered. To learn more, please visit our documentation and our webpage.  

Today, AWS announces the general availability of displaying account name in AWS Management Console across all Public Regions. AWS customers now have an easy way to identify their accounts at a glance. Users can now quickly distinguish between accounts visually using the account name that appears in the navigation bar for all authorized users in that account.

AWS customers manage multiple accounts to separate their workloads, such as maintaining distinct accounts for development and production environments or for different business units. Previously, users had to rely on account numbers to identify accounts. With this new feature, all authorized users can quickly identify the account using its name on the navigation bar.

The account name display feature is available at no additional cost in all public AWS Regions. To get started, make sure your administrator has enabled the feature (visit our managed policy documentation) and sign in to AWS Management Console. 

​Today, AWS announces the general availability of displaying account name in AWS Management Console across all Public Regions. AWS customers now have an easy way to identify their accounts at a glance. Users can now quickly distinguish between accounts visually using the account name that appears in the navigation bar for all authorized users in that account. AWS customers manage multiple accounts to separate their workloads, such as maintaining distinct accounts for development and production environments or for different business units. Previously, users had to rely on account numbers to identify accounts. With this new feature, all authorized users can quickly identify the account using its name on the navigation bar. The account name display feature is available at no additional cost in all public AWS Regions. To get started, make sure your administrator has enabled the feature (visit our managed policy documentation) and sign in to AWS Management Console.   

Amazon SageMaker JumpStart now enables one-click deployment of four NVIDIA NIMs models purpose-built for biosciences and physical AI: ProteinMPNN, Nemotron-3.5B-Instruct, MSA Search NIM, and Cosmos Reason. NVIDIA NIM™ provides prebuilt, optimized inference microservices for rapidly deploying the latest AI models on any NVIDIA-accelerated infrastructure. These models bring advanced capabilities spanning protein design, reasoning with configurable outputs, and physical world understanding, enabling customers to accelerate biosciences research, drug discovery, and embodied AI applications on AWS infrastructure.

ProteinMPNN enables fast and efficient protein sequence optimization guided by structural data. This NIM generates high-quality sequences with enhanced binding affinity and stability, validated through experimental results. Designed for scalability and flexibility, ProteinMPNN integrates seamlessly into protein engineering workflows, transforming applications like enzyme design and therapeutic development.

MSA Search NIM supports GPU-accelerated Multiple Sequence Alignment (MSA) of a query amino acid sequence against a set of protein sequence databases. These databases are searched for similar sequences to the query and then the collection of sequences are aligned to establish similar regions even when the proteins have different lengths and motifs.

Nemotron-3.5B-Instruct delivers high reasoning performance, native tool calling support, and extended context processing with 256k token context window. This model employs an efficient hybrid Mixture-of-Experts (MoE) architecture to ensure higher throughput than its predecessors for agentic and coding workloads, while maintaining the reasoning depth of a larger model. It is ideal for building multi-agent workflows, developer productivity tools, processes automation, and for scientific and mathematical reasoning analysis, amongst others.

Cosmos Reason is an open , customizable, reasoning vision language model (VLM) for physical AI and robotics. It enables robots and vision AI agents to reason like humans, using prior knowledge, physics understanding, and common sense to understand and act in the real world. This model understands space, time, and fundamental physics, and can serve as a planning model to reason what steps an embodied agent might take next.

With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases.

To get started with these models, navigate to the SageMaker JumpStart model catalog in the SageMaker console or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.

