<?xml version="1.0" encoding="UTF-8" standalone="no"?><rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" version="2.0">

<channel>
	<title>AWS News Blog</title>
	<atom:link href="https://aws.amazon.com/blogs/aws/feed/" rel="self" type="application/rss+xml"/>
	<link>https://aws.amazon.com/blogs/aws/</link>
	<description>Announcements, Updates, and Launches</description>
	<lastBuildDate>Mon, 13 Jul 2026 18:13:57 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	
	<item>
		<title>Amazon SQS turns 20: Two decades of reliable messaging at scale</title>
		<link>https://aws.amazon.com/blogs/aws/amazon-sqs-turns-20-two-decades-of-reliable-messaging-at-scale/</link>
					
		
		<dc:creator><![CDATA[Esra Kayabali]]></dc:creator>
		<pubDate>Mon, 13 Jul 2026 18:13:57 +0000</pubDate>
				<category><![CDATA[Amazon Simple Queue Service (SQS)]]></category>
		<category><![CDATA[Announcements]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[Messaging]]></category>
		<category><![CDATA[News]]></category>
		<guid isPermaLink="false">4208480ff12de823b05e88106fa2cdbe89cd4c2e</guid>

					<description>On July 13, 2006, we launched Amazon Simple Queue Service (Amazon SQS) as one of the first three services available to customers, alongside Amazon EC2 and Amazon S3. We had learned firsthand that distributed systems need a reliable way to pass messages between components without creating tight dependencies. If one service called another directly and […]</description>
										<content:encoded>&lt;p&gt;On July 13, 2006, we &lt;a href="https://aws.amazon.com/blogs/aws/amazon_simple_q/"&gt;launched&lt;/a&gt; &lt;a href="https://aws.amazon.com/sqs/"&gt;Amazon Simple Queue Service (Amazon SQS)&lt;/a&gt; as one of the first three services available to customers, alongside &lt;a href="https://aws.amazon.com/blogs/aws/amazon_ec2_beta/"&gt;Amazon EC2&lt;/a&gt; and &lt;a href="https://aws.amazon.com/blogs/aws/amazon_s3/"&gt;Amazon S3&lt;/a&gt;. We had learned firsthand that distributed systems need a reliable way to pass messages between components without creating tight dependencies. If one service called another directly and that service was slow or unavailable, failures cascaded through the entire system. Message queuing solved this by letting services communicate asynchronously: a producer could drop a message into a queue and move on, while a consumer picked it up when ready. This approach kept individual service failures from affecting the rest of the system.&lt;/p&gt; 
&lt;p&gt;When Amazon SQS launched publicly in July 2006, it made this pattern available to every AWS customer. Twenty years later, that core function, decoupling producers from consumers, remains the reason customers use SQS. The scale, performance, and operational controls around it look very different now though.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://aws.amazon.com/blogs/aws/author/jbarr/"&gt;Jeff Barr&lt;/a&gt; covered the first 15 years of SQS milestones in his&amp;nbsp;&lt;a href="https://aws.amazon.com/blogs/aws/amazon-sqs-15-years-and-still-queueing/"&gt;15th anniversary post&lt;/a&gt;, from the original 8 KB message limit in 2006 through FIFO queues, server-side encryption, and Lambda integration. Over the last five years, we have continued to scale SQS, added stronger security defaults, and introduced new capabilities that address increasingly complex workload patterns.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Key milestones between 2021 and 2026&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; &lt;strong&gt;High throughput mode for FIFO queues (2021):&lt;/strong&gt;&amp;nbsp;In &lt;a href="https://aws.amazon.com/about-aws/whats-new/2021/05/amazon-sqs-now-supports-a-high-throughput-mode-for-fifo-queues/"&gt;May 2021&lt;/a&gt;, we launched general availability of high throughput mode for FIFO queues, supporting up to 3,000 transactions per second (TPS) per API action, a tenfold increase over the previous limit. We continued raising this ceiling over the following two years: to 6,000 TPS in &lt;a href="https://aws.amazon.com/about-aws/whats-new/2022/10/amazon-sqs-increased-throughput-quota-fifo-high-throughput-ht-mode-6000-transactions-per-second-tps/"&gt;October 2022&lt;/a&gt;, to 9,000 TPS in &lt;a href="https://aws.amazon.com/about-aws/whats-new/2023/08/amazon-sqs-increased-throughput-quota-fifo-high-throughput-mode/"&gt;August 2023&lt;/a&gt;, and to 18,000 TPS in &lt;a href="https://aws.amazon.com/about-aws/whats-new/2023/10/amazon-sqs-increased-throughput-quota-fifo-high-throughput-mode/"&gt;October 2023&lt;/a&gt;, before reaching 70,000 TPS per API action in select Regions by &lt;a href="https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-sqs-throughput-quota-fifo-high-throughput-mode/"&gt;November 2023&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Server-side encryption with SSE-SQS (2021):&lt;/strong&gt;&amp;nbsp;In &lt;a href="https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-sqs-server-side-encryption-keys-sse/"&gt;November 2021&lt;/a&gt;, we introduced server-side encryption with Amazon SQS-managed encryption keys (SSE-SQS), giving customers an encryption option that required no key management. In &lt;a href="https://aws.amazon.com/about-aws/whats-new/2022/10/amazon-sqs-announces-server-side-encryption-ssq-managed-sse-sqs-default/"&gt;October 2022&lt;/a&gt;, we made SSE-SQS the default for all newly created queues, so customers no longer needed to explicitly enable it.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Dead-letter queue redrive enhancements (2021):&lt;/strong&gt;&amp;nbsp;We progressively expanded how customers recover unconsumed messages from dead-letter queues. In &lt;a href="https://aws.amazon.com/about-aws/whats-new/2021/12/amazon-sqs-dead-letter-queue-management-experience-queues/"&gt;December 2021&lt;/a&gt;, we added DLQ redrive to source queue directly in the SQS console. In &lt;a href="https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-sqs-dead-letter-queue-redrive-aws-sdk-cli/"&gt;June 2023&lt;/a&gt;, we extended this capability to the AWS SDK and CLI through new APIs, including &lt;code&gt;StartMessageMoveTask&lt;/code&gt;,&amp;nbsp;&lt;code&gt;CancelMessageMoveTask&lt;/code&gt;, and&amp;nbsp;&lt;code&gt;ListMessageMoveTasks&lt;/code&gt;. In &lt;a href="https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-sqs-fifo-dead-letter-queue-redrive/"&gt;November 2023&lt;/a&gt;, we added redrive support for FIFO queues.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Attribute-based access control, ABAC (2022):&lt;/strong&gt;&amp;nbsp;In &lt;a href="https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-sqs-attribute-based-access-control-abac-flexible-scalable-access-permissions/"&gt;November 2022&lt;/a&gt;, we introduced ABAC, giving customers the ability to configure access permissions based on queue tags rather than maintaining static policies as resources scaled.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;JSON protocol support (2023):&lt;/strong&gt;&amp;nbsp;In &lt;a href="https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-sqs-support-json-protocol/"&gt;November 2023&lt;/a&gt;, we added support for the JSON protocol in the AWS SDK, reducing end-to-end message processing latency by up to 23% for a 5 KB payload and lowering client-side CPU and memory usage.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Amazon EventBridge Pipes console integration (2023):&lt;/strong&gt;&amp;nbsp;We &lt;a href="https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-sqs-eventbridge-pipes-console-integration/"&gt;added&lt;/a&gt; the ability to connect a queue directly to EventBridge Pipes from the SQS console, routing messages to a broad range of AWS service targets without writing custom integration code.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Extended Client Library for Python (2024):&lt;/strong&gt;&amp;nbsp;We &lt;a href="https://aws.amazon.com/about-aws/whats-new/2024/02/amazon-sqs-extended-client-library-python-payloads/"&gt;brought&lt;/a&gt; the Extended Client Library, previously available for Java, to Python developers, allowing messages up to 2 GB to be sent through SQS by storing the payload in Amazon S3 and passing a reference through the queue.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;FIFO in-flight message limit increase (2024):&lt;/strong&gt;&amp;nbsp;We &lt;a href="https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-sqs-increases-in-flight-limit-fifo-queues/"&gt;increased&lt;/a&gt; the in-flight message limit for FIFO queues from 20,000 to 120,000 messages, so consumers can process significantly more messages concurrently without being constrained by the previous ceiling.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Fair queues for multi-tenant workloads (2025):&lt;/strong&gt;&amp;nbsp;We &lt;a href="https://aws.amazon.com/about-aws/whats-new/2025/07/amazon-sqs-introduces-fair/"&gt;introduced&lt;/a&gt; fair queues to mitigate the noisy neighbor problem in multi-tenant standard queues. By including a message group ID when sending messages, customers can prevent a single tenant from delaying message delivery for others, without any changes required on the consumer side.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;1 MiB maximum message payload size (2025):&lt;/strong&gt;&amp;nbsp;We &lt;a href="https://aws.amazon.com/about-aws/whats-new/2025/08/amazon-sqs-max-payload-size-1mib/"&gt;increased&lt;/a&gt; the maximum message payload from 256 KiB to 1 MiB for both standard and FIFO queues, helping customers send larger messages without offloading data to external storage. AWS Lambda event source mapping for SQS was updated in parallel to support the new payload size.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;The constant underneath the change&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; Despite two decades of feature additions, the fundamental use case for SQS has not shifted. Customers use it to decouple services, buffer bursts of traffic, and build systems that stay resilient when individual components fail. That same pattern now extends to AI workloads. Customers use SQS queues to buffer requests to large language models, manage inference throughput, and coordinate communication between autonomous AI agents operating as independent services. For an example of this architecture in practice, read &lt;a href="https://aws.amazon.com/blogs/machine-learning/creating-asynchronous-ai-agents-with-amazon-bedrock/"&gt;Creating asynchronous AI agents with Amazon Bedrock&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;To learn more about Amazon SQS, visit the&amp;nbsp;&lt;a href="https://aws.amazon.com/sqs/"&gt;Amazon SQS product page&lt;/a&gt;, review the&amp;nbsp;&lt;a href="https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/welcome.html"&gt;developer guide&lt;/a&gt;, or explore recent updates on the &lt;a href="https://aws.amazon.com/blogs/compute/category/messaging/amazon-simple-queue-service-sqs/"&gt;AWS Blogs&lt;/a&gt;.&lt;/p&gt; 
&lt;a href="https://www.linkedin.com/in/esrakayabali/"&gt;— Esra&lt;/a&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>AWS Weekly Roundup: AWS Builder Center at 1 year, Network Scanning in Security Hub, Loom for AWS, and more (July 13, 2026)</title>
		<link>https://aws.amazon.com/blogs/aws/aws-weekly-roundup-aws-builder-center-at-one-year-network-scanning-in-security-hub-loom-for-aws-and-more-july-13-2026/</link>
					
		
		<dc:creator><![CDATA[Esra Kayabali]]></dc:creator>
		<pubDate>Mon, 13 Jul 2026 16:18:20 +0000</pubDate>
				<category><![CDATA[Amazon Aurora]]></category>
		<category><![CDATA[Amazon Elastic Container Service]]></category>
		<category><![CDATA[Amazon Elastic Kubernetes Service]]></category>
		<category><![CDATA[Amazon SageMaker]]></category>
		<category><![CDATA[Announcements]]></category>
		<category><![CDATA[AWS Security Hub]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[Week in Review]]></category>
		<guid isPermaLink="false">795943e111b58ed576073f2b1f72bcebff6b9306</guid>

					<description>AWS Builder Center turned one year old last week. Launched on July 9, 2025, the platform has grown from a community hub with Wishlist voting, community profiles, and a toolbox into a full ecosystem with sandbox environments, workshops, Spaces, and a Builders’ Library. To mark the anniversary, Rick Suttles published a full feature timeline covering […]</description>
										<content:encoded>&lt;p&gt;AWS Builder Center turned one year old last week. Launched on July 9, 2025, the platform has grown from a community hub with Wishlist voting, community profiles, and a toolbox into a full ecosystem with sandbox environments, workshops, Spaces, and a Builders’ Library. To mark the anniversary, Rick Suttles published &lt;a href="https://builder.aws.com/content/3Fvjc3PRHRAbHM4Oa6hT1zogA4t/aws-builder-center-1-year-icymi"&gt;a full feature timeline&lt;/a&gt; covering everything shipped over the past year: AWS Capabilities by Region (1,500+ services across 37 Regions), Spaces for community-created groups, workshops with category and complexity filters, badges and streaks, article series, view counts, saved items, student status, availability notifications, sign-in with GitHub and Amazon, and sandbox environments.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone size-full wp-image-105048" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/07/13/1215504668303320.png" alt="" width="1200" height="655"&gt;&lt;/p&gt; 
&lt;p&gt;Jeff Barr published &lt;a href="https://builder.aws.com/content/3GFcM59UkfV8HGO8IlMqlkZr8tV/aws-builder-center-the-first-year"&gt;a retrospective&lt;/a&gt; summarizing Builder Center’s first year. Since launch, 5,548 authors have published 6,448 articles with more than 10.4 million page views combined. Builders have earned 99,226 badges since the badge system launched in March 2026. Community members have submitted 565 wishes, 10 of which have shipped with another 20 on the near-term roadmap.&lt;/p&gt; 
&lt;p&gt;The top community article &lt;a href="https://builder.aws.com/content/3EBFSHQD6b0TBD6hJnOM8h5p1B3/building-an-aws-study-buddy-with-mcp-strands-agents-sdk"&gt;Building an AWS Study Buddy with MCP + Strands Agents SDK&lt;/a&gt; by Dineshraj Dhanapathy reached 50,000+ views. Chris Miller’s &lt;a href="https://builder.aws.com/content/3DrwRkoYtd7StDyVvIOg0ECKXmR/migrating-an-eol-linux-server-to-aws-in-8-hours-with-kiro"&gt;Migrating an EOL Linux Server to AWS in 8 Hours with Kiro&lt;/a&gt; followed at 45,000+, and Yash Aggarwal’s &lt;a href="https://builder.aws.com/content/39l2TayUzpddaEpCePLFw8Vt7Vl/aideas-neurovoice-multimodal-ai-for-early-screening-of-neurological-diseases"&gt;AIdeas: NeuroVoice – Multimodal AI for Early Screening of Neurological Diseases&lt;/a&gt; article reached 38,000+.&lt;/p&gt; 
&lt;p&gt;The week’s headline addition is &lt;a href="https://builder.aws.com/content/3GCjkXGc1Qrs5jGsWI5fkTLNWzU/introducing-sandbox-environments-on-aws-builder-center"&gt;Sandbox Environments&lt;/a&gt; by Rick Suttles. Sandboxes give you a free, pre-provisioned AWS account to complete a workshop exercise. Each environment is active for 8 hours, after which the account and all its resources are automatically de-provisioned. You can have one active sandbox at a time and request one per week. No personal AWS account, credit card, or manual cleanup required.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Last week’s launches&lt;br&gt; &lt;/strong&gt;&lt;/span&gt;Here’s what else happened this week.&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/07/aws-security-hub-network-scanning/"&gt;AWS Security Hub introduces Network Scanning&lt;/a&gt; – Security Hub introduced Network Scanning, a capability that identifies resources in your environment that are reachable from the public internet. Network Scanning probes your resources from the internet to detect actual reachability, complementing the existing network reachability findings in Security Hub that identify configurations that could make a resource reachable. It discovers public IP addresses, virtual machines, and load balancers across your AWS and Azure environments, identifies reachable ports, and determines what services are running behind them. Each reachable port generates a Security Hub finding with evidence of the port and service discovered. Security Hub Exposures then automatically correlates these findings with other findings and resource configurations to determine broader risk. Existing customers can enable Network Scanning in individual accounts and Regions, or across an organization through a configuration policy. For new customers, Network Scanning is on by default. It is included with Security Hub Essentials at no additional cost.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/aws-security-hub-supports-monitoring-microsoft-azure/"&gt;Security Hub also extends unified security management to Microsoft Azure&lt;/a&gt; – Security Hub now monitors Microsoft Azure resources, providing unified posture management, vulnerability management, and security response across both clouds. It automatically discovers Azure VMs, container images, Function Apps, and identities, and evaluates them for misconfigurations, internet exposure, and software vulnerabilities. AWS and Azure findings appear in the same prioritized view with the same formats and automation workflows.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/07/sagemaker-studio-hugging-face-integration/"&gt;Amazon SageMaker Studio integrates with Hugging Face for one-click model deployment and customization&lt;/a&gt; – You can now go from discovering a model on Hugging Face to working with it in SageMaker Studio in a single click. Select any supported model on Hugging Face and choose “Customize on SageMaker AI” or “Deploy on SageMaker AI” to land directly on the corresponding workflow page with the model pre-loaded. New customers receive a Studio environment created in seconds with pre-configured permissions for serverless model customization (including fine-tuning with custom reward functions for reinforcement learning), model evaluation, and deployment to SageMaker or Bedrock endpoints. Verified customers receive default GPU access to G5, G6, and G4dn instances without requesting quota increases, and quota utilization is visible directly inside the Studio environment.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/07/amazon-ecs-managed-instances-gpu-price/"&gt;Amazon EKS Auto Mode and Amazon ECS Managed Instances reduce GPU management fees by up to 60%&lt;/a&gt; – Beginning July 1, 2026, EKS Auto Mode and ECS Managed Instances reduce management fees for accelerated instance types: G-series fees are down 35%, and P-series and AWS Trainium fees are down 60%. The reductions apply automatically to existing clusters and require no action from customers. Both services include capabilities built for accelerated workloads. EKS Auto Mode provides automatic parallel image pulling on GPU instances with local NVMe storage and accelerator-aware node repair. ECS Managed Instances provides GPU metrics through Amazon CloudWatch Container Insights and automatic health monitoring for GPU hardware failures.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/07/amazon-aurora-dsql-cdc-ga/"&gt;Amazon Aurora DSQL change data capture (CDC) is now generally available&lt;/a&gt; – Aurora DSQL CDC streams the results of insert, update, and delete operations as change events to Amazon Kinesis Data Streams. You can use it to synchronize data across microservices, trigger Lambda functions, or deliver changes to S3, Redshift, and OpenSearch Service through Amazon Data Firehose. CDC streaming is designed to have zero impact on database workload performance and requires no infrastructure to manage.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;For a full list of AWS announcements, be sure to keep an eye on the &lt;a href="https://aws.amazon.com/new/"&gt;What’s New with AWS&lt;/a&gt; page.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Other AWS news&lt;br&gt; &lt;/strong&gt;&lt;/span&gt;Here are some additional posts you may find useful:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/opensource/building-secure-ai-agents-at-scale-introducing-loom-for-aws/"&gt;Building secure AI agents at scale: Introducing Loom for AWS&lt;/a&gt; – Loom is an open-source enterprise platform for building agents with AWS Strands Agents and deploying them on Amazon Bedrock AgentCore Runtime. It provides a unified management UI and backend API with identity provider integration, scope-based authorization, multi-persona navigation, and full lifecycle management for agents, memory, MCP servers, and agent-to-agent integrations. Loom enforces automated resource tagging for cost attribution, implements RBAC and ABAC for multi-tenant security, uses paved-path blueprints for agent deployments, manages identity propagation through delegated actor chains, integrates with AWS Agent Registry for discovery and governance, and supports human-in-the-loop review before sensitive actions. The project is available in AWS Labs on GitHub.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/machine-learning/introducing-claude-apps-gateway-for-aws/"&gt;Introducing Claude apps gateway for AWS&lt;/a&gt; – The Claude apps gateway is a self-hosted control plane that gives organizations centralized control over access, cost, and policy for Claude Code and Claude Desktop. It connects to any OIDC-compliant identity provider, enforces managed settings on every request, routes inference to Amazon Bedrock or Claude Platform on AWS, and supports per-user and per-group spend caps. The gateway runs as a stateless container in your private network, backed by a PostgreSQL database for short-lived sign-in state. No long-lived secrets are stored on developer machines. Deploy it through Amazon Bedrock to keep data within the AWS security boundary, or through Claude Platform on AWS for the native Claude platform experience.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/security/introducing-oauth-support-for-aws-mcp-server/"&gt;Introducing OAuth support for AWS MCP Server&lt;/a&gt; – You can now connect agents to the AWS MCP Server using browser-based OAuth with the same credentials you use for the AWS Console or CLI. The new sign-in path supports IAM federation, AWS IAM Identity Center, and root or IAM users. AWS Sign-In issues short-lived access tokens and refresh tokens, with automatic token management so developers stay authenticated across restarts. For headless use cases, a non-interactive flow lets applications with existing AWS credentials obtain OAuth access tokens through the &lt;code&gt;create-oauth2-token-with-iam&lt;/code&gt; API. New governance controls include OAuth-specific IAM condition keys, token introspection and revocation, dynamic client registration, and CloudTrail audit elements.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;For a full list of AWS blog posts, be sure to keep an eye on the &lt;a href="https://aws.amazon.com/blogs/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Blogs&lt;/a&gt; page.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Upcoming AWS events&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; Check your calendar and sign up for upcoming AWS events:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/events/summits/"&gt;AWS Summits&lt;/a&gt; – Free in-person events for builders and innovators to learn, think big, and make new connections. Coming up: &lt;a href="https://aws.amazon.com/tw/events/summits/taipei/"&gt;Taipei&lt;/a&gt; (July 15), &lt;a href="https://aws.amazon.com/es/events/summits/bogota/"&gt;Bogotá&lt;/a&gt; (July 30), &lt;a href="https://aws.amazon.com/id/events/summits/jakarta/"&gt;Jakarta&lt;/a&gt; (August 6), &lt;a href="https://aws.amazon.com/es/events/summits/mexico-city/"&gt;Ciudad de México&lt;/a&gt; (August 12), &lt;a href="https://aws.amazon.com/events/summits/johannesburg/"&gt;Johannesburg&lt;/a&gt; (August 19), and &lt;a href="https://aws.amazon.com/events/summits/zurich/"&gt;Zurich&lt;/a&gt; (September 2).&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/events/community-day/"&gt;AWS Community Days&lt;/a&gt; – Community-led conferences planned and delivered by community leaders. Upcoming events include &lt;a href="https://communityday.awscmr.com/en"&gt;Yaoundé, Cameroon&lt;/a&gt; (July 25), &lt;a href="https://awsahmedabad.community/"&gt;Ahmedabad, India&lt;/a&gt;&amp;nbsp;(July 25), &lt;a href="https://awscommunityday.com.br/"&gt;Belo Horizonte, Brazil&lt;/a&gt; (August 22), &lt;a href="https://awscommunityday.ca/"&gt;Ottawa, Canada&lt;/a&gt; (August 22), &lt;a href="https://awsdaytulsa.com/"&gt;Tulsa, USA&lt;/a&gt; (August 22), and &lt;a href="https://awsday.ca/?city=toronto"&gt;Toronto, Canada&lt;/a&gt; (August 29).&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;Visit the &lt;a href="https://builder.aws.com/"&gt;AWS Builder Center&lt;/a&gt; to meet other builders, contribute solutions, and find resources that help you keep building.&lt;/p&gt; 
&lt;p&gt;Wishing everyone a restful and enjoyable summer. Whether you’re building, learning, or recharging, I hope you find time for all three. I’ll be heading to Scandinavia for a few weeks to trade the heat for some cooler weather and longer evenings. Come back next week for more news!&lt;/p&gt; 
&lt;a href="https://www.linkedin.com/in/esrakayabali/"&gt;— Esra&lt;/a&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>AWS Weekly Roundup: Claude Sonnet 5 on AWS, Amazon WorkSpaces for AI agents, AWS service availability updates, and more (July 6, 2026)</title>
		<link>https://aws.amazon.com/blogs/aws/aws-weekly-roundup-claude-sonnet-5-on-aws-amazon-workspaces-for-ai-agents-aws-service-availability-updates-and-more-july-6-2026/</link>
					
		
		<dc:creator><![CDATA[Daniel Abib]]></dc:creator>
		<pubDate>Mon, 06 Jul 2026 15:46:43 +0000</pubDate>
				<category><![CDATA[Amazon Bedrock]]></category>
		<category><![CDATA[Amazon CloudWatch]]></category>
		<category><![CDATA[Amazon EC2]]></category>
		<category><![CDATA[Amazon Elastic Kubernetes Service]]></category>
		<category><![CDATA[Amazon OpenSearch Service]]></category>
		<category><![CDATA[Amazon SageMaker AI]]></category>
		<category><![CDATA[Amazon WorkSpaces]]></category>
		<category><![CDATA[AWS Certificate Manager]]></category>
		<category><![CDATA[AWS CloudFormation]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[Week in Review]]></category>
		<guid isPermaLink="false">93f6e85a83e5307a20b77095977f07cd1f1ca301</guid>

