Amazon EMR Serverless is a serverless option in Amazon EMR that makes it simple for data engineers and data scientists to run open-source big data analytics frameworks without configuring, managing, and scaling clusters or servers. Today, we are excited to announce that Amazon EMR Serverless Streaming jobs, which enables you to continuously analyze and process streaming data, is now available in the AWS GovCloud (US) Regions.

Streaming has become vital for businesses to gain continuous insights from data sources like sensors, IoT devices, and web logs. However, processing streaming data can be challenging due to requirements such as high availability, resilience to failures, and integration with streaming services. Amazon EMR Serverless Streaming jobs has built-in features to addresses these challenges. It offers high availability through multi-AZ (Availability Zone) resiliency by automatically failing over to healthy AZs. It also offers increased resiliency through automatic job retries on failures and log management features like log rotation and compaction, preventing the accumulation of log files that might lead to job failures. In addition, Amazon EMR Serverless Streaming jobs support processing data from streaming services like self-managed Apache Kafka clusters, Amazon Managed Streaming for Apache Kafka, and now is integrated with Amazon Kinesis Data Streams using a new built-in Amazon Kinesis Data Streams Connector, making it easier to build end-to-end streaming pipelines.

To get started, visit the Amazon EMR Serverless Streaming jobs page in the Amazon EMR Serverless User Guide.

 

​Amazon EMR Serverless is a serverless option in Amazon EMR that makes it simple for data engineers and data scientists to run open-source big data analytics frameworks without configuring, managing, and scaling clusters or servers. Today, we are excited to announce that Amazon EMR Serverless Streaming jobs, which enables you to continuously analyze and process streaming data, is now available in the AWS GovCloud (US) Regions. Streaming has become vital for businesses to gain continuous insights from data sources like sensors, IoT devices, and web logs. However, processing streaming data can be challenging due to requirements such as high availability, resilience to failures, and integration with streaming services. Amazon EMR Serverless Streaming jobs has built-in features to addresses these challenges. It offers high availability through multi-AZ (Availability Zone) resiliency by automatically failing over to healthy AZs. It also offers increased resiliency through automatic job retries on failures and log management features like log rotation and compaction, preventing the accumulation of log files that might lead to job failures. In addition, Amazon EMR Serverless Streaming jobs support processing data from streaming services like self-managed Apache Kafka clusters, Amazon Managed Streaming for Apache Kafka, and now is integrated with Amazon Kinesis Data Streams using a new built-in Amazon Kinesis Data Streams Connector, making it easier to build end-to-end streaming pipelines. To get started, visit the Amazon EMR Serverless Streaming jobs page in the Amazon EMR Serverless User Guide.  

Amazon EMR Serverless is now a FedRAMP High authorized service in the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. Federal agencies, public sector organizations and other enterprises with FedRAMP High compliance requirements can now leverage EMR Serverless to run Apache Spark and Hive workloads.

Amazon EMR Serverless is a serverless option that makes it simple for data analysts and engineers to run open-source big data analytics frameworks without configuring, managing, and scaling clusters or servers. The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services.

To get started with Amazon EMR Serverless, visit the User Guide.
 

 

​Amazon EMR Serverless is now a FedRAMP High authorized service in the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. Federal agencies, public sector organizations and other enterprises with FedRAMP High compliance requirements can now leverage EMR Serverless to run Apache Spark and Hive workloads. Amazon EMR Serverless is a serverless option that makes it simple for data analysts and engineers to run open-source big data analytics frameworks without configuring, managing, and scaling clusters or servers. The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services. To get started with Amazon EMR Serverless, visit the User Guide.    

Today, we are excited to announce the general availability of Amazon Data Firehose (Firehose) integration with Amazon S3 Tables, a feature that enables customers to deliver real-time streaming data into Amazon S3 Tables without requiring any code development or multi-step processes.

Firehose can acquire streaming data from Amazon Kinesis Data Streams, Amazon MSK, Direct PUT API, and AWS Services such as AWS WAF web ACL logs, Amazon VPC Flow Logs. It can then deliver this data to destinations like Amazon S3, Amazon Redshift, OpenSearch, Splunk, Snowflake, and others for analytics. Now, with the Amazon S3 Table integration, customers can stream data from any of these sources directly into Amazon S3 Tables. As a serverless service, Firehose allows customers to simply setup a stream by configuring the source and destination properties, and pay based on bytes processed.

