Starting today, AWS Cloud WAN is available in the AWS Asia Pacific (Thailand), AWS Asia Pacific (Taipei) and AWS Asia Pacific (New Zealand) Regions.
With AWS Cloud WAN, you can use a central dashboard and network policies to create a global network that spans multiple locations and networks, removing the need to configure and manage different networks using different technologies. You can use network policies to specify the Amazon Virtual Private Clouds, AWS Transit Gateways, and on-premises locations you want to connect to using an AWS Site-to-Site VPN, AWS Direct Connect, or third-party software-defined WAN (SD-WAN) products. The AWS Cloud WAN central dashboard generates a comprehensive view of the network to help you monitor network health, security, and performance. In addition, AWS Cloud WAN automatically creates a global network across AWS Regions by using Border Gateway Protocol (BGP) so that you can easily exchange routes worldwide.
Starting today, AWS Cloud WAN is available in the AWS Asia Pacific (Thailand), AWS Asia Pacific (Taipei) and AWS Asia Pacific (New Zealand) Regions. With AWS Cloud WAN, you can use a central dashboard and network policies to create a global network that spans multiple locations and networks, removing the need to configure and manage different networks using different technologies. You can use network policies to specify the Amazon Virtual Private Clouds, AWS Transit Gateways, and on-premises locations you want to connect to using an AWS Site-to-Site VPN, AWS Direct Connect, or third-party software-defined WAN (SD-WAN) products. The AWS Cloud WAN central dashboard generates a comprehensive view of the network to help you monitor network health, security, and performance. In addition, AWS Cloud WAN automatically creates a global network across AWS Regions by using Border Gateway Protocol (BGP) so that you can easily exchange routes worldwide. To learn more, please visit the AWS Cloud WAN product detail page.
Amazon OpenSearch Serverless has added support for Federal Information Processing Standards (FIPS) compliant endpoints for Data Plane APIs in US East (N. Virginia), US East (Ohio), Canada (Central), AWS GovCloud (US-East), and AWS GovCloud (US-West). The service now meets the security requirements for cryptographic modules as outlined in Federal Information Processing Standard (FIPS) 140-3.
Amazon OpenSearch Serverless has added support for Federal Information Processing Standards (FIPS) compliant endpoints for Data Plane APIs in US East (N. Virginia), US East (Ohio), Canada (Central), AWS GovCloud (US-East), and AWS GovCloud (US-West). The service now meets the security requirements for cryptographic modules as outlined in Federal Information Processing Standard (FIPS) 140-3. Please refer to the AWS Regional Services List for more information about Amazon OpenSearch Service availability. To learn more about OpenSearch Serverless FIPS, see the documentation.
AWS is expanding service reference information to include which operations are supported by AWS services and which IAM permissions are needed to call a given operation. This will help you answer questions such as “I want to call a specific AWS service operation, which IAM permissions do I need?”
You can automate the retrieval of service reference information, eliminating manual effort and ensuring your policies align with the latest service updates. You can also incorporate this service reference information directly into your policy management tools and processes for a seamless integration. This feature is offered at no additional cost. To get started, refer to the documentation on programmatic service reference information.
AWS is expanding service reference information to include which operations are supported by AWS services and which IAM permissions are needed to call a given operation. This will help you answer questions such as “I want to call a specific AWS service operation, which IAM permissions do I need?” You can automate the retrieval of service reference information, eliminating manual effort and ensuring your policies align with the latest service updates. You can also incorporate this service reference information directly into your policy management tools and processes for a seamless integration. This feature is offered at no additional cost. To get started, refer to the documentation on programmatic service reference information.
Amazon Bedrock AgentCore Runtime now supports two deployment methods for AI agents: container-based deployment and direct code upload. Developers can now choose between direct code-zip file upload for rapid prototyping and iteration, or leverage advanced container-based options for complex use cases requiring custom configurations.
AgentCore Runtime provides a serverless, framework and model agnostic runtime for running agents and tools at scale. This deployment option streamlines the prototyping workflow while maintaining enterprise security and scaling capabilities for production deployments. Developers can now deploy agents using direct code-zip upload with easy drag-and-drop functionality. This enables faster iteration cycles, empowering developers to prototype quickly and focus on building innovative agent capabilities.
This feature is available in all nine AWS Regions where Amazon Bedrock AgentCore Runtime is available: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Ireland).