					<description>A couple of editions ago I wrote about what I find so energizing about working with startups. Last week I got a fresh dose of it: I spent a few days with the AWS Startups team, listening to stories of founders talking about the problems they’re actually solving. One story that stayed with me came […]</description>
										<content:encoded>&lt;p&gt;A couple of editions ago I wrote about what I find so energizing about working with startups. Last week I got a fresh dose of it: I spent a few days with the AWS Startups team, listening to stories of founders talking about the problems they’re actually solving. One story that stayed with me came from Marco Negreiros, founder of &lt;a href="https://www.eyecarehealth.com.br/"&gt;EyeCare Health&lt;/a&gt;, a Brazilian healthtech expanding access to eye care. He shared a striking fact: more than 70% of Brazilian municipalities don’t have a single ophthalmologist. His answer was to put a vision test on the one device almost everyone already carries, the smartphone, so a basic eye screening no longer depends on living near a clinic. Watching a founder turn a gap that big into something that concrete is exactly why I love this space.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter size-full wp-image-104987" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/07/03/GetTogether_1540.jpg" alt="AWS Startups team get-together with founders in Brazil" width="1540" height="1026"&gt;&lt;/p&gt; 
&lt;p&gt;This week, I’ll take a closer look at some key launches, and then cover the quarterly AWS Service Availability updates.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Last week’s launches&lt;/strong&gt;&lt;br&gt; Here are some of the launches covered from this past week in the AWS News Blog:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/amazon-ec2-c9g-and-c9gd-instances-powered-by-aws-graviton5-processors-are-now-available/"&gt;Amazon EC2 C9g and C9gd instances powered by AWS Graviton5 processors&lt;/a&gt;:&amp;nbsp;They deliver up to 25% better compute performance than Graviton4-based instances, 5x larger cache, fastest memory of any processor instances in the cloud, and local NVMe storage options (C9gd).&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/accelerate-your-infrastructure-deployments-by-up-to-4x-with-aws-cloudformation-express-mode/"&gt;A new AWS CloudFormation Express mode&lt;/a&gt;: You can speed up infrastructure deployment with AWS CloudFormation Express mode, enabling AI agents and developers to receive deployment confirmation in seconds and iterate faster. Available in all commercial Regions at no additional cost.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/upgrade-amazon-eks-clusters-with-confidence-using-kubernetes-version-rollbacks/"&gt;Upgrade Amazon EKS clusters with confidence using Kubernetes version rollbacks&lt;/a&gt;: Learn how Kubernetes version rollbacks for Amazon EKS let you reverse cluster upgrades within seven days. This new feature provides a safety net for upgrade failures, no cluster rebuilds required, turning Kubernetes version upgrades into a reversible, low-risk operation.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/automate-public-tls-certificate-issuance-with-acme-support-in-aws-certificate-manager/"&gt;Automate public TLS certificate issuance with ACME support in AWS Certificate Manager&lt;/a&gt;: AWS Certificate Manager now supports the ACME protocol, so you can automate the issuance and renewal of public TLS certificates using standard, widely adopted tooling.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;Here are some launches and updates that caught my attention:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/claude-sonnet-5-now-available-on-aws"&gt;Claude Sonnet 5 is now available on AWS&lt;/a&gt; – Anthropic’s most capable Sonnet model brings top-tier intelligence at Sonnet pricing for coding, agents, and everyday professional work at scale. It navigates large codebases, calls tools precisely, and holds state across long agentic tasks. To learn more, visit the &lt;a href="https://aws.amazon.com/blogs/machine-learning/introducing-claude-sonnet-5-on-aws-anthropics-most-capable-sonnet-model/"&gt;AI Blog post&lt;/a&gt;.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-workspaces-ai/"&gt;Amazon WorkSpaces for AI agents is now generally available&lt;/a&gt;: AI agents can now securely access and operate desktop applications through managed WorkSpaces environments, without requiring application modernization or custom integrations. To learn more. visit the &lt;a href="https://aws.amazon.com/blogs/desktop-and-application-streaming/amazon-workspaces-now-lets-ai-agents-operate-desktop-applications/"&gt;Desktop and Application Streaming Blog post&lt;/a&gt;.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/07/amazon-opensearch-service-optimized-log-analytics"&gt;Amazon OpenSearch Service is now optimized for log analytics&lt;/a&gt;: This release introduces a new engine purpose-built for log analytics workloads that delivers up to 4x better price-performance on internal benchmarks, while keeping the full-text search capabilities OpenSearch is known for. Teams can now get aggregations and precise text search in one place. To learn more, visit the &lt;a href="https://aws.amazon.com/blogs/big-data/run-log-analytics-for-a-fraction-of-the-cost-with-the-new-engine-for-amazon-opensearch-service/"&gt;Big Data Blog post&lt;/a&gt;.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/sagemakerai-inf-scale-out-time"&gt;Amazon SageMaker AI cuts generative AI inference scale-out time by up to half&lt;/a&gt;: SageMaker Inference now supports container image caching, enabling up to 2x faster end-to-end scaling for generative AI models during scale-out events. To learn more, visit the &lt;a href="https://aws.amazon.com/blogs/machine-learning/introducing-container-caching-in-amazon-sagemaker-ai-for-faster-model-scaling/?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;AI Blog post&lt;/a&gt;.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/07/amazon-cloudwatch-log-alarms/"&gt;Amazon CloudWatch supports creating alarms from log queries&lt;/a&gt; : You can now create alarms directly on log query results and set thresholds in a single workflow, eliminating the need to first create metric filters or custom metrics as intermediate steps.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;For a full list of AWS announcements, be sure to keep an eye on the &lt;a href="https://aws.amazon.com/new/"&gt;What’s New with AWS&lt;/a&gt; page.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;AWS Service Availability Updates&lt;/strong&gt;&lt;br&gt; When the availability of an AWS service or feature changes, we provide customers guidance in &lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/aws-service-availability/"&gt;AWS Product Lifecycle Changes&lt;/a&gt; on available alternatives and support for migration so that disruptions to your operations are minimized. The following lifecycle changes were updated on June 30, 2026.&lt;/p&gt; 
&lt;p&gt;Services moving to Maintenance (no longer accessible to new customers starting July 30, 2026):&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/bedrock/latest/userguide/agents-classic-maintenance-mode.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Amazon Bedrock Agents (launched November 2023) is now Amazon Bedrock Agents Classic&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sync-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Amazon Cognito Sync&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/kendra/latest/dg/kendra-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Amazon Kendra&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/qbusiness-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Amazon Q Business&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple-ad-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;AWS Directory Service – Simple AD&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/iot-device-defender/latest/devguide/dd-detect-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;AWS IoT Device Defender – Detect&lt;/a&gt; (feature will no longer be accessible to new customers starting August 31, 2026)&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/managedservices/latest/userguide/SunsetPlan?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;AWS Mainframe Modernization – Self-Managed Experience&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/aws-myApplications-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;AWS Management Console – myApplications&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/console/ARG/latest/userguide/resource-groups-gle-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;AWS Resource Groups – Group Lifecycle Events&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/servicecatalog/latest/arguide/app-registry-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;AWS Service Catalog – Application Registry&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/systems-manager/latest/userguide/application-manager-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;AWS Systems Manager – Application Manager&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;Amazon SageMaker AI features: &lt;a href="https://docs.aws.amazon.com/sagemaker/latest/dg/a2i-use-augmented-ai-a2i-human-review-loops.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;A2I&lt;/a&gt;, &lt;a href="https://docs.aws.amazon.com/sagemaker/latest/dg/clarify-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Clarify&lt;/a&gt;, &lt;a href="https://docs.aws.amazon.com/sagemaker/latest/dg/model-debugger-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Debugger&lt;/a&gt;, &lt;a href="https://docs.aws.amazon.com/sagemaker/latest/dg/geospatial.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;GeoSpatial&lt;/a&gt;, &lt;a href="https://docs.aws.amazon.com/sagemaker/latest/dg/sms.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Ground Truth&lt;/a&gt;, &lt;a href="https://docs.aws.amazon.com/sagemaker/latest/dg/sms-workforce-management-public.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Mechanical Turk&lt;/a&gt;, &lt;a href="https://docs.aws.amazon.com/sagemaker/latest/dg/model-monitor-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Model Monitor&lt;/a&gt;, &lt;a href="https://docs.aws.amazon.com/sagemaker/latest/dg/role-manager-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Role Manager&lt;/a&gt;, and &lt;a href="https://docs.aws.amazon.com/sagemaker/latest/dg/studio-lab-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Studio Lab&lt;/a&gt;&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;Services entering Sunset:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-pcoip-end-of-support.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Amazon WorkSpaces – PCoIP&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/workspaces/latest/adminguide/wsp-pools-end-of-support.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Amazon WorkSpaces – Pool&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/managedservices/latest/userguide/SunsetPlan?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;AWS Managed Services (AMS) Advanced&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/repostprivate/latest/userguide/repost-private-end-of-support.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;AWS re:Post Private&lt;/a&gt;&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://docs.aws.amazon.com/sagemaker/latest/dg/profiler-availability-change.html?refid=d8ec3b19-0f37-4f8c-8c12-189f913e205c"&gt;Amazon Sagemaker AI- Profiler&lt;/a&gt;&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;Services reaching End of Support (as of June 30, 2026):&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;Amazon Chime SDK – Carrier Voice Focus&lt;/li&gt; 
 &lt;li&gt;Amazon SageMaker AI – Ground Truth Plus&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;We understand that changes in availability can impact your operations. For specific guidance, consult the relevant service documentation or contact AWS Support.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Upcoming AWS events&lt;/strong&gt;&lt;br&gt; Check your calendar and sign up for upcoming AWS events:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/events/summits/"&gt;AWS Summits&lt;/a&gt; – AWS Summits are free events that bring the cloud and AI community together to connect, learn, and explore the latest technologies. Browse the full calendar to find a Summit near you in the second half of 2026.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://builder.aws.com/"&gt;AWS Community Days&lt;/a&gt; – Community-led conferences where content is planned, sourced, and delivered by community leaders. If you’re in Latin America, don’t miss AWS Community Day Belo Horizonte on August 22. Registration is open at &lt;a href="https://awscommunityday.com.br/"&gt;awscommunityday.com.br&lt;/a&gt;.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;Join the &lt;a href="https://builder.aws.com/"&gt;AWS Builder Center&lt;/a&gt; to connect with builders, share solutions, and access content that supports your development. Browse &lt;a href="https://aws.amazon.com/events/"&gt;here&lt;/a&gt; for upcoming AWS-led in-person and virtual events and developer-focused events.&lt;/p&gt; 
&lt;p&gt;That’s all for this week. Check back next Monday for another Weekly Roundup!&lt;/p&gt; 
&lt;p&gt;– Daniel Abib&lt;/p&gt; 
&lt;p&gt;&lt;em&gt;This post is part of our Weekly Roundup series. Check back each week for a quick roundup of interesting news and announcements from AWS!&lt;/em&gt;&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Upgrade Amazon EKS clusters with confidence using Kubernetes version rollbacks</title>
		<link>https://aws.amazon.com/blogs/aws/upgrade-amazon-eks-clusters-with-confidence-using-kubernetes-version-rollbacks/</link>
					
		
		<dc:creator><![CDATA[Micah Walter]]></dc:creator>
		<pubDate>Wed, 01 Jul 2026 17:20:30 +0000</pubDate>
				<category><![CDATA[Amazon Elastic Kubernetes Service]]></category>
		<category><![CDATA[Compute]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<guid isPermaLink="false">25f64a6bf2f8d46827f51c3f9dcc34b99f7955fd</guid>

					<description>Learn how Kubernetes version rollbacks for Amazon EKS let you reverse cluster upgrades within seven days. This new feature provides a safety net for upgrade failures—no cluster rebuilds required—turning Kubernetes version upgrades into a reversible, low-risk operation.</description>
										<content:encoded>&lt;p&gt;Upgrading a &lt;a href="https://kubernetes.io/"&gt;Kubernetes&lt;/a&gt; control plane has long been a one way door. Open source Kubernetes doesn’t support control plane rollback, so once you upgrade, there’s no going back. The community is making real progress here, and &lt;a href="https://github.com/kubernetes/enhancements/issues/4330"&gt;KEP-4330&lt;/a&gt; introduces emulated versions to ease rollback. But in practice this constraint has pushed organizations to build elaborate compensating mechanisms like bake periods, stagger groups, automated sign offs, and months long upgrade cycles. With Kubernetes releasing three minor versions per year, teams managing hundreds of clusters, especially in regulated environments, often delay upgrades entirely because they aren’t confident they can recover if something goes wrong. The result is clusters stuck on older versions, missing security patches, and eventually running up against extended support timelines.&lt;/p&gt; 
&lt;p&gt;Today, we’re announcing Kubernetes &lt;a href="https://docs.aws.amazon.com/eks/latest/userguide/rollback-cluster.html"&gt;version rollbacks&lt;/a&gt; for &lt;a href="https://aws.amazon.com/eks/"&gt;Amazon Elastic Kubernetes Service (Amazon EKS)&lt;/a&gt;, a new feature that gives cluster administrators a safety net when performing cluster upgrades. With version rollbacks, you can reverse a Kubernetes version upgrade within seven days if you encounter issues after upgrading, returning your cluster to its previous working state.&lt;/p&gt; 
&lt;p&gt;Where approaches like emulated versions keep a cluster in a transitional holding state, EKS version rollback returns your cluster to a fully validated previous version that ran in production, not an emulation of it. Now, if you upgrade a cluster from, say, Kubernetes 1.34 to 1.35 and discover a compatibility issue, you can roll back to 1.34 within seven days. There’s no need to rebuild your cluster or scramble to troubleshoot under pressure. Think of it as an undo button for Kubernetes version upgrades.&lt;/p&gt; 
&lt;p&gt;The feature supports rolling back one minor version at a time, matching the same incremental approach EKS uses for upgrades. And to help you roll back safely, EKS automatically evaluates your cluster’s rollback readiness through &lt;a href="https://docs.aws.amazon.com/eks/latest/userguide/cluster-insights.html"&gt;cluster insights&lt;/a&gt;, flagging items like node version compatibility or add-on dependencies before you proceed. If you’ve already assessed the situation and want to move quickly, you can use the &lt;code&gt;--force&lt;/code&gt; flag to bypass those checks. The above applies to all EKS clusters, whether you manage your own nodes or let AWS handle them. But for customers who have embraced fully managed infrastructure, rollback goes a step further.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Rollback for EKS Auto Mode&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; &lt;a href="https://docs.aws.amazon.com/eks/latest/userguide/automode.html"&gt;EKS Auto Mode&lt;/a&gt; gives you one click deployment of production ready Kubernetes clusters, automating compute, networking, and storage management so you can focus on your applications rather than infrastructure. EKS Auto Mode introduces additional considerations for &lt;a href="https://docs.aws.amazon.com/eks/latest/userguide/rollback-automode.html"&gt;version rollbacks&lt;/a&gt; because both the control plane and managed nodes need to be rolled back together. Since node rollbacks respect your pod disruption budgets, the process can take time depending on your configuration.&lt;/p&gt; 
&lt;p&gt;To give you control over this process, we’ve introduced a &lt;a href="https://docs.aws.amazon.com/eks/latest/userguide/rollback-automode.html#automode-cancel-rollback"&gt;&lt;strong&gt;cancel API&lt;/strong&gt;&lt;/a&gt; that lets you stop a node rollback at any point. If you decide the rollback is taking too long or you want to change your approach, you can cancel and adjust your disruption budgets to accelerate things, or choose a different path forward.&lt;/p&gt; 
&lt;p&gt;By default, EKS never bypasses your disruption budgets during a rollback because we prioritize workload stability. You can always choose to modify or remove disruption budgets yourself to speed up the process if needed.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Let’s try it out&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; To try version rollbacks, I navigated to the Amazon EKS console and selected one of my clusters that I had recently upgraded.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone size-large wp-image-104900" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/27/eks-image-01-1024x382.png" alt="" width="1024" height="382"&gt;&lt;/p&gt; 
&lt;p&gt;From the cluster’s configuration page, I can see the option to initiate a version rollback, along with information about my current rollback window.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone size-large wp-image-104901" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/27/eks-image-02-1024x507.png" alt="" width="1024" height="507"&gt;&lt;/p&gt; 
&lt;p&gt;Before initiating the rollback, I reviewed the rollback insights to check for any potential issues. The insights showed me the status of my nodes and flagged anything I should address before proceeding.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone size-large wp-image-104902" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/27/eks-image-03-1024x718.png" alt="" width="1024" height="718"&gt;&lt;/p&gt; 
&lt;p&gt;After confirming, the rollback began. My cluster remained functional throughout the process. The control plane rollback took about 20 minutes, similar to a standard upgrade. For my EKS Auto Mode cluster, the nodes rolled back gracefully according to my disruption budget settings.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone size-large wp-image-104903" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/27/eks-image-04-1024x557.png" alt="" width="1024" height="557"&gt;&lt;/p&gt; 
&lt;p&gt;Once complete, my cluster was back on the previous Kubernetes version, running as expected.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Now available&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; Kubernetes &lt;a href="https://docs.aws.amazon.com/eks/latest/userguide/rollback-cluster.html"&gt;version rollbacks&lt;/a&gt; for Amazon EKS are available today at no additional cost in all commercial AWS Regions where Amazon EKS is available. You pay only for the standard EKS and compute costs you would normally incur. There are no extra charges for using the rollback capability.&lt;/p&gt; 
&lt;p&gt;Control plane rollbacks are available for all EKS clusters, and node rollbacks are available for clusters running EKS Auto Mode. Version rollbacks support clusters running Kubernetes versions available in EKS standard support and extended support.&lt;/p&gt; 
&lt;p&gt;To get started, visit the &lt;a href="https://docs.aws.amazon.com/eks/latest/userguide/"&gt;Amazon EKS documentation&lt;/a&gt; or try it out directly in the &lt;a href="https://console.aws.amazon.com/eks/"&gt;Amazon EKS console&lt;/a&gt;.&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Accelerate your infrastructure deployments by up to 4x with AWS CloudFormation Express mode</title>
		<link>https://aws.amazon.com/blogs/aws/accelerate-your-infrastructure-deployments-by-up-to-4x-with-aws-cloudformation-express-mode/</link>
					
		
		<dc:creator><![CDATA[Channy Yun (윤석찬)]]></dc:creator>
		<pubDate>Tue, 30 Jun 2026 21:30:33 +0000</pubDate>
				<category><![CDATA[AWS CloudFormation]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[Management Tools]]></category>
		<category><![CDATA[News]]></category>
		<guid isPermaLink="false">e1fe2965259df670bd55dc1185e2f5c257298d4c</guid>

					<description>AWS CloudFormation speeds up infrastructure deployment with Express mode, enabling AI agents and developers to receive deployment confirmation in seconds and iterate faster. Available in all commercial Regions at no additional cost.</description>
										<content:encoded>&lt;p&gt;Today, we’re announcing &lt;a href="https://aws.amazon.com/cloudformation/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS CloudFormation&lt;/a&gt; Express mode,&amp;nbsp;a new deployment mode that accelerates deployments for developers and AI tools iterating on infrastructure. Express mode accelerates deployments by completing when CloudFormation confirms resource configuration is applied, rather than waiting for extended stabilization checks. This reduces deployment time by up to 4 times for iterative development workflows and production scenarios.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;How it works&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; Every CloudFormation deployment performs stabilization checks after resource configuration is applied. These checks serve an important purpose when you need to confirm resources can serve traffic before shifting load.&lt;/p&gt; 
&lt;p&gt;However, many workflows do not require full stabilization to proceed. Express mode benefits two primary use cases: iterative development workflows and production scenarios where you are comfortable with eventual stabilization. These use cases include iterating on infrastructure configurations during development, testing individual components of your application, and AI-assisted infrastructure development that benefits from sub-minute feedback loops.&lt;/p&gt; 
&lt;p&gt;With Express mode, CloudFormation completes deployments when resource configuration is applied, without waiting for stabilization checks. Resources continue becoming operational in the background. CloudFormation automatically retries dependent resources that encounter transient failures during provisioning within the same stack, without requiring any customer intervention. This built-in resilience handles timing issues between resources as they stabilize. Express mode changes &lt;em&gt;when&lt;/em&gt; the deployment completes, not &lt;em&gt;how&lt;/em&gt; resources are provisioned.&lt;/p&gt; 
&lt;p&gt;For example, when I create an &lt;a href="https://aws.amazon.com/sqs/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Amazon Simple Queue Service (SQS)&lt;/a&gt; queue with a dead letter queue (DLQ), Standard mode takes 64 seconds, but Express mode completes in up to 10 seconds. In the case of deleting an &lt;a href="https://aws.amazon.com/lambda/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Lambda&lt;/a&gt; function with network interface attachment, Standard mode takes 20–30 minutes, but Express mode completes in up to 10 seconds based on my benchmarking test.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;Get started with CloudFormation Express mode&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; When you create a CloudFormation stack in the &lt;a href="https://console.aws.amazon.com/cloudformation/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Management Console&lt;/a&gt;, choose &lt;strong&gt;Enable&lt;/strong&gt; in the &lt;strong&gt;Express mode&lt;/strong&gt; under &lt;strong&gt;Stack deployment options&lt;/strong&gt;.&lt;img loading="lazy" class="aligncenter wp-image-104864 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/25/2026-aws-cloudformation-express-mode-console.jpg" alt="" width="1800" height="1492"&gt;&lt;/p&gt; 
&lt;p&gt;You can also use &lt;a href="https://aws.amazon.com/cli/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Command Line Interface (AWS CLI)&lt;/a&gt;, &lt;a href="https://builder.aws.com/build/tools#SDKs?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS SDKs&lt;/a&gt;, or IaC tools like &lt;a href="https://aws.amazon.com/cdk/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Cloud Development Kit (CDK)&lt;/a&gt;, and AI tools such as &lt;a href="https://kido.dev/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Kiro&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;Activate Express mode by setting the &lt;code class="qs:font-mono qs:bg-action-hover qs:rounded qs:px-1 qs:py-0.5 qs:mx-1" data-testid="qbiz-components-markdown-codehighlighter-fallback-container"&gt;--deployment-config&lt;/code&gt; parameter to &lt;code&gt;EXPRESS&lt;/code&gt; when creating, updating, or deleting stacks. No template changes are required. Express mode disables rollback by default for the fastest iteration experience. To re-enable rollback, set &lt;code&gt;disableRollback&lt;/code&gt; to &lt;code&gt;false&lt;/code&gt; in the &lt;code&gt;deployment-config&lt;/code&gt; for production environments, or implement monitoring/cleanup mechanisms for failed deployments.&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-bash"&gt;aws cloudformation create-stack \ 
   --stack-name my-app \ 
   --template-body file://template.yaml \ 
   --deployment-config '{"mode": "EXPRESS", "disableRollback": true}' \&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;For example, use the Express mode when you build infrastructure incrementally, adding resources one at a time. Ensure your IAM role templates follow the principle of least privilege.&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-bash"&gt;# Iteration 1: Deploy IAM role
aws cloudformation create-stack \
--stack-name my-microservice \
--template-body file://iteration1-iam.yaml \
--deployment-config '{"mode": "EXPRESS"}' \
--capabilities CAPABILITY_IAM
--role-arn arn:aws:iam::123456789012:role/CloudFormationDeployRole

# Iteration 2: Add Lambda function
aws cloudformation update-stack \
--stack-name my-microservice \
--template-body file://iteration2-lambda.yaml \
--deployment-config '{"mode": "EXPRESS"}' \
--capabilities CAPABILITY_IAM
--role-arn arn:aws:iam::123456789012:role/CloudFormationDeployRole

# Iteration 3: Add SQS queue and event source mapping
aws cloudformation update-stack \
--stack-name my-microservice \
--template-body file://iteration3-sqs.yaml \
--deployment-config '{"mode": "EXPRESS"}' \
--capabilities CAPABILITY_IAM
--role-arn arn:aws:iam::123456789012:role/CloudFormationDeployRole&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;For AWS CDK, activate Express mode with the &lt;code&gt;cdk deploy --express&lt;/code&gt; command when you deploy your CDK stack. This command retrieves your generated CloudFormation template and deploys it through the CloudFormation Express mode, which provisions your resources as part of a CloudFormation stack.&lt;/p&gt; 
&lt;p&gt;Express mode works with all existing CloudFormation templates and supports all CloudFormation features including change sets and nested stacks. When you enable Express mode on a parent stack, all nested stacks also use Express mode. If you need resources to be fully operational before proceeding with traffic or testing, continue using the default deployment behavior, which performs stabilization checks before completing.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;Now available&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; AWS CloudFormation Express mode is available today in all AWS commercial Regions at no additional cost. For Regional availability and a future roadmap, visit the &lt;a class="c-link" href="https://builder.aws.com/build/capabilities/explore?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el" target="_blank" rel="noopener noreferrer" data-stringify-link="https://builder.aws.com/capabilities/" data-sk="tooltip_parent"&gt;AWS Capabilities by Region&lt;/a&gt;. If you want to call APIs, search documentation, find regional availability, and check troubleshooting about this new feature, try using the &lt;a href="https://docs.aws.amazon.com/agent-toolkit/latest/userguide/getting-started-aws-mcp-server.html?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el" target="_blank" rel="noopener noreferrer"&gt;AWS MCP Server&lt;/a&gt; and &lt;a href="https://docs.aws.amazon.com/agent-toolkit/latest/userguide/plugins.html?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el" target="_blank" rel="noopener noreferrer"&gt;plugins&lt;/a&gt; with your preferred AI tool. To learn more, visit the &lt;a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;CloudFormation documentation&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;Start accelerating your deployments today, and send feedback to &lt;a href="https://repost.aws/tags/TAm3R3LNU3RfSX9L23YIpo3w/aws-cloudformation?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS re:Post for AWS CloudFormation&lt;/a&gt; or through your usual AWS Support contacts.&lt;/p&gt; 
&lt;p&gt;— &lt;a href="https://linkedin.com/in/channy"&gt;Channy&lt;/a&gt;&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Amazon EC2 C9g and C9gd instances powered by AWS Graviton5 processors are now available</title>
		<link>https://aws.amazon.com/blogs/aws/amazon-ec2-c9g-and-c9gd-instances-powered-by-aws-graviton5-processors-are-now-available/</link>
					
		
		<dc:creator><![CDATA[Sébastien Stormacq]]></dc:creator>
		<pubDate>Tue, 30 Jun 2026 20:56:44 +0000</pubDate>
				<category><![CDATA[Amazon EC2]]></category>
		<category><![CDATA[Graviton]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<guid isPermaLink="false">d668a838bb33c15b4742302284561effb3be54a0</guid>