​Amazon SageMaker JumpStart now enables one-click deployment of four NVIDIA NIMs models purpose-built for biosciences and physical AI: ProteinMPNN, Nemotron-3.5B-Instruct, MSA Search NIM, and Cosmos Reason. NVIDIA NIM™ provides prebuilt, optimized inference microservices for rapidly deploying the latest AI models on any NVIDIA-accelerated infrastructure. These models bring advanced capabilities spanning protein design, reasoning with configurable outputs, and physical world understanding, enabling customers to accelerate biosciences research, drug discovery, and embodied AI applications on AWS infrastructure.
ProteinMPNN enables fast and efficient protein sequence optimization guided by structural data. This NIM generates high-quality sequences with enhanced binding affinity and stability, validated through experimental results. Designed for scalability and flexibility, ProteinMPNN integrates seamlessly into protein engineering workflows, transforming applications like enzyme design and therapeutic development.
MSA Search NIM supports GPU-accelerated Multiple Sequence Alignment (MSA) of a query amino acid sequence against a set of protein sequence databases. These databases are searched for similar sequences to the query and then the collection of sequences are aligned to establish similar regions even when the proteins have different lengths and motifs.
Nemotron-3.5B-Instruct delivers high reasoning performance, native tool calling support, and extended context processing with 256k token context window. This model employs an efficient hybrid Mixture-of-Experts (MoE) architecture to ensure higher throughput than its predecessors for agentic and coding workloads, while maintaining the reasoning depth of a larger model. It is ideal for building multi-agent workflows, developer productivity tools, processes automation, and for scientific and mathematical reasoning analysis, amongst others.
Cosmos Reason is an open , customizable, reasoning vision language model (VLM) for physical AI and robotics. It enables robots and vision AI agents to reason like humans, using prior knowledge, physics understanding, and common sense to understand and act in the real world. This model understands space, time, and fundamental physics, and can serve as a planning model to reason what steps an embodied agent might take next.
With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases.
To get started with these models, navigate to the SageMaker JumpStart model catalog in the SageMaker console or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.  

IAM Identity Center helps you configure the single sign-on experience of your workforce to AWS accounts and applications. You can now replicate IAM Identity Center from the primary AWS Region where you first enabled it to additional Regions of your choice. This feature enhances resilience of user access to AWS accounts and helps you deploy AWS applications in the AWS Regions that best align with your business needs such as application data residency and proximity to users.

When you enable this feature, IAM Identity Center automatically replicates your identities, entitlements, and other information from the primary Region to additional Regions. If IAM Identity Center is affected by a disruption in the primary Region, IAM Identity Center users continue to have access to their AWS accounts using the already provisioned entitlements in the additional Regions. 

AWS application administrators can use the standard application deployment workflow to deploy their application in an additional Region. They can assign users to the application in that Region, while you continue to administer IAM Identity Center in the primary Region.

IAM Identity Center multi-Region support is currently available in the 17 enabled-by-default commercial AWS Regions for organization instances of IAM Identity Center connected to an external identity provider, such as Okta. The IAM Identity Center organization instance must be configured with a multi-Region customer managed KMS key (CMK). To find out which AWS applications support deployment in additional Regions, visit AWS applications that you can use with IAM Identity Center. Standard AWS KMS charges apply for storing and using CMKs. IAM Identity Center is provided at no additional cost. To learn more about IAM Identity Center, visit the product detail page. To get started, see the IAM Identity Center User Guide. 

​IAM Identity Center helps you configure the single sign-on experience of your workforce to AWS accounts and applications. You can now replicate IAM Identity Center from the primary AWS Region where you first enabled it to additional Regions of your choice. This feature enhances resilience of user access to AWS accounts and helps you deploy AWS applications in the AWS Regions that best align with your business needs such as application data residency and proximity to users.
When you enable this feature, IAM Identity Center automatically replicates your identities, entitlements, and other information from the primary Region to additional Regions. If IAM Identity Center is affected by a disruption in the primary Region, IAM Identity Center users continue to have access to their AWS accounts using the already provisioned entitlements in the additional Regions. 
AWS application administrators can use the standard application deployment workflow to deploy their application in an additional Region. They can assign users to the application in that Region, while you continue to administer IAM Identity Center in the primary Region. IAM Identity Center multi-Region support is currently available in the 17 enabled-by-default commercial AWS Regions for organization instances of IAM Identity Center connected to an external identity provider, such as Okta. The IAM Identity Center organization instance must be configured with a multi-Region customer managed KMS key (CMK). To find out which AWS applications support deployment in additional Regions, visit AWS applications that you can use with IAM Identity Center. Standard AWS KMS charges apply for storing and using CMKs. IAM Identity Center is provided at no additional cost. To learn more about IAM Identity Center, visit the product detail page. To get started, see the IAM Identity Center User Guide.   

• Categoría: Noticias de Microsoft

febrero 3, 2026

Windows 365 for Agents: El próximo capítulo del PC en la nube

Por: Phil Gerity, Somesh Goel, Gaurav Dhawan, Matt Shadbolt, Joydeep Mukherjee.

