Today, we are excited to announce the general availability of AWS Glue 5.0 in AWS GovCloud (US-West) and AWS GovCloud (US-East). With AWS Glue 5.0, you get improved performance, enhanced security, and more. AWS Glue 5.0 enables you to develop, run, and scale your data integration workloads and get insights faster.
AWS Glue is a serverless, scalable data integration service that makes it simple to discover, prepare, move, and integrate data from multiple sources. AWS Glue 5.0 upgrades the engines to Apache Spark 3.5.2, Python 3.11, and Java 17, with new performance and security improvements. Glue 5.0 updates open table format support to Apache Hudi 0.15.0, Apache Iceberg 1.6.1, and Delta Lake 3.2.0 so you can solve advanced use cases around performance, cost, governance, and privacy in your data lakes. AWS Glue 5.0 adds Spark native fine grained access control with AWS Lake Formation so you can apply table, column, row, and cell level permissions on Amazon S3 data lakes.
Today, we are excited to announce the general availability of AWS Glue 5.0 in AWS GovCloud (US-West) and AWS GovCloud (US-East). With AWS Glue 5.0, you get improved performance, enhanced security, and more. AWS Glue 5.0 enables you to develop, run, and scale your data integration workloads and get insights faster. AWS Glue is a serverless, scalable data integration service that makes it simple to discover, prepare, move, and integrate data from multiple sources. AWS Glue 5.0 upgrades the engines to Apache Spark 3.5.2, Python 3.11, and Java 17, with new performance and security improvements. Glue 5.0 updates open table format support to Apache Hudi 0.15.0, Apache Iceberg 1.6.1, and Delta Lake 3.2.0 so you can solve advanced use cases around performance, cost, governance, and privacy in your data lakes. AWS Glue 5.0 adds Spark native fine grained access control with AWS Lake Formation so you can apply table, column, row, and cell level permissions on Amazon S3 data lakes. To learn more, visit the AWS Glue product page and our documentation.
AWS Elastic Beanstalk now supports functionality that makes it easy to update a Beanstalk environment status when it enters into an invalid state during an update failure.
With AWS Elastic Beanstalk, you can easily deploy and manage applications in AWS without worrying about the infrastructure that runs those applications. However, there can be situations where a Beanstalk environment can become unavailable when the stack associated with it goes into an invalid status. Previously, when that happened, customers needed to contact AWS support to update their Beanstalk environment status in order to proceed. Now, Beanstalk will prompt you with a request to fix your underlying stack. You’ll be directed to a guide that walks you through the process step-by-step. Once you’ve made the adjustments, simply retry the request. Beanstalk will then automatically set the environment to available and complete the operation, minimizing downtime and complexity.
AWS Elastic Beanstalk environment recovery is generally available in commercial regions where Elastic Beanstalk is available including the AWS GovCloud (US) Regions. For a complete list of regions and service offerings, see AWS Regions.
For more information about the recovery process see the Elastic Beanstalk developer guide. To learn more about Elastic Beanstalk, visit the Elastic Beanstalk product page.
AWS Elastic Beanstalk now supports functionality that makes it easy to update a Beanstalk environment status when it enters into an invalid state during an update failure.
With AWS Elastic Beanstalk, you can easily deploy and manage applications in AWS without worrying about the infrastructure that runs those applications. However, there can be situations where a Beanstalk environment can become unavailable when the stack associated with it goes into an invalid status. Previously, when that happened, customers needed to contact AWS support to update their Beanstalk environment status in order to proceed. Now, Beanstalk will prompt you with a request to fix your underlying stack. You’ll be directed to a guide that walks you through the process step-by-step. Once you’ve made the adjustments, simply retry the request. Beanstalk will then automatically set the environment to available and complete the operation, minimizing downtime and complexity.
AWS Elastic Beanstalk environment recovery is generally available in commercial regions where Elastic Beanstalk is available including the AWS GovCloud (US) Regions. For a complete list of regions and service offerings, see AWS Regions.
For more information about the recovery process see the Elastic Beanstalk developer guide. To learn more about Elastic Beanstalk, visit the Elastic Beanstalk product page.
AWS Marketplace has launched a refresh of its Professional Services product detail pages. The updated pages offer a streamlined layout that surfaces product highlights and accessible content.