					<description>Amazon EC2 C9g and C9gd instances, powered by AWS Graviton5, are now generally available. They deliver up to 25% better compute performance than Graviton4-based instances, 5x larger cache, fastest memory of any processor instances in the cloud, and local NVMe storage options (C9gd).</description>
										<content:encoded>&lt;p&gt;When you run compute-intensive workloads like real-time analytics, batch processing, video encoding, scientific modeling, or CPU-based machine learning inference, every percentage point of performance matters. You need instances that deliver higher throughput per vCPU, faster memory access, and more network bandwidth, all while keeping your costs in check.&lt;/p&gt; 
&lt;p&gt;Today I am happy to announce the general availability of &lt;a href="https://aws.amazon.com/ec2/"&gt;Amazon Elastic Compute Cloud (Amazon EC2)&lt;/a&gt; C9g and C9gd instances, powered by &lt;a href="https://aws.amazon.com/ec2/graviton/"&gt;AWS Graviton5&lt;/a&gt; processors. C9g instances are compute-optimized and deliver up to 25% higher performance per vCPU compared to previous-generation C8g instances. They feature the fastest memory of any processor instance in the cloud, with DDR5 8800MT/s DIMMs, 5x more L3 cache, and up to 3x higher packet-processing performance compared to Graviton4-based instances. The faster memory and larger caches mean your workloads spend less time waiting on data, translating into higher throughput for in-memory analytics, faster agentic loops, and more responsive real-time applications.&lt;/p&gt; 
&lt;p&gt;C9g instances are ideal for batch jobs, video encoding pipelines, or distributed analytics that can utilize &lt;a href="https://aws.amazon.com/ebs/"&gt;Amazon Elastic Block Store (Amazon EBS)&lt;/a&gt; for storage. It is also a natural fit for agentic AI workloads, where concurrent environments and CPU-bound reasoning steps benefit from Graviton5’s higher core count and larger caches. As AI shifts from answering questions to taking actions, running code, and orchestrating multi-step tasks, the demand for CPU compute is growing, and C9g instances are built for this shift.&lt;/p&gt; 
&lt;p&gt;Some workloads also need fast local storage alongside that compute power. Choose C9gd when your application benefits from high-speed, low-latency local NVMe SSD storage, for example scratch space during HPC simulations, temporary caches for ML inference, or local buffers for ad-serving engines.&lt;/p&gt; 
&lt;p&gt;Graviton5-based instances with NVMe instance store volumes also &lt;a href="https://aws.amazon.com/blogs/compute/optimize-latency-sensitive-workloads-with-amazon-ec2-detailed-nvme-statistics/"&gt;support detailed performance statistics, providing high-resolution I/O metrics, including latency histograms broken down by I/O size, up to 1-second granularity&lt;/a&gt; and accessible via &lt;a href="https://aws.amazon.com/cloudwatch/"&gt;Amazon CloudWatch&lt;/a&gt; or &lt;a href="https://github.com/linux-nvme/nvme-cli"&gt;nvme-cli&lt;/a&gt; at no additional cost.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;C9g and C9gd instances at a glance&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; C9g and C9gd instances are available in 11 sizes ranging from medium to 48xlarge, plus a bare metal option. They offer up to 15% higher network bandwidth and 20% higher EBS bandwidth on average across sizes compared to the previous generation, with the largest 48xlarge size delivering up to 100 Gbps of network bandwidth and up to 72 Gbps of EBS bandwidth, a 2x increase.&lt;/p&gt; 
&lt;table style="border-collapse: collapse;font-family: Arial,sans-serif;font-size: 13px;width: 100%" border="0" cellspacing="0" cellpadding="8"&gt; 
 &lt;tbody&gt; 
  &lt;tr style="background-color: #232f3e;color: #ffffff;font-weight: bold"&gt; 
   &lt;th style="padding: 10px 12px;text-align: center"&gt;C9g&lt;/th&gt; 
   &lt;th style="padding: 10px 12px;text-align: center"&gt;vCPUs&lt;/th&gt; 
   &lt;th style="padding: 10px 12px;text-align: center"&gt;Memory&lt;br&gt; (GiB)&lt;/th&gt; 
   &lt;th style="padding: 10px 12px;text-align: center"&gt;Network Bandwidth&lt;br&gt; (Gbps)&lt;/th&gt; 
   &lt;th style="padding: 10px 12px;text-align: center"&gt;EBS Bandwidth&lt;br&gt; (Gbps)&lt;/th&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;medium&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;1&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;2&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 15&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #f7f7f7"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;large&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;2&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;4&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 15&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;4&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;8&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 15&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #f7f7f7"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;2xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;8&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;16&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 17&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;4xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;16&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;32&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 17&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #f7f7f7"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;8xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;32&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;64&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;17&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;12xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;48&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;96&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;25&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;18&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #f7f7f7"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;16xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;64&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;128&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;34&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;24&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;24xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;96&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;192&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;50&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;36&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #f7f7f7"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;48xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;192&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;384&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;100&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;72&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;metal-48xl&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;192&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;384&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;100&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;72&lt;/td&gt; 
  &lt;/tr&gt; 
 &lt;/tbody&gt; 
&lt;/table&gt; 
&lt;p&gt;C9gd instances add local NVMe SSD storage with up to 30% higher storage performance compared to previous-generation local storage instances.&lt;/p&gt; 
&lt;table style="border-collapse: collapse;font-family: Arial,sans-serif;font-size: 13px;width: 100%" border="0" cellspacing="0" cellpadding="8"&gt; 
 &lt;tbody&gt; 
  &lt;tr style="background-color: #232f3e;color: #ffffff;font-weight: bold"&gt; 
   &lt;th style="padding: 10px 12px"&gt;C9gd&lt;/th&gt; 
   &lt;th style="padding: 10px 12px"&gt;vCPUs&lt;/th&gt; 
   &lt;th style="padding: 10px 12px"&gt;Memory&lt;br&gt; (GiB)&lt;/th&gt; 
   &lt;th style="padding: 10px 12px"&gt;Instance Storage&lt;br&gt; (GB)&lt;/th&gt; 
   &lt;th style="padding: 10px 12px"&gt;Network Bandwidth&lt;br&gt; (Gbps)&lt;/th&gt; 
   &lt;th style="padding: 10px 12px"&gt;EBS Bandwidth&lt;br&gt; (Gbps)&lt;/th&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;medium&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;1&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;2&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;1 x 59&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 15&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #f7f7f7"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;large&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;2&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;4&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;1 x 118&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 15&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;4&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;8&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;1 x 237&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 15&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #f7f7f7"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;2xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;8&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;16&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;1 x 474&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 17&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;4xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;16&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;32&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;1 x 950&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 17&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;Up to 12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #f7f7f7"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;8xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;32&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;64&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;1 x 1900&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;17&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;12&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;12xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;48&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;96&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;3 x 950&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;25&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;18&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #f7f7f7"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;16xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;64&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;128&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;1 x 3800&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;34&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;24&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;24xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;96&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;192&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;3 x 1900&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;50&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;36&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #f7f7f7"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;48xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;192&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;384&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;3 x 3800&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;100&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;72&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="background-color: #ffffff"&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;&lt;strong&gt;metal-48xl&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;192&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;384&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;3 x 3800&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;100&lt;/td&gt; 
   &lt;td style="padding: 8px 12px;text-align: center"&gt;72&lt;/td&gt; 
  &lt;/tr&gt; 
 &lt;/tbody&gt; 
&lt;/table&gt; 
&lt;p&gt;Both families are well-suited for high-performance computing (HPC), batch processing, gaming, video encoding, scientific modeling, distributed analytics, CPU-based machine learning inference, and ad serving.&lt;/p&gt; 
&lt;p&gt;Here are some additional capabilities:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;Instance Bandwidth Configuration (IBC) lets you adjust the allocation of bandwidth between Amazon EBS and Amazon VPC networking by up to 25%, helping you optimize performance for workloads with specific bandwidth requirements such as databases and caching.&lt;/li&gt; 
 &lt;li&gt;ENA Express support for enhanced networking.&lt;/li&gt; 
 &lt;li&gt;Up to 128 EBS volumes can be attached to virtual instances.&lt;/li&gt; 
 &lt;li&gt;Support for Savings Plans, On-Demand, Spot Instances, Dedicated Instances, and Dedicated Hosts.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Nitro Isolation Engine&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; Security and isolation are foundational requirements for running workloads in the cloud. Within the &lt;a href="https://aws.amazon.com/ec2/nitro/"&gt;Nitro System&lt;/a&gt;, the AWS Nitro Hypervisor is designed to isolate instances from each other as well as AWS operators. With C9g and C9gd instances we are raising the bar even further with the &lt;a href="https://aws.amazon.com/blogs/compute/aws-nitro-isolation-engine-formally-verifying-the-hypervisor-in-the-aws-nitro-system/"&gt;Nitro Isolation Engine&lt;/a&gt;, an enhancement to the Nitro System, which enforces isolation of instances and harnesses formal verification to provide assurances of isolation with mathematical precision. C9g and C9gd instances are the first set of compute-optimized instance types to feature Nitro Isolation Engine, a purpose built component that is responsible for enforcing isolation between virtual machines, including mediation of all access to virtual machine memory, CPU register state, and I/O devices through a minimal set of APIs.&lt;/p&gt; 
&lt;p&gt;To learn more about the Nitro Isolation Engine, visit the &lt;a href="https://aws.amazon.com/blogs/compute/aws-nitro-isolation-engine-formally-verifying-the-hypervisor-in-the-aws-nitro-system/" target="_blank" rel="noopener noreferrer"&gt;blog post&lt;/a&gt;. For details on the formal verification results, including scope and assumptions, see our &lt;a href="https://d1.awsstatic.com/onedam/marketing-channels/website/aws/en_US/whitepapers/compliance/nitro-isolation-engine-whitepaper.pdf" target="_blank" rel="noopener noreferrer"&gt;technical white paper&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Now available&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; Amazon EC2 C9g and C9gd instances are now available in US East (Ohio, N. Virginia), US West (Oregon), and Europe (Frankfurt). Additional regions will follow.&lt;/p&gt; 
&lt;p&gt;You can launch C9g and C9gd instances today using the &lt;a href="https://console.aws.amazon.com"&gt;AWS Management Console&lt;/a&gt;, &lt;a href="https://aws.amazon.com/cli/"&gt;AWS Command Line Interface (AWS CLI)&lt;/a&gt;, or &lt;a href="https://aws.amazon.com/tools/"&gt;AWS SDKs&lt;/a&gt;. For pricing information, visit the &lt;a href="https://aws.amazon.com/ec2/pricing/"&gt;Amazon EC2 Pricing page&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;To learn more, visit the Amazon EC2 C9g and C9gd instances page and send feedback to AWS re:Post for EC2 or through your usual AWS Support contacts.&lt;/p&gt; 
&lt;a href="https://linktr.ee/sebsto"&gt;— seb&lt;/a&gt; 
&lt;p&gt;Editor’s Note: Updated 7/1/2026- Paragraph about Nitro Isolation Engine rewritten for clarity.&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Automate public TLS certificate issuance with ACME support in AWS Certificate Manager</title>
		<link>https://aws.amazon.com/blogs/aws/automate-public-tls-certificate-issuance-with-acme-support-in-aws-certificate-manager/</link>
					
		
		<dc:creator><![CDATA[Sébastien Stormacq]]></dc:creator>
		<pubDate>Tue, 30 Jun 2026 20:15:11 +0000</pubDate>
				<category><![CDATA[AWS Certificate Manager]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[Security, Identity, & Compliance]]></category>
		<guid isPermaLink="false">eecd301bc56dd721583bbbd8024097ca3ad82fd6</guid>

					<description>AWS Certificate Manager now supports the ACME protocol for public TLS certificates, enabling automated issuance and renewal through any ACMEv2-compatible client on any workload. Administrators get centralized governance, IAM-based access controls, and domain scoping, reducing operational risk as certificate lifetimes continue to reduce.</description>
										<content:encoded>&lt;p&gt;If you manage TLS certificates for your applications, you know the challenge: certificates expire, and when they do, your customers see errors or your service goes down. As certificate validity periods get shorter (the &lt;a href="https://cabforum.org/"&gt;Certification Authority (CA)/Browser Forum&lt;/a&gt; mandates reduced maximum validity to 100 days starting March 2027, and to 47 days by 2029), manual renewal processes become untenable. You need automation.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment"&gt;Automatic Certificate Management Environment (ACME)&lt;/a&gt; is an open protocol for requesting, renewing, and revoking TLS certificates without human intervention. It’s the same protocol behind Let’s Encrypt, and it’s supported by dozens of clients across every platform.&lt;/p&gt; 
&lt;p&gt;Today we’re announcing ACME support for public certificates in &lt;a href="https://aws.amazon.com/certificate-manager/"&gt;AWS Certificate Manager (ACM)&lt;/a&gt;. ACM now provides a fully managed ACME server endpoint that works with any ACMEv2-compatible client, such as &lt;a href="https://certbot.eff.org/"&gt;Certbot&lt;/a&gt;, &lt;a href="https://cert-manager.io/"&gt;cert-manager for Kubernetes&lt;/a&gt;, &lt;a href="https://github.com/acmesh-official/acme.sh"&gt;acme.sh&lt;/a&gt;, or any other client you already use. You can issue public TLS certificates from &lt;a href="https://www.amazontrust.com/?lang=en"&gt;Amazon Trust Services&lt;/a&gt; through the standard ACME protocol.&lt;/p&gt; 
&lt;p&gt;Before today, if you wanted automated certificate management using the ACME protocol, you relied on external certificate authorities alongside ACM, leading to a fragmented visibility experience. Some certificates lived in ACM, others were managed externally with no central dashboard. PKI administrators had limited ability to control who could request certificates or which domains were allowed.&lt;/p&gt; 
&lt;p&gt;With ACME support in ACM, you can now set up one or more managed ACME endpoint that allows you to centrally manage and monitor ACME certificate usage across your organization.&lt;/p&gt; 
&lt;p&gt;As a PKI administrator, you get centralized controls that go beyond basic certificate issuance. You can bind IAM roles to ACME accounts for fine-grained access control over which domains each client can request. You can define domain scopes at the endpoint level to enforce organization-wide policies. And you get centralized monitoring and visibility in the same place: &lt;a href="https://aws.amazon.com/cloudtrail/"&gt;AWS CloudTrail&lt;/a&gt; logs every certificate request for auditability, &lt;a href="https://aws.amazon.com/cloudwatch/"&gt;Amazon CloudWatch&lt;/a&gt; tracks operational metrics, and ACM sends expiry notifications when certificates are approaching renewal. Using ACM, your PKI team can search all certificates, whether issued through the ACM console, an API call, or ACME.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;How it works&lt;br&gt; &lt;/strong&gt;&lt;/span&gt;To get started, you first set up a dedicated ACME endpoint, configure authorization controls using External Account Binding (EAB), validate which domains the endpoint can issue certificates for, and point your existing ACME clients to the new endpoint.&lt;/p&gt; 
&lt;p&gt;The domain validation step is important: it separates who can set up certificate issuance from who can request certificates. The PKI administrator validates domains once at the endpoint level, using DNS credentials that stay with the admin. Application owners who need certificates never touch DNS. They register with an EAB credential, and the endpoint enforces which domains and scopes they’re allowed to request. This means you can distribute certificate automation broadly across your organization without distributing DNS keys along with it.&lt;/p&gt; 
&lt;p&gt;I start this demo from the&amp;nbsp;&lt;b&gt;ACME certificates&lt;/b&gt; page in the AWS Certificate Manager console.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/09/2026-06-09_15-35-37.png"&gt;&lt;img loading="lazy" class="aligncenter wp-image-104397 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/09/2026-06-09_15-35-37-1024x877.png" alt="ACME Console" width="1024" height="877"&gt;&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;I already have a few endpoints and certificates in this account, I walk you through creating a new one from scratch. First, I select &lt;b&gt;Create ACME endpoint&lt;/b&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/09/2026-06-09_15-37-35.png"&gt;&lt;img loading="lazy" class="aligncenter wp-image-104398 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/09/2026-06-09_15-37-35-1024x650.png" alt="ACME - Ceeate endpoint 1" width="1024" height="650"&gt;&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;I give my endpoint a name. The &lt;strong&gt;Endpoint type&lt;/strong&gt; is &lt;b&gt;Public&lt;/b&gt;. ACME clients will connect over the public internet. The &lt;strong&gt;Certificate type&lt;/strong&gt; is &lt;b&gt;Public&lt;/b&gt;. The certificate will be issued by Amazon Trust Services and trusted by browsers and operating systems by default. For the certificate key type, I keep the default &lt;b&gt;ECDSA P-256&lt;/b&gt;. RSA 2048 and ECDSA P-384 are also available if your clients require them.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/08/2026-06-05_17-27-21.png"&gt;&lt;img loading="lazy" class="aligncenter size-large wp-image-104324" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/08/2026-06-05_17-27-21-1024x832.png" alt="ACME - Ceeate endpoint 2" width="1024" height="832"&gt;&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;Scrolling down, I configure the domain. I enter my domain name and select the domain scope. The scope controls exactly what certificate patterns your ACME clients are allowed to request for this domain. If I check only &lt;strong&gt;Exact domain&lt;/strong&gt;, clients can only request certificates for that specific domain name. Adding &lt;strong&gt;Subdomains&lt;/strong&gt; allows certificates for any subdomain (for example, api.example.com or dev.example.com). Adding &lt;strong&gt;Wildcards&lt;/strong&gt; allows wildcard certificates (*.example.com). By leaving a scope unchecked, you prevent any client using this endpoint from requesting that type of certificate, even if their ACME request is otherwise valid. For a production endpoint, you might enable only &lt;strong&gt;Exact domain&lt;/strong&gt; and &lt;strong&gt;Subdomains&lt;/strong&gt; while leaving &lt;strong&gt;Wildcards&lt;/strong&gt; unchecked to enforce a stricter security posture.&lt;/p&gt; 
&lt;p&gt;I also select my &lt;a href="https://aws.amazon.com/route53/"&gt;Amazon Route 53&lt;/a&gt; hosted zone from the drop down menu. ACM then automatically creates the DNS CNAME records needed for domain validation, so I don’t have to do it manually. When my domain is hosted outside of Route 53, I manually create the provided CNAME record at my DNS provider instead. This is a meaningful difference from typical ACME setups where each client handles its own domain verification independently.&lt;/p&gt; 
&lt;p&gt;These centralized controls give PKI administrators a single place to authenticate domains, restrict which certificate types (ECDSA or RSA) clients can request, and further limit wildcard issuance. Having these governance capabilities built in means you don’t need to purchase a separate certificate lifecycle management product or invest in building a custom policy layer yourself, both of which come at significant cost and operational overhead.&lt;/p&gt; 
&lt;p&gt;I select&amp;nbsp;&lt;b&gt;Create ACME endpoint&lt;/b&gt;&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/19/2026-06-09_15-46-50-v2.png"&gt;&lt;img loading="lazy" class="aligncenter wp-image-104797 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/19/2026-06-09_15-46-50-v2-1024x801.png" alt="ACME - DNS configuration" width="1024" height="801"&gt;&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;After a few seconds, the endpoint is created. The console shows a &lt;b&gt;Setup progress&lt;/b&gt;&amp;nbsp;tracker with the next steps. My domain shows a “Validating” status. The validation method is DNS validation, where ACM verifies that you control the domain by checking for a specific CNAME record. Because I selected my Route 53 hosted zone during creation, I select &lt;b&gt;Create records in Route 53&lt;/b&gt;&amp;nbsp;to let ACM handle the DNS validation automatically.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/08/2026-06-05_17-30-08.png"&gt;&lt;img loading="lazy" class="aligncenter size-large wp-image-104326" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/08/2026-06-05_17-30-08-1024x255.png" alt="ACME - DNS success" width="1024" height="255"&gt;&lt;/a&gt;The validation completes in a few seconds and the status changes to&amp;nbsp;&lt;b&gt;Success&lt;/b&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/09/2026-06-09_15-50-53.png"&gt;&lt;img loading="lazy" class="aligncenter wp-image-104400 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/09/2026-06-09_15-50-53-1024x810.png" alt="ACME - External Account Binding 1" width="1024" height="810"&gt;&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;Now I need to create External Account Binding (EAB) credentials. EAB credentials are a key identifier and HMAC key pair that lets your ACME client register an account with the ACME server. Once registered, the client generates its own asymmetric key pair, which is then used to authenticate all subsequent certificate requests. On the endpoint details page, I select the &lt;strong&gt;External account binding&lt;/strong&gt; tab, then select &lt;strong&gt;Create EAB&lt;/strong&gt;. I give the credential a name and optionally set an expiration time, ideally no longer than needed to complete client registration.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/08/2026-06-05_17-46-42.png"&gt;&lt;img loading="lazy" class="aligncenter size-large wp-image-104329" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/08/2026-06-05_17-46-42-1024x569.png" alt="ACME - External Account Binding 2" width="1024" height="569"&gt;&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/09/2026-06-09_15-53-37.png"&gt;&lt;img loading="lazy" class="aligncenter wp-image-104401 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/09/2026-06-09_15-53-37-1024x251.png" alt="ACME - end of configuration - show key" width="1024" height="251"&gt;&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;After I select&amp;nbsp;&lt;b&gt;Create EAB credential&lt;/b&gt;, the console shows the&amp;nbsp;&lt;b&gt;Key ID&lt;/b&gt;&amp;nbsp;and&amp;nbsp;&lt;b&gt;HMAC Key&lt;/b&gt;. I note these values because I need them to configure my ACME client. The setup progress now shows four green checkmarks.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/08/2026-06-05_17-48-17.png"&gt;&lt;img loading="lazy" class="aligncenter size-large wp-image-104330" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/08/2026-06-05_17-48-17-1024x227.png" alt="ACME - end of configuration - success" width="1024" height="227"&gt;&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;I’m ready to request a certificate. On the endpoint details page, I expand the&amp;nbsp;&lt;b&gt;CLI reference&lt;/b&gt;&amp;nbsp;section. The console provides ready-to-use command examples for both &lt;a href="https://certbot.eff.org/"&gt;Certbot&lt;/a&gt; and &lt;a href="https://github.com/acmesh-official/acme.sh"&gt;acme.sh&lt;/a&gt;. I copy the Certbot command and run it inside a container using the &lt;code&gt;certbot/certbot&lt;/code&gt; image.&lt;/p&gt; 
&lt;pre&gt;&lt;code&gt;certbot certonly --standalone --non-interactive --agree-tos \
    --email &amp;lt;EMAIL&amp;gt; \
    --server https://acm-acme-enroll.us-east-1.api.aws/&amp;lt;ENDPOINT_ID&amp;gt;/directory \
    --eab-kid &amp;lt;EAB_KID&amp;gt; \
    --eab-hmac-key &amp;lt;EAB_HMAC_KEY&amp;gt; \
    --issuance-timeout &amp;lt;ISSUANCE_TIMEOUT&amp;gt; \
    -d &amp;lt;DOMAIN&amp;gt;&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;I replace the placeholders with my endpoint URL, EAB credentials, and domain name. The &lt;code&gt;--eab-kid&lt;/code&gt; and &lt;code&gt;--eab-hmac-key&lt;/code&gt; arguments are how Certbot registers with your ACME endpoint using the External Account Binding credentials I generated earlier. Each ACME client has its own syntax for this step, so check your client’s documentation for the exact flags.&lt;/p&gt; 
&lt;p&gt;Certbot contacts the ACME endpoint and returns a valid certificate signed by Amazon Trust Services.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/19/2026-06-10_15-16-12-v3.png"&gt;&lt;img loading="lazy" class="aligncenter wp-image-104798 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/19/2026-06-10_15-16-12-v3-1024x378.png" alt="Certbot to obtain a certificate through ACME" width="1024" height="378"&gt;&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;I use &lt;code&gt;openssl&lt;/code&gt; to view the certificate before installing it.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/19/2026-06-10_15-21-23-v2.png"&gt;&lt;img loading="lazy" class="aligncenter wp-image-104799 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/19/2026-06-10_15-21-23-v2.png" alt="openssl to view the certificate" width="938" height="752"&gt;&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;The certificate is now visible in the ACM console under the&amp;nbsp;&lt;b&gt;ACME certificates&lt;/b&gt;&amp;nbsp;tab, alongside any certificates issued through the console or API.&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/10/2026-06-10_15-18-04.png"&gt;&lt;img loading="lazy" class="aligncenter size-large wp-image-104442" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/10/2026-06-10_15-18-04-1024x280.png" alt="Certoficate view in the ACME console" width="1024" height="280"&gt;&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Availability and pricing&lt;br&gt; &lt;/strong&gt;&lt;/span&gt;ACME support in AWS Certificate Manager is available today in all commercial AWS Regions and will be available in AWS GovCloud (US), the China Regions, and the &lt;a href="https://aws.eu/"&gt;AWS European Sovereign Cloud&lt;/a&gt; &lt;a href="https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/partitions.html"&gt;partitions&lt;/a&gt; at a later date.&lt;/p&gt; 
&lt;p&gt;Pricing is per domain included in each certificate at the time of issuance, with a different price for fully qualified domain names and wildcards. Volume tiers are calculated based on total domain occurrences across all certificates issued per month in your AWS account. For details, see &lt;a href="https://aws.amazon.com/certificate-manager/pricing/"&gt;the ACM pricing page&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;To get started, visit the &lt;a href="https://console.aws.amazon.com/acm/"&gt;ACM section on the AWS console&lt;/a&gt; or read the &lt;a href="https://docs.aws.amazon.com/acm/latest/userguide/"&gt;documentation&lt;/a&gt;.&lt;/p&gt; 
&lt;a href="https://linktr.ee/sebsto"&gt;— seb&lt;/a&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>AWS Weekly Roundup: Agentic CX designer for Amazon Connect Customer, EC2 AMI Watermarks, Open Governance for MySQL, and more (June 29, 2026)</title>
		<link>https://aws.amazon.com/blogs/aws/aws-weekly-roundup-agentic-cx-designer-for-amazon-connect-customer-ec2-ami-watermarks-open-governance-for-mysql-and-more-june-29-2026/</link>
					
		
		<dc:creator><![CDATA[Micah Walter]]></dc:creator>
		<pubDate>Mon, 29 Jun 2026 16:30:30 +0000</pubDate>
				<category><![CDATA[Amazon Connect]]></category>
		<category><![CDATA[Amazon EC2]]></category>
		<category><![CDATA[Amazon GuardDuty]]></category>
		<category><![CDATA[Amazon Managed Streaming for Apache Kafka (Amazon MSK)]]></category>
		<category><![CDATA[Amazon OpenSearch Service]]></category>
		<category><![CDATA[AWS Lambda]]></category>
		<category><![CDATA[AWS Outposts]]></category>
		<category><![CDATA[Week in Review]]></category>
		<guid isPermaLink="false">5f1578e8308028213ee25d84f88e1be66f65bc77</guid>

					<description>It has been a busy stretch on the AWS Summit circuit. At the New York City Summit, I delivered a workshop called Building AI architectures with AWS Serverless, and it was a lot of fun watching builders wire up agents and serverless services to solve real problems in a single afternoon. This week I am […]</description>
										<content:encoded>&lt;p&gt;&lt;img loading="lazy" class="alignright size-medium wp-image-104911" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/28/IMG_5013-225x300.jpg" alt="" width="225" height="300"&gt;It has been a busy stretch on the AWS Summit circuit. At the &lt;a href="https://aws.amazon.com/events/summits/new-york/"&gt;New York City Summit,&lt;/a&gt; I delivered a workshop called Building AI architectures with AWS Serverless, and it was a lot of fun watching builders wire up agents and serverless services to solve real problems in a single afternoon. This week I am heading down to the &lt;a href="https://aws.amazon.com/events/summits/washington-dc/"&gt;Washington, DC Summit&lt;/a&gt;, which always puts a spotlight on innovation in the public sector. If you are going to be there, come say hello.&lt;/p&gt; 
&lt;p&gt;A question I hear a lot at these events is how teams can put AI to work without waiting on a long engineering backlog, and this week’s biggest launch speaks directly to that, with Amazon Connect Customer introducing a no-code way for business teams to design AI powered customer experiences themselves. Now, let’s get into this week’s AWS news.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;ins&gt;Headlines&lt;br&gt; &lt;/ins&gt;&lt;/strong&gt;Amazon Connect Customer launched the &lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-connect-customer-agentic-cx-preview/"&gt;Agentic CX designer (NLX) in preview&lt;/a&gt;, a no-code canvas for designing and deploying AI powered self service experiences. Business teams can build and launch voice and digital experiences that bring agentic and deterministic AI together in one governed flow, going from design to testing and simulation to production ready experiences in weeks rather than months. The launch also includes Live Sync in preview, a patented technology that drives a customer’s web or mobile experience in real time as they speak or type. A caller can complete a form or pull up the right product page without ever leaving the conversation. To see how this reshapes who designs customer experience, read the blog post on how the &lt;a href="https://aws.amazon.com/blogs/contact-center/business-user-is-the-new-architect-of-customer-experience/"&gt;business user is the new architect of customer experience&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;ins&gt;Last week’s launches&lt;br&gt; &lt;/ins&gt;&lt;/strong&gt;Here are some launches and updates from this past week that caught my attention:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/aws-lambda-microvms/"&gt;AWS Lambda MicroVMs&lt;/a&gt;&lt;/strong&gt; – A new serverless compute primitive that gives each user or job VM level isolation with near instant launch and resume speeds, plus the ability to suspend and resume execution for up to 8 hours. Built on Firecracker, it is made for running user or AI generated code in multi-tenant applications without managing virtualization infrastructure or trading off isolation, speed, and state.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/ec2-image-watermarks-allowed-images/"&gt;Amazon EC2 AMI Watermarks&lt;/a&gt;&lt;/strong&gt; – Lets you embed custom identifiers in your private AMIs that automatically carry forward to every derived AMI across copies, Regions, and account shares. You can combine watermarks with Allowed AMIs and Declarative Policies to restrict launches to approved images, available at no additional cost in all AWS Regions.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/aws-outposts-self-service-lifecycle-management"&gt;AWS Outposts self-service lifecycle management&lt;/a&gt;&lt;/strong&gt; – Adds self service configuration, quoting, ordering, subscription management, renewal, and decommissioning directly from the console, CLI, and API. A new quoting tool generates real time cost estimates in seconds and surfaces account and regional constraints before you submit an order.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-msk-ai-agent-skills"&gt;Amazon MSK AI Agent Skills&lt;/a&gt;&lt;/strong&gt; – Gives AI coding assistants like Kiro, Claude Code, and Cursor expert, up-to-date guidance for operating Amazon MSK, covering troubleshooting, sizing, configuring, monitoring, and migrating external Kafka clusters to MSK Express. Tasks that once required specialized knowledge become a guided experience developers can complete on their own.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-opensearch-service-ai-migrations"&gt;Amazon OpenSearch Service AI-assisted migrations&lt;/a&gt;&lt;/strong&gt; – Migration Assistant now includes an agent guided experience that helps you move self managed Apache Solr, Elasticsearch, or OpenSearch deployments to OpenSearch Serverless or Managed Clusters using tools like Kiro and Claude Code, with new live traffic capture and replay support for Solr.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-guardduty/"&gt;Amazon GuardDuty AI-powered investigations (preview)&lt;/a&gt;&lt;/strong&gt; – Automatically analyzes findings and accounts to help you separate true threats from benign activity, examining context and related activity from the last 90 days with knowledge graphs and threat intelligence. Each investigation returns a disposition assessment with confidence scoring, MITRE ATT&amp;amp;CK classification, and actionable recommendations in minutes.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;For a full list of AWS announcements, be sure to keep an eye on the &lt;a href="https://aws.amazon.com/new/"&gt;What’s New with AWS&lt;/a&gt; page.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;ins&gt;Other AWS news&lt;br&gt; &lt;/ins&gt;&lt;/strong&gt;Here are some additional posts and resources that you might find interesting:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;&lt;a href="https://aws.amazon.com/blogs/opensource/open-governance-for-mysql-a-step-forward-for-the-community/"&gt;Open Governance for MySQL&lt;/a&gt;&lt;/strong&gt; – Oracle announced a community governance model for MySQL that gives organizations outside Oracle a defined role in the project, including four non Oracle seats on a new Steering Committee and a public GitHub presence. AWS holds a seat and shares why it supports the move and how it already contributes fixes upstream for everyone running MySQL.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;&lt;a href="https://aws.amazon.com/blogs/training-and-certification/a-new-way-to-keep-your-aws-certification-current/"&gt;A new way to keep your AWS Certification current&lt;/a&gt;&lt;/strong&gt; -You can now maintain an eligible AWS Certification for an additional year by completing curated training and hands on labs on AWS Skill Builder instead of retaking a full exam. The option is available today in open beta for several Associate and Professional certifications, with more coming later this year.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;&lt;a href="https://builder.aws.com/content/3FGF2bDqKm6xKGmyJqJMrcwRhE8/the-aws-all-builders-welcome-grant-an-insiders-guide-for-2026-applicants"&gt;The All Builders Welcome Grant insider’s guide for 2026 applicants&lt;/a&gt;&lt;/strong&gt; – A community guide on AWS Builder Center that walks early career builders through applying for the grant, which covers a full conference pass, airfare, and hotel for AWS re:Invent 2026. Applications are open now and close on July 14.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;For a full list of AWS blog posts, be sure to keep an eye on the &lt;a href="https://aws.amazon.com/blogs/"&gt;AWS Blogs&lt;/a&gt; page.&lt;/p&gt; 
&lt;p&gt;Looking for ways to connect with builders in person? Check out the &lt;a href="https://aws.amazon.com/events/summits/"&gt;AWS Summits&lt;/a&gt; coming to a city near you, find a local &lt;a href="https://aws.amazon.com/developer/community/community-days/"&gt;AWS Community Day&lt;/a&gt; led by user groups around the world, and explore tutorials, community content, and ways to grow your skills over at the &lt;a href="https://builder.aws.com/"&gt;AWS Builder Center&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;That’s all for this week. Check back next Monday for another Weekly Roundup!&lt;/p&gt; 
&lt;p&gt;-Micah&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Run isolated sandboxes with full lifecycle control: AWS Lambda introduces MicroVMs</title>
		<link>https://aws.amazon.com/blogs/aws/run-isolated-sandboxes-with-full-lifecycle-control-aws-lambda-introduces-microvms/</link>
					