Amazon Bedrock AgentCore Runtime now supports two deployment methods for AI agents: container-based deployment and direct code upload. Developers can now choose between direct code-zip file upload for rapid prototyping and iteration, or leverage advanced container-based options for complex use cases requiring custom configurations. AgentCore Runtime provides a serverless, framework and model agnostic runtime for running agents and tools at scale. This deployment option streamlines the prototyping workflow while maintaining enterprise security and scaling capabilities for production deployments. Developers can now deploy agents using direct code-zip upload with easy drag-and-drop functionality. This enables faster iteration cycles, empowering developers to prototype quickly and focus on building innovative agent capabilities. This feature is available in all nine AWS Regions where Amazon Bedrock AgentCore Runtime is available: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Ireland). To learn more about AgentCore Runtime deployment options, see the AgentCore documentation and get started with the AgentCore Starter Toolkit. AgentCore offers consumption-based pricing with no upfront costs.
AWS Config conformance packs and organization-level management capabilities for conformance packs are now available in additional AWS Regions. Conformance packs allow you to bundle AWS Config rules into a single package, simplifying deployment at scale. You can deploy and manage these conformance packs throughout your AWS environment.
Conformance packs provide a general-purpose compliance framework designed to enable you to create security, operational, or cost-optimization governance checks using managed or custom AWS Config rules. This allows you to monitor compliance scores based on your own groupings. With this launch, you can also manage the AWS Config conformance packs and individual AWS Config rules at the organization level which simplifies the compliance management across your AWS Organization.
With this expansion, AWS Config Conformance Packs are now also available in the following AWS Regions: Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Taipei) and Mexico (Central).
To get started, you can either use the provided sample conformance pack templates or craft a custom YAML file from scratch based on a custom conformance pack. Conformance pack deployment can be done through the AWS Config console, AWS CLI, or via AWS CloudFormation. You will be charged per conformance pack evaluation in your AWS account per AWS Region. Visit the AWS Config pricing page for more details. To learn more about AWS Config conformance packs, see our documentation.
AWS Config conformance packs and organization-level management capabilities for conformance packs are now available in additional AWS Regions. Conformance packs allow you to bundle AWS Config rules into a single package, simplifying deployment at scale. You can deploy and manage these conformance packs throughout your AWS environment. Conformance packs provide a general-purpose compliance framework designed to enable you to create security, operational, or cost-optimization governance checks using managed or custom AWS Config rules. This allows you to monitor compliance scores based on your own groupings. With this launch, you can also manage the AWS Config conformance packs and individual AWS Config rules at the organization level which simplifies the compliance management across your AWS Organization. With this expansion, AWS Config Conformance Packs are now also available in the following AWS Regions: Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Taipei) and Mexico (Central). To get started, you can either use the provided sample conformance pack templates or craft a custom YAML file from scratch based on a custom conformance pack. Conformance pack deployment can be done through the AWS Config console, AWS CLI, or via AWS CloudFormation. You will be charged per conformance pack evaluation in your AWS account per AWS Region. Visit the AWS Config pricing page for more details. To learn more about AWS Config conformance packs, see our documentation.
Amazon Relational Database Service (RDS) for Oracle is now available with R7i memory-optimized preconfigured instances that offer additional memory and storage I/O per vCPU. Powered by custom 4th Gen Intel Xeon Scalable processors with AWS Nitro System and DDR5 memory for high performance, these instances provide up to 64:1 memory-to-vCPU ratio. Many Oracle database workloads require high memory, but can safely reduce the number of vCPUs without impacting application performance. By running such Oracle database workloads on R7i pre-configured instances, customers can lower their Oracle database licensing and support costs while meeting high performance application requirements.
Memory optimized R7i pre-configured instances are available for Amazon RDS for Oracle with Bring Your Own License (BYOL) license model supporting both Oracle Database Enterprise Edition and Oracle Database Standard Edition 2. To learn more about Amazon RDS for Oracle R7i memory-optimized preconfigured instances, read RDS for Oracle User Guide and visit Amazon RDS for Oracle Pricing for available instance configurations, pricing details, and region availability.