The new feature also enables customers to route records in a data stream to different Amazon S3 tables based on the content of the incoming record. Additionally, customers can automate processing for data correction and right-to-forget scenarios by applying row-level update or delete operations in the destination S3 tables.

To get started, visit Amazon Data Firehose documentation and console.
 

 

​Today, we are excited to announce the general availability of Amazon Data Firehose (Firehose) integration with Amazon S3 Tables, a feature that enables customers to deliver real-time streaming data into Amazon S3 Tables without requiring any code development or multi-step processes. Firehose can acquire streaming data from Amazon Kinesis Data Streams, Amazon MSK, Direct PUT API, and AWS Services such as AWS WAF web ACL logs, Amazon VPC Flow Logs. It can then deliver this data to destinations like Amazon S3, Amazon Redshift, OpenSearch, Splunk, Snowflake, and others for analytics. Now, with the Amazon S3 Table integration, customers can stream data from any of these sources directly into Amazon S3 Tables. As a serverless service, Firehose allows customers to simply setup a stream by configuring the source and destination properties, and pay based on bytes processed. The new feature also enables customers to route records in a data stream to different Amazon S3 tables based on the content of the incoming record. Additionally, customers can automate processing for data correction and right-to-forget scenarios by applying row-level update or delete operations in the destination S3 tables. To get started, visit Amazon Data Firehose documentation and console.    

Amazon S3 Access Grants now authenticate based on the union of both Identity Provider (IdP) and AWS Identity and Access Management (IAM) permissions. This means customers can use AWS machine learning and analytics services such as Amazon SageMaker Unified Studio, Amazon Redshift, and AWS Glue to request access to their S3 data, and S3 Access Grants will grant access to their data after evaluating both their IdP and IAM permissions.

Now, S3 Access Grants evaluate both IAM and IdP permissions so you no longer have to choose between identity contexts when requesting access to S3. With just a few clicks in the AWS Management Console or a few lines of code using the AWS SDK, you can map S3 permissions to users and groups in an existing corporate directory, such as Entra ID and Okta, or to an IAM user or role. S3 Access Grants automatically update S3 permissions based on end user group membership as users are added and removed from groups in the IdP.

Amazon S3 Access Grants are available in all AWS Regions where AWS IAM Identity Center is available. For pricing details, visit Amazon S3 pricing. To learn more about S3 Access Grants, visit the S3 User Guide.
 

 

​Amazon S3 Access Grants now authenticate based on the union of both Identity Provider (IdP) and AWS Identity and Access Management (IAM) permissions. This means customers can use AWS machine learning and analytics services such as Amazon SageMaker Unified Studio, Amazon Redshift, and AWS Glue to request access to their S3 data, and S3 Access Grants will grant access to their data after evaluating both their IdP and IAM permissions. Now, S3 Access Grants evaluate both IAM and IdP permissions so you no longer have to choose between identity contexts when requesting access to S3. With just a few clicks in the AWS Management Console or a few lines of code using the AWS SDK, you can map S3 permissions to users and groups in an existing corporate directory, such as Entra ID and Okta, or to an IAM user or role. S3 Access Grants automatically update S3 permissions based on end user group membership as users are added and removed from groups in the IdP. Amazon S3 Access Grants are available in all AWS Regions where AWS IAM Identity Center is available. For pricing details, visit Amazon S3 pricing. To learn more about S3 Access Grants, visit the S3 User Guide.    

AWS Wickr is excited to announce a redesigned admin experience that’s now fully integrated with the AWS Management Console. We’ve made updates to provide a more intuitive layout, easier navigation, and a more accessible experience. The new console uses the AWS Cloudscape design system for front-end components to give you the consistent and familiar experience you get with the AWS Management Console.

AWS Wickr is a security-first messaging and collaboration service designed to keep internal and external communications secure, private, and compliant. It protects one-to-one and group messaging, voice and video calling, file sharing, screen sharing, and location sharing with end-to-end encryption. Customers have full administrative control to enforce information governance policies, configure ephemeral messaging, and to log both internal and external conversations in an AWS Wickr network to a private data store for data retention and auditing purposes.