		
		<dc:creator><![CDATA[Micah Walter]]></dc:creator>
		<pubDate>Mon, 22 Jun 2026 22:40:07 +0000</pubDate>
				<category><![CDATA[AWS Lambda]]></category>
		<category><![CDATA[Compute]]></category>
		<category><![CDATA[Firecracker]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[Serverless]]></category>
		<guid isPermaLink="false">28b0196fbc8cdde62bdcc235123c0f1926871df6</guid>

					<description>AWS launches a new serverless compute primitive, AWS Lambda MicroVMs. VM-level, isolated sandboxes with no shared kernel or resources between sessions. Rapid launch and resume, full lifecycle control, state preservation up to 8 hours, no infrastructure to manage.</description>
										<content:encoded>&lt;p&gt;Today, we are announcing AWS Lambda MicroVMs, a new serverless compute primitive within &lt;a href="https://aws.amazon.com/lambda/"&gt;AWS Lambda&lt;/a&gt; that lets you run code generated by users or AI in isolated, stateful execution environments. You get virtual machine level isolation, near-instant launch and resume, and direct control over environment lifecycle and state, all without managing infrastructure or building expertise in complex virtualization technologies. Lambda MicroVMs are powered by &lt;a href="https://firecracker-microvm.github.io/"&gt;Firecracker&lt;/a&gt;, the same lightweight virtualization technology that has powered over 15 trillions of monthly Lambda function invocations.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;span style="text-decoration: underline"&gt;Why customers need this&lt;/span&gt;&lt;br&gt; &lt;/strong&gt;Over the past few years a new class of multi-tenant applications has emerged that all share the need to hand each end user their own dedicated execution environment in which to safely run code that the application developer did not write. AI coding assistants, interactive code environments, data analytics platforms, vulnerability scanners, and game servers that run user-supplied scripts all fit this pattern. Building that capability today means making a difficult choice. Virtual machines deliver strong isolation but take minutes to start. Containers launch in seconds, yet their shared-kernel architecture requires significant custom hardening to safely contain untrusted code. Functions as a service are optimized for event-driven, request-response workloads, but are not designed for long-running interactive sessions that need to retain environment state across user interactions. That leaves developers either accepting tradeoffs between performance and isolation, or investing significant engineering resources to build and operate custom virtualization infrastructure to achieve isolated execution while delivering low-latency experiences to end-users. This presents an effort that demands deep expertise and pulls engineering time away from the product they are actually trying to build.&lt;/p&gt; 
&lt;p&gt;Lambda MicroVMs is purpose-built for exactly this gap. Each MicroVM gives a single end user or session its own isolated environment that launches rapidly, retains memory and disk state for the length of the session, and pauses to a low idle cost when the user steps away. Because the same Firecracker technology already underpins AWS Lambda Functions, you inherit the operational maturity of a service that has been running this stack at scale.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;span style="text-decoration: underline"&gt;Let’s try it out&lt;/span&gt;&lt;br&gt; &lt;/strong&gt;To get started, I navigated to the AWS Lambda console, where Lambda MicroVMs now appears in the left-hand navigation menu. I first need to create a MicroVM Image.&lt;/p&gt; 
&lt;p&gt;I packaged a Flask web app and its Dockerfile into a zip file, uploaded it to an &lt;a href="https://aws.amazon.com/s3/"&gt;Amazon Simple Storage Service (Amazon S3)&lt;/a&gt; bucket.&lt;/p&gt; 
&lt;p&gt;My Flask API – app.py&lt;/p&gt; 
&lt;pre class="unlimited-height-code"&gt;&lt;code class="lang-python"&gt;import logging

from flask import Flask, jsonify

app = Flask(__name__)
logging.basicConfig(level=logging.INFO)


@app.route("/")
def hello():
    app.logger.info("Received request to hello world endpoint")
    return jsonify(message="Hello, World!")


if __name__ == "__main__":
    app.run(host="0.0.0.0", port=5000)
&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;My Dockerfile&lt;/p&gt; 
&lt;pre class="unlimited-height-code"&gt;&lt;code&gt;
FROM public.ecr.aws/lambda/microvms:al2023-minimal
RUN dnf install -y python3 python3-pip &amp;amp;&amp;amp; dnf clean all

WORKDIR /app

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY app.py .

EXPOSE 5000

CMD ["gunicorn", "--bind", "0.0.0.0:5000", "app:app"]

&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;I used the following command to create my MicroVM Image.&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-bash"&gt;aws lambda-microvms create-microvm-image \
--code-artifact uri=&amp;lt;path/to/s3/artifact.zip&amp;gt; --name &amp;lt;VM_image_name&amp;gt; \
--base-image-arn arn:aws:lambda:us-east-1:aws:microvm-image:al2023-1 \
--build-role-arn &amp;lt;IAM role ARN&amp;gt;&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104847 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/22/Screenshot-2026-06-22-at-10.49.45 AM-1024x577.png" alt="" width="1024" height="577"&gt;&lt;/p&gt; 
&lt;p&gt;You can also create the MicroVM Image in the AWS Console as in the image above. Once I ran the command, Lambda retrieved the zip, ran the Dockerfile, initialized the application, and took a Firecracker snapshot of the running disk and memory state. Build logs streamed in real time to &lt;a href="https://aws.amazon.com/cloudwatch/"&gt;Amazon CloudWatch&lt;/a&gt; under &lt;code&gt;/aws/lambda/microvms/&amp;lt;image-name&amp;gt;&lt;/code&gt;, and when the image was ready it appeared in the console with its &lt;a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html"&gt;Amazon Resource Name (ARN)&lt;/a&gt; and version number.&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-bash"&gt;aws lambda-microvms run-microvm \
--image-identifier arn:aws:lambda:&amp;lt;region&amp;gt;:&amp;lt;acct&amp;gt;:microvm-image:my-image \
--execution-role-arn arn:aws:iam::&amp;lt;acct&amp;gt;:role/MicroVMExecutionRole \
--idle-policy '{"maxIdleDurationSeconds":900,"suspendedDurationSeconds":300,"autoResumeEnabled":true}'
&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;Launching can also be done via the AWS Console or the CLI. I passed the image ARN and an idle policy configured to auto-suspend after 15 minutes of inactivity and auto-resume on the next incoming request. No networking setup was required. Lambda assigned the MicroVM a unique ID, returned a dedicated endpoint URL, and started a new MicroVM with my Flask app already running, since it was resumed from a snapshot. My Flask app was already running the moment the launch completed. One API call to get a fully initialized, bootstrapped compute environment.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone size-large wp-image-104756" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/19/image-04-1024x729.png" alt="" width="1024" height="729"&gt;&lt;/p&gt; 
&lt;p&gt;To send traffic, I generated a short-lived auth token with the CLI and attached it to a plain HTTPS request using the &lt;code&gt;X-aws-proxy-auth&lt;/code&gt; header. The request landed on my Flask app immediately. I then let the MicroVM sit idle past the suspend threshold, at which point the MicroVM was suspended, with its memory and disk state snapshotted and stored. I then sent another request, and it resumed with the application state fully intact. From the client side, the pause never happened.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone size-large wp-image-104757" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/19/image-05-1024x229.png" alt="" width="1024" height="229"&gt;&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;span style="text-decoration: underline"&gt;How it works&lt;/span&gt;&lt;br&gt; &lt;/strong&gt;Under the covers, Lambda MicroVMs delivers three capabilities that, until today, no single AWS compute service offered together. The first is virtual machine level isolation, which comes from Firecracker. Each session runs in its own dedicated MicroVM with no shared kernel and no shared resources between users, so untrusted code supplied by one user is contained to their execution environment, without access to other environments or the underlying system. The second is rapid launch and resume. The model is image-then-launch: you create a MicroVM Image by supplying a Dockerfile and code packaged as a zip artifact in Amazon S3, and Lambda runs your Dockerfile, initializes your application, and takes a Firecracker snapshot of the running environment’s memory and disk state. Every subsequent MicroVM launched from that image resumes from the pre-initialized snapshot rather than booting cold, which means launches and idle resumes both achieve near-instant startup latency. Even a multi-gigabyte interactive session comes back online quickly enough to feel responsive to the end user. The third is stateful execution. A running MicroVM retains memory, disk, and running processes across the user’s session. During idle periods, a MicroVM can be suspended – with memory and disk state intact – and resumed when traffic arrives. Installed packages, loaded models, and working ﬁlesets are readily available when the user resumes their session. MicroVMs support up to 8 hours of total runtime and can be suspended automatically after a configurable idle window, which makes it straightforward to build products as varied as software vulnerability scans that complete in minutes, data analytics applications that run for hours, and interactive coding sessions with extended idle periods. As Lambda MicroVMs are started from pre-initialized snapshots, applications generating unique content, establishing network connections, or loading ephemeral data during initialization may need to integrate with service-provided hooks for compatibility.&lt;/p&gt; 
&lt;p&gt;Lambda MicroVMs is a new resource within AWS Lambda, with a distinct API surface. Lambda Functions remain the right choice for event-driven, request-response workloads, and Lambda MicroVMs is purpose-built for multi-tenant applications that need to hand each end user or session their own isolated environment to execute user- or AI-generated code. The two complement each other. An application using Lambda Functions for its event-driven backbone can call into Lambda MicroVMs for the steps that need to run untrusted code in isolation. You bring the application, and the service delivers the execution environment.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;span style="text-decoration: underline"&gt;Now available&lt;/span&gt;&lt;br&gt; &lt;/strong&gt;AWS Lambda MicroVMs is available today in the US East (N. Virginia, Ohio), US West (Oregon), Europe (Ireland) and Asia Pacific (Tokyo) &lt;a href="https://aws.amazon.com/about-aws/global-infrastructure/regions_az/"&gt;Regions&lt;/a&gt;, on the ARM64 architecture, with up to 16 vCPUs, 32 GB of memory, and 32 GB of disk per MicroVM. Idle MicroVMs can be suspended explicitly through an API call or automatically through a lifecycle policy, which reduces the running cost while preserving full state for fast resume. Pricing details can be found on the &lt;a href="https://aws.amazon.com/lambda/pricing/"&gt;AWS Lambda pricing page&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;To get started, visit the &lt;a href="https://console.aws.amazon.com/lambda/"&gt;AWS Lambda console&lt;/a&gt;, or learn more on the &lt;a href="https://aws.amazon.com/lambda/lambda-microvms"&gt;Lambda MicroVMs product page&lt;/a&gt;. For documentation, see the &lt;a href="https://docs.aws.amazon.com/lambda/latest/dg/lambda-microvms-guide.html"&gt;Lambda MicroVMs Developer Guide&lt;/a&gt;.&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>AWS Weekly Roundup: NY Summit recap, Local Zone in Hanoi, Grok 4.3 in Bedrock, price reductions, and more (June 22, 2026)</title>
		<link>https://aws.amazon.com/blogs/aws/aws-weekly-roundup-ny-summit-recap-local-zone-in-hanoi-grok-4-3-in-bedrock-price-reductions-and-more-june-22-2026/</link>
					
		
		<dc:creator><![CDATA[Channy Yun (윤석찬)]]></dc:creator>
		<pubDate>Mon, 22 Jun 2026 14:46:17 +0000</pubDate>
				<category><![CDATA[Amazon Bedrock]]></category>
		<category><![CDATA[Amazon Elastic Container Service]]></category>
		<category><![CDATA[Amazon GameLift]]></category>
		<category><![CDATA[Amazon Simple Storage Service (S3)]]></category>
		<category><![CDATA[AWS Local Zones]]></category>
		<category><![CDATA[AWS Management Console]]></category>
		<category><![CDATA[AWS Marketplace]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[Price Reduction]]></category>
		<category><![CDATA[Strands Agents]]></category>
		<category><![CDATA[Week in Review]]></category>
		<guid isPermaLink="false">48f31f6fe142a62eba1b6ad460759328491f8672</guid>

					<description>Last week AWS Summit New York City brought together thousands of customers, partners, and builders for a free, one-day event showcasing the latest in cloud and AI innovation. Dr. Swami Sivasubramanian, VP of Agentic AI at AWS unveiled a stack of AI launches in his keynote, all built around one thesis: agents that compound value […]</description>
										<content:encoded>&lt;p&gt;Last week &lt;a href="https://aws.amazon.com/events/summits/new-york/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Summit New York City&lt;/a&gt; brought together thousands of customers, partners, and builders for a free, one-day event showcasing the latest in cloud and AI innovation. Dr. Swami Sivasubramanian, VP of Agentic AI at AWS unveiled a stack of AI launches in &lt;a href="https://www.youtube.com/watch?v=T25Fn3FvF6I"&gt;his keynote&lt;/a&gt;, all built around one thesis: agents that compound value over time.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter size-full wp-image-104713" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/17/2026-aws-ny-summit-keynote.jpg" alt="" width="1600" height="905"&gt;&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;Agents for working&lt;/strong&gt; – You can launch autonomous agents and access a smarter activity feed with &lt;a href="https://aws.amazon.com/blogs/machine-learning/get-back-hours-every-day-with-autonomous-agents-in-amazon-quick/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;new Amazon Quick features&lt;/a&gt;, which now let you create and run multi-step agents directly in the desktop app and consolidates email, Slack, calendar, and tasks into a single prioritized view with personalized rules.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Agents for securing&lt;/strong&gt; – You can shift from reactive to proactive security with AWS Continuum, a new AI-native security service that reasons, validates, and acts at machine speed across the &lt;a href="https://aws.amazon.com/blogs/security/introducing-aws-continuum-security-at-machine-speed/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;full code vulnerability lifecycle&lt;/a&gt;. AWS Security Agent (now part of AWS Continuum) adds &lt;a href="https://aws.amazon.com/blogs/aws/aws-security-agent-adds-threat-modeling-kiro-power-and-claude-code-plugin-and-more?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;new features&lt;/a&gt;: threat modeling; pull request code scanning with remediation across major Git platforms; and IDE integrations via Kiro power, Claude Code plugin, and MCP.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Agents for building&lt;/strong&gt; – You can write, ship, and modernize code in one continuous loop with Kiro, AWS DevOps Agent, and AWS Transform. Kiro introduces a &lt;a href="https://kiro.dev/blog/introducing-kiro-for-ios/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;native iOS app&lt;/a&gt;; AWS DevOps Agent adds &lt;a href="https://aws.amazon.com/blogs/aws/aws-devops-agent-adds-release-management-capabilities-to-assess-code-changes-before-production-preview?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;release management capabilities&lt;/a&gt; to assess code changes before production; and &lt;a href="https://aws.amazon.com/blogs/aws/proactively-reduce-tech-debt-autonomously-with-aws-transform-continuous-modernization-preview?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Transform continuous modernization&lt;/a&gt; reduces tech debt autonomously.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Agents customers create&lt;/strong&gt; – You can go from agent idea to production in minutes with Amazon Bedrock AgentCore, which now includes a &lt;a href="https://aws.amazon.com/blogs/machine-learning/amazon-bedrock-agentcore-harness-is-now-generally-available-go-from-idea-to-production-grade-agent-in-minutes/"&gt;GA harness&lt;/a&gt; for infrastructure and orchestration, &lt;a href="https://aws.amazon.com/blogs/aws/announcing-web-search-on-amazon-bedrock-agentcore-ground-your-ai-agents-in-current-accurate-web-knowledge?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Web Search&lt;/a&gt;, &lt;a href="https://aws.amazon.com/blogs/aws/introducing-amazon-bedrock-managed-knowledge-base-for-faster-more-accurate-enterprise-ai-applications?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Managed Knowledge Base&lt;/a&gt;, &lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-bedrock-agentcore-policy-guardrails-generally-available?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;policy integrations with Guardrails&lt;/a&gt;, and the new &lt;a href="https://aws.amazon.com/blogs/machine-learning/context-intelligence-for-your-data-and-ai-agents-at-scale/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Context service&lt;/a&gt; for mapping organizational data relationships.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;To learn more, visit the Summit recap from our &lt;a href="https://aws.amazon.com/blogs/aws/top-announcements-of-the-aws-summit-in-new-york-2026/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;top announcements blog post&lt;/a&gt; and &lt;a href="https://www.aboutamazon.com/news/aws/aws-summit-nyc-2026-ai-agents?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Amazon News post&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Last week’s launches&lt;/strong&gt;&lt;br&gt; Here are last week’s launches that caught my attention:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/aws-local-zones-hanoi-vietnam/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Local Zone in Hanoi, Vietnam&lt;/a&gt; – This new Local Zone is one of the first AWS Local Zones in the Asia Pacific with support for Amazon S3 and Amazon EBS Local Snapshots, enabling customers to meet data residency requirements by storing and backing up data locally. To get started, enable the Hanoi Local Zone (&lt;code&gt;ap-southeast-1-han-1a&lt;/code&gt;) from the Regions and Zones tab in the AWS Global View or by using the ModifyAvailabilityZoneGroup API.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/aws-blocks-preview/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Blocks, an open-source TypeScript framework for application developers (preview)&lt;/a&gt; – AWS Blocks runs a fully functional local environment with Postgres, authentication, and real-time messaging, no AWS account required. When you’re ready to deploy, the same application code runs on production AWS services with zero changes, and you can drop into AWS CDK at any point for direct resource configuration.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/grok-amazon-bedrock/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Grok 4.3 from xAI in Amazon Bedrock&lt;/a&gt; – You can use the Grok 4.3 model on Amazon Bedrock, giving you even more choice as you build generative AI applications across reasoning, agentic, and enterprise workflows. Grok 4.3 runs on a new inference engine in Bedrock designed for price performance, with support for tool calling, structured output, and response streaming.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/amazon-s3-annotations-attach-rich-queryable-context-directly-to-your-objects/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Amazon S3 annotations: attach rich, queryable context directly to your objects&lt;/a&gt; – Amazon S3 now lets you attach up to 1 GB of rich, mutable, and queryable context directly to your objects using annotations, purpose-built for AI agents and autonomous workflows that need to discover, understand, and act on data at scale without maintaining separate metadata systems.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/amazon-ecs-introduces-new-high-resolution-metrics-for-faster-service-auto-scaling/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Amazon ECS announces faster service auto scaling&lt;/a&gt; – Amazon ECS service auto scaling now detects and responds to load changes faster with support for high resolution (20-second) metrics and metric publishing optimizations. In AWS benchmarking tests, time to trigger scale-out improved from 363 seconds to 86 seconds (76% faster), and total time to scale and provision new tasks improved from 386 seconds to 109 seconds (72% faster).&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/announcing-amazon-ec2-g7-instances-accelerated-by-nvidia-rtx-pro-4500-blackwell-server-edition-gpus/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Amazon EC2 G7 instances accelerated by NVIDIA RTX PRO 4500 Blackwell Server Edition GPUs&lt;/a&gt; – AWS is the first major cloud provider to support NVIDIA RTX PRO 4500 Blackwell Server Edition GPUs. G7 instances are accelerated by these GPUs with custom sixth-generation Intel Xeon Scalable processors, delivering up to 4.6x AI inference performance and up to 2.1x graphics performance compared to G6 instances.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://strandsagents.com/blog/reduced-cost-better-isolation-more-resilience/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Strands Agents introduces new capabilities&lt;/a&gt; – Strands is an open source toolkit for building production agents. You can now use better context management in Harness SDK, a new isolated execution environment with Strands Shell, and chaos testing and red teaming in Strands Evals.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/aws-management-console-private/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Management Console Private Access&lt;/a&gt; – You can access the AWS Console from VPCs without internet connectivity, allowing enterprises to manage their AWS infrastructure through the console while maintaining strict network security controls in air-gapped environments.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/aws-marketplace-storefront/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Marketplace Storefront is now generally available&lt;/a&gt; – AWS Partners can create and deploy their own branded catalog of solutions and services on their website or application in hours. Channel Partners and Independent Software Vendors can now simplify how they manage their cloud marketplace business and make it easier for customers to discover and purchase their solutions from AWS Marketplace.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-route-53-resolver-dns/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt; Palo Alto Networks (PANW) Advanced DNS Security on Amazon Route 53 Resolver DNS Firewall (preview)&lt;/a&gt; – You can now enforce DNS threat protections from Palo Alto Networks directly on Route 53 DNS Firewall rules, without deploying separate firewalls or modifying VPC configurations — by subscribing to PANW from the DNS Firewall console through the embedded AWS Marketplace widget.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;For a full list of AWS announcements, be sure to keep an eye on the &lt;a href="https://aws.amazon.com/new/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;What’s New with AWS&lt;/a&gt; page.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Price reductions&amp;nbsp;&lt;/strong&gt;&lt;br&gt; AWS continues to look for ways to increase performance and lower prices for our customers. I noticed a few such efforts last week, so I’d like to share them:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/s3-vectors-reduces-query-charges-80-percent-large-indexes/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Amazon S3 Vectors reduces query charges by up to 80% for large vector indexes&lt;/a&gt; – This reduction lowers costs for customers running similarity search across large-scale AI, RAG, and semantic search workloads. The new pricing applies automatically with no application changes required.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-gamelift-servers-free-network-bandwidth/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt; Amazon GameLift Servers introduces free network bandwidth&lt;/a&gt; – Amazon GameLift Servers provides network bandwidth in and out of AWS at no additional charge for all instance types from generation 6 and later, including On-Demand and Spot, with no commitment required. You now pay only for your Amazon GameLift Servers instance hours; all network bandwidth is free.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/06/reduce-listing-fee-professional-services-aws-marketplace/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Marketplace reduces listing fee for professional services to 0.5% from 2.5%&lt;/a&gt; – This reduction makes it more cost-effective for consulting partners, systems integrators, managed services providers and independent software vendors to transact their services through AWS Marketplace, while retaining the procurement and billing benefits that come with it.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;Learn more about AWS, browse and join upcoming &lt;a href="https://aws.amazon.com/events/explore-aws-events/?refid=e61dee65-4ce8-4738-84db-75305c9cd4fe"&gt;AWS-led in-person and virtual events&lt;/a&gt;, &lt;a href="https://aws.amazon.com/startups/events?tab=upcoming?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;startup events&lt;/a&gt;, and &lt;a href="https://builder.aws.com/connect/events?trk=e61dee65-4ce8-4738-84db-75305c9cd4fe&amp;amp;sc_channel=el"&gt;developer-focused events&lt;/a&gt; as well as &lt;a href="https://aws.amazon.com/events/summits/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Summits&lt;/a&gt; and &lt;a href="https://aws.amazon.com/events/community-day/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Community Days&lt;/a&gt;. Join the &lt;a href="https://builder.aws.com/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Builder Center&lt;/a&gt; to connect with builders, share solutions, and access content that supports your development.&lt;/p&gt; 
&lt;p&gt;That’s all for this week. Check back next Monday for another &lt;a href="https://aws.amazon.com/blogs/aws/tag/week-in-review/?trk=39d9c26c-b157-46ae-bde6-9cf598f5c9e0&amp;amp;sc_channel=el"&gt;Weekly Roundup&lt;/a&gt;!&lt;/p&gt; 
&lt;p&gt;— &lt;a href="https://linkedin.com/in/channy/"&gt;Channy&lt;/a&gt;&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Announcing Amazon EC2 G7 instances accelerated by NVIDIA RTX PRO 4500 Blackwell Server Edition GPUs</title>
		<link>https://aws.amazon.com/blogs/aws/announcing-amazon-ec2-g7-instances-accelerated-by-nvidia-rtx-pro-4500-blackwell-server-edition-gpus/</link>
					
		
		<dc:creator><![CDATA[Daniel Abib]]></dc:creator>
		<pubDate>Thu, 18 Jun 2026 21:22:10 +0000</pubDate>
				<category><![CDATA[Amazon EC2]]></category>
		<category><![CDATA[Compute]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<guid isPermaLink="false">9c5d4385212a06a322e30ee7f64a694ffd756b6d</guid>