Amazon Relational Database Service (RDS) for Oracle is now available with R7i memory-optimized preconfigured instances that offer additional memory and storage I/O per vCPU. Powered by custom 4th Gen Intel Xeon Scalable processors with AWS Nitro System and DDR5 memory for high performance, these instances provide up to 64:1 memory-to-vCPU ratio. Many Oracle database workloads require high memory, but can safely reduce the number of vCPUs without impacting application performance. By running such Oracle database workloads on R7i pre-configured instances, customers can lower their Oracle database licensing and support costs while meeting high performance application requirements. Memory optimized R7i pre-configured instances are available for Amazon RDS for Oracle with Bring Your Own License (BYOL) license model supporting both Oracle Database Enterprise Edition and Oracle Database Standard Edition 2. To learn more about Amazon RDS for Oracle R7i memory-optimized preconfigured instances, read RDS for Oracle User Guide and visit Amazon RDS for Oracle Pricing for available instance configurations, pricing details, and region availability.
Microsoft Edge presenta guardado y sincronización de claves de acceso con Microsoft Password Manager
Por: Vinithra Rajendran
Estamos encantados de compartir que las claves de acceso ahora se pueden guardar y sincronizar de forma segura en sus dispositivos de escritorio de Windows a través de Microsoft Password Manager en Edge. Esta actualización hace que el inicio de sesión sea más fácil y seguro. Así es como funciona y por qué las claves de acceso son la opción inteligente para proteger sus cuentas en línea.
Tengan en cuenta que esta característica se ha comenzado a implementar de manera gradual en Microsoft Edge 142 en Windows para cuentas de Microsoft (MSA, por sus siglas en inglés) y estará disponible en plataformas adicionales más adelante.
¿Qué son las claves de acceso?
Las claves de acceso son una forma más sencilla y segura de iniciar sesión en sus aplicaciones y sitios web sin necesidad de una contraseña. En lugar de escribir una contraseña, se autentican por medio de la seguridad integrada de su dispositivo, como una huella digital, reconocimiento facial o un PIN.
Las claves de acceso se basan en el estándar abierto Fast IDentity Online 2 (FIDO2), que utiliza criptografía de clave pública para iniciar sesión de forma segura. Su cuenta almacena una clave privada única específica de forma segura para un sitio web, mientras que el sitio web solo mantiene una clave pública. Esto significa que incluso si un sitio web sufre una violación de datos, su cuenta permanece segura.
¿Por qué debería usar claves de acceso?
Las claves de acceso se han comenzado a convertir en el futuro de la seguridad en línea.
Mayor seguridad:
Las claves de acceso no se pueden adivinar ni reutilizar como las contraseñas.
Son resistentes a los ataques de phishing y relleno de credenciales.
Una forma más rápida y sencilla de iniciar sesión:
No es necesario recordar contraseñas complejas ni escribirlas de manera manual.
Solo tienen que usar su huella dactilar, escaneo facial o PIN del dispositivo para iniciar sesión.
Sin problemas en todos los dispositivos:
Las claves de acceso se sincronizan de forma segura a través de su cuenta de Microsoft y en la actualidad están disponibles en dispositivos Windows, con disponibilidad futura planificada en plataformas adicionales.
La privacidad es lo primero por diseño:
Sus datos biométricos se procesan a nivel local en su dispositivo.
Los sitios web solo obtienen una prueba criptográfica de que ustedes son ustedes.
¿Cómo puedo usar claves de paso en Microsoft Edge?
Pueden almacenar claves de acceso en Microsoft Password Manager en Edge. Esto se admite en la actualidad en Windows, con disponibilidad futura planificada en plataformas adicionales.
Las claves de acceso se almacenan en su cuenta de Microsoft y están protegidas por un PIN de Microsoft Password Manager, que configurarán al crear la clave de acceso por primera vez.
Cuando visiten un sitio que admita claves de paso, se les preguntará si desean crear una clave de paso en Microsoft Password Manager. La clave de acceso creada se guarda en Microsoft Password Manager y se puede usar para iniciar sesión en el sitio web específico tan solo con realizar su forma preferida de autenticación del dispositivo, como huella digital, reconocimiento facial o código PIN.
Al sincronizar claves de paso en dispositivos posteriores, se les pedirá que se comprueben al brindar el PIN de Microsoft Password Manager que crearon antes para desbloquear las claves de paso en el nuevo dispositivo.
¿Listos para probar las claves de acceso?
Siempre que vean el mensaje Crear una clave de acceso, ¡pruébenlo! Es la forma más fácil de hacer que su vida en línea sea más simple y segura.
Requisitos previos:
Dispositivo Windows (versión 10 y superior)
Microsoft Edge (versión 142 y posteriores)
Cuenta Microsoft
¿Cómo se almacenan de forma segura mis claves de acceso en Microsoft Password Manager?