AWS Wickr is available in commercial AWS Regions including US East (N. Virginia), Canada (Central), Asia Pacific (Malaysia, Singapore, Sydney, and Tokyo), and Europe (London, Frankfurt, Stockholm, and Zurich). It is also available in GovCloud (US-West) as Department of Defense Impact Level 5 (DoD IL5)-authorized AWS WickrGov.

The new console experience will be made available in phases over the coming weeks. Administrators will still be able to access the classic console for a limited period to ensure a smooth transition to the new experience. To learn more and get started, see the following resources:

• AWS Wickr Administration Guide
• AWS Wickr Product Details

 

​AWS Wickr is excited to announce a redesigned admin experience that’s now fully integrated with the AWS Management Console. We’ve made updates to provide a more intuitive layout, easier navigation, and a more accessible experience. The new console uses the AWS Cloudscape design system for front-end components to give you the consistent and familiar experience you get with the AWS Management Console. AWS Wickr is a security-first messaging and collaboration service designed to keep internal and external communications secure, private, and compliant. It protects one-to-one and group messaging, voice and video calling, file sharing, screen sharing, and location sharing with end-to-end encryption. Customers have full administrative control to enforce information governance policies, configure ephemeral messaging, and to log both internal and external conversations in an AWS Wickr network to a private data store for data retention and auditing purposes. AWS Wickr is available in commercial AWS Regions including US East (N. Virginia), Canada (Central), Asia Pacific (Malaysia, Singapore, Sydney, and Tokyo), and Europe (London, Frankfurt, Stockholm, and Zurich). It is also available in GovCloud (US-West) as Department of Defense Impact Level 5 (DoD IL5)-authorized AWS WickrGov. The new console experience will be made available in phases over the coming weeks. Administrators will still be able to access the classic console for a limited period to ensure a smooth transition to the new experience. To learn more and get started, see the following resources:

AWS Wickr Administration Guide
AWS Wickr Product Details  

Amazon Bedrock now supports fine-tuning for Meta’s Llama 3.2 models (1B, 3B, 11B, and 90B), enabling businesses to customize these generative AI models with their own data. Llama 3.2 models are available in various sizes, from small (1B and 3B) to medium-sized multimodal models (11B and 90B). Llama 3.2 11B and 90B models are the first in the Llama series to support both text and vision tasks, achieved by integrating image encoder representations into the language model. Fine-tuning allows you to adapt Llama 3.2 models for domain-specific tasks, enhancing performance for specialized use cases.

The Llama 3.2 90B model excels in advanced reasoning, long-form text generation, coding, multilingual translation, and image reasoning tasks such as captioning, visual question answering, and document analysis. The Llama 3.2 11B model is designed for content creation, conversational AI, and enterprise applications, with strong performance in text summarization, sentiment analysis, and visual understanding. For resource-constrained scenarios, the lightweight Llama 3.2 1B and 3B models enable on-device applications, excelling in tasks like text summarization, classification, and retrieval while ensuring low latency and enhanced privacy. By fine-tuning Llama 3.2 models in Amazon Bedrock, businesses can further enhance their capabilities for specialized applications, improving accuracy and relevance without needing to build models from scratch.

You can fine-tune Llama 3.2 models in Amazon Bedrock in the US West (Oregon) AWS Region. For pricing, visit the Amazon Bedrock pricing page. To get started, see the Amazon Bedrock user guide and visit the Amazon Bedrock console.
 

 