					<description>Announcing the general availability of Amazon Elastic Compute Cloud (Amazon EC2) G7 instances, delivering high performance GPU acceleration for AI inference, graphics, and data analytics workloads.</description>
										<content:encoded>&lt;p&gt;Today, we’re announcing the general availability of &lt;a href="https://aws.amazon.com/ec2/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Amazon Elastic Compute Cloud (Amazon EC2)&lt;/a&gt; G7 instances, delivering high performance GPU acceleration for AI inference, graphics, and data analytics workloads.&lt;/p&gt; 
&lt;p&gt;AWS is the first major cloud provider to support NVIDIA RTX PRO 4500 Blackwell Server Edition GPUs. G7 instances are accelerated by these GPUs with custom sixth-generation Intel Xeon Scalable processors, delivering up to 4.6x AI inference performance and up to 2.1x graphics performance compared to &lt;a href="https://aws.amazon.com/ec2/instance-types/g6/"&gt;G6 instances&lt;/a&gt;. G7 instances also deliver faster performance for GPU-accelerated analytics on &lt;a href="https://aws.amazon.com/emr/"&gt;Amazon EMR&lt;/a&gt; on &lt;a href="https://aws.amazon.com/eks/"&gt;Amazon Elastic Kubernetes Service (Amazon EKS)&lt;/a&gt;. G7 instances are well suited for a broad range of GPU-enabled workloads including AI inference, graphics rendering, video transcoding and analytics, spatial computing, virtual desktop infrastructure (VDI), and data analytics.&lt;/p&gt; 
&lt;p&gt;Here are improvements of G7 instances compared to previous generation:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;Faster GPU memory&lt;/strong&gt;: NVIDIA RTX PRO 4500 Blackwell Server Edition GPUs offer 1.33 times the GPU memory capacity and 2.45 times the GPU memory bandwidth compared to G6 instances. With 32 GB of GPU memory per GPU, 5th Gen Tensor Cores, and 4th Gen RT Cores, G7 instances deliver enhanced AI inference and graphics performance.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;High performance networking and storage&lt;/strong&gt;: G7 instances come with 700 Gbps of EFA-enabled networking throughput (7x compared to G6) enabling the low-latency, high-bandwidth connectivity that AI inference, graphics-intensive applications, and GPU-accelerated data analytics workloads need to perform at their best. G7 instances support up to 7.6 TB local NVMe SSD storage, enabling you to keep large models and datasets close to compute, reduce data transfer overhead, and improve throughput.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Advanced video encoding and decoding engines&lt;/strong&gt;: Ninth-generation NVENC and sixth-generation NVDEC engines support 4:2:2 encoding and decoding for high-resolution video workflows, delivering 1.5x concurrent video streams compared to previous-generation G6 instances.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;&lt;strong&gt;EC2 G7 instance specifications&lt;/strong&gt;&lt;br&gt; G7 instances feature up to 8 NVIDIA RTX PRO 4500 Blackwell Server Edition GPUs with up to 256 GB of total GPU memory (32 GB of memory per GPU) and custom Intel Xeon Scalable processors. They also are available in 7 sizes and support up to 192 vCPUs, up to 700 Gbps of network bandwidth, up to 768 GiB of system memory, and up to 7.6 TB of local NVMe SSD storage.&lt;/p&gt; 
&lt;p&gt;Here are the specs:&lt;/p&gt; 
&lt;table style="border: 2px solid black;border-collapse: collapse;margin-left: auto;margin-right: auto"&gt; 
 &lt;tbody&gt; 
  &lt;tr style="border-bottom: 1px solid black;background-color: #e0e0e0"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;Instance name&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;GPUs&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;GPU memory (GB)&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;vCPUs&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;Memory (GiB)&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;Storage&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;EBS bandwidth (Gbps)&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;Network bandwidth (Gbps)&lt;/strong&gt;&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="border-bottom: 1px solid black"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;g7.2xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;1&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;32&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;8&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;32&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;1 x 600&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;Up to 8&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;Up to 60&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="border-bottom: 1px solid black"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;g7.4xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;1&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;32&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;16&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;64&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;1 x 600&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;8&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;Up to 100&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="border-bottom: 1px solid black"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;g7.8xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;1&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;32&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;32&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;128&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;1 x 950&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;16&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;Up to 100&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="border-bottom: 1px solid black"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;g7.12xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;2&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;64&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;48&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;192&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;1 x 1900&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;20&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;175&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="border-bottom: 1px solid black"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;g7.24xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;4&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;128&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;96&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;384&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;1 x 3800&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;40&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;350&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="border-bottom: 1px solid black"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;g7.48xlarge&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;8&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;256&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;192&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;768&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;2 x 3800&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;80&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;700&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="border-bottom: 1px solid black"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;g7.metal*&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;8&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;256&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;192&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;768&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;2 x 3800&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;80&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;700&lt;/td&gt; 
  &lt;/tr&gt; 
 &lt;/tbody&gt; 
&lt;/table&gt; 
&lt;p&gt;* Coming soon&lt;/p&gt; 
&lt;p&gt;G7 instances support NVIDIA GPUDirect P2P for multi-GPU sizes, NVIDIA GPUDirect RDMA with EFA, and GPUDirect RDMA with EFA for &lt;a href="https://aws.amazon.com/fsx/lustre/"&gt;Amazon FSx for Lustre&lt;/a&gt;, enabling low-latency GPU-to-GPU communication for multi-GPU and multi-node workloads.&lt;/p&gt; 
&lt;p&gt;To get started with G7 instances, you can use the &lt;a href="https://aws.amazon.com/ai/machine-learning/amis/"&gt;AWS Deep Learning AMIs (DLAMI)&lt;/a&gt; or &lt;a href="https://aws.amazon.com/marketplace/pp/prodview-z4aq5h62z2nv6"&gt;NVIDIA Workstation AMIs&lt;/a&gt; with prepackaged GPU drivers for your AI inference and graphics workloads. To use G7 instances with Amazon EKS, build EKS AMIs with NVIDIA driver version R595 with &lt;a href="https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-build-scripts.html"&gt;EKS-provided automation&lt;/a&gt;&lt;strong&gt;.&lt;/strong&gt; G7 instances support multiple operating systems including Amazon Linux, Ubuntu, RHEL, and Windows Server, with comprehensive NVIDIA driver integration providing compatibility with industry-standard graphics libraries including DirectX, Vulkan, and OpenGL.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Get started today&lt;/strong&gt;&lt;br&gt; You can start using Amazon EC2 G7 instances today in two AWS regions: US East (Ohio) and US West (Oregon). To check future Regional expansion plans, look up the instance type in the &lt;a href="https://aws.amazon.com/pt/cloudformation/"&gt;&lt;strong&gt;CloudFormation&lt;/strong&gt;&lt;/a&gt; resources tab on the &lt;a href="https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/"&gt;AWS Capabilities by Region&lt;/a&gt; page.&lt;/p&gt; 
&lt;p&gt;G7 instances are offered through multiple purchasing options, including &lt;a href="https://aws.amazon.com/ec2/pricing/on-demand/"&gt;On-Demand&lt;/a&gt;, &lt;a href="https://aws.amazon.com/savingsplans/compute-pricing/"&gt;Savings Plans&lt;/a&gt;, and &lt;a href="https://aws.amazon.com/ec2/spot/pricing/"&gt;Spot Instances&lt;/a&gt;. &lt;a href="https://aws.amazon.com/ec2/pricing/dedicated-instances/"&gt;Dedicated Instances&lt;/a&gt; are also supported for the &lt;code&gt;12xlarge&lt;/code&gt;, &lt;code&gt;24xlarge&lt;/code&gt;, and &lt;code&gt;48xlarge&lt;/code&gt; sizes. For detailed pricing, visit the &lt;a href="https://aws.amazon.com/ec2/pricing/"&gt;Amazon EC2 Pricing&lt;/a&gt; page.&lt;/p&gt; 
&lt;p&gt;Ready to get started? Launch G7 instances from the &lt;a href="https://console.aws.amazon.com/ec2/"&gt;Amazon EC2 console&lt;/a&gt;. For more details, head over to the &lt;a href="https://aws.amazon.com/ec2/instance-types/g7/"&gt;Amazon EC2 G7 instances&lt;/a&gt; page. We’d love to hear your feedback. Share it on &lt;a href="https://repost.aws/tags/TAO-wqN9fYRoyrpdULLa5y7g/amazon-ec-2?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS re:Post for EC2&lt;/a&gt; or reach out through your usual AWS Support contacts.&lt;/p&gt; 
&lt;p&gt;– Daniel Abib&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Amazon ECS introduces new high-resolution metrics for faster service auto scaling</title>
		<link>https://aws.amazon.com/blogs/aws/amazon-ecs-introduces-new-high-resolution-metrics-for-faster-service-auto-scaling/</link>
					
		
		<dc:creator><![CDATA[Channy Yun (윤석찬)]]></dc:creator>
		<pubDate>Thu, 18 Jun 2026 21:06:38 +0000</pubDate>
				<category><![CDATA[Amazon Elastic Container Service]]></category>
		<category><![CDATA[Auto Scaling]]></category>
		<category><![CDATA[Compute]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<guid isPermaLink="false">abebfba02b3b7c0c3c3ed08a23aeb25f8830da3f</guid>

					<description>Amazon Elastic Container Service (Amazon ECS) service auto scaling automatically adjusts task counts to meet workload demand with comprehensive scaling policies, including predictive scaling for recurring traffic patterns, scheduled scaling for planned events, and target tracking to scale dynamically on real-time metrics. You can choose proactive scaling by using predictive scaling (automatic) and scheduled scaling […]</description>
										<content:encoded>&lt;p&gt;&lt;a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-auto-scaling.html"&gt;Amazon Elastic Container Service (Amazon ECS) service auto scaling&lt;/a&gt; automatically adjusts task counts to meet workload demand with comprehensive scaling policies, including predictive scaling for recurring traffic patterns, scheduled scaling for planned events, and target tracking to scale dynamically on real-time metrics.&lt;/p&gt; 
&lt;p&gt;You can choose proactive scaling by using &lt;a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/predictive-auto-scaling.html"&gt;predictive scaling&lt;/a&gt; (automatic) and &lt;a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-autoscaling-schedulescaling.html"&gt;scheduled scaling&lt;/a&gt; (customer-defined), or reactive scaling by using &lt;a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-autoscaling-targettracking.html"&gt;target tracking&lt;/a&gt; with just a target to scale on. Amazon ECS service auto scaling adjusts the number of tasks in an ECS service based on &lt;a href="https://aws.amazon.com/cloudwatch/"&gt;Amazon CloudWatch&lt;/a&gt; metrics, such as average CPU/Memory usage, request count per target, a custom metric such as queue depth, or demand surges by using advanced machine learning (ML) algorithms.&lt;/p&gt; 
&lt;p&gt;With today’s launch, Amazon ECS service auto scaling now detects and responds to load changes faster with support for high resolution (20-second) metrics and metric publishing optimizations. In AWS benchmarking tests, time to trigger scale-out improved from 363 seconds to 86 seconds (76% faster, 4.2x), and total time to scale and provision new tasks improved from 386 seconds to 109 seconds (72% faster, 3.5x)&lt;/p&gt; 
&lt;p&gt;This launch delivers three key benefits for your applications:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;Improved performance and reliability&lt;/strong&gt;: Faster scaling means, your application responds faster to demand surges, reducing latencies or failures for end users during demand surges.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Right-size without compromise&lt;/strong&gt;: Depending on the workload, you can reduce baseline task counts because scale-out now happens fast enough to handle traffic spikes without preemptive capacity padding. This directly reduces compute costs while maintaining application performance and availability.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Simpler scaling configuration&lt;/strong&gt;: Target tracking with high-resolution metrics delivers the aggressive scaling behavior that previously required custom scaling configurations, such as usage of step-scaling policies. One configuration change replaces custom engineering work.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;How it works&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; To use ECS faster service auto scaling, first enable high-resolution metrics for your ECS service, and then configure a target tracking scaling policy which uses high-resolution metrics. ECS faster service autoscaling works across all compute options on ECS: &lt;a href="https://aws.amazon.com/fargate/"&gt;AWS Fargate&lt;/a&gt;, &lt;a href="https://aws.amazon.com/ecs/managed-instances/"&gt;ECS Managed Instances&lt;/a&gt;, and &lt;a href="https://aws.amazon.com/ec2"&gt;Amazon Elastic Compute Cloud (Amazon EC2)&lt;/a&gt;. You can enable these metrics when you create or update your ECS service in the &lt;a href="https://console.aws.amazon.com/ecs"&gt;Amazon ECS console&lt;/a&gt;, or using &lt;a href="https://docs.aws.amazon.com/sdkref/latest/guide/version-support-matrix.html"&gt;AWS SDKs and tools&lt;/a&gt;, and &lt;a href="https://aws.amazon.com/cloudformation/"&gt;AWS CloudFormation&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;When you create a service in the console, add 20-seconds resolution metrics in the &lt;strong&gt;Monitoring configuration&lt;/strong&gt; section. These metrics incur additional CloudWatch costs while the standard resolution (60-seconds) is free.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter wp-image-104695 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/17/2026-ecs-fast-autoscaling-metrics-create-service-1.jpg" alt="" width="1661" height="2560"&gt;&lt;/p&gt; 
&lt;p&gt;In the &lt;strong&gt;Service auto scaling&lt;/strong&gt; section, check &lt;strong&gt;Use service auto scaling&lt;/strong&gt; and choose &lt;strong&gt;Target Tracking&lt;/strong&gt; for the scaling policy type to use real-time data to scale the number of tasks that your service runs based on demand.&lt;/p&gt; 
&lt;p&gt;Then, choose a&lt;strong&gt; Scaling policy type&lt;/strong&gt; for the target tracking. You can select &lt;code&gt;ECSServiceAverageCPUUtilizationHighResolution&lt;/code&gt; or &lt;code&gt;ECSServiceAverageMemoryUtilizationHighResolution&lt;/code&gt; as new metrics.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter wp-image-104696 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/17/2026-ecs-fast-autoscaling-metrics-create-service-2.jpg" alt="" width="1800" height="2380"&gt;&lt;/p&gt; 
&lt;p&gt;That’s it. Your ECS service will use high resolution metrics for auto scaling.&lt;/p&gt; 
&lt;p&gt;To update an existing ECS service to use faster auto scaling, you first need to configure high resolution metrics via &lt;strong&gt;Update Service&lt;/strong&gt;. Once deployment completes, your service will generate high-resolution metrics. You can then go to the &lt;strong&gt;Service and auto scaling&lt;/strong&gt; tab from your service details to update scaling policy to use higher resolution metrics.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter wp-image-104200 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/03/2026-ecs-fast-autoscaling-metrics-1.png" alt="" width="2007" height="1685"&gt;&lt;/p&gt; 
&lt;p&gt;That’s all you need. Your ECS service now evaluates scaling decisions at 20-second intervals.&lt;/p&gt; 
&lt;p&gt;You can also use the &lt;a href="https://aws.amazon.com/cli"&gt;AWS Command Line Interface (AWS CLI)&lt;/a&gt; to enable new metrics in your ECS service through Application Auto Scaling. To learn more, visit the &lt;a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/target-tracking-faster-auto-scaling.html"&gt;faster auto scaling documentation&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;Now available&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; Faster service autoscaling with high-resolution metrics for Amazon ECS is available today. The feature itself has no additional cost, but high-resolution CloudWatch metrics introduce a new pricing dimension. For details, see the &lt;a href="https://aws.amazon.com/cloudwatch/pricing/"&gt;CloudWatch pricing&lt;/a&gt; page.&lt;/p&gt; 
&lt;p&gt;Give it a try today&amp;nbsp;and send feedback to &lt;a href="https://repost.aws/tags/TAefn4YSprR-uCBYmbofOpHw/amazon-elastic-container-service?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS re:Post for ECS&lt;/a&gt; or through your usual AWS Support contacts.&lt;/p&gt; 
&lt;p&gt;— &lt;a href="https://linkedin.com/in/channy"&gt;Channy&lt;/a&gt;&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Top announcements of the AWS Summit in New York, 2026</title>
		<link>https://aws.amazon.com/blogs/aws/top-announcements-of-the-aws-summit-in-new-york-2026/</link>
					
		
		<dc:creator><![CDATA[AWS News Blog Team]]></dc:creator>
		<pubDate>Wed, 17 Jun 2026 16:36:08 +0000</pubDate>
				<category><![CDATA[Amazon Bedrock]]></category>
		<category><![CDATA[Amazon Bedrock AgentCore]]></category>
		<category><![CDATA[Amazon Simple Storage Service (S3)]]></category>
		<category><![CDATA[Announcements]]></category>
		<category><![CDATA[AWS Summit New York]]></category>
		<category><![CDATA[AWS Transform]]></category>
		<category><![CDATA[AWS WAF]]></category>
		<category><![CDATA[Kiro]]></category>
		<category><![CDATA[Strands Agents]]></category>
		<guid isPermaLink="false">5c0395519cc4bb7cb222916f6a9f1cc174957d0f</guid>

					<description>A recap of the top announcements from AWS's New York Summit 2026</description>
										<content:encoded>&lt;p&gt;Today at the &lt;a href="https://aws.amazon.com/events/summits/new-york/"&gt;AWS Summit in New York City&lt;/a&gt;, Swami Sivasubramanian, AWS VP of Agentic AI, provided the day’s keynote.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter size-full wp-image-104713" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/17/2026-aws-ny-summit-keynote.jpg" alt="" width="1600" height="905"&gt;&lt;/p&gt; 
&lt;p style="text-align: left"&gt;Here’s our roundup of the biggest announcements from the event:&lt;/p&gt; 
&lt;p&gt;&lt;iframe loading="lazy" title="AWS Summit New York City - Keynote | Amazon Web Services" width="500" height="281" src="https://www.youtube-nocookie.com/embed/T25Fn3FvF6I?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen sandbox="allow-scripts allow-same-origin"&gt;&lt;/iframe&gt;&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;New in agents customers create&lt;br&gt; &lt;/strong&gt;We’re introducing new capabilities on Amazon Bedrock AgentCore: connecting AI agents to organizational, web, and paid knowledge, helping teams find and fix what’s going wrong in production, and enforcing controls that scale as agents grow more capable.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-133707 size-full" src="https://d2908q01vomqb2.cloudfront.net/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59/2026/06/16/knowledge-layers.png" alt="" width="3200" height="1800"&gt;&lt;/p&gt; 
&lt;p&gt;Together, these capabilities help you build more capable agents faster, govern those agents with controls that scale, and improve them continuously. To learn more, read our &lt;a href="https://aws.amazon.com/blogs/machine-learning/new-in-amazon-bedrock-agentcore-build-agents-with-broader-knowledge-and-continuous-learning/"&gt;blog post&lt;/a&gt; covering all the new features.&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/introducing-amazon-bedrock-managed-knowledge-base-for-faster-more-accurate-enterprise-ai-applications"&gt;Introducing Amazon Bedrock Managed Knowledge Base for faster, more accurate enterprise AI applications&lt;/a&gt; – You can build enterprise RAG pipelines with the managed Knowledge Base on Bedrock. It provides native data connectors, Smart Parsing for automatic multi-format data preparation, and an Agentic Retriever for complex multi-step queries, all integrated with AgentCore Gateway so developers can focus on business outcomes rather than infrastructure management.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/announcing-web-search-on-amazon-bedrock-agentcore-ground-your-ai-agents-in-current-accurate-web-knowledge"&gt;Announcing Web Search on Amazon Bedrock AgentCore: Ground your AI agents in current, accurate web knowledge&lt;/a&gt; – You can use a fully managed web search tool that enables agents to ground responses in current, cited web knowledge with zero data egress from customer’ secured AWS environment. You can focus on building agents instead of manually adding web search to agents on Bedrock AgentCore and managing its infrastructure.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/aws-waf-adds-ai-traffic-monetization-capability-to-help-content-owners-charge-ai-bots-for-content-access/" rel="bookmark"&gt;AWS WAF adds AI traffic monetization capability to help content owners charge AI bots for content access&lt;/a&gt; – You can use a new Bot Control capability that enables content providers and publishers price, meter, and collect payment from AI bots and agents accessing their content and APIs. AWS WAF now lets you set a price for that access, accept payment through third-party providers, and grant scoped access directly at the edge.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/machine-learning/amazon-bedrock-agentcore-harness-is-now-generally-available-go-from-idea-to-production-grade-agent-in-minutes/"&gt;Amazon Bedrock AgentCore harness in now generally available&lt;/a&gt; – You can do building and running production-grade AI agents in minutes, without coding orchestration loops, by defining your agent’s model, tools, skills, and instructions in configuration, with Bedrock AgentCore harness.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/machine-learning/context-intelligence-for-your-data-and-ai-agents-at-scale/"&gt;Coming soon: AWS Context&lt;/a&gt; – This is a new service that automatically maps the relationships across your existing data into a knowledge graph and provides agentic search so AI agents in the organization can access governed data relationships, business rules, and domain knowledge at runtime.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;&lt;strong&gt;New in agents for securing&lt;/strong&gt;&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/security/introducing-aws-continuum-security-at-machine-speed/"&gt;Introducing AWS Continuum: Security at machine speed&lt;/a&gt; – AWS Continuum for code vulnerabilities, available in a gated preview, takes findings from across your environment, prioritizes by business impact, proves which are exploitable, and drives a fix through your own process.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/aws-security-agent-adds-threat-modeling-kiro-power-and-claude-code-plugin-and-more"&gt;AWS Security Agent (now part of AWS Continuum) adds threat modeling, Kiro power and Claude Code plugin, and more&lt;/a&gt; – You can generate the new threat modeling (preview) to understand the full context of your application and identify threats with recommended mitigations using the STRIDE framework. You can also use pull request code scanning with remediation across major Git platforms, and IDE integrations via Kiro power, Claude Code plugin, and MCP, letting developers run security reviews and fix issues without context switching.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;&lt;strong&gt;New in agents for building&lt;/strong&gt;&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://kiro.dev/blog/introducing-kiro-for-ios/"&gt;Introducing Kiro for iOS&lt;/a&gt; – Kiro introduces a native iOS app, available in a gated preview, built for real engineering work that gives developers a new surface to kick off, monitor, steer, and interact with their Kiro sessions directly from their phone. That means you can now start sessions, check back when they’re done, review diffs, and approve changes all while staying connected to your work with no laptop running.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/aws-devops-agent-adds-release-management-capabilities-to-assess-code-changes-before-production-preview"&gt;AWS DevOps Agent adds release management capabilities to assess code changes before production&lt;/a&gt; – You can use a new release readiness review of code changes and autonomous release testing. These new features verify every change against the natural language standards you give to the DevOps Agent and run change-specific tests in production-like environments.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/proactively-reduce-tech-debt-autonomously-with-aws-transform-continuous-modernization-preview"&gt;Proactively reduce tech debt autonomously with AWS Transform – continuous modernization&lt;/a&gt; – You can use continuous analysis (preview) to automatically scan your code repositories against configurable baselines and generates findings in hours, not weeks. Once you’ve identified and prioritized findings, you can configure autonomous remediations that generate pull requests for affected repositories automatically.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;&lt;strong&gt;New in agents for works&lt;/strong&gt;&lt;/p&gt; 
&lt;p&gt;With the launch of Amazon Quick’s new autonomous agents, you can create agents that work in the background with specific expertise, tone, and access to tools. You can create a finance agent to process orders as they come in, or a sales agent monitoring interactions across your CRM, emails, and Slacks to proactively draft follow-ups, flag risks, or recommend next steps.&lt;/p&gt; 
&lt;p&gt;We are also releasing a new activity feed that is tailored to how you work. It consolidates email, messaging, calendar, and tasks into a single prioritized view, learns which messages you always answer fast, which threads you skip, and what topics drive your week.&lt;/p&gt; 
&lt;p&gt;To learn more, look the &lt;a href="https://aws.amazon.com/blogs/machine-learning/get-back-hours-every-day-with-autonomous-agents-in-amazon-quick/"&gt;demo of Amazon Quick – AI Assistant&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;In addition to the keynote announcements, we have other important launches this week:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/amazon-s3-annotations-attach-rich-queryable-context-directly-to-your-objects/"&gt;Amazon S3 annotations: attach rich, queryable context directly to your objects&lt;/a&gt; – Amazon S3 now lets you attach up to 1 GB of rich, mutable, and queryable context directly to your objects using annotations, purpose-built for AI agents and autonomous workflows that need to discover, understand, and act on data at scale without maintaining separate metadata systems.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/amazon-ecs-introduces-new-high-resolution-metrics-for-faster-service-auto-scaling/"&gt;Amazon ECS announces faster service auto scaling&lt;/a&gt; – Amazon ECS service auto scaling now detects and responds to load changes faster with support for high resolution (20-second) metrics and metric publishing optimizations. In AWS benchmarking tests, time to trigger scale-out improved from 363 seconds to 86 seconds (76% faster, 4.2x), and total time to scale and provision new tasks improved from 386 seconds to 109 seconds (72% faster, 3.5x).&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://aws.amazon.com/blogs/aws/announcing-amazon-ec2-g7-instances-accelerated-by-nvidia-rtx-pro-4500-blackwell-server-edition-gpus/"&gt;Amazon EC2 G7 instances accelerated by NVIDIA RTX PRO 4500 Blackwell Server Edition GPUs&lt;/a&gt; – AWS is the first major cloud provider to support NVIDIA RTX PRO 4500 Blackwell Server Edition GPUs. G7 instances are accelerated by these GPUs with custom sixth-generation Intel Xeon Scalable processors, delivering up to 4.6x AI inference performance and up to 2.1x graphics performance compared to G6 instances.&lt;/li&gt; 
 &lt;li&gt;&lt;a href="https://strandsagents.com/blog/reduced-cost-better-isolation-more-resilience/"&gt;Strands Agents introduces new capabilities&lt;/a&gt; – Strands is an open source toolkit for building production agents. You can use now better context management in the &lt;a href="https://github.com/strands-agents/harness-sdk"&gt;Harness SDK&lt;/a&gt;, a new isolated execution environment with &lt;a href="https://github.com/strands-agents/shell"&gt;Strands Shell&lt;/a&gt;, and chaos testing and red teaming in &lt;a href="https://github.com/strands-agents/evals"&gt;Strands Evals&lt;/a&gt;.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;&lt;strong&gt;Updated on June 18, 2026&lt;/strong&gt; — Added new important launches on June 18.&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Introducing Amazon Bedrock Managed Knowledge Base for faster, more accurate enterprise AI applications</title>
		<link>https://aws.amazon.com/blogs/aws/introducing-amazon-bedrock-managed-knowledge-base-for-faster-more-accurate-enterprise-ai-applications/</link>
					
		
		<dc:creator><![CDATA[Daniel Abib]]></dc:creator>
		<pubDate>Wed, 17 Jun 2026 15:09:20 +0000</pubDate>
				<category><![CDATA[Amazon Bedrock AgentCore]]></category>
		<category><![CDATA[Amazon Bedrock Knowledge Bases]]></category>
		<category><![CDATA[Amazon Machine Learning]]></category>
		<category><![CDATA[Announcements]]></category>
		<category><![CDATA[Artificial Intelligence]]></category>
		<category><![CDATA[AWS Summit New York]]></category>
		<category><![CDATA[Events]]></category>
		<category><![CDATA[Generative AI]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<guid isPermaLink="false">4c24fcdc8f84279cf19adcd9af7c745709c8ab27</guid>

