AWS
Amazon Web Services releases and Terraform AWS provider.
- AWS What's New securitygovernanceawsengineer ·
SageMaker Studio supports custom IAM permissions boundaries for SCP compliance
Amazon SageMaker Unified Studio now supports custom IAM permissions boundaries for roles provisioned during project creation. This allows organizations to enforce Service Control Policies (SCPs) requiring permissions boundaries, simplifying adoption without compromising security posture. Administrators can now set these boundaries at the blueprint level, ensuring all new projects automatically adhere to organizational security requirements.
feature - AWS What's New securityawsengineerretail ·
Amazon Inspector Enhances EC2 Agent-Based Scanning
Amazon Inspector has launched an improved agent-based EC2 scanning feature, the Inspector VM Scanner, which expands vulnerability detection coverage and reduces CPU utilization. This update benefits security teams by providing more comprehensive vulnerability findings across a wider range of software and applications on EC2 instances with minimal impact on production workloads. The new scanner replaces the previous engine, bringing agent-based scanning to parity with agentless coverage and is available at no additional cost.
feature patch - AWS What's New securityobservabilityawsengineer ·
AWS Shield Advanced adds DDoS attack flow logs
AWS Shield Advanced now offers DDoS attack flow logs providing packet-level visibility into traffic during an attack. This feature enhances forensic analysis and compliance by publishing detailed log data to S3, CloudWatch Logs, or Data Firehose, enabling post-incident investigation for protected resources.
feature - AWS What's New securityobservabilityawsengineer ·
AWS Organizations now emits CloudTrail events for account membership changes
AWS Organizations now automatically emits CloudTrail events to your management account for account join and departure events. This enhances visibility for security teams and cloud administrators, enabling faster detection of unauthorized activities and facilitating security monitoring and incident investigation.
feature - AWS What's New securityawsengineermediagovernment ·
DynamoDB Streams Adds PrivateLink for FIPS Endpoints in GovCloud
Amazon DynamoDB Streams now supports AWS PrivateLink for Federal Information Processing Standard (FIPS) endpoints in AWS GovCloud (US) Regions. This enables government agencies with federal compliance requirements to establish private connectivity to DynamoDB Streams FIPS endpoints from their VPCs, enhancing security and simplifying network architecture for real-time data processing. Customers can now leverage DynamoDB Streams for compliant, secure data streaming applications while meeting federal security standards.
feature - AWS What's New securityawsgaengineer ·
AWS Backup adds OTP verification for logically air-gapped vaults
AWS Backup now requires one-time password (OTP) verification for Multi-party approval actions on logically air-gapped vaults, adding an extra security layer. Approvers must enter a code sent to their IAM Identity Center registered email to authorize protected vault operations. This feature is automatically applied to all existing and new Multi-party approval sessions for these vaults at no extra charge.
security patch - AWS What's New securitycomplianceawsengineer ·
Amazon Connect adds tag-based access control to agent login/logout report
Amazon Connect now supports tag-based access controls for the agent login/logout report. This allows administrators to grant granular access to agent login and logout information based on resource tags, aiding compliance and regulatory requirements. This feature is available in all AWS commercial and AWS GovCloud (US-West) regions.
feature - AWS What's New securityawsgaengineer ·
GuardDuty Malware Protection now scans S3 continuous backups
Amazon GuardDuty Malware Protection for AWS Backup now supports S3 continuous backups, allowing users to scan backups for malware and identify clean recovery points. This feature enables full or incremental scans within backup plans and on-demand scans, with a new API to query scan status at any point in time, providing enhanced safety for S3 data restoration.
feature - AWS What's New securityawsengineer ·
AWS Security Agent adds pentest finding verification scripts
AWS Security Agent now automatically generates verification scripts for penetration test findings, allowing security teams to reproduce and validate vulnerabilities. This new capability streamlines the triage process by automating the previously manual steps required for verification, accelerating remediation efforts.
feature - AWS What's New securityawssnowflakeengineer ·
AWS Secrets Manager supports Datadog and Snowflake external secrets
AWS Secrets Manager now supports managed external secrets for Datadog keys and Snowflake Programmatic Access Tokens. This feature automates the rotation of third-party credentials, enhancing security and operational efficiency for managing sensitive access keys. The update primarily impacts engineers and architects responsible for managing cloud credentials and secrets across multiple services.
feature - AWS What's New securityawssecurity-advisory ·
Amazon RDS Custom for SQL Server adds latest GDR updates
Amazon RDS Custom for SQL Server now supports the latest General Distribution Release (GDR) updates for SQL Server 2019 and 2022. These updates include critical security fixes for vulnerabilities CVE-2026-32167 and CVE-2026-32176. Affected users are encouraged to upgrade their instances via the AWS Management Console, SDK, or CLI to enhance security.
security patch - AWS What's New securityawsgaengineer ·
Amazon QuickSight supports customer-managed encryption keys
Amazon QuickSight now allows customers to encrypt their data using customer-managed keys (CMK) via AWS Key Management Service (KMS). This feature enhances security and compliance for organizations by giving them control over their encryption keys and offering detailed audit trails through CloudTrail. The new capability is now generally available in all AWS Regions where QuickSight is offered.
feature - AWS What's New securityobservabilityawsengineer ·
AWS Security Hub detects unused IAM permissions and credentials
AWS Security Hub now identifies unused IAM permissions, roles, and credentials across your organization, addressing identity risks at scale. This new capability consolidates identity risk findings with existing security posture information in a single console, enabling teams to prioritize remediation based on actual organizational risk. The feature, included with Security Hub Essentials, automatically creates an IAM Access Analyzer in each member account to evaluate access activity and suggest least-privilege policies.
feature - AWS What's New securityawsgaarchitect ·
AWS Security Hub Extended adds 21 partner solutions across 9 categories
AWS Security Hub Extended now integrates 21 curated partner solutions across nine security categories, including endpoint, identity, and AI security. This expansion offers customers greater flexibility to choose solutions matching their enterprise needs, with unified billing and pricing advantages. The new solutions emit findings in the OCSF schema, aggregating into Security Hub for comprehensive risk identification and response.
feature - AWS What's New securityawsengineer ·
Amazon Inspector Now Available in AWS Asia Pacific (Taipei) Region
Amazon Inspector, an automated vulnerability management service, is now available in the AWS Asia Pacific (Taipei) Region. This expansion extends its security scanning capabilities for EC2 instances, container images, and Lambda functions to customers in this region. It helps users discover workloads, assess vulnerabilities, and receive security findings automatically.
feature - AWS What's New securityinfraawsengineer ·
AWS Secrets Manager Agent Adds Pre-fetching and IAM Role Assumption
AWS Secrets Manager Agent now supports pre-fetching secrets at startup and assuming IAM roles for retrieval. Pre-fetching reduces application startup latency and optimizes costs by using the BatchGetSecretValue API, while IAM role assumption enables secure cross-account secret access. These features enhance security and reduce operational overhead for developers managing secrets.
feature