Un nuevo capítulo para Windows 365

En 2021, Microsoft introdujo Windows 365, para reinventar el PC como un servicio en la nube que transmite un PC en la nube: una experiencia Windows completa, segura y personalizada para cualquier dispositivo, en cualquier lugar. Esta innovación ofreció a las organizaciones la flexibilidad para escalar recursos informáticos al instante, reducir la complejidad informática y reforzar la seguridad, todo ello mientras empoderaba a los empleados para trabajar casi desde cualquier lugar. En solo cuatro años, Windows 365 se ha convertido en la solución emblemática de software como servicio (SaaS, por sus siglas en inglés) de Microsoft para ofrecer computación segura, gestionada y de nivel empresarial a nivel global, para ayudar a las empresas a reducir costes, simplificar la gestión y acelerar la productividad.

Y ahora, Windows 365 habilita otro hito en la informática: el recién anunciado Windows 365 for Agents (Windows para Agentes) permite ejecutar agentes autónomos de IA de forma segura en PCs en la nube. Esto significa que las organizaciones pueden automatizar flujos de trabajo complejos, escalar operaciones sin añadir personal y desbloquear nuevas ganancias de productividad, todo ello mientras se mantiene la seguridad y el cumplimiento de nivel empresarial. Al extender el mismo entorno de confianza desde los usuarios humanos hasta las cargas de trabajo de los agentes, las empresas pueden acelerar la innovación y mejorar la productividad de los empleados.

Las interfaces agénticas pasan a formar parte de la interfaz de PC. Y la gente usará software (agentes) para controlar el software. Esta abstracción moderna permite que las personas sean más productivas al dedicar más tiempo a tareas que aportan valor y delegar tareas que no aportan valor a los agentes.

La arquitectura que distingue a Windows 365

Windows 365 está construido sobre un conjunto de capacidades probadas de nivel empresarial que forman el núcleo del servicio. Su arquitectura «alojada en nombre de» (HOBO, por sus siglas en inglés) utiliza máquinas virtuales Azure de instancia única que se ejecutan en la suscripción de Microsoft, se gestionan a través de Microsoft Intune, se aseguran con el ID Microsoft Entra y se conectan mediante transporte de conexión inversa.

Estos componentes reúnen las tecnologías más confiables de Microsoft para proporcionar una base segura, fiable y escalable para ejecutar cargas de trabajo en la nube de PC en las siguientes áreas clave:

• Identidad y seguridad: Microsoft Entra ID gestiona una autenticación fuerte, incluida MFA sin contraseña y resistente a PHH, con políticas de Acceso Condicional que aplican restricciones basadas en la ubicación, gestión de riesgos de inicio de sesión y cumplimiento de dispositivos. Los PC en la nube soportan tanto la unión Entra (nativa en la nube) como la unión híbrida a los Servicios de Dominio Active Directory locales (AD DS, por sus siglas en inglés).
• Gestión unificada: Todos los PC en la nube pueden inscribirse en Microsoft Intune, donde los administradores definen políticas de aprovisionamiento, despliegan aplicaciones, configuran ajustes y hacen cumplir las líneas de seguridad —a través de la misma consola y flujos de trabajo que los dispositivos físicos.
• Provisión de PC en la nube: Nuestro tejido de servicio provisiona, escala y gestiona en automático los PC en la nube a escala global, con el simple disparador de la asignación de licencias y la definición de políticas de aprovisionamiento, para eliminar así cualquier gestión de infraestructura en la nube necesaria para nuestros clientes.
• Conectividad global: Las conexiones de los usuarios nunca llegan directo a los PCs en la nube a través de internet. Tanto el dispositivo cliente como el PC en la nube establecen conexiones salientes a la nube de Microsoft, lo que elimina por completo los puertos entrantes. Nuestros algoritmos de enrutamiento inteligentes dirigen el tráfico a la pasarela de menor latencia. También utilizamos técnicas estándar de la industria como STUN y TURN para mantener una conectividad rápida y fiable incluso en entornos de red restrictivos.