Las claves de acceso creadas se almacenan de forma segura en la nube en un formato cifrado y, además, están protegidas por un PIN de Microsoft Password Manager. Para desbloquear claves de acceso en un nuevo dispositivo, tendrán un máximo de 10 intentos para ingresar el PIN correcto.
Si olvidan el PIN de Microsoft Password Manager, pueden restablecerlo desde un dispositivo que ya tenga acceso a la clave de paso si navegan a Configuración de Edge > Contraseñas y rellenado automático > Microsoft Password Manager > Configuración.
Todos los intentos de desbloqueo y restablecimiento del PIN de Microsoft Password Manager se registran y se protege la integridad en el libro de contabilidad confidencial inmutable de Azure para mayor transparencia.
¿Puedo usar claves de paso creadas en Microsoft Password Manager en otras aplicaciones?
Con el complemento Microsoft Password Manager en Windows, pueden usar sus claves de acceso fuera de Edge, como en otros navegadores y aplicaciones en Windows. Esta capacidad estará disponible más adelante en Windows.
Preguntas frecuentes
¿Qué sucede con mis contraseñas guardadas?
Sus contraseñas guardadas permanecen intactas. Pueden seguir usándolas como de costumbre. Pero siempre que un sitio admita claves de acceso, tendrán la opción de actualizar a una clave de acceso para una mayor seguridad e inicios de sesión más rápidos.
¿Necesito crear nuevas cuentas para usar claves de acceso?
No. Para la mayoría de las cuentas existentes, ustedes tan solo agregan una clave de acceso sin cambiar nada más.
¿Qué pasa si cambio de dispositivo?
Se realiza una copia de seguridad y sincronización de las claves de paso de forma segura a través de su cuenta Microsoft. Cuando inician sesión en un nuevo dispositivo, sus claves de acceso vienen con ustedes.
Nota: Esto requiere verificarse con el PIN de Microsoft Password Manager en el nuevo dispositivo. La capacidad de sincronización de claves de acceso está disponible en Windows y pronto se ampliará a otras plataformas.
¿La sincronización de claves de paso está disponible en dispositivos móviles o para cuentas profesionales o educativas (Microsoft Entra)?
No, esta funcionalidad no está disponible en la actualidad para dispositivos móviles ni para cuentas de Microsoft Entra.
¿Son seguras las claves de acceso si alguien roba mi dispositivo?
Sí, las claves de acceso están diseñadas para ser seguras incluso si pierden o les roban su dispositivo. Sin su huella digital, reconocimiento facial o PIN del dispositivo, nadie puede usarlos.
¿Puedo seguir viendo o administrando mis contraseñas guardadas?
Por supuesto. Pueden administrar tanto sus contraseñas como claves de paso existentes desde su Administrador de contraseñas de Microsoft en Edge.
AWS Config announces launch of an additional 42 managed Config rules for various use cases such as security, cost, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment.
With this launch, you can now enable these controls across your account or across your organization. For example, you can evaluate your tagging strategies across Amazon EKS Fargate profiles, Amazon EC2 Network Insight Analyses, AWS Glue Machine learning transforms. Or you can assess your security posture across Amazon Cognito Identity pools, Amazon Lightsail buckets, AWS Amplify apps and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance.
AWS Config announces launch of an additional 42 managed Config rules for various use cases such as security, cost, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment.
With this launch, you can now enable these controls across your account or across your organization. For example, you can evaluate your tagging strategies across Amazon EKS Fargate profiles, Amazon EC2 Network Insight Analyses, AWS Glue Machine learning transforms. Or you can assess your security posture across Amazon Cognito Identity pools, Amazon Lightsail buckets, AWS Amplify apps and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance.
For the full list of recently released rules, visit the AWS Config developer guide. For description of each rule and the AWS Regions in which it is available, please refer our Config managed rules documentation. To start using Config rules, please refer our documentation. New Rules Launched:
Starting today, you can add warm pools to Auto Scaling groups (ASGs) that have mixed instances policies. With warm pools, customers can improve the elasticity of their applications by creating a pool of pre-initialized EC2 instances that are ready to quickly serve application traffic. By combining warm pools with instance type flexibility, an ASG can rapidly scale out to its maximum size at any time, deploying applications across multiple instance types to enhance availability.
Warm pools are particularly beneficial for applications with lengthy initialization processes, such as writing large amounts of data to disk, running complex custom scripts, or other time-consuming setup procedures that can take several minutes or longer to serve traffic. With this new release, the warm pool feature now works seamlessly with ASGs configured for multiple On-Demand instance types, whether specified through manual instance type lists or attribute-based instance type selection. The combination of instance type flexibility and warm pools provides a powerful solution that helps customers scale out efficiently while maximizing availability.