​Amazon Bedrock now supports fine-tuning for Meta’s Llama 3.2 models (1B, 3B, 11B, and 90B), enabling businesses to customize these generative AI models with their own data. Llama 3.2 models are available in various sizes, from small (1B and 3B) to medium-sized multimodal models (11B and 90B). Llama 3.2 11B and 90B models are the first in the Llama series to support both text and vision tasks, achieved by integrating image encoder representations into the language model. Fine-tuning allows you to adapt Llama 3.2 models for domain-specific tasks, enhancing performance for specialized use cases. The Llama 3.2 90B model excels in advanced reasoning, long-form text generation, coding, multilingual translation, and image reasoning tasks such as captioning, visual question answering, and document analysis. The Llama 3.2 11B model is designed for content creation, conversational AI, and enterprise applications, with strong performance in text summarization, sentiment analysis, and visual understanding. For resource-constrained scenarios, the lightweight Llama 3.2 1B and 3B models enable on-device applications, excelling in tasks like text summarization, classification, and retrieval while ensuring low latency and enhanced privacy. By fine-tuning Llama 3.2 models in Amazon Bedrock, businesses can further enhance their capabilities for specialized applications, improving accuracy and relevance without needing to build models from scratch. You can fine-tune Llama 3.2 models in Amazon Bedrock in the US West (Oregon) AWS Region. For pricing, visit the Amazon Bedrock pricing page. To get started, see the Amazon Bedrock user guide and visit the Amazon Bedrock console.    

Amazon GuardDuty Extended Threat Detection is now automatically available in AWS GovCloud (US) and China Regions. This capability allows you to identify sophisticated, multi-stage attacks targeting your AWS accounts, workloads, and data. You can now use new attack sequence findings that cover multiple resources and data sources over an extensive time period, allowing you to spend less time on first-level analysis and more time responding to critical-severity threats to minimize business impact.

GuardDuty Extended Threat Detection uses artificial intelligence and machine learning algorithms trained at AWS scale and automatically correlates security signals from across AWS services to detect critical threats. It identifies attack sequences, such as credential compromise followed by data exfiltration, and represents them as a single, critical-severity finding. The finding includes an incident summary, a detailed events timeline, mapping to MITRE ATT&CK® tactics and techniques, and remediation recommendations.

GuardDuty Extended Threat Detection is also available in all AWS commercial Regions where GuardDuty is available. This capability is automatically enabled for all new and existing GuardDuty customers at no additional cost. You do not need to enable all GuardDuty protection plans. However, enabling additional protection plans such as GuardDuty S3 Protection will increase the breadth of security signals, allowing for more comprehensive threat analysis and coverage of attack scenarios. You can take action on findings directly from the GuardDuty console or via its integrations with AWS Security Hub and Amazon EventBridge.

To get started, visit the Amazon GuardDuty product page or try GuardDuty free for 30 days on the AWS Free Tier.
 

 

​Amazon GuardDuty Extended Threat Detection is now automatically available in AWS GovCloud (US) and China Regions. This capability allows you to identify sophisticated, multi-stage attacks targeting your AWS accounts, workloads, and data. You can now use new attack sequence findings that cover multiple resources and data sources over an extensive time period, allowing you to spend less time on first-level analysis and more time responding to critical-severity threats to minimize business impact. GuardDuty Extended Threat Detection uses artificial intelligence and machine learning algorithms trained at AWS scale and automatically correlates security signals from across AWS services to detect critical threats. It identifies attack sequences, such as credential compromise followed by data exfiltration, and represents them as a single, critical-severity finding. The finding includes an incident summary, a detailed events timeline, mapping to MITRE ATT&CK® tactics and techniques, and remediation recommendations. GuardDuty Extended Threat Detection is also available in all AWS commercial Regions where GuardDuty is available. This capability is automatically enabled for all new and existing GuardDuty customers at no additional cost. You do not need to enable all GuardDuty protection plans. However, enabling additional protection plans such as GuardDuty S3 Protection will increase the breadth of security signals, allowing for more comprehensive threat analysis and coverage of attack scenarios. You can take action on findings directly from the GuardDuty console or via its integrations with AWS Security Hub and Amazon EventBridge. To get started, visit the Amazon GuardDuty product page or try GuardDuty free for 30 days on the AWS Free Tier.    

Today, AWS announced the opening of a new AWS Direct Connect location within the Equinix LS1 data center near Lisbon, Portugal. By connecting your network to AWS at the new location, you gain private, direct access to all public AWS Regions (except those in China), AWS GovCloud Regions, and AWS Local Zones. This site is the first AWS Direct Connect location within Portugal. The new Direct Connect location offers dedicated 10 Gbps and 100 Gbps connections with MACsec encryption available.

The Direct Connect service enables you to establish a private, physical network connection between AWS and your data center, office, or colocation environment. These private connections can provide a more consistent network experience than those made over the public internet.