Ampliación de Windows 365 a agentes

Con la aparición de agentes que usan ordenadores (CUAs, por sus siglas en inglés) como una clase de capacidades de IA, reconocimos un requisito clave: los agentes de IA deben operar en sus propios entornos informáticos seguros para ejecutar tareas, interactuar con sistemas empresariales y aplicaciones de línea de negocio, y operar dentro de los límites de seguridad, sin cargar a los usuarios humanos por el compartir entornos.

Un agente de IA que interactúa con una interfaz gráfica requiere los mismos recursos fundamentales que cualquier usuario: computación, red, identidad y controles de políticas. En lugar de construir una pila de virtualización separada, Windows 365 para Agentes funciona sobre una infraestructura idéntica de Azure VM con los mismos sistemas de gestión Intune e identidad Entra.

Más allá de crear una plataforma Cloud PC para cargas de trabajo de agentes de IA, Windows 365 para Agentes introduce un conjunto de capacidades diseñadas para hacer que las cargas de trabajo de agentes sean seguras, escalables y rentables. Estas mejoras van más allá de tan solo ejecutar agentes de IA en PCs en la nube: optimizan cómo se provisionan, gestionan y controlan los agentes, lo que mantiene la seguridad y el cumplimiento de nivel empresarial. Desde reservas de recursos elásticas hasta salvaguardas con personas en el proceso, estas innovaciones ayudan a las organizaciones a automatizar tareas complejas, reducir costes inactivos y garantizar la confianza en las operaciones autónomas.

• Pools de PC en la nube: En lugar de asignaciones persistentes de usuario uno a uno, los agentes extraen pools compartidos organizados por equipo o carga de trabajo. Desde PCs en la nube preprovisionados para un checkout rápido hasta provisiones programadas para reducir costes inactivos, la escalada elástica permite a las organizaciones ajustar de manera dinámica los recursos disponibles para los agentes para adaptarse a las necesidades del negocio.
• Modelo de check-in/check-out: Los agentes prestan un PC en la nube para realizar una tarea y luego la vuelven a registrar para su reutilización. Este enfoque efímero y con alcance de tarea maximiza la utilización y permite la facturación de consumo basada en el uso real en lugar de tarifas mensuales fijas.
• Interfaces programáticas para el control de agentes: Windows 365 para Agentes estarán disponibles interfaces para crear, prestar y observar ordenadores en la nube para constructores de agentes de terceros en los servidores de herramientas Agent 365.
• Agentes que usan ordenadores (CUAs): A diferencia de la automatización robótica tradicional de procesos (RPA, por sus siglas en inglés), que se basa en selectores de elementos frágiles (reglas que se rompen cuando cambia una interfaz), las CUAs interpretan de manera visual el contenido de la pantalla por medio de visión de IA y razonan sobre qué acciones tomar. Se adaptan cuando cambian las interfaces sin romper los flujos de trabajo: procesar capturas de pantalla, generar planes de acción y ejecutar comandos paso a paso.  La ejecución de código, así como los servidores MCP locales, dentro de este mismo entorno, ofrecen una combinación poderosa de capacidades en un PC en la nube aislado.
• Humano en el bucle: Al reconocer la necesidad de confianza en los sistemas autónomos, la plataforma permite al usuario tomar el control en cualquier momento durante la ejecución del agente, intervenir para gestionar decisiones complejas o proporcionar credenciales, y luego devolver el control al agente cuando termina.
• Identidad del agente: Cada agente opera con un ID único de Microsoft Entra autenticado mediante credenciales criptográficas—sin contraseñas para robar o hacer phishing. TI puede distinguir las acciones de los agentes de las humanas en los registros de auditoría, lo que brinda una observabilidad granular de las operaciones de la IA.

Windows como plataforma para el trabajo inteligente

Extender los PCs en la nube a agentes digitales refleja la misión de Microsoft: empoderar a cada persona y organización para lograr más. Así como Windows democratizó la informática personal y Windows 365 llevó ese poder a la nube, Windows 365 para Agentes ofrece una plataforma segura y escalable para que los agentes digitales operen en cualquier momento y lugar.