Starting today, you can add warm pools to Auto Scaling groups (ASGs) that have mixed instances policies. With warm pools, customers can improve the elasticity of their applications by creating a pool of pre-initialized EC2 instances that are ready to quickly serve application traffic. By combining warm pools with instance type flexibility, an ASG can rapidly scale out to its maximum size at any time, deploying applications across multiple instance types to enhance availability. Warm pools are particularly beneficial for applications with lengthy initialization processes, such as writing large amounts of data to disk, running complex custom scripts, or other time-consuming setup procedures that can take several minutes or longer to serve traffic. With this new release, the warm pool feature now works seamlessly with ASGs configured for multiple On-Demand instance types, whether specified through manual instance type lists or attribute-based instance type selection. The combination of instance type flexibility and warm pools provides a powerful solution that helps customers scale out efficiently while maximizing availability. The warm pool feature is available through the AWS Management Console, the AWS SDKs, and the AWS Command Line Interface (CLI). It is available in all public AWS Regions and AWS GovCloud (US) Regions. To learn more about warm pools, visit this AWS documentation.
Amazon Kinesis Data Streams launches On-demand Advantage, so customers can warm on-demand streams to handle instant throughput increases up to 10GB or 10 million events per second, eliminating the need to over-provision or build custom scaling solutions. Amazon Kinesis Data Streams is a serverless streaming data service that makes it easy to capture, process, and store data streams at any scale. On-demand streams automatically scale capacity based on data usage, and now you can warm write capacity ad hoc. On-demand Advantage also provides a simpler pricing structure that removes the fixed, per-stream charge, so customers only pay for data usage at better rates.
On-demand Advantage offers data usage with 60% lower pricing compared to On-demand Standard, with data ingest at $0.032/GB and data retrieval at $0.016/GB in the US East (N. Virginia) region. The price of Enhanced fan-out data retrieval is the same as shared-throughput retrievals, making higher fan-out use cases more cost effective. The mode also decreases the price of extended retention by 77% from $0.10/GB-month to $0.023/GB-month. Once you enable On-demand Advantage mode, the account will be billed for a minimum of 25MB/s of data ingest and 25MB/s of data retrieval at the lower rates across all on-demand streams. The new pricing means On-demand Advantage is the most cost effective way to stream with Kinesis Data Streams when you ingest at least 10MB/s in aggregate, fan out to more than two consumer applications, or have hundreds of streams in a region. You can check directly in the Kinesis console and the pricing page if On-demand Advantage is a good fit for your account.
On-demand Advantage is available in all AWS regions where Kinesis Data Streams is available, including AWS GovCloud (US) and China regions. To learn more, see the launch blog and the Kinesis Data Streams User Guide.
Amazon Kinesis Data Streams launches On-demand Advantage, so customers can warm on-demand streams to handle instant throughput increases up to 10GB or 10 million events per second, eliminating the need to over-provision or build custom scaling solutions. Amazon Kinesis Data Streams is a serverless streaming data service that makes it easy to capture, process, and store data streams at any scale. On-demand streams automatically scale capacity based on data usage, and now you can warm write capacity ad hoc. On-demand Advantage also provides a simpler pricing structure that removes the fixed, per-stream charge, so customers only pay for data usage at better rates. On-demand Advantage offers data usage with 60% lower pricing compared to On-demand Standard, with data ingest at $0.032/GB and data retrieval at $0.016/GB in the US East (N. Virginia) region. The price of Enhanced fan-out data retrieval is the same as shared-throughput retrievals, making higher fan-out use cases more cost effective. The mode also decreases the price of extended retention by 77% from $0.10/GB-month to $0.023/GB-month. Once you enable On-demand Advantage mode, the account will be billed for a minimum of 25MB/s of data ingest and 25MB/s of data retrieval at the lower rates across all on-demand streams. The new pricing means On-demand Advantage is the most cost effective way to stream with Kinesis Data Streams when you ingest at least 10MB/s in aggregate, fan out to more than two consumer applications, or have hundreds of streams in a region. You can check directly in the Kinesis console and the pricing page if On-demand Advantage is a good fit for your account. On-demand Advantage is available in all AWS regions where Kinesis Data Streams is available, including AWS GovCloud (US) and China regions. To learn more, see the launch blog and the Kinesis Data Streams User Guide.