For more information on the over 145 Direct Connect locations worldwide, visit the locations section of the Direct Connect product detail pages. Or, visit our getting started page to learn more about how to purchase and deploy Direct Connect.

 

​Today, AWS announced the opening of a new AWS Direct Connect location within the Equinix LS1 data center near Lisbon, Portugal. By connecting your network to AWS at the new location, you gain private, direct access to all public AWS Regions (except those in China), AWS GovCloud Regions, and AWS Local Zones. This site is the first AWS Direct Connect location within Portugal. The new Direct Connect location offers dedicated 10 Gbps and 100 Gbps connections with MACsec encryption available. The Direct Connect service enables you to establish a private, physical network connection between AWS and your data center, office, or colocation environment. These private connections can provide a more consistent network experience than those made over the public internet. For more information on the over 145 Direct Connect locations worldwide, visit the locations section of the Direct Connect product detail pages. Or, visit our getting started page to learn more about how to purchase and deploy Direct Connect.  

A new minor version of Microsoft SQL Server is now available on Amazon RDS for SQL Server, providing performance enhancements and security fixes. Amazon RDS for SQL Server now supports this latest minor version of SQL Server 2019 across the Express, Web, Standard, and Enterprise editions.

We encourage you to upgrade your Amazon RDS for SQL Server database instances at your convenience. You can upgrade with just a few clicks in the Amazon RDS Management Console or by using the AWS CLI. Learn more about upgrading your database instances from the Amazon RDS User Guide. The new minor version is SQL Server 2019 CU31 15.0.4420.2.

This minor version is available in all AWS commercial regions where Amazon RDS for SQL Server databases are available, including the AWS GovCloud (US) Regions.

Amazon RDS for SQL Server makes it simple to set up, operate, and scale SQL Server deployments in the cloud. See Amazon RDS for SQL Server Pricing for pricing details and regional availability.

 

​A new minor version of Microsoft SQL Server is now available on Amazon RDS for SQL Server, providing performance enhancements and security fixes. Amazon RDS for SQL Server now supports this latest minor version of SQL Server 2019 across the Express, Web, Standard, and Enterprise editions. We encourage you to upgrade your Amazon RDS for SQL Server database instances at your convenience. You can upgrade with just a few clicks in the Amazon RDS Management Console or by using the AWS CLI. Learn more about upgrading your database instances from the Amazon RDS User Guide. The new minor version is SQL Server 2019 CU31 15.0.4420.2. This minor version is available in all AWS commercial regions where Amazon RDS for SQL Server databases are available, including the AWS GovCloud (US) Regions. Amazon RDS for SQL Server makes it simple to set up, operate, and scale SQL Server deployments in the cloud. See Amazon RDS for SQL Server Pricing for pricing details and regional availability.  

AWS CodeConnections now provides greater control to manage the creation of hosts with a new IAM condition key for self-managed GitLab/GitHub Enterprise Server hosts. The new condition key allows you to set up IAM policies to specify the VPC you want all connections to use when accessing your repositories.

With today’s release, AWS CodeConnections has added a condition key that allows you to enforce policies related to creating or updating hosts to use a specified VPC ID. The new condition key (codeconnections:VpcId) allows you to specify the ID of the VPC you want the corresponding host resource to use. This gives greater control to admins to manage traffic through VPCs related to specific use cases. For example, you can now centralize all use of repository access to a single VPC.

To learn more about using the new condition key, visit our documentation. To learn more about what connections in AWS CodeConnections are and how they work, visit our documentation.

 

​AWS CodeConnections now provides greater control to manage the creation of hosts with a new IAM condition key for self-managed GitLab/GitHub Enterprise Server hosts. The new condition key allows you to set up IAM policies to specify the VPC you want all connections to use when accessing your repositories. With today’s release, AWS CodeConnections has added a condition key that allows you to enforce policies related to creating or updating hosts to use a specified VPC ID. The new condition key (codeconnections:VpcId) allows you to specify the ID of the VPC you want the corresponding host resource to use. This gives greater control to admins to manage traffic through VPCs related to specific use cases. For example, you can now centralize all use of repository access to a single VPC. To learn more about using the new condition key, visit our documentation. To learn more about what connections in AWS CodeConnections are and how they work, visit our documentation.