Estamos al borde de una nueva era, donde los agentes, construidos de forma responsable y desplegados de forma segura, se convierten en colaboradores de confianza en el trabajo y la creatividad. La plataforma Windows siempre ha permitido a otros construir, crear e innovar. Windows 365 para Agentes amplía esa promesa al ofrecer a los creadores de agentes:

• Seguridad y cumplimiento de nivel empresarial para agentes de IA
• Herramientas programáticas para simplificar la construcción de flujos de trabajo sofisticados
• Capacidades de gestión que dan confianza y control a los equipos de TI
• Experiencias de usuario naturales y fiables para una integración más fluida

Los principios que dieron forma a Windows 365—seguridad, fiabilidad, gestión y escala—siguen guiándonos. La misma infraestructura que sirve a millones de usuarios humanos se convierte ahora en la base para la próxima generación de trabajo inteligente.

¿Listos para saber más?

• Consulten nuestros anuncios de Ignite: Windows 365 para Agentes desbloquea automatización de IA segura y escalable – Windows IT Pro Blog
• Para una experiencia de creación de agentes sin código impulsada por Windows 365 para Agentes, consideren Microsoft Copilot Studio: Automatizar aplicaciones web y de escritorio con uso en el ordenador (vista previa) – Microsoft Copilot Studio | Microsoft Learn
• Si son creadores de agentes y quieren crear agentes listos para empresas, empiecen a integrarse con Agent 365: Microsoft Agent 365: El plano de control para agentes de IA | Microsoft 365 Blog que incluye el uso en el ordenador como herramienta en el Agent SDK: Agentes de prueba que usan el Microsoft Agent 365 SDK | Microsoft Learn

Nota del editor – 22 de enero de 2026 – Se realizaron cambios en el texto para mayor claridad tras la publicación inicial.

Etiquetas:

• IA
• Tecnología

The post Windows 365 for Agents: El próximo capítulo del PC en la nube appeared first on Source LATAM.

​The post Windows 365 for Agents: El próximo capítulo del PC en la nube appeared first on Source LATAM.  

AWS Multi-Party Approval now requires approvers to verify their voting actions with a one-time password (OTP) sent to their registered AWS Identity Center email address. This additional security layer prevents AWS IAM Identity Center administrators from bypassing multi-party approval controls by impersonating approvers through credential resets or authentication endpoint modifications. When approvers access the Approval Portal and attempt to cast their vote on protected operations, the system generates a six-digit verification code and sends it to their email. Approvers enter this code within 10 minutes to complete their vote, with up to three attempts allowed.

The OTP verification process activates only when approvers submit their vote decision, they can review all approval request details before verification is required. If approvers don’t receive the email or the code expires, they can request a new code through the interface.

AWS Multi-party approval with OTP verification for voting is available in all AWS Regions where Mulit-party approval is offered at no additional charge. To learn more, visit the AWS Multi-party approval documentation

​AWS Multi-Party Approval now requires approvers to verify their voting actions with a one-time password (OTP) sent to their registered AWS Identity Center email address. This additional security layer prevents AWS IAM Identity Center administrators from bypassing multi-party approval controls by impersonating approvers through credential resets or authentication endpoint modifications. When approvers access the Approval Portal and attempt to cast their vote on protected operations, the system generates a six-digit verification code and sends it to their email. Approvers enter this code within 10 minutes to complete their vote, with up to three attempts allowed. The OTP verification process activates only when approvers submit their vote decision, they can review all approval request details before verification is required. If approvers don’t receive the email or the code expires, they can request a new code through the interface. AWS Multi-party approval with OTP verification for voting is available in all AWS Regions where Mulit-party approval is offered at no additional charge. To learn more, visit the AWS Multi-party approval documentation  

Amazon Lightsail now offers memory-optimized instance bundles with up to 512 GB memory. The new instance bundles are available in 7 sizes, with Linux and Windows operating system (OS) and application blueprints, for both IPv6-only and dual-stack networking types. You can create instances using the new bundles with pre-configured OS and application blueprints including WordPress, cPanel & WHM, Plesk, Drupal, Magento, MEAN, LAMP, Node.js, Ruby on Rails, Amazon Linux, Ubuntu, CentOS, Debian, AlmaLinux, and Windows.

The new memory-optimized instance bundles enable you to run memory-intensive workloads that require high RAM-to-vCPU ratios in Lightsail. These high-memory instance bundles are ideal for workloads such as in-memory databases, real-time big data analytics, in-memory caching systems, high-performance computing (HPC) applications, and large-scale enterprise applications that process extensive datasets in memory.