Customers can now more easily find services that best fit their specific needs in AWS Marketplace Professional Services. The new product detail pages display key information and associated software, allowing customers to quickly narrow down their options and identify the right service for their business requirements. The updated product detail pages are also available for most listings, providing a consistent experience across AWS Marketplace.
AWS Marketplace has launched a refresh of its Professional Services product detail pages. The updated pages offer a streamlined layout that surfaces product highlights and accessible content. Customers can now more easily find services that best fit their specific needs in AWS Marketplace Professional Services. The new product detail pages display key information and associated software, allowing customers to quickly narrow down their options and identify the right service for their business requirements. The updated product detail pages are also available for most listings, providing a consistent experience across AWS Marketplace. To get started, visit the AWS Marketplace Professional Services offerings.
AWS AppSync GraphQL is a fully managed service that helps developers create flexible GraphQL APIs that connect to data, events, and AI models. AppSync GraphQL can connect applications to various data sources, including Amazon Aurora PostgreSQL and Amazon Aurora MySQL. AppSync GraphQL now offers enhanced utilities for Amazon RDS in JavaScript resolvers. This update expands existing capabilities and introduces new aggregate functions.
The enhancement adds new functionality to the select utility and makes it easier to build safe and accurate SQL select statements. Developers can now use a variety of join types, including inner, left, right, and full outer joins, as well as their natural counterparts. New aggregate helpers, such as min, max, sum, avg, and count (including distinct variants) makes it easier to build queries that use the “group by” and “having” statement. The select utility now supports aliases for tables and columns, and allows developers to mix in the sql tagged template to write custom where and join conditions.
These enhancements are available in all AWS Regions where AWS AppSync is offered.
To learn more about this built-in module, visit the AWS AppSync documentation. You can start using these enhancements today by updating your resolver code in the AWS AppSync console.
AWS AppSync GraphQL is a fully managed service that helps developers create flexible GraphQL APIs that connect to data, events, and AI models. AppSync GraphQL can connect applications to various data sources, including Amazon Aurora PostgreSQL and Amazon Aurora MySQL. AppSync GraphQL now offers enhanced utilities for Amazon RDS in JavaScript resolvers. This update expands existing capabilities and introduces new aggregate functions. The enhancement adds new functionality to the select utility and makes it easier to build safe and accurate SQL select statements. Developers can now use a variety of join types, including inner, left, right, and full outer joins, as well as their natural counterparts. New aggregate helpers, such as min, max, sum, avg, and count (including distinct variants) makes it easier to build queries that use the “group by” and “having” statement. The select utility now supports aliases for tables and columns, and allows developers to mix in the sql tagged template to write custom where and join conditions. These enhancements are available in all AWS Regions where AWS AppSync is offered. To learn more about this built-in module, visit the AWS AppSync documentation. You can start using these enhancements today by updating your resolver code in the AWS AppSync console.
AWS Identity and Access Management (IAM) Roles Anywhere today released version 1.4.0 of the credential helper, introducing built-in compatibility with Trusted Platform Module (TPM) 2.0. With this release, the credential helper can directly utilize X.509 certificates and associated private keys stored in TPMs on Windows or Linux systems. Keys remain within their secure hardware store, which can help improve your security posture.
IAM Roles Anywhere enables workloads that run outside of AWS, such as servers, containers, and applications, to use X.509 digital certificates to obtain temporary AWS credentials and access AWS resources using the same IAM roles and policies that you have configured for your AWS workloads to access AWS resources. IAM Roles Anywhere is compatible with certificates issued by any X.509-compliant PKI provider.
IAM Roles Anywhere credential helper is a tool that automates the process of signing CreateSession API with the private key associated with an X.509 end-entity certificate and calls the endpoint to obtain temporary AWS credentials. The credential helper includes PKCS #11 compatibility to leverage private keys from any hardware or software secure store your infrastructure trusts. With today’s release, developers have additional flexibility to directly leverage a TPM as the secure hardware store, thereby can help improving security posture while also reducing complexity.
The IAM Roles Anywhere credential helper source code is available on GitHub. For more information on credential helper v1.4.0, see the release note.