					<description>Amazon Bedrock's new Fully Managed Knowledge Bases simplifies building enterprise RAG pipelines by providing native data connectors Smart Parsing for automatic multi-format data preparation, and an Agentic Retriever for complex multi-step queries—all integrated with AgentCore Gateway so developers can focus on business outcomes rather than infrastructure management.</description>
										<content:encoded>&lt;p&gt;Today, we’re announcing &lt;a href="https://aws.amazon.com/bedrock/knowledge-bases/"&gt;Amazon Bedrock Managed Knowledge Base&lt;/a&gt;, a new set of capabilities that enables developers to build enterprise-grade generative AI applications with their proprietary data in minutes. Organizations building agentic AI applications need secure, reliable, and up-to-date access to enterprise-wide data to deliver accurate, fast, and trusted outcomes. Managed Knowledge Base abstracts away the complexity of building and managing retrieval-augmented generation (RAG) pipelines, allowing developers to focus on business outcomes rather than infrastructure management.&lt;/p&gt; 
&lt;p&gt;Developers building knowledge bases for their agents face three key challenges today:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;Connecting to enterprise data&lt;/strong&gt;: Enterprise knowledge lives across disparate systems with different content types, access control lists, and document formats. Building and maintaining custom connectors for each source adds complexity that slows down development.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Optimizing RAG accuracy&lt;/strong&gt;: Best practices for retrieval-augmented generation keep evolving. Developers need to experiment with different parsing strategies, chunking approaches, embedding models, and agentic retrieval behaviors to get accurate answers from their data.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Managing infrastructure at scale&lt;/strong&gt;: Organizations need to serve large knowledge bases with millions of documents, or manage thousands of smaller knowledge bases across teams. Both patterns require reliable infrastructure, security enforcement, and cost control.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;These challenges require developers to repeatedly perform undifferentiated work instead of focusing on their applications.&lt;/p&gt; 
&lt;p&gt;Amazon Bedrock Managed Knowledge Base addresses these challenges by abstracting away the multiple infrastructure components developers traditionally have to assemble and maintain themselves (storage, retrieval, embeddings, re-ranking, and foundation model selection) into a single managed primitive. By default, the service automatically selects and manages a default embeddings model, re-ranker model, and foundational model on your behalf, so you can get up to speed quickly without needing to pick or maintain one yourself. On top of this managed foundation, three core innovations further improve ease of use and accuracy:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;Native data connectors&lt;/strong&gt;: Six pre-built ingestion connectors that natively pull enterprise data and permissions from SaaS applications, eliminating the overhead developers face in managing application-specific requirements. At launch, we support Amazon S3, SharePoint, Confluence, Web Crawler, Google Drive, and OneDrive.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Smart Parsing&lt;/strong&gt;: Different content types and sources require different approaches to achieve accurate retrieval. Smart Parsing handles this complexity automatically, selecting the right parsing strategy for each data type and connector to provide the highest accuracy for your agents.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Agentic Retriever&lt;/strong&gt;: Optimized for complex queries that require multiturn, multihop retrieval within a single knowledge base or across multiple knowledge bases. Agentic Retriever automatically infers end-user intent and draws relevant context from institutional knowledge spread across data sources and modalities.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;With just a few lines of code, Amazon Bedrock Managed Knowledge Base automatically manages and scales the end-to-end RAG pipeline that powers your enterprise knowledge agents. For agent builders, it’s available as a pre-built target type in &lt;a href="https://aws.amazon.com/bedrock/agentcore/"&gt;Amazon Bedrock AgentCore Gateway&lt;/a&gt;, reducing integration to a few lines of code, auto-generating role-based permissions, and providing observability and evaluation metrics in the AgentCore Observability dashboard.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;Getting started with Amazon Bedrock Managed Knowledge Base&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; Creating a Managed Knowledge Base is straightforward. Navigate to the &lt;a href="https://console.aws.amazon.com/bedrock-agentcore/"&gt;Amazon Bedrock AgentCore console&lt;/a&gt; or the &lt;a href="https://console.aws.amazon.com/bedrock/"&gt;Amazon Bedrock console&lt;/a&gt;, open the &lt;strong&gt;Knowledge Bases&lt;/strong&gt; page, and choose &lt;strong&gt;Create Managed KB&lt;/strong&gt;. The experience is the same in both consoles.&lt;/p&gt; 
&lt;div id="attachment_104776" style="width: 1810px" class="wp-caption aligncenter"&gt;
 &lt;img aria-describedby="caption-attachment-104776" loading="lazy" class="wp-image-104776 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/19/2026-bedrock-fmkb-1-1.jpg" alt="" width="1800" height="1141"&gt;
 &lt;p id="caption-attachment-104776" class="wp-caption-text"&gt;Picture 1 – Knowledge Bases list page in the Amazon Bedrock AgentCore console showing the Type column with different KB types and the Create Managed KB button&lt;/p&gt;
&lt;/div&gt; 
&lt;p&gt;When creating a new Knowledge Bases, you can connect to your enterprise data sources by choosing from the list of supported connectors directly from a dropdown. &lt;a href="https://aws.amazon.com/iam"&gt;AWS Identity and Access Management (IAM)&lt;/a&gt; roles are automatically created, and you can choose to edit these permissions if needed:&lt;/p&gt; 
&lt;div id="attachment_104777" style="width: 1810px" class="wp-caption aligncenter"&gt;
 &lt;img aria-describedby="caption-attachment-104777" loading="lazy" class="wp-image-104777 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/19/2026-bedrock-fmkb-2-1.jpg" alt="" width="1800" height="1297"&gt;
 &lt;p id="caption-attachment-104777" class="wp-caption-text"&gt;Picture 2 – Create Knowledge Base page showing the Data source dropdown expanded with all supported connectors: Amazon S3, Confluence, Custom, Google Drive, One Drive, SharePoint, and Web Crawler&lt;/p&gt;
&lt;/div&gt; 
&lt;p&gt;An optimized set of defaults will be presented, allowing you to create your knowledge base in just a few clicks. Once the data is synced, you can integrate the knowledge base with your agent or provide it as a tool for your foundation model and start querying.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Smart Parsing for accurate data ingestion&lt;/strong&gt;&lt;br&gt; One of the key challenges in building knowledge bases is preparing diverse data types for accurate retrieval. Once you point Managed Knowledge Base at your data sources, Smart Parsing automatically determines the optimal parsing strategy for each data type and connector, no extra configuration is required.&lt;/p&gt; 
&lt;p&gt;Smart Parsing combines multiple techniques:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;Connector-specific data models&lt;/strong&gt;: Optimized handling for each data source. For example, the Web Crawler connector preserves HTML structure including embedded images and tables, ensuring rich content is not dropped during ingestion. SharePoint connectors maintain document hierarchy and relationships between files.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Multimodal processing&lt;/strong&gt;: Automatic detection and processing of different content types within documents. The system identifies bounding boxes in documents, then sends them to foundation models for data extraction, captioning, and scene description in video files.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Optimized chunking&lt;/strong&gt;: Smart Parsing leverages foundation models to understand document structure and extract meaningful content, ensuring that complex documents with mixed formats are properly indexed. Intelligent defaults balance retrieval accuracy with performance based on document type and content structure, while advanced users can customize chunking strategies when needed.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;This automated approach eliminates weeks of experimentation typically required to achieve production-quality retrieval accuracy, while still preserving the flexibility to customize when needed.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Using Agentic Retriever for complex queries&lt;/strong&gt;&lt;br&gt; After your data is ingested, you can start querying your knowledge base. Generative AI applications often struggle with complex user queries that require reasoning, recursive multi-step retrieval, and intermediate evaluations of results. Consider a user asking two related questions: “What is the cloud infrastructure budget for the ML platform team?” and “Does our expense policy allow prepaying annual commitments?” A single retrieval step might surface documents about the ML platform team but fail to connect the budget information with the expense policy needed to fully answer the question.&lt;/p&gt; 
&lt;div id="attachment_104253" style="width: 3117px" class="wp-caption aligncenter"&gt;
 &lt;img aria-describedby="caption-attachment-104253" loading="lazy" class="wp-image-104253 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/05/Infographics.png" alt="" width="3107" height="1081"&gt;
 &lt;p id="caption-attachment-104253" class="wp-caption-text"&gt;Picture 3 – Agentic Retriever decomposes complex user queries into a step-by-step plan, performing multi-hop retrieval across multiple knowledge bases and combining results to deliver accurate, grounded responses&lt;/p&gt;
&lt;/div&gt; 
&lt;p&gt;Agentic Retriever solves this by creating a step-by-step query plan: 1. Which team owns the ML platform, and what is their cloud infrastructure budget? 2. What does the expense policy say about prepaying annual commitments? 3. Does the policy allow the ML platform team to prepay against this budget?&lt;/p&gt; 
&lt;p&gt;The system performs multi-hop retrieval and reasoning at each step, and once it has gathered sufficient relevant passages, it stops the search process and returns the top results. By abstracting away the complexity of building a separate multi-hop reasoning pipeline, this approach dramatically improves accuracy for complex queries while letting developers focus on their agentic search applications instead of orchestration logic.&lt;/p&gt; 
&lt;p&gt;You can try Agentic Retriever directly from the test panel of your knowledge base in the Amazon Bedrock AgentCore console. Select &lt;strong&gt;Agentic retrieval only&lt;/strong&gt; as the retrieval type to let the system automatically plan and execute multi-step queries across your knowledge bases:&lt;/p&gt; 
&lt;div id="attachment_104603" style="width: 1810px" class="wp-caption aligncenter"&gt;
 &lt;img aria-describedby="caption-attachment-104603" loading="lazy" class="wp-image-104603 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/15/2026-bedrock-fmkb-3.jpg" alt="" width="1800" height="991"&gt;
 &lt;p id="caption-attachment-104603" class="wp-caption-text"&gt;Picture 4 – Test Knowledge Base panel showing Agentic retrieval with answer generation selected as the retrieval type, with model selection and maximum agentic iterations options&lt;/p&gt;
&lt;/div&gt; 
&lt;p&gt;&lt;strong&gt;Enabling MCP with Bedrock AgentCore&lt;/strong&gt;&lt;br&gt; Amazon Bedrock Managed Knowledge Base seamlessly integrates with AgentCore Gateway as a native target type. This integration eliminates the need for manual integration and provides built-in observability, policy enforcement, and automatic permission management.&lt;/p&gt; 
&lt;p&gt;You can navigate to the Amazon Bedrock AgentCore console or SDK and create an AgentCore Gateway or select an existing one. When adding targets to your gateway, you will find &lt;strong&gt;Knowledge Base&lt;/strong&gt; as a new pre-built target type alongside other options such as MCP server, Lambda ARN, REST API, and other integrations. Simply select your knowledge base ID to expose it through the gateway:&lt;/p&gt; 
&lt;div id="attachment_104604" style="width: 1810px" class="wp-caption aligncenter"&gt;
 &lt;img aria-describedby="caption-attachment-104604" loading="lazy" class="wp-image-104604 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/15/2026-bedrock-fmkb-4.jpg" alt="" width="1800" height="1365"&gt;
 &lt;p id="caption-attachment-104604" class="wp-caption-text"&gt;Picture 5 – Add targets page in AgentCore Gateway showing Knowledge Base as a new pre-built target type, with the knowledge base ID selector and runtime retrieval mode options&lt;/p&gt;
&lt;/div&gt; 
&lt;p&gt;Add targets page in AgentCore Gateway showing Knowledge Base as a new pre-built target type, with the knowledge base ID selector and runtime retrieval mode options&lt;/p&gt; 
&lt;p&gt;Gateway exposes the standard Model Context Protocol (MCP), so the knowledge base tools are automatically discovered by clients from any MCP-compatible framework, including &lt;a href="https://strandsagents.com/"&gt;Strands Agents&lt;/a&gt;, &lt;a href="https://github.com/langchain-ai/langchain"&gt;LangChain&lt;/a&gt;, &lt;a href="https://crewai.com/"&gt;CrewAI&lt;/a&gt;, &lt;a href="https://www.llamaindex.ai/"&gt;LlamaIndex&lt;/a&gt;, and &lt;a href="https://github.com/langchain-ai/langgraph"&gt;LangGraph&lt;/a&gt;. No custom integration code is required.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Model choice and flexibility&lt;/strong&gt;&lt;br&gt; Amazon Bedrock Managed Knowledge Base preserves the flexibility developers expect from Amazon Bedrock. Every foundation model available on Bedrock can power the generation step, and developers can select from different embedding and re-ranking models to optimize retrieval for their specific use case, enabling teams to fine-tune accuracy and cost-performance without changing infrastructure.&lt;/p&gt; 
&lt;p&gt;Unlike managed solutions that lock you into specific model providers, Amazon Bedrock Managed Knowledge Base separates the infrastructure management (connectors, parsing, storage, retrieval orchestration) from model selection. This means you can:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;Take advantage of the latest models&lt;/strong&gt;: Adopt the latest embedding, re-ranking, and foundation models as they become available to improve accuracy, latency, and cost for your application without rebuilding your RAG pipeline.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Optimize for price-performance&lt;/strong&gt;: Choose smaller, faster models for simple queries and more capable models for complex reasoning tasks, all using the same knowledge base infrastructure.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Use Bedrock embedding models&lt;/strong&gt;: While Smart Parsing provides optimized defaults, you can configure Bedrock embedding models when your domain requires specialized semantic understanding.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Maintain consistency with existing applications&lt;/strong&gt;: If you’re already using Bedrock Knowledge Bases APIs (&lt;code&gt;Retrieve&lt;/code&gt;, &lt;code&gt;StartIngest&lt;/code&gt;, &lt;code&gt;StopIngest&lt;/code&gt;, &lt;code&gt;IngestKnowledgeBaseDocuments&lt;/code&gt;), Managed Knowledge Base uses the same APIs, so migration requires no code changes, just point to the new knowledge base ID.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;This approach ensures you can spend time on your generative AI application without losing the ability to change models based on evolving requirements or new model capabilities.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;Get started today&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; Amazon Bedrock Managed Knowledge Base is available today in the US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney, Tokyo), Europe (Dublin, Frankfurt, London), and AWS GovCloud (US-West) Regions. For Regional availability and future roadmap, visit &lt;a href="https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/"&gt;AWS Capabilities by Region&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;With Bedrock Managed Knowledge Base, you pay for what you use with no upfront commitments. Pricing is based on two dimensions: the size of indexed data stored and the number of retrievals performed (on-demand). For detailed pricing information, visit the &lt;a href="https://aws.amazon.com/bedrock/pricing/"&gt;Amazon Bedrock pricing page&lt;/a&gt;. Bedrock is also a part of the &lt;a href="https://aws.amazon.com/free/"&gt;AWS Free Tier&lt;/a&gt; that new AWS customers can use to get started at no cost and explore key AWS services.&lt;/p&gt; 
&lt;p&gt;These capabilities work with any open source framework such as CrewAI, LangGraph, LlamaIndex, and Strands Agents, and with any foundation model. Bedrock services can be used together or independently, and you can get started using your favorite AI-assisted development environment with the &lt;a href="https://awslabs.github.io/mcp/servers/amazon-bedrock-agentcore-mcp-server"&gt;AgentCore open source MCP server&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;To learn more and get started quickly, visit the &lt;a href="https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base.html"&gt;Bedrock Knowledge Bases Developer Guide&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;Daniel Abib&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&amp;nbsp;Updated on June 19, 2026 &lt;/strong&gt;— Fixed correct screenshots to create a new Managed KB.&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Announcing Web Search on Amazon Bedrock AgentCore: Ground your AI agents in current, accurate web knowledge</title>
		<link>https://aws.amazon.com/blogs/aws/announcing-web-search-on-amazon-bedrock-agentcore-ground-your-ai-agents-in-current-accurate-web-knowledge/</link>
					
		
		<dc:creator><![CDATA[Channy Yun (윤석찬)]]></dc:creator>
		<pubDate>Wed, 17 Jun 2026 15:00:11 +0000</pubDate>
				<category><![CDATA[Amazon Bedrock]]></category>
		<category><![CDATA[Amazon Bedrock AgentCore]]></category>
		<category><![CDATA[Amazon Machine Learning]]></category>
		<category><![CDATA[Artificial Intelligence]]></category>
		<category><![CDATA[AWS Summit New York]]></category>
		<category><![CDATA[Events]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<guid isPermaLink="false">1e4fc761b5a706e81f4b43e635181511d9ca0099</guid>

					<description>AWS introduces Web Search on Amazon Bedrock AgentCore, a fully managed tool that enables agents to ground responses in current, cited web knowledge with zero data egress from customer's secured AWS environment. You can focus on building agents instead of manually adding web search to agents on Bedrock AgentCore and managing its infrastructure.</description>
										<content:encoded>&lt;p&gt;Today, we’re announcing the general availability of Web Search on &lt;a href="https://aws.amazon.com/bedrock/agentcore/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Amazon Bedrock AgentCore&lt;/a&gt;, a fully managed tool that enables agents to ground responses in current, cited web knowledge with zero data egress from customer’s secured AWS environment.&lt;/p&gt; 
&lt;p&gt;Web Search uses a built-in connector target on Bedrock AgentCore Gateway using the Model Context Protocol (MCP). Your agent sends a natural-language query, and Web Search returns most relevant snippets, source URLs, titles, and publication dates that the model can reason over to produce a grounded response.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter wp-image-104652 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/16/2026-agentcore-websearch-diagram-3.jpg" alt="" width="2532" height="604"&gt;&lt;/p&gt; 
&lt;p&gt;It is built on Amazon’s search infrastructure, informed by years of experience powering agentic search experiences across &lt;a href="https://www.amazon.com/alexaplus/dp/B0CXRRF584?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Alexa+&lt;/a&gt;, &lt;a href="https://aws.amazon.com/quick/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Amazon Quick&lt;/a&gt;, and &lt;a href="https://kiro.dev/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Kiro&lt;/a&gt;. It uses a multi-source grounding approach that combines Amazon’s web index with structured knowledge graph data. Beyond standard web results, this gives agents access to Amazon Knowledge Graph with verified facts, helping them retrieve more relevant and accurate responses than traditional web search alone.&lt;/p&gt; 
&lt;p&gt;With this launch, you can focus on building agents instead of manually adding web search to agents on Bedrock AgentCore and managing its infrastructure. Your AI agent looks at user question, retrieves the latest facts, and then takes any necessary action grounded in current developments beyond a model’s training data. You can also meet enterprise governance policies without sending user prompts and retrieval queries to external search API providers outside of AWS.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;Web Search on Bedrock AgentCore in action&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; To get started, create the Bedrock AgentCore Gateway with Web Search tool target in the &lt;a href="https://console.aws.amazon.com/bedrock-agentcore/home?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Bedrock AgentCore console&lt;/a&gt;. When the Gateway URL is created, you can interact with API call, Command Line Interface (CLI), or MCP Inspector.&lt;/p&gt; 
&lt;p&gt;To add Web Search tool target when creating the Gateway, choose &lt;strong&gt;MCP target&lt;/strong&gt; as a target protocol and &lt;strong&gt;Connectors&lt;/strong&gt; as a target type. You can select the &lt;strong&gt;Web Search tool&lt;/strong&gt; as a preconfigured target to retrieve most relevant web search results including links, snippets, and metadata.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter wp-image-104633 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/15/2026-agentcore-websearch-add-gateway-target.jpg" alt="" width="1800" height="1970"&gt;&lt;/p&gt; 
&lt;p&gt;After creating your gateway, you can find the Web Search tool target on the detail page of your gateway. You can also add a new Web Search tool target to an existing gateway.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter size-full wp-image-104274" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/05/2026-agentcore-websearch-add-gateway-detail.png" alt="" width="2406" height="2618"&gt;&lt;/p&gt; 
&lt;p&gt;To interact with Web Search tool, use the sample invocation code in the &lt;strong&gt;View invocation code&lt;/strong&gt; section. You can use code snippets through Python codes with API requests, MCP Python SDK, Strands MCP Client, and MCP Inspector.&lt;/p&gt; 
&lt;p&gt;For example, you can interact with the &lt;a href="https://modelcontextprotocol.io/docs/tools/inspector"&gt;MCP Inspector&lt;/a&gt;, an interactive developer tool for testing and debugging MCP servers.&amp;nbsp;When you connect to the MCP server through the &lt;strong&gt;Gateway resource URL&lt;/strong&gt;, you will find a Web Search tool for each connector target on the Gateway. Enter input the web search query and choose &lt;strong&gt;Run Tool&lt;/strong&gt; to get the results.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter wp-image-104703 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/17/2026-agentcore-websearch-mcp-inspector-1.jpg" alt="" width="1800" height="1258"&gt;&lt;/p&gt; 
&lt;p&gt;To learn more about how to use Web Search on Bedrock AgentCore, visit the &lt;a href="https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway.html?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Bedrock AgentCore Gateway documentation&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;Customer voices&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; Some of our customers had early access to this new feature. This is what they shared with us:&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://aws.amazon.com/marketplace/seller-profile?id=seller-2xeeqw6omnqeq&amp;amp;trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el" target="_blank" rel="noopener noreferrer"&gt;Benchling&lt;/a&gt; helps scientists accelerate R&amp;amp;D, making it easy to centralize scientific data, collaborate across teams, and access insights. Nicholas Larus-Stone, Head of AI Agents at Benchling shared “Scientists using Benchling AI can now ask about a target they’re actively working on and get answers grounded in both their institutional data in Benchling and published literature. The result is more complete science, and hypothesis generation done right. Because we’re using the Web Search tool on Amazon Bedrock AgentCore, customers have a secure, governed environment to bring that high quality published data into their workflows without compromising how they manage their data.”&lt;/p&gt; 
&lt;p&gt;&lt;a href="https://aws.amazon.com/solutions/case-studies/gen-digital-video-case-study/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el" target="_blank" rel="noopener noreferrer"&gt;Gen Digital&lt;/a&gt; leads consumer and small business cyber safety, offering antivirus, antimalware, identity and privacy protection, virtual private networks, and cloud backup. Iskander Sanchez-Rola, Senior Director of AI &amp;amp; Innovation, Gen Digital shared “With the Web Search tool on Amazon Bedrock AgentCore, Norton Revamp helps professionals build their online reputation with current, grounded content ideas shaped by what’s actually happening in the world today. What we value most is that AWS uses its own search index and keep queries within our trusted AWS environment.”&lt;/p&gt; 
&lt;p&gt;To read more customer stories, visit the &lt;a href="https://aws.amazon.com/bedrock/customers/" target="_blank" rel="noopener noreferrer"&gt;Amazon Bedrock Customers&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;Now available&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; Web Search on Amazon Bedrock AgentCore is generally available today in the US East (N. Virginia) Region. For Regional availability and a future roadmap, visit the &lt;a class="c-link" href="https://builder.aws.com/build/capabilities/explore?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el" target="_blank" rel="noopener noreferrer" data-stringify-link="https://builder.aws.com/capabilities/" data-sk="tooltip_parent"&gt;AWS Capabilities by Region&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;You can get started with Web Search on Bedrock AgentCore with no upfront commitments. Pricing is simple and usage-based. You are charged based on the number of search queries your agents submit to the web search. Web Search is priced at $7 per 1,000 queries. New AWS customers also receive up to $200 in Free Tier credits. To learn more, visit the &lt;a href="https://aws.amazon.com/bedrock/agentcore/pricing/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Amazon Bedrock AgentCore pricing&lt;/a&gt; page.&lt;/p&gt; 
&lt;p&gt;Try it in the &lt;a href="https://console.aws.amazon.com/bedrock-agentcore/home?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Amazon Bedrock AgentCore console&lt;/a&gt;&amp;nbsp;and send feedback to &lt;a href="https://repost.aws/tags/TAaysfWwGaS3SNb1O0i1GkOg/amazon-bedrock-agentcore?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS re:Post for Amazon Bedrock AgentCore&lt;/a&gt; or through your usual AWS Support contacts.&lt;/p&gt; 
&lt;p&gt;— &lt;a href="https://twitter.com/channyun"&gt;Channy&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Updated on June 18, 2026&lt;/strong&gt; —&amp;nbsp;Added a clear pricing statement for Web Search in Bedrock AgentCore.&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Proactively reduce tech debt autonomously with AWS Transform – continuous modernization (preview)</title>
		<link>https://aws.amazon.com/blogs/aws/proactively-reduce-tech-debt-autonomously-with-aws-transform-continuous-modernization-preview/</link>
					
		
		<dc:creator><![CDATA[Micah Walter]]></dc:creator>
		<pubDate>Wed, 17 Jun 2026 14:58:00 +0000</pubDate>
				<category><![CDATA[AWS Summit New York]]></category>
		<category><![CDATA[AWS Transform]]></category>
		<category><![CDATA[Events]]></category>
		<category><![CDATA[Generative AI]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<guid isPermaLink="false">de6487c2a98aa63becca18998e2eaf30133784c1</guid>

					<description>AWS Transform – continuous modernization (preview) automatically scans code repositories to detect, prioritize, and remediate technical debt at scale.</description>
										<content:encoded>&lt;p&gt;Today, we’re announcing &lt;a href="http://aws.amazon.com/transform/continuous-modernization"&gt;AWS Transform – continuous modernization (preview)&lt;/a&gt;, a new capability of &lt;a href="https://aws.amazon.com/transform/"&gt;AWS Transform&lt;/a&gt; for continuous, autonomous tech debt analysis and remediation at scale. AWS Transform already helps enterprises migrate out of data centers, modernize mainframe and Windows applications, and handle the undifferentiated work of software maintenance: upgrading Java versions, swapping deprecated frameworks, and updating &lt;a href="https://aws.amazon.com/lambda/"&gt;AWS Lambda&lt;/a&gt; runtimes before they reach end of life. This new experience builds on this. Customers get full visibility into the state of their codebase across thousands of repositories, prioritized findings, and the pull requests that make the fixes.&lt;/p&gt; 
&lt;p&gt;Engineering organizations typically consume up to 30% of IT budgets. Customers stitch together point tools: one to detect dependency issues, another to flag vulnerabilities, another for code quality. But no existing tool detects, prioritizes, and remediates tech debt continuously and at scale. The result is a manual, app-by-app cycle that drains engineering capacity. Leaders fall back on self-reported team status that lags reality and hides regressions. AI-assisted development makes this worse: as coding agents accelerate the pace of change, tech debt accumulates faster than developers can keep up. Customers need a capability that detects, prioritizes, and remediates tech debt continuously, autonomously, and at scale.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Continuous analysis&lt;br&gt; &lt;/strong&gt;&lt;/span&gt;To address the visibility challenge, this new capability within AWS Transform automatically scans your code repositories against configurable baselines and generates findings in hours, not weeks. Out of the box, AWS Transform – continuous modernization includes policies for detecting end of life dependencies, deprecated frameworks, and other common sources of technical debt. You can also extend these with your own remediation patterns specific to your organization, including approved libraries, internal coding standards, or tech debt policies your platform team already enforces. For example, if your team has deprecated an internal library or prefers a particular logging pattern, you can codify that as a policy and run it across all your repositories continuously.&lt;/p&gt; 
&lt;p&gt;Unlike periodic manual efforts, continuous analysis provides ground truth directly from your code. When a repository falls behind your baseline, you know immediately, showing which components are behind and by how much, regardless of how the team chooses to address it. This eliminates the need for status check-ins and manual compliance tracking, giving platform teams an always current view of their technical debt landscape.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Autonomous remediation at scale&lt;br&gt; &lt;/strong&gt;&lt;/span&gt;Once you’ve identified and prioritized findings, you can configure autonomous remediations that generate pull requests for affected repositories automatically. This new AWS Transform capability provides out-of-the-box remediation transformations for common scenarios such as Java version upgrades, SDK migrations, and library updates. You can also create custom transformations for organization-specific patterns.&lt;/p&gt; 
&lt;p&gt;When you launch a remediation, the continuous modernization capability creates pull requests for each affected repository, notifying the owning team with a message like: “This repository is behind on your organization’s baseline for this dependency. Here’s a PR that resolves it.” Teams can review and merge the PR, or choose to remediate using their own approach. Either way, continuous analysis detects when the fix is in place, providing ground truth without requiring manual confirmation.&lt;/p&gt; 
&lt;p&gt;AWS Transform – continuous modernization integrates with &lt;a href="https://aws.amazon.com/security-agent"&gt;AWS Security Agent&lt;/a&gt; to detect and remediate security vulnerabilities at the source-code level, so security findings flow into the same prioritized list and pull-request workflow as other tech debt.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Let’s try it out&lt;br&gt; &lt;/strong&gt;&lt;/span&gt;To get started with, I navigated to the AWS Transform web application. From the dashboard, I can see an overview of my organization’s repositories and their current status against my configured baselines.&lt;/p&gt; 
&lt;p&gt;First, I connected my source control system and initiated an analysis against my specified policies. Within hours, the analysis returned findings across my repositories, showing which ones were behind the baseline and by how much. I could see the severity, the number of affected files, and the specific tech debt patterns detected.&lt;/p&gt; 
&lt;p&gt;From here, I selected a group of high-priority findings and launched a remediation campaign. AWS Transform – continuous modernization generated pull requests for each affected repository. I could monitor the campaign’s progress in real time, seeing which PRs were created, which were merged, and which repositories returned to compliance.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104654 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/16/image-01-1024x557.png" alt="" width="1024" height="557"&gt;&lt;/p&gt; 
&lt;p&gt;Image 1: AWS Transform – continuous modernization dashboard showing a portfolio overview of your technical debt findings across all connected repositories.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104655 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/16/image-02-1024x572.png" alt="" width="1024" height="572"&gt;&lt;/p&gt; 
&lt;p&gt;Image 2: The detailed findings view listing individual tech debt items by severity, category, and repository with their available remediation options.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104656 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/16/image-03-1024x573.png" alt="" width="1024" height="573"&gt;&lt;/p&gt; 
&lt;p&gt;Image 3: The sources view showing connected repositories from GitHub and local environments that continuous modernization is tracking for analysis.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Faster ways to modernize&lt;br&gt; &lt;/strong&gt;&lt;/span&gt;These capabilities support two distinct approaches to code modernization. In continuous mode, you can use continuous modernization to keep your codebases current as baselines evolve. Think of this as the day-to-day work of upgrading libraries, applying security patches, and enforcing coding standards across your organization.&lt;/p&gt; 
&lt;p&gt;For larger modernization projects, such as migrating from one framework to another or upgrading a major runtime version across hundreds of applications, you can use campaign mode for targeted, project-based modernization. AWS Transform custom continues to provide the flexible primitive for these larger efforts. AWS Transform – continuous modernization is purpose-built for the recurring, high-volume work that platform teams manage every day.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Now available&lt;br&gt; &lt;/strong&gt;&lt;/span&gt;AWS Transform – continuous modernization (preview) is available today. You can get started through the AWS Transform web application, via the AWS Transform Kiro Power, or through MCP and skills for integration with your existing coding agents. To learn more, visit the &lt;a href="https://docs.aws.amazon.com/transform/"&gt;AWS Transform documentation&lt;/a&gt;.&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>AWS DevOps Agent adds release management capabilities to assess code changes before production (preview)</title>
		<link>https://aws.amazon.com/blogs/aws/aws-devops-agent-adds-release-management-capabilities-to-assess-code-changes-before-production-preview/</link>
					