These new bundles are now available in all AWS Regions where Amazon Lightsail is available. For more information on pricing, click here.

​Amazon Lightsail now offers memory-optimized instance bundles with up to 512 GB memory. The new instance bundles are available in 7 sizes, with Linux and Windows operating system (OS) and application blueprints, for both IPv6-only and dual-stack networking types. You can create instances using the new bundles with pre-configured OS and application blueprints including WordPress, cPanel & WHM, Plesk, Drupal, Magento, MEAN, LAMP, Node.js, Ruby on Rails, Amazon Linux, Ubuntu, CentOS, Debian, AlmaLinux, and Windows. The new memory-optimized instance bundles enable you to run memory-intensive workloads that require high RAM-to-vCPU ratios in Lightsail. These high-memory instance bundles are ideal for workloads such as in-memory databases, real-time big data analytics, in-memory caching systems, high-performance computing (HPC) applications, and large-scale enterprise applications that process extensive datasets in memory. These new bundles are now available in all AWS Regions where Amazon Lightsail is available. For more information on pricing, click here.  

Today, AWS announced the availability of DeepSeek OCR, MiniMax M2.1, and Qwen3-VL-8B-Instruct in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These three models bring specialized capabilities spanning document intelligence, multilingual coding, advanced multimodal reasoning, and vision-language understanding, enabling customers to build sophisticated AI applications across diverse use cases on AWS infrastructure.

These models address different enterprise AI challenges with specialized capabilities:
DeepSeek OCR explores visual-text compression for document processing. It can extract structured information from forms, invoices, diagrams, and complex documents with dense text layouts.
MiniMax M2.1 is optimized for coding, tool use, instruction following, and long-horizon planning. It automates multilingual software development and executes complex, multi-step office workflows, empowering developers to build autonomous applications.
Qwen3-VL-8B-Instruct delivers ssuperior text understanding and generation, deeper visual perception and reasoning, extended context length, enhanced spatial and video dynamics comprehension, and stronger agent interaction capabilities.
With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases.

To get started with these models, navigate to the SageMaker JumpStart model catalog in the SageMaker console or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation. 

​Today, AWS announced the availability of DeepSeek OCR, MiniMax M2.1, and Qwen3-VL-8B-Instruct in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These three models bring specialized capabilities spanning document intelligence, multilingual coding, advanced multimodal reasoning, and vision-language understanding, enabling customers to build sophisticated AI applications across diverse use cases on AWS infrastructure. These models address different enterprise AI challenges with specialized capabilities: DeepSeek OCR explores visual-text compression for document processing. It can extract structured information from forms, invoices, diagrams, and complex documents with dense text layouts. MiniMax M2.1 is optimized for coding, tool use, instruction following, and long-horizon planning. It automates multilingual software development and executes complex, multi-step office workflows, empowering developers to build autonomous applications. Qwen3-VL-8B-Instruct delivers ssuperior text understanding and generation, deeper visual perception and reasoning, extended context length, enhanced spatial and video dynamics comprehension, and stronger agent interaction capabilities. With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases. To get started with these models, navigate to the SageMaker JumpStart model catalog in the SageMaker console or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.   

AWS Security Token Service (STS) now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and Oracle Cloud Infrastructure in IAM role trust policies and resource control policies for OpenID Connect (OIDC) federation into AWS via the AssumeRoleWithWebIdentity API.

With this new capability, you can reference these custom claims as condition keys in IAM role trust policies and resource control policies, expanding your ability to implement fine-grained access control for federated identities and help you establish your data perimeters. This enhancement builds upon IAM’s existing OIDC federation capabilities, which allow you to grant temporary AWS credentials to users authenticated through external OIDC-compatible identity providers.

​AWS Security Token Service (STS) now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and Oracle Cloud Infrastructure in IAM role trust policies and resource control policies for OpenID Connect (OIDC) federation into AWS via the AssumeRoleWithWebIdentity API. With this new capability, you can reference these custom claims as condition keys in IAM role trust policies and resource control policies, expanding your ability to implement fine-grained access control for federated identities and help you establish your data perimeters. This enhancement builds upon IAM’s existing OIDC federation capabilities, which allow you to grant temporary AWS credentials to users authenticated through external OIDC-compatible identity providers.