AWS Identity and Access Management (IAM) Roles Anywhere today released version 1.4.0 of the credential helper, introducing built-in compatibility with Trusted Platform Module (TPM) 2.0. With this release, the credential helper can directly utilize X.509 certificates and associated private keys stored in TPMs on Windows or Linux systems. Keys remain within their secure hardware store, which can help improve your security posture. IAM Roles Anywhere enables workloads that run outside of AWS, such as servers, containers, and applications, to use X.509 digital certificates to obtain temporary AWS credentials and access AWS resources using the same IAM roles and policies that you have configured for your AWS workloads to access AWS resources. IAM Roles Anywhere is compatible with certificates issued by any X.509-compliant PKI provider. IAM Roles Anywhere credential helper is a tool that automates the process of signing CreateSession API with the private key associated with an X.509 end-entity certificate and calls the endpoint to obtain temporary AWS credentials. The credential helper includes PKCS #11 compatibility to leverage private keys from any hardware or software secure store your infrastructure trusts. With today’s release, developers have additional flexibility to directly leverage a TPM as the secure hardware store, thereby can help improving security posture while also reducing complexity. The IAM Roles Anywhere credential helper source code is available on GitHub. For more information on credential helper v1.4.0, see the release note.
We are excited to announce that starting today, Amazon Athena is available in the AWS Asia Pacific (Malaysia) Region.
Athena is a serverless, interactive analytics service built on open-source Trino and Presto engines, supporting open-table and file formats. Athena provides a simplified, flexible way to analyze petabytes of data, with no provisioning or configuration effort required.
For a complete list of AWS services available in AWS Asia Pacific (Malaysia) and other regions, refer to the AWS Regional Services List.
We are excited to announce that starting today, Amazon Athena is available in the AWS Asia Pacific (Malaysia) Region. Athena is a serverless, interactive analytics service built on open-source Trino and Presto engines, supporting open-table and file formats. Athena provides a simplified, flexible way to analyze petabytes of data, with no provisioning or configuration effort required. For a complete list of AWS services available in AWS Asia Pacific (Malaysia) and other regions, refer to the AWS Regional Services List. To learn more, see Amazon Athena.
Amazon Connect now provides published schedules data in the analytics data lake, making it easier for you to generate reports and insights from this data. From agent schedules data in the analytics data lake, you can now automate key operational use cases such as generating reports for paid and unpaid hours for payroll, generating summarized views of how many agents are scheduled to work and how many have time-off in a given time period. You can also address audit and compliance use cases such as generating a detailed report of all scheduled events for all agents for the past two years. To generate these reports and insights, you can use Amazon Athena with Amazon QuickSight or another business intelligence tool of your choice.
This feature is available in all AWS Regions where Amazon Connect agent scheduling is available. To learn more about Amazon Connect agent scheduling, click here. To learn more about Amazon Connect analytics data lake, click here.
Amazon Connect now provides published schedules data in the analytics data lake, making it easier for you to generate reports and insights from this data. From agent schedules data in the analytics data lake, you can now automate key operational use cases such as generating reports for paid and unpaid hours for payroll, generating summarized views of how many agents are scheduled to work and how many have time-off in a given time period. You can also address audit and compliance use cases such as generating a detailed report of all scheduled events for all agents for the past two years. To generate these reports and insights, you can use Amazon Athena with Amazon QuickSight or another business intelligence tool of your choice. This feature is available in all AWS Regions where Amazon Connect agent scheduling is available. To learn more about Amazon Connect agent scheduling, click here. To learn more about Amazon Connect analytics data lake, click here.
Today, AWS releases AWS IoT Greengrass 2.14, offering a new nucleus lite feature that supports a lightweight runtime agent for resource-constrained devices operating on embedded Linux. The nucleus lite feature is offered alongside the original AWS IoT Greengrass nucleus, providing developers the flexibility to choose the most appropriate option for their specific edge device capabilities and application needs.
AWS IoT Greengrass is an open-source edge runtime and cloud service that enables the development, deployment, management, and monitoring of device software at scale. It facilitates remote deployment and maintenance of AWS-managed and custom applications on edge devices, providing continuous functionality in environments with intermittent connectivity or limited bandwidth. By eliminating the Java (JVM) dependency while maintaining backward compatibility, the new nucleus lite agent uses minimal RAM and storage (less than 5MB), reducing IoT device costs and enabling its use in high-volume applications like robotics, smart home, energy metering, healthcare, and automotive.