		
		<dc:creator><![CDATA[Esra Kayabali]]></dc:creator>
		<pubDate>Wed, 17 Jun 2026 14:57:34 +0000</pubDate>
				<category><![CDATA[Announcements]]></category>
		<category><![CDATA[AWS Summit New York]]></category>
		<category><![CDATA[DevOps]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<guid isPermaLink="false">6261b6e3f0038f8b71e95bf2f91f996b1505a1e9</guid>

					<description>AWS DevOps Agent now offers release management capability in preview, reviewing code changes for release readiness and running autonomous release testing to help you ship code to production safely and with confidence.</description>
										<content:encoded>&lt;p&gt;Today, we’re announcing a new release management capability in &lt;a href="https://aws.amazon.com/devops-agent/"&gt;AWS DevOps Agent&lt;/a&gt; that is now available in preview. AWS DevOps Agent is your always-available teammate that spans software changes and operations across AWS, multicloud, and on-premises environments. The practice of DevOps aims to make software change and operations smooth and increasingly autonomous, and AWS DevOps Agent delivers on both by leveraging its deep understanding of your environment, your services, their dependencies, and how they behave in production. Already generally available for post-deployment operations, it autonomously investigates incidents, provides root cause analysis and mitigation steps, and delivers targeted recommendations to prevent recurring issues. With today’s preview, AWS DevOps Agent adds release readiness review of code changes and autonomous release testing. These new features verify every change against the natural language standards you give to the DevOps Agent and run change-specific tests in production-like environments. AWS DevOps Agent now supports teams from code creation to production, helping reviewers and testers keep pace with the volume of AI-generated code.&lt;/p&gt; 
&lt;p&gt;As development teams adopt AI coding tools, the volume of pull requests moving through delivery pipelines has increased faster than review and testing processes can handle. When teams are under pressure to keep up, reviews are approved without thorough examination, and test environments drift from production. The value that coding agents generate sits waiting in review queues instead of reaching end users. At the same time, AI models are increasingly capable of catching functional and security issues that human reviewers might miss under time pressure, making speedy and safe delivery a requirement rather than a tradeoff.&lt;/p&gt; 
&lt;p&gt;The release readiness review feature evaluates every code change against production requirements, dependency safety, and the standards and best practices you provide to the DevOps Agent. The agent checks cross-repository dependency risks that could affect other services, access control changes against AWS Well-Architected Framework best practices, and compliance with any standards you have defined. When no standards are provided, the agent applies general best practices. As part of the review, the agent also runs your software in an AWS-managed isolated environment, executing lightweight user journey tests to verify the software builds, runs, and passes basic functional checks before the change enters the pipeline. Findings appear in the AWS DevOps Agent console and as comments on pull requests in GitHub or GitLab. You can also invoke reviews directly from your IDE through the Kiro power or Claude Code plugin, so developers can identify and fix dependency risks, standards violations, and access control issues before the change is committed to version control.&lt;/p&gt; 
&lt;p&gt;The autonomous release testing feature goes further, generating and running change-specific test plans for web and API-based applications in customer-provisioned, production-like environments before the change merges. Rather than running a static test suite, the agent reasons about what the change does and constructs tests tailored to it, covering functional correctness, behavioral regressions, and integration scenarios that a manually maintained test plan might not anticipate. Every test run produces structured artifacts including metrics, logs, traces, and an execution summary, giving reviewers a consistent record of what was tested and what the results were.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Getting started with AWS DevOps Agent release management&lt;br&gt; &lt;/strong&gt;&lt;/span&gt;This walkthrough shows how to run an on-demand release readiness review using the AWS DevOps Agent web app. Before you begin, confirm that you have at least one &lt;a href="https://docs.aws.amazon.com/devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-github.html"&gt;GitHub&lt;/a&gt; or &lt;a href="https://docs.aws.amazon.com/devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-gitlab.html"&gt;GitLab&lt;/a&gt; repository connected to your Agent Space. Once your repositories are connected, AWS DevOps Agent will index your code and build a knowledge graph of cross-repository and cloud dependencies.&lt;/p&gt; 
&lt;p&gt;To open the web app, navigate to the &lt;a href="https://console.aws.amazon.com/aidevops/"&gt;AWS DevOps Agent console&lt;/a&gt;, select your &lt;strong&gt;Agent Space&lt;/strong&gt;, and choose the &lt;strong&gt;Web app&lt;/strong&gt; tab. Choose &lt;strong&gt;Operator access&lt;/strong&gt; to open the web app.&lt;/p&gt; 
&lt;p&gt;Without standards configured, the agent applies general best practices. To tailor reviews to your internal standards, navigate to&amp;nbsp;&lt;strong&gt;Knowledge&lt;/strong&gt;, then choose the&amp;nbsp;&lt;strong&gt;Instructions&lt;/strong&gt;&amp;nbsp;tab. You will see a list of instruction sets, each scoped to a specific agent or task. Choose&amp;nbsp;&lt;strong&gt;View&lt;/strong&gt;&amp;nbsp;next to&amp;nbsp;&lt;strong&gt;Release readiness review&lt;/strong&gt;&amp;nbsp;to edit the instructions for production-readiness change review. Write your internal standards in plain English. For example, you can define infrastructure and data standards on encryption or network access rules, best practices that warn without blocking such as logging and observability requirements, and sensitive data classification best practices that identify applications or resources requiring higher security measures. To apply instructions across all agents in your space, choose&amp;nbsp;&lt;strong&gt;View&lt;/strong&gt;&amp;nbsp;next to&amp;nbsp;&lt;strong&gt;All agents&lt;/strong&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104568 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/14/1214659328598974-4.png" alt="" width="1924" height="967"&gt;&lt;/p&gt; 
&lt;p&gt;You can trigger a release readiness review in two ways: by submitting a pull request to a connected repository, or by entering an on-demand query in the chat interface. To run an on-demand review from chat, choose&lt;strong&gt; New chat&lt;/strong&gt; and enter a request such as:&lt;/p&gt; 
&lt;p&gt;&lt;code&gt;Perform a production risk analysis on my repository branch&lt;/code&gt;&lt;/p&gt; 
&lt;p&gt;The agent will ask for the repository and branch you want to analyze. You can provide a branch name, a pull request number, or a commit SHA. Once you confirm your selection, the agent queues the review and analyzes the change for production risks, including infrastructure impacts, configuration changes, and potential issues.&lt;/p&gt; 
&lt;p&gt;After the review completes, you can ask follow-up questions directly in the chat to explore the findings in more detail. For example, you can ask which downstream consumers a change affects, and the agent will return a structured breakdown of in-repository and cross-repository consumers that will break, the specific files and line numbers affected, and the recommended steps to resolve the issue before deployment.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104569 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/14/1214659328598974-5.png" alt="" width="1168" height="968"&gt;&lt;/p&gt; 
&lt;p&gt;After submitting a review request, navigate to&amp;nbsp;&lt;strong&gt;Changes&lt;/strong&gt;&amp;nbsp;in the left navigation pane. The&amp;nbsp;&lt;strong&gt;Proposed changes&lt;/strong&gt; table shows each review that has run, including the proposed change description, its source, category, status, and when it was created. You can filter by category or status to find specific reviews, or search by name using the search bar. Choose any entry to open the full execution detail.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104571 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/14/1214659328598974-6.png" alt="" width="1641" height="516"&gt;&lt;/p&gt; 
&lt;p&gt;The&amp;nbsp;&lt;strong&gt;Timeline&lt;/strong&gt;&amp;nbsp;tab shows the agent’s step-by-step reasoning process, including the tools it called, the dependencies it consulted, and the observations it made at each step. Each entry is timestamped, giving you a complete record of how the agent built its understanding of the change and reached its conclusion.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104572 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/14/1214659328598974-8.png" alt="" width="1283" height="901"&gt;&lt;/p&gt; 
&lt;p&gt;Choose the&amp;nbsp;&lt;strong&gt;Report&lt;/strong&gt;&amp;nbsp;tab to see the final recommendation. The report opens with a summary header showing the recommended action, the number of critical issues found, the commit revision, and the number of files changed. The recommended action is either&amp;nbsp;&lt;strong&gt;BLOCK&lt;/strong&gt;,&amp;nbsp;&lt;strong&gt;Proceed with Caution&lt;/strong&gt;, or&amp;nbsp;&lt;strong&gt;Safe to Release&lt;/strong&gt;.&lt;/p&gt; 
&lt;p&gt;Below the summary header, the&amp;nbsp;&lt;strong&gt;Analysis&lt;/strong&gt;&amp;nbsp;section explains why the recommendation was made, citing specific risks and the evidence the agent found to support its conclusion. The&amp;nbsp;&lt;strong&gt;Issues&lt;/strong&gt;&amp;nbsp;section lists each finding by severity, giving you a prioritized view of what needs to be addressed before the change can proceed. The&amp;nbsp;&lt;strong&gt;Recommendations&lt;/strong&gt;&amp;nbsp;section provides specific, actionable steps the developer can take to resolve each issue. Finally, the&amp;nbsp;&lt;strong&gt;Changes&lt;/strong&gt;&amp;nbsp;section lists each file that was modified, with the type of change, the category it falls under, and a description of what was changed, so reviewers have a complete picture of what the change does before it merges.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104573 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/14/1214659328598974-7.png" alt="" width="1289" height="1072"&gt;&lt;/p&gt; 
&lt;p&gt;You can also invoke the autonomous release testing feature directly from the chat interface. To run an autonomous release test on a web or API-based application, choose &lt;strong&gt;New chat&lt;/strong&gt; and enter a query such as:&lt;/p&gt; 
&lt;p&gt;&lt;code&gt;Run a release test on my application deployed at [application URL]&lt;/code&gt;&lt;/p&gt; 
&lt;p&gt;The agent generates a change-specific test plan and executes it in your provisioned environment. Results appear in &lt;b&gt;Changes&lt;/b&gt;, where you can review the execution steps and a structured summary of what was tested.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Get started today&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; The release readiness review and autonomous release testing features for AWS DevOps Agent are available in preview. These features are available at no additional cost during preview in the US East (N. Virginia) Region. For pricing information on other AWS DevOps Agent features, visit the &lt;a href="https://aws.amazon.com/devops-agent/pricing/"&gt;AWS DevOps Agent pricing&lt;/a&gt; page.&lt;/p&gt; 
&lt;p&gt;For configuration details, visit the &lt;a href="https://docs.aws.amazon.com/devopsagent/latest/userguide/getting-started-with-aws-devops-agent.html"&gt;AWS DevOps Agent user guide&lt;/a&gt;.&lt;/p&gt; 
&lt;a href="https://www.linkedin.com/in/esrakayabali/"&gt;— Esra&lt;/a&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>AWS Security Agent adds threat modeling, Kiro power and Claude Code plugin, and more</title>
		<link>https://aws.amazon.com/blogs/aws/aws-security-agent-adds-threat-modeling-kiro-power-and-claude-code-plugin-and-more/</link>
					
		
		<dc:creator><![CDATA[Channy Yun (윤석찬)]]></dc:creator>
		<pubDate>Wed, 17 Jun 2026 14:54:55 +0000</pubDate>
				<category><![CDATA[AWS Summit New York]]></category>
		<category><![CDATA[Events]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[Security, Identity, & Compliance]]></category>
		<guid isPermaLink="false">c95df14c0d340b8b3462b012a73af27313033e7a</guid>

					<description>AWS Security Agent now adds STRIDE-based threat modeling, full repo and PR code scanning with remediation across major Git platforms, and IDE integrations via Kiro power, Claude Code plugin, and MCP — letting developers run security reviews and fix issues without context switching.</description>
										<content:encoded>&lt;p&gt;At re:Invent 2025, we &lt;a href="https://aws.amazon.com/blogs/aws/new-aws-security-agent-secures-applications-proactively-from-design-to-deployment-preview/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;previewed&lt;/a&gt; &lt;a href="https://aws.amazon.com/security-agent/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Security Agent&lt;/a&gt; (now part of &lt;a href="http://aws.amazon.com/continuum/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Continuum&lt;/a&gt;), a frontier agent that proactively secures your applications throughout the development lifecycle across all your environments. You can perform on-demand penetration testing customized to your application, discovering and reporting security risks verified through exploitability testing.&lt;/p&gt; 
&lt;p&gt;Since the preview, we announced general availability for &lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/03/aws-security-agent-ondemand-penetration/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;on-demand penetration testing&lt;/a&gt; and the preview of &lt;a href="https://aws.amazon.com/about-aws/whats-new/2026/05/aws-security-agent-full-repository-code-review/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;full repository code review&lt;/a&gt; that performs deep, context-aware security analysis of your entire codebase.&lt;/p&gt; 
&lt;p&gt;Today, we’re introducing more features based on customer feedback:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;Code review updates (Preview)&lt;/strong&gt;: You can now use pull request scanning with remediation, security requirements packs, and simulated validation. New integrations support GitHub, GitLab, Bitbucket, and Confluence.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Threat modeling (Preview)&lt;/strong&gt; : AWS Security Agent analyzes your design documents or application source code, understands the full context of your application architecture and identifies threats with recommended mitigations using the STRIDE framework.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Kiro power, Claude Code plugin, and MCP integration&lt;/strong&gt;: You can run code reviews, generate threat models, and remediate findings directly from your IDE, CLI, or any AI-powered IDE through an open MCP integration, with results surfacing inline without any context switching.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;Let’s take a closer look at each launch!&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter size-full wp-image-104509" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/11/2026-security-agent-updates-home.jpg" alt="" width="1800" height="994"&gt;&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Code review updates&lt;/strong&gt;&lt;br&gt; You can now connect to GitLab and Bitbucket in addition to GitHub— supporting both SaaS and self-hosted versions, so you can trigger scans regardless of where code lives. You can also integrate Confluence to reference your existing documentation as context for reviews.&lt;/p&gt; 
&lt;p&gt;To get started, choose &lt;strong&gt;Enable code review&lt;/strong&gt; or update your code review setting in the &lt;a href="https://console.aws.amazon.com/securityagent/agents/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Security Agent console&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter size-full wp-image-104510" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/11/2026-security-agent-updates-1-codereivew-repo.jpg" alt="" width="1800" height="1018"&gt;&lt;/p&gt; 
&lt;p&gt;AWS Security Agent introduces deep, reasoning-based analysis on every pull request as well as full repository to identify complex vulnerabilities that go beyond pattern-matching. It checks against your organizational security requirements and common security risks to catch what other tools can’t. To get started, access the Security Agent web application and run your code review.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter size-full wp-image-104511" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/11/2026-security-agent-updates-1-codereivew-results.jpg" alt="" width="1800" height="1025"&gt;&lt;/p&gt; 
&lt;p&gt;You’ll receive fix commits and remediation guidance directly in your GitHub, GitLab, or Bitbucket workflow, while your security teams configure the repositories to be monitored and intervene on critical issues. AWS Security Agent validates findings in simulated environments to demonstrate proof of exploitability. This embeds security expertise across all repositories, reducing security-related delays in the development pipeline.&lt;/p&gt; 
&lt;p&gt;To learn more about new code review features, visit &lt;a href="https://docs.aws.amazon.com/securityagent/latest/userguide/perform-code-review-scan.html"&gt;Create a code review&lt;/a&gt; in the AWS Security Agent User Guide.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Design review updates&lt;br&gt; &lt;/strong&gt;You can continuously validate your security requirements across every design and code review with managed compliance packs: &lt;a href="https://aws.amazon.com/architecture/well-architected/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Well Architected Framework&lt;/a&gt;, &lt;a href="https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist-csf.html?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;NIST CSF&lt;/a&gt;, &lt;a href="https://aws.amazon.com/compliance/pci-faqs/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;PCI DSS&lt;/a&gt;, and AWS best practices, or import your own organizational requirements directly from internal documents or Confluence. Every finding maps back to your compliance posture, so teams stay audit-ready as they build.&lt;/p&gt; 
&lt;p class="jss491" data-pm-slice="1 1 []"&gt;To learn more, visit the &lt;a href="https://docs.aws.amazon.com/securityagent/latest/userguide/perform-design-review.html?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;design review documentation&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Threat modeling&lt;/strong&gt;&lt;br&gt; AWS Security Agent generates threat models based on your design documentation or code repository, creates and build context about the application, including data flows, architecture, and trust boundaries. It maps out all components of your application, identifies potential threat actors and attack vectors, determines where weaknesses may exist, and prioritizes threats so you know what to address first.&lt;/p&gt; 
&lt;p&gt;To get started, choose &lt;strong&gt;Enable threat model&lt;/strong&gt; and Connect source code repository in the &lt;a href="https://console.aws.amazon.com/securityagent/agents/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Security Agent console&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter wp-image-104640 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/16/2026-security-agent-updates-2-thread-model.png" alt="" width="1275" height="827"&gt;&lt;/p&gt; 
&lt;p&gt;To learn more, visit the &lt;a href="https://docs.aws.amazon.com/securityagent/latest/userguide/perform-threat-model.html?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;threat modeling documentation&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Kiro power and Claude Code plugin for Security Agent&lt;/strong&gt;&lt;br&gt; AWS Security Agent introduces a new &lt;a href="https://github.com/AWS-Security-Agent/aws-security-agent-kiro-power"&gt;Kiro power&lt;/a&gt; and &lt;a href="https://claude.com/plugins/aws-agents-for-devsecops"&gt;Claude Code plugin&lt;/a&gt; and can be integrated with any AI IDE through an open MCP integration to secure your applications. You can trigger threat models and code reviews directly from your IDE, with results surfacing inline without any context switching.&lt;/p&gt; 
&lt;p&gt;To get started, install the &lt;a href="https://github.com/AWS-Security-Agent/aws-security-agent-kiro-power"&gt;Kiro power&lt;/a&gt;, and run your prompts. &lt;span class="TextRun SCXW112479336 BCX2" lang="EN-US" xml:lang="EN-US" data-contrast="auto"&gt;&lt;span class="NormalTextRun SCXW112479336 BCX2"&gt;The Kiro power uses the &lt;/span&gt;&lt;/span&gt;&lt;a class="Hyperlink SCXW112479336 BCX2" href="https://github.com/awslabs/mcp/tree/main/src/security-agent-mcp-server" target="_blank" rel="noreferrer noopener"&gt;&lt;span class="TextRun Underlined SCXW112479336 BCX2" lang="EN-US" xml:lang="EN-US" data-contrast="none"&gt;&lt;span class="NormalTextRun SCXW112479336 BCX2" data-ccp-charstyle="Hyperlink"&gt;AWS Security Agent &lt;/span&gt;&lt;span class="FindHit SCXW112479336 BCX2" data-ccp-charstyle="Hyperlink"&gt;MCP&lt;/span&gt;&lt;/span&gt;&lt;/a&gt;&lt;span class="TextRun SCXW112479336 BCX2" lang="EN-US" xml:lang="EN-US" data-contrast="auto"&gt;&lt;span class="NormalTextRun SCXW112479336 BCX2"&gt; server&lt;/span&gt;&lt;span class="NormalTextRun SCXW112479336 BCX2"&gt;. You can get started with the power by asking “&lt;/span&gt;&lt;/span&gt;&lt;code&gt;&lt;span data-contrast="auto"&gt;Set up AWS Security Agent&lt;/span&gt;&lt;/code&gt;&lt;span data-ccp-props="{&amp;quot;335559685&amp;quot;:360}"&gt;“. &lt;/span&gt;&lt;span data-contrast="auto"&gt;Kiro will check if you have an Agent Space and ask if you would like to use the existing one or create a new one.&lt;/span&gt;&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter wp-image-104642 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/16/2026-security-agent-updates-3-kiro-power-1.jpg" alt="" width="1700" height="1057"&gt;&lt;/p&gt; 
&lt;p&gt;&lt;span data-contrast="auto"&gt;With the Kiro power for Security Agent, y&lt;/span&gt;ou can catch vulnerabilities on every pull request as you build and scan an entire repository to surface accumulated risk by asking “&lt;code&gt;&lt;span data-contrast="auto"&gt;Run a full security scan on this repo&lt;/span&gt;&lt;/code&gt;“. The Security Agent power includes an Agent hook to evaluate if a code review diff scan should be started after the Kiro agent has completed its turn. Before deploying to production, you can run a penetration test from your CLI to find what most scanners miss. Security Agent closes the loop by validating every finding and generating ready-to-implement code fixes.&lt;/p&gt; 
&lt;p class="jss491" data-pm-slice="1 1 []"&gt;You can pull the findings back into your development environment by asking “&lt;code&gt;help me remediate my findings&lt;/code&gt;“. The Kiro power for AWS Security Agent will download findings to your local workspace, prioritize the most critical finding, and offer to start a bugfix spec session. You can iterate on fixing the findings using their familiar IDE with their existing tooling, steering, powers, and MCP servers.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter wp-image-104643 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/16/2026-security-agent-updates-3-kiro-power-code-review.jpg" alt="" width="1700" height="1056"&gt;&lt;/p&gt; 
&lt;p&gt;&lt;span data-contrast="auto"&gt;You can also run threat models through the Kiro power in the IDE by asking “&lt;/span&gt;&lt;code&gt;&lt;span data-contrast="auto"&gt;Build a threat model for this application&lt;/span&gt;&lt;/code&gt;&lt;span data-ccp-props="{&amp;quot;335559685&amp;quot;:360}"&gt;“. &lt;/span&gt;&lt;span data-contrast="auto"&gt;The generated threat model is saved to &lt;/span&gt;&lt;code&gt;&lt;span data-contrast="auto"&gt;.security-agent/threat_model.md&lt;/span&gt;&lt;/code&gt;&lt;span data-contrast="auto"&gt;.&amp;nbsp;&lt;/span&gt;&lt;/p&gt; 
&lt;p&gt;To learn more, visit the &lt;a href="https://github.com/AWS-Security-Agent/aws-security-agent-kiro-power"&gt;Kiro power for Security Agent&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;Now available&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; AWS Security Agent understands the full security context across your software development lifecycle by covering design-time security (design reviews and threat modeling in preview), development-time security (code review in preview), and deployment-time security (penetration testing in GA), in a single, unified agentic offering. To learn more, visit the &lt;a href="https://aws.amazon.com/security-agent/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS Security Agent product page&lt;/a&gt; and the &lt;a href="https://docs.aws.amazon.com/securityagent/latest/userguide/what-is.html?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;technical documentation&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;These features are now available in AWS commercial Regions where AWS Security Agent is available. For Regional availability and the future roadmap, visit the &lt;a class="c-link" href="https://builder.aws.com/build/capabilities/explore?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el" target="_blank" rel="noopener noreferrer" data-stringify-link="https://builder.aws.com/capabilities/" data-sk="tooltip_parent"&gt;AWS Capabilities by Region&lt;/a&gt;. For detailed pricing information and to access our 2-month free trial offer, please visit the &lt;a id="link-self:r8l:" class="awsui_link_4c84z_1hknd_145 awsui_variant-primary_4c84z_1hknd_280 awsui_font-size-body-m_4c84z_1hknd_478" href="https://aws.amazon.com/security-agent/pricing/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el" target="_blank" rel="noopener noreferrer" data-analytics-type="eventDetail" data-analytics="link-ga-pricing-page" data-awsui-analytics="{&amp;quot;action&amp;quot;:&amp;quot;click&amp;quot;,&amp;quot;detail&amp;quot;:{&amp;quot;label&amp;quot;:{&amp;quot;root&amp;quot;:&amp;quot;self&amp;quot;},&amp;quot;external&amp;quot;:&amp;quot;true&amp;quot;,&amp;quot;href&amp;quot;:&amp;quot;https://aws.amazon.com/security-agent/pricing/&amp;quot;},&amp;quot;component&amp;quot;:{&amp;quot;name&amp;quot;:&amp;quot;awsui.Link&amp;quot;,&amp;quot;label&amp;quot;:{&amp;quot;root&amp;quot;:&amp;quot;self&amp;quot;},&amp;quot;properties&amp;quot;:{&amp;quot;variant&amp;quot;:&amp;quot;primary&amp;quot;}}}" aria-label="AWS Security Agent pricing page (Opens in a new tab)" data-analytics-funnel-value="link:r8k:"&gt;AWS Security Agent pricing page&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;Give it a try in the &lt;a href="https://console.aws.amazon.com/securityagent/agents/?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;Security Agent console&lt;/a&gt; and send feedback to &lt;a href="https://repost.aws/tags/TAujmCOJj0TSykKSuMsqRwZQ/aws-security-agent?trk=d8ec3b19-0f37-4f8c-8c12-189f913e205c&amp;amp;sc_channel=el"&gt;AWS re:Post for Security Agent&lt;/a&gt; or through your usual AWS Support contacts.&lt;/p&gt; 
&lt;p&gt;— &lt;a href="https://linkedin.com/in/channy"&gt;Channy&lt;/a&gt;&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Updated on June 18, 2026&lt;/strong&gt; –&amp;nbsp;&lt;a href="https://claude.com/plugins/aws-agents-for-devsecops"&gt;AWS Agents for DevSecOps&lt;/a&gt;, the Claude Code plugin for AWS DevOps Agent and AWS Security Agent is launched.&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>Amazon S3 annotations: attach rich, queryable context directly to your objects</title>
		<link>https://aws.amazon.com/blogs/aws/amazon-s3-annotations-attach-rich-queryable-context-directly-to-your-objects/</link>
					