The 2.14 release is available in all regions where AWS IoT Greengrass is supported. To get started and quickly design a solution using pre-built RaspberryPi images, refer to the new streamlined AWS IoT console installation procedure.
Today, AWS releases AWS IoT Greengrass 2.14, offering a new nucleus lite feature that supports a lightweight runtime agent for resource-constrained devices operating on embedded Linux. The nucleus lite feature is offered alongside the original AWS IoT Greengrass nucleus, providing developers the flexibility to choose the most appropriate option for their specific edge device capabilities and application needs. AWS IoT Greengrass is an open-source edge runtime and cloud service that enables the development, deployment, management, and monitoring of device software at scale. It facilitates remote deployment and maintenance of AWS-managed and custom applications on edge devices, providing continuous functionality in environments with intermittent connectivity or limited bandwidth. By eliminating the Java (JVM) dependency while maintaining backward compatibility, the new nucleus lite agent uses minimal RAM and storage (less than 5MB), reducing IoT device costs and enabling its use in high-volume applications like robotics, smart home, energy metering, healthcare, and automotive. The 2.14 release is available in all regions where AWS IoT Greengrass is supported. To get started and quickly design a solution using pre-built RaspberryPi images, refer to the new streamlined AWS IoT console installation procedure.
Ciberseguridad para la ciudad inteligente: cómo la IA ayuda a nivelar el campo de juego
Por Kirk Arthur, director de soluciones gubernamentales a nivel mundial de Microsoft y Álvaro Vitta, líder mundial de ciberseguridad de Microsoft para el sector público.
La ciberseguridad sigue como una prioridad para los líderes de las ciudades de todo el mundo, ya que consideran cómo la tecnología puede ayudar a mejorar sus comunidades. Entusiasmadas como están con el potencial transformador de la IA generativa, las ciudades necesitan sentirse seguras de que sus sistemas y datos críticos están protegidos contra un ataque de ransomware u otros delitos cibernéticos devastadores antes de emprender una innovación seria.
Este fue el mensaje primordial que escuchamos en nuestras numerosas reuniones y conversaciones con líderes de ciudades en Smart City Expo World Congress (SCEWC) 2024, un evento fenomenal de 3 días en Barcelona, España, donde funcionarios gubernamentales, líderes empresariales y planificadores urbanos se reunieron para mostrar y discutir soluciones innovadoras para un desarrollo urbano conectado y sostenible.
En Microsoft para la Administración Pública, compartimos las preocupaciones de los líderes de las ciudades sobre la seguridad, que es un aspecto fundamental de nuestro enfoque para empoderar a las ciudades para que creen programas inclusivos y permitan comunidades prósperas. Y la buena noticia es que la IA no solo es un beneficio que se desbloquea gracias a una ciberseguridad sólida, sino que también desempeña un papel clave para ayudar a las ciudades a contrarrestar la creciente amenaza de los ciberataques modernos.
A medida que aumenta la ciberdelincuencia, las ciudades se convierten en objetivos principales
La escala, el alcance y la sofisticación de la ciberdelincuencia han crecido de manera drástica en la última década, y la escalada no muestra signos de disminuir. Por ejemplo, en los últimos tres años, el número de ciberataques destinados a explotar las debilidades en la seguridad de las contraseñas se ha disparado de 579 por segundo a más de 7 mil, casi duplicándose solo en el último año.1
Los actores de amenazas de estados-nación hostiles y organizaciones criminales son implacables en sus ataques, impulsados por motivos que incluyen ganancias financieras, recopilación de inteligencia y disrupción. Los gobiernos se encuentran entre los tres principales sectores atacados en todo el mundo, y las organizaciones locales y nacionales luchan por defenderse contra los ataques de ransomware, phishing y fraude cada vez más efectivos. Los adversarios que tienen una alta motivación y están bien financiados tienen una ventaja asimétrica significativa sobre una organización típica del gobierno de la ciudad, para quienes la seguridad cibernética es solo una preocupación seria entre muchas.
A medida que el panorama de amenazas empeora, el campo de juego de la ciberseguridad se inclina más a favor de los atacantes, por varias razones.
En primer lugar, los gobiernos de las ciudades a menudo cargan con una «deuda técnica» significativa, en forma de software y sistemas heredados. Estos activos obsoletos por lo general manejan tareas de TI centrales y se extienden mucho más allá de su intención de diseño original debido a restricciones presupuestarias y otros factores. Muchos están plagados de vulnerabilidades de seguridad que son difíciles de parchear o proteger de manera efectiva.
Al desafío se suma la dificultad de reclutar y retener profesionales fuertes de la ciberseguridad. El mundo se enfrenta a una creciente escasez de talento en ciberseguridad (la brecha global de mano de obra se sitúa en 4,8 millones, un 19% más en el último año),2 y el personal que trabaja en el puesto suele estar limitado por herramientas y sistemas más lentos y desconectados de manera relativa, que a menudo no son rival para los atacantes modernos.
Afronten el desafío con una estrategia moderna de defensa cibernética
Afortunadamente, las ciudades ahora tienen nuevas opciones para mejorar de manera drástica sus posturas de seguridad. La modernización de la TI con soluciones híbridas y en la nube personalizadas no solo ofrece los beneficios críticos de escala, agilidad y rentabilidad que las ciudades necesitan para la innovación. También permite nuevos enfoques de ciberseguridad que aprovechan las capacidades avanzadas de la nube para proteger la red, administrar el acceso y las identidades, y enfrentar de manera crítica a los atacantes cibernéticos a través de herramientas de IA avanzadas.
Para lograr una ciberseguridad óptima, aconsejamos una estrategia basada en Zero Trust, un modelo de seguridad que asume que ningún usuario o dispositivo es de confianza de manera predeterminada. Lograr Zero Trust (Confianza Cero) ofrece una postura de seguridad sólida en la que se implementan todos los pilares de la ciberdefensa moderna: verificación continua de la identidad, seguridad actualizada de los endpoints, cifrado, registro de eventos, etc. Con estos, la automatización se puede utilizar para responder con rapidez y mitigar los incidentes de seguridad y reducir el tiempo que los atacantes tienen para explotar las vulnerabilidades. Aquí es donde la IA marca la diferencia.
La ciberdefensa es un juego de alcance y velocidad. Cuanto mayor sea el alcance de los datos de red que tengan, mayores serán sus posibilidades de identificar actividades sospechosas. Y cuanto más rápido detecten un problema, menos daño puede causar. Los humanos tienden a ser muy malos para analizar grandes cantidades de datos a una velocidad súper alta, pero la IA está hecha para eso.
Y ahora, solo siete meses después de su disponibilidad general, Microsoft Security Copilot ayuda a inclinar aún más la balanza hacia el lado de los defensores.
Microsoft Security Copilot: el punto de inflexión para la ciberdefensa
Security Copilot está diseñado para mejorar una amplia gama de operaciones de seguridad en identidades, dispositivos, datos y cargas de trabajo. Al sintetizar la inteligencia global de amenazas, las mejores prácticas y los datos propios de una ciudad, puede ofrecer información procesable que ayude a los equipos a contrarrestar ataques sofisticados más rápido y con menos impacto.
Security Copilot ayuda a los profesionales de la ciberseguridad a manejar una increíble variedad de desafíos diarios con resultados espectaculares. Por ejemplo, una nueva investigación de Microsoft muestra que las organizaciones que adoptaron Security Copilot vieron una reducción del 30% en el tiempo necesario para detectar, responder y resolver incidentes de seguridad (conocido como tiempo medio de resolución o MTTR), un beneficio importante en un mundo donde los analistas pasan un promedio de 2,7 horas al día en resolver incidentes.3
Además, gracias a su IA generativa y sus capacidades de lenguaje natural, Security Copilot ayuda a aliviar el desafío de la dotación de personal al ayudar a los administradores y analistas de seguridad a trabajar «por encima de su nivel salarial» con herramientas y orientación que les permiten manejar tareas que por lo general están reservadas para profesionales más experimentados. Security Copilot se integra con los principales productos de seguridad de Microsoft, incluidos Microsoft Defender XDR, Microsoft Sentinel, Microsoft Intune, Microsoft Entrra y Microsoft Purview, y también puede funcionar sin problemas con servicios de terceros como Red Canary y Jamf.