		
		<dc:creator><![CDATA[Daniel Abib]]></dc:creator>
		<pubDate>Tue, 16 Jun 2026 23:13:10 +0000</pubDate>
				<category><![CDATA[Amazon Simple Storage Service (S3)]]></category>
		<category><![CDATA[AWS Summit New York]]></category>
		<category><![CDATA[Events]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[Storage]]></category>
		<guid isPermaLink="false">d825f9d469e21e76b22344398328d967de0264d2</guid>

					<description>Amazon S3 now lets you attach up to 1 GB of rich, mutable, and queryable context directly to your objects using annotations, purpose-built for AI agents and autonomous workflows that need to discover, understand, and act on data at scale without maintaining separate metadata systems.</description>
										<content:encoded>&lt;p&gt;Today, we’re announcing a new metadata capability for &lt;a href="https://aws.amazon.com/s3/"&gt;Amazon Simple Storage Service (Amazon S3)&lt;/a&gt; called annotations, enabling you to attach rich, large-scale business context directly to your objects. You can store up to 1,000 named annotations per object, each up to 1 MB in size, totaling up to 1 GB per object, in flexible formats like JSON, XML, YAML, or plain text. You can modify or delete an annotation at any time, without re-writing your objects, making it easy to keep your object context current.&lt;/p&gt; 
&lt;p&gt;Organizations are building AI agents and autonomous workflows that need to find, understand, and act on data without human intervention. To support these agentic workflows, you need metadata that can evolve alongside the data, scale to petabytes of objects, and remain queryable without expensive retrieval.&lt;/p&gt; 
&lt;p&gt;With S3 annotations, you can store context such as AI-generated transcripts, content ratings, or technical specifications directly alongside your objects. Your context moves automatically with the object during copy, replication, and cross-region transfers, and S3 removes it when you delete the object. When you enable &lt;a href="https://aws.amazon.com/s3/features/metadata/"&gt;S3 Metadata&lt;/a&gt;, annotations automatically flow into fully managed annotation tables that you can query with &lt;a href="https://aws.amazon.com/athena/"&gt;Amazon Athena&lt;/a&gt; and other analytics engines.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Common use cases&lt;/strong&gt;&lt;br&gt; Annotations solve complex metadata challenges across industries:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;Media &amp;amp; Entertainment&lt;/strong&gt;: Track transcripts, content moderation results, subtitle files, and licensing metadata as separate annotations on video assets, eliminating the need to synchronize metadata across multiple media asset management systems.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Financial Services&lt;/strong&gt;: Attach AI-generated investment summaries and sentiment analysis to research documents, enabling autonomous research agents to discover relevant datasets through natural-language queries without maintaining separate metadata databases.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Life Sciences&lt;/strong&gt;: Annotate clinical trial data with regulatory status, patient cohort details, and approval chains, making compliance audits faster while keeping full context accessible for archived data in Amazon S3 Glacier storage classes without retrieval charges.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;&lt;strong&gt;How annotations address metadata challenges&lt;/strong&gt;&lt;br&gt; Amazon S3 already supports several ways to describe your objects. System-defined metadata captures properties like size and storage class. Object tags support operational tasks like access control and lifecycle management. User-defined metadata lets you add small amounts of custom information at upload time.&lt;/p&gt; 
&lt;p&gt;While these capabilities work well for their intended purposes, they have limitations when you need to attach much richer context without building and maintaining separate metadata systems. Annotations address these needs by providing metadata capabilities at a fundamentally different scale and flexibility, offering mutable, queryable context per object compared to 10 immutable tags or 2 KB of headers.&lt;/p&gt; 
&lt;table style="border: 2px solid black;border-collapse: collapse;margin-left: auto;margin-right: auto;width: 100%"&gt; 
 &lt;tbody&gt; 
  &lt;tr style="border-bottom: 1px solid black;background-color: #e0e0e0"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;Capability&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;Max size&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;Mutable?&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 4px;text-align: center"&gt;&lt;strong&gt;Best for&lt;/strong&gt;&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="border-bottom: 1px solid black"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;System-defined metadata&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;Fixed&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;No&lt;/td&gt; 
   &lt;td style="padding: 4px;text-align: center"&gt;Object properties (size, storage class, creation time)&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="border-bottom: 1px solid black"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;User-defined metadata&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;2 KB&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;No (set at upload)&lt;/td&gt; 
   &lt;td style="padding: 4px;text-align: center"&gt;Small custom key-value pairs&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr style="border-bottom: 1px solid black"&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;Object tags&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;10 tags, 128/256 characters per key/value&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;Yes&lt;/td&gt; 
   &lt;td style="padding: 4px;text-align: center"&gt;Access control, lifecycle rules, cost allocation&lt;/td&gt; 
  &lt;/tr&gt; 
  &lt;tr&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;Annotations&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;1 GB (1,000 × 1 MB)&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="border-right: 1px solid black;padding: 4px;text-align: center"&gt;&lt;strong&gt;Yes&lt;/strong&gt;&lt;/td&gt; 
   &lt;td style="padding: 4px;text-align: center"&gt;&lt;strong&gt;Rich business context (JSON, XML, YAML, plain text)&lt;/strong&gt;&lt;/td&gt; 
  &lt;/tr&gt; 
 &lt;/tbody&gt; 
&lt;/table&gt; 
&lt;p&gt;Today, metadata describing S3 objects often lives in separate databases or sidecar files, requiring complex synchronization workflows that can exceed data storage costs. When you enable S3 Metadata annotation tables, this context becomes queryable at scale through Amazon Athena. AI agents can discover your data through natural language with the &lt;a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-s3-tables-ai-tools.html"&gt;S3 Tables MCP server&lt;/a&gt;, which provides a standardized interface for AI models to query your annotations. You can query annotations for objects in any storage class, without restoring the objects or paying retrieval charges.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Getting started with annotations&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; To start using annotations, make sure your &lt;a href="https://aws.amazon.com/iam/"&gt;AWS Identity and Access Management (IAM)&lt;/a&gt; policy or bucket policy grants permissions for the &lt;code&gt;s3:PutObjectAnnotation&lt;/code&gt; and &lt;code&gt;s3:GetObjectAnnotation&lt;/code&gt; actions. You can then add annotations to any existing or new S3 object using the &lt;code&gt;PutObjectAnnotation&lt;/code&gt; API.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter wp-image-104564 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/13/2026-s3-annotations-add.png" alt="" width="1244" height="650"&gt;&lt;/p&gt; 
&lt;p&gt;For example, a media company can attach technical specifications and AI-produced summaries to a video asset using the &lt;a href="https://aws.amazon.com/cli/"&gt;AWS Command Line Interface (AWS CLI)&lt;/a&gt;:&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-bash"&gt;# Create a JSON file with technical metadata
cat &amp;gt; mediainfo.json &amp;lt;&amp;lt; 'EOF'
{"codec":"H.265","resolution":"3840x2160","audio_tracks":8,"frame_rate":29.97}
EOF

# Attach it as an annotation
aws s3api put-object-annotation \
  --bucket my-media-bucket \
  --key videos/documentary-2026.mp4 \
  --annotation-name mediainfo \
  --annotation-payload ./mediainfo.json
&lt;/code&gt;&lt;/pre&gt; 
&lt;pre&gt;&lt;code class="lang-bash"&gt;# Attach a plain-text AI-generated summary as a separate annotation
echo "A 90-minute nature documentary covering wildlife migration patterns across three continents, featuring aerial footage and underwater sequences. Languages: English, Spanish, Portuguese." &amp;gt; ai_summary.txt

aws s3api put-object-annotation \
  --bucket my-media-bucket \
  --key videos/documentary-2026.mp4 \
  --annotation-name ai_summary \
  --annotation-payload ./ai_summary.txt
&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;These commands attach two separate annotations to the same video object. The &lt;code&gt;mediainfo&lt;/code&gt; annotation stores structured technical specifications as JSON, while the &lt;code&gt;ai_summary&lt;/code&gt; annotation stores a text description. Each annotation is identified by a unique name, and you can read and modify each one independently. With unique names for each annotation, you can use different annotations to support multiple concurrent enrichment workflows, for example, one team adding technical metadata while another team adds content classifications, without interfering with each other.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="aligncenter wp-image-104565 size-full" style="border: solid 1px #ccc" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/13/2026-s3-annotations-list.png" alt="" width="1169" height="604"&gt;&lt;/p&gt; 
&lt;p&gt;Retrieve a specific annotation using the &lt;code&gt;GetObjectAnnotation&lt;/code&gt; API:&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-bash"&gt;aws s3api get-object-annotation \
  --bucket my-media-bucket \
  --key videos/documentary-2026.mp4 \
  --annotation-name mediainfo \
  ./mediainfo-output.json
&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;To see all annotations attached to an object, use the &lt;code&gt;ListObjectAnnotations&lt;/code&gt; API:&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-bash"&gt;aws s3api list-object-annotations \
  --bucket my-media-bucket \
  --key videos/documentary-2026.mp4
&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;When you no longer need a specific annotation, remove it using the &lt;code&gt;DeleteObjectAnnotation&lt;/code&gt; API:&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-bash"&gt;aws s3api delete-object-annotation \
  --bucket my-media-bucket \
  --key videos/documentary-2026.mp4 \
  --annotation-name mediainfo
&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;You can update an existing annotation at any time by calling &lt;code&gt;PutObjectAnnotation&lt;/code&gt; again with the same annotation name. For large objects uploaded using multipart upload, attach annotations after completing the multipart upload using the &lt;code&gt;PutObjectAnnotation&lt;/code&gt; API.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;Querying annotations at scale with S3 Metadata tables&lt;/strong&gt;&lt;br&gt; Attaching annotations to individual objects is useful, but the real power comes when you query across all your annotations at scale. When you enable S3 Metadata annotation tables on your bucket, S3 automatically indexes your annotations into a fully managed &lt;a href="https://iceberg.apache.org/"&gt;Apache Iceberg&lt;/a&gt; table, called an annotation table. You can query annotation tables with Amazon Athena or any Iceberg-compatible engine.&lt;/p&gt; 
&lt;p&gt;To enable annotation tables, use the S3 console or the &lt;code&gt;CreateBucketMetadataConfiguration&lt;/code&gt; API. The following example creates a new metadata configuration with annotation tables enabled while keeping journal tables for change tracking and disabling the live inventory table:&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-json"&gt;{
  "JournalTableConfiguration": {
    "RecordExpiration": { "Expiration": "DISABLED" }
  },
  "InventoryTableConfiguration": { "ConfigurationState": "DISABLED" },
  "AnnotationTableConfiguration": {
    "ConfigurationState": "ENABLED",
    "Role": "arn:aws:iam::123456789012:role/S3MetadataAnnotationRole"
  }
}
&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;This configuration tells S3 to automatically capture all your annotations in a queryable table. Once applied, any annotation you attach to objects in this bucket will appear in the table within approximately one hour.&lt;/p&gt; 
&lt;p&gt;If the bucket already has a metadata configuration, use the &lt;code&gt;UpdateBucketMetadataAnnotationTableConfiguration&lt;/code&gt; API:&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-bash"&gt;aws s3api update-bucket-metadata-annotation-table-configuration \
  --bucket my-media-bucket \
  --annotation-table-configuration '{"ConfigurationState":"ENABLED","Role":"arn:aws:iam::123456789012:role/S3MetadataAnnotationRole"}'
&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;Once enabled, your annotations automatically flow into the annotation table. Journal tables update in near real time, while annotation tables refresh within an hour. Unlike traditional metadata tables that require predefined schemas, annotation tables automatically adapt to any JSON, XML, or YAML structure you write. Each annotation becomes a row in the table with its content stored in a &lt;code&gt;text_value&lt;/code&gt; column, letting you query across all annotations without schema migrations.&lt;/p&gt; 
&lt;p&gt;If you enable annotation tables on a bucket that already has annotated objects, S3 automatically backfills existing annotations into the table. The backfill process runs in the background and can take several hours to days depending on the number of objects.&lt;/p&gt; 
&lt;p&gt;For example, to find all video assets with more than 8 audio tracks across your entire bucket using Amazon Athena:&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-sql"&gt;SELECT DISTINCT bucket, object_key
FROM "s3tablescatalog/aws-s3"."b_my_media_bucket"."annotation"
WHERE name = 'mediainfo'
AND CAST(json_extract_scalar(text_value, '$.audio_tracks') AS INTEGER) &amp;gt; 8
&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;This query scans the annotation table for all annotations named &lt;code&gt;mediainfo&lt;/code&gt;, extracts the &lt;code&gt;audio_tracks&lt;/code&gt; field from the JSON content, and returns objects where the count exceeds 8.&lt;/p&gt; 
&lt;p&gt;Or to find all objects that received new annotations in the last 24 hours through the journal table:&lt;/p&gt; 
&lt;pre&gt;&lt;code class="lang-sql"&gt;SELECT bucket, key, version_id, record_timestamp, annotation.name
FROM "s3tablescatalog/aws-s3"."b_my_media_bucket"."journal"
WHERE record_timestamp &amp;gt;= (current_date - interval '1' day)
AND annotation.name IS NOT NULL
AND record_type IN ('CREATE_ANNOTATION', 'DELETE_ANNOTATION')
&lt;/code&gt;&lt;/pre&gt; 
&lt;p&gt;This query uses the journal table to track annotation changes in near real time, which is ideal for building event-driven workflows that respond to new or deleted annotations.&lt;/p&gt; 
&lt;p&gt;You can also use natural language to search objects by their annotations using agents in &lt;a href="https://aws.amazon.com/sagemaker/unified-studio/"&gt;Amazon SageMaker Unified Studio&lt;/a&gt; or any IDE with the S3 Tables MCP server. For example, asking “find all PG-rated movies with Spanish subtitles from 2023” returns results in seconds instead of the hours it would take querying multiple disconnected systems.&lt;/p&gt; 
&lt;p&gt;&lt;strong&gt;&lt;u&gt;Get started today&lt;/u&gt;&lt;/strong&gt;&lt;br&gt; You can start using Amazon S3 annotations today in all AWS Regions, including the AWS China Regions. Annotation tables are available in all AWS Regions where S3 Metadata is available.&lt;/p&gt; 
&lt;p&gt;Whether you’re building AI agents that need to discover data autonomously, managing petabytes of media assets with complex metadata, or tracking compliance context for archived datasets, annotations give you the scale and flexibility to attach rich metadata directly to your objects without managing separate systems.&lt;/p&gt; 
&lt;p&gt;Annotation storage is always billed at S3 Standard rates, even if the parent object is in S3 Glacier or another storage class. For full pricing details, visit the &lt;a href="https://aws.amazon.com/s3/pricing/"&gt;Amazon S3 pricing page&lt;/a&gt;.&lt;/p&gt; 
&lt;p&gt;To learn more and get started, visit the &lt;a href="https://aws.amazon.com/s3/features/metadata/"&gt;Amazon S3 Metadata overview page&lt;/a&gt;&amp;nbsp;and the &lt;a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/annotations.html"&gt;Amazon S3 documentation&lt;/a&gt;. Send feedback to &lt;a href="https://repost.aws/tags/TADSTjraA0Q4-a1dxk6eUYaw/amazon-simple-storage-service"&gt;AWS re:Post for S3&lt;/a&gt; or through your usual AWS Support contacts.&lt;/p&gt; 
&lt;p&gt;Daniel Abib&lt;/p&gt;</content:encoded>
					
					
			
		
		
			</item>
		<item>
		<title>AWS WAF adds AI traffic monetization capability to help content owners charge AI bots for content access</title>
		<link>https://aws.amazon.com/blogs/aws/aws-waf-adds-ai-traffic-monetization-capability-to-help-content-owners-charge-ai-bots-for-content-access/</link>
					
		
		<dc:creator><![CDATA[Esra Kayabali]]></dc:creator>
		<pubDate>Mon, 15 Jun 2026 20:42:13 +0000</pubDate>
				<category><![CDATA[Announcements]]></category>
		<category><![CDATA[AWS WAF]]></category>
		<category><![CDATA[Launch]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[Security, Identity, & Compliance]]></category>
		<guid isPermaLink="false">b888b8d60a4fd57cdcb13b3f7ef4d08b578e7e5d</guid>

					<description>AWS WAF launches AI traffic monetization, a new Bot Control capability that enables content providers and publishers price, meter, and collect payment from AI bots and agents accessing their content and APIs. AWS WAF now lets you set a price for that access, accept payment through third-party providers, and grant scoped access directly at the edge.</description>
										<content:encoded>&lt;p&gt;AWS WAF now includes AI traffic monetization capability that gives digital content owners and publishers a way to charge AI bots and agents for access to protected web content directly at the network edge. The capability helps content owners and publishers set per-request pricing by content path, bot category, or verification tier without modifying their origin infrastructure or writing application code. Content owners can define granular access policies per agent type, collect payments in stablecoins to their preferred wallet, and monitor revenue and bot activity from a single dashboard.&lt;/p&gt; 
&lt;p&gt;AI bot traffic now accounts for more than 50% of web traffic for many content providers, with AI-specific crawlers growing more than 300% year-over-year. Unlike traditional search engine crawlers, which index content and return measurable referral traffic back to publisher websites, AI bots consume the same content to generate summaries and responses in AI interfaces, with little to no traffic sent back to the original source. Publishers bear the infrastructure costs of serving that traffic without the page views, ad impressions, or subscription conversions that typically offset those costs. &lt;a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html"&gt;AWS WAF Bot Control&lt;/a&gt; already gives customers visibility into bot activity and the ability to block or rate-limit traffic, but setting pricing and collecting payment from AI agents has not been possible until now. AI traffic monetization is a new Bot Control capability that closes that gap, giving content owners and publishers a way to configure pricing rules directly through the AWS WAF console and collect payments from AI agents through third-party payment integrations, without building custom payment infrastructure or negotiating individual licensing agreements. Payment settlement and verification flows are provided by Coinbase’s x402 Facilitator. Integration with Stripe for direct account payments and Machine Payments Protocol (MPP) support is coming soon.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Getting Started with AI Traffic Monetization&lt;br&gt; &lt;/strong&gt;&lt;/span&gt;Before configuring monetization, confirm that AWS WAF Bot Control is enabled at Common or Targeted level on the web ACL associated with your CloudFront distribution. Bot Control provides the agent classification that monetization rules depend on. If you have not set this up yet, visit &lt;a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control-rg-using.html"&gt;Adding the AWS WAF Bot Control managed rule group to your web ACL&lt;/a&gt; documentation. In the AWS Management Console, go to&lt;strong&gt; WAF &amp;amp; Shield&lt;/strong&gt; and choose &lt;strong&gt;Protection packs (web ACLs)&lt;/strong&gt; in the left navigation pane to get started.&lt;/p&gt; 
&lt;p&gt;A protection pack is the core configuration unit for AI traffic monetization. It defines which content paths are monetized, what each agent verification tier is charged, which payment methods you accept, and what license terms apply. To create one, choose &lt;strong&gt;Create protection pack (web ACL)&lt;/strong&gt;.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104464 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/10/1213987938308918-0e.png" alt="" width="1924" height="2626"&gt;&lt;/p&gt; 
&lt;p&gt;In&amp;nbsp;&lt;strong&gt;Tell us about your app&lt;/strong&gt;, select one or more app categories that describe your content (for example, Content &amp;amp; publishing systems, E-commerce &amp;amp; transaction platforms, or Enterprise &amp;amp; business applications), and choose an &lt;strong&gt;App focus&lt;/strong&gt;. AWS WAF uses these selections to recommend suitable security protections for your configuration.&lt;/p&gt; 
&lt;p&gt;In&amp;nbsp;&lt;strong&gt;Select resources to protect&lt;/strong&gt;, choose&amp;nbsp;&lt;strong&gt;Add resources&lt;/strong&gt;&amp;nbsp;to associate regional or global resources such as CloudFront distributions with this protection pack. You can skip this step and add resources later.&lt;/p&gt; 
&lt;p&gt;In&amp;nbsp;&lt;strong&gt;Choose initial protections&lt;/strong&gt;, select from AWS WAF managed rule packages based on your app category and resource selections. You can also choose individual rules instead of packages.&lt;/p&gt; 
&lt;p&gt;In&amp;nbsp;&lt;strong&gt;Name and describe&lt;/strong&gt;, provide a name and optional description for the protection pack.&lt;/p&gt; 
&lt;p&gt;Optionally, expand&amp;nbsp;&lt;strong&gt;Customize protection pack (web ACL)&amp;nbsp;&lt;/strong&gt;to configure additional settings including pricing tiers, payment methods, content scope, and license terms.&lt;/p&gt; 
&lt;p&gt;When finished, choose&amp;nbsp;&lt;strong&gt;Create protection pack (web ACL)&lt;/strong&gt;.&lt;/p&gt; 
&lt;p&gt;Once your protection pack is in place, review the AI traffic analysis dashboard to understand the impact of AI bot traffic on your content before setting your pricing strategy. In the WAF &amp;amp; Shield console, go to &lt;strong&gt;AI traffic analysis &lt;/strong&gt;in the left navigation pane. Select your protection pack (web ACL) from the dropdown to populate the dashboard.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104466 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/10/1213987938308918-1a.png" alt="" width="1928" height="1787"&gt;&lt;/p&gt; 
&lt;p&gt;The AI traffic analysis dashboard breaks down traffic into four categories visible in the bot traffic overview panel: &lt;strong&gt;All bot requests&lt;/strong&gt;, &lt;strong&gt;AI bot requests&lt;/strong&gt;, &lt;strong&gt;Verified AI bot traffic&lt;/strong&gt;, and &lt;strong&gt;Unverified AI bot traffic&lt;/strong&gt;. The dashboard surfaces infrastructure impact metrics including bandwidth consumed, estimated monthly cost, and peak request rates. A per-path heatmap shows which content paths receive the most AI bot activity by hour, giving you the data you need to make informed pricing decisions.&lt;/p&gt; 
&lt;p&gt;AWS WAF Bot Control classifies over 650 distinct AI bot and agent types including GPTBot, Claude-Web, and Perplexity-Bot, and assigns each a verification tier:&lt;/p&gt; 
&lt;ul&gt; 
 &lt;li&gt;&lt;strong&gt;Verified&lt;/strong&gt;: Agent identity confirmed through Web Bot Auth (WBA) Ed25519 cryptographic signature, or sourced from a documented IP range with a known set of user-agents and domain names.&lt;/li&gt; 
 &lt;li&gt;&lt;strong&gt;Unverified&lt;/strong&gt;: Agent recognized through user-agent matching, behavioral fingerprinting, and IP reputation, but identity not cryptographically confirmed.&lt;/li&gt; 
&lt;/ul&gt; 
&lt;p&gt;Once you have reviewed your traffic patterns, return to&amp;nbsp;&lt;strong&gt;Protection packs (web ACLs)&lt;/strong&gt;, select your protection pack from the list, and choose&amp;nbsp;&lt;strong&gt;Configure AI monetization&lt;/strong&gt;&amp;nbsp;from the right panel to set pricing and access policies. Each protection pack defines the pricing, agent policies, accepted payment methods, and license terms that apply to a defined set of content paths. You can create multiple protection packs and apply different pricing to different content zones within the same distribution. Once created, associate the protection pack with your web ACL by opening the web ACL and choosing&amp;nbsp;&lt;strong&gt;Add protection pack&lt;/strong&gt;.&lt;/p&gt; 
&lt;p&gt;For each agent verification tier within the pack, you can assign one of six actions: &lt;strong&gt;Monetize&lt;/strong&gt;&amp;nbsp;(return a 402 with pricing),&amp;nbsp;&lt;strong&gt;Allow&lt;/strong&gt;&amp;nbsp;(grant free access),&amp;nbsp;&lt;strong&gt;Block&lt;/strong&gt; (deny access entirely), &lt;strong&gt;Count&lt;/strong&gt; (log without charging), &lt;strong&gt;CAPTCHA &lt;/strong&gt;(present a puzzle to verify a human sender), or &lt;strong&gt;Challenge &lt;/strong&gt;(run a silent check to verify the client is a browser, not a bot).&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104528 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/12/1213987938308918-3a.png" alt="" width="1279" height="1531"&gt;&lt;/p&gt; 
&lt;p&gt;In the&amp;nbsp;&lt;strong&gt;Edit monetization configuration&lt;/strong&gt;&amp;nbsp;page, configure the following:&lt;/p&gt; 
&lt;p&gt;Under&lt;strong&gt;&amp;nbsp;Payment settlement&lt;/strong&gt;, select one or more blockchain networks for stablecoin payments. Any wallet address on the supported networks is accepted, whether self-managed or hosted by a wallet provider such as Coinbase. For each network, provide your wallet address and set a&amp;nbsp;&lt;strong&gt;Base price per page&lt;/strong&gt;&amp;nbsp;in USDC. You can add multiple networks using&amp;nbsp;&lt;strong&gt;Add network&lt;/strong&gt;. AWS does not process payments or take a fee on content revenue; disbursement is self-managed or managed by your wallet provider.&lt;/p&gt; 
&lt;p&gt;When a &lt;strong&gt;Monetize&lt;/strong&gt; rule matches an incoming request, AWS WAF returns an HTTP 402 Payment Required response. The response body contains a machine-readable price manifest in JSON format using the x402 open protocol for machine-to-machine payments. The manifest includes the content price in USDC, accepted blockchain networks such as Base and Solana, the destination wallet address, the maximum payment timeout, and the payment scheme.&lt;/p&gt; 
&lt;p&gt;Any x402-compatible agent runtime can complete this flow autonomously. The client submits a signed payment authorization on their payment network of choice. AWS WAF verifies it, fetches the content, integrates with third-party facilitator services for settling the payment on-chain, and serves the response.&lt;/p&gt; 
&lt;p&gt;Note that the &lt;strong&gt;Monetize&lt;/strong&gt; action is supported exclusively for web ACLs associated with Amazon CloudFront distributions. Adding a &lt;strong&gt;Monetize&lt;/strong&gt; rule to a regional web ACL is not supported.&lt;/p&gt; 
&lt;p&gt;Since the&amp;nbsp;&lt;strong&gt;Currency mode&lt;/strong&gt;&amp;nbsp;toggle is available directly in the monetization configuration page, you can switch between &lt;strong&gt;Real&lt;/strong&gt; and &lt;strong&gt;Test&lt;/strong&gt; mode at any time. Before going live, use test mode on non-production traffic to validate pricing, wallet configuration, and x402 payment flows. Note that test mode still enforces x402 payments, but those payments can be made on testnets such as Base Sepolia or Solana Devnet using test funds obtained from faucets such as faucet.circle.com. To activate test mode, toggle &lt;strong&gt;Currency mode&lt;/strong&gt;&amp;nbsp;to&amp;nbsp;&lt;strong&gt;Test&lt;/strong&gt;&amp;nbsp;in your protection pack configuration. AWS WAF returns real price manifests and runs the full payment flow identically to production on the configured test chain. All events are logged with&amp;nbsp;&lt;code&gt;CurrencyMode: TEST&