Vean cómo la protección avanzada contra amenazas ayuda a proteger a las organizaciones del sector público en todo el mundo:
Asóciense con nosotros para crear su estrategia única de ciberseguridad para la ciudad
La ciberdefensa moderna es un deporte de equipo que incorpora al liderazgo de una ciudad, a los profesionales de la seguridad, a la fuerza laboral en general e incluso a sus ciudadanos. No existe una hoja de ruta única para el éxito, pero hay algunos elementos esenciales, entre ellos un compromiso a largo plazo con la seguridad y la asociación.
En Microsoft, consideramos que la seguridad es nuestra principal prioridad corporativa. Esto se reforzó de manera enfática en Microsoft Ignite 2024, donde compartimos nuevos conocimientos sobre nuestra Iniciativa de Futuro Seguro, a la que hemos dedicado el equivalente a 34 mil ingenieros a tiempo completo. También se anunció la disponibilidad general de Microsoft Security Exposure Management, que mapea de manera dinámica las relaciones cambiantes entre activos críticos como dispositivos, datos, identidades y otras conexiones.
Este tipo de avances son tan valiosos como la asociación que una ciudad construye con sus proveedores de tecnología y soluciones. Es por eso que trabajamos en estrecha colaboración con las organizaciones del gobierno de la ciudad y nuestro ecosistema de socios globales para crear soluciones y estrategias que se adapten a las necesidades únicas de cada ciudad. Esto ayuda a clientes como la Ciudad de Lokeren en Bélgica, que creó una estrategia de ciberdefensa moderna para su entorno de nube híbrida basada en la pila de seguridad de Microsoft, el Gobierno de Albania, que limitó el daño frente a un sofisticado ciberataque de un estado-nación, y el Centro Nacional de Ciberseguridad de la República Dominicana (Centro Nacional de Ciberseguridad, CNCS), que construyó una estrategia de ciberseguridad personalizada basada en Azure y Dynamics 365.
Consideramos la seguridad como un compromiso fundamental a largo plazo, y estaremos encantados de asociarnos con ustedes para desarrollar una estrategia de ciberseguridad que satisfaga las necesidades únicas de su ciudad.
Aprendan más
Visiten el Centro de Experiencia del Sector Público para ver cómo la adopción de tecnología de seguridad moderna, procesos y desarrollo de habilidades puede ayudar a las organizaciones del sector público.
Amazon Elastic Kubernetes Service (Amazon EKS) now monitors the health of the EC2 instances (nodes) in EKS clusters for Kubernetes-specific health issues and automatically takes action to repair them if they become unhealthy. This helps you achieve higher availability for your Kubernetes applications and reduces the operational overhead required to keep cluster infrastructure performing optimally.
Managing the nodes where Kubernetes applications run to ensure they remain resilient to errors can be challenging and operationally intensive. This launch streamlines cluster infrastructure maintenance by continuously monitoring the health of the nodes within an EKS cluster, automatically detecting health issues and replacing nodes with issues when they arise. You can enable this feature’s health monitoring and repair capabilities by installing the new EKS node monitoring agent add-on in new or existing EKS clusters and then enabling node auto-repair in the EKS managed node group APIs or AWS Console. EKS Auto Mode comes with both the node monitoring agent and node auto-repair enabled.
EKS node health monitoring and auto-repair is available today at no additional cost in all AWS Regions, except AWS GovCloud (US) and China Regions.
Amazon Elastic Kubernetes Service (Amazon EKS) now monitors the health of the EC2 instances (nodes) in EKS clusters for Kubernetes-specific health issues and automatically takes action to repair them if they become unhealthy. This helps you achieve higher availability for your Kubernetes applications and reduces the operational overhead required to keep cluster infrastructure performing optimally. Managing the nodes where Kubernetes applications run to ensure they remain resilient to errors can be challenging and operationally intensive. This launch streamlines cluster infrastructure maintenance by continuously monitoring the health of the nodes within an EKS cluster, automatically detecting health issues and replacing nodes with issues when they arise. You can enable this feature’s health monitoring and repair capabilities by installing the new EKS node monitoring agent add-on in new or existing EKS clusters and then enabling node auto-repair in the EKS managed node group APIs or AWS Console. EKS Auto Mode comes with both the node monitoring agent and node auto-repair enabled. EKS node health monitoring and auto-repair is available today at no additional cost in all AWS Regions, except AWS GovCloud (US) and China Regions. To learn more and get started, visit the Amazon EKS product page or Amazon EKS User Guide for node health monitoring and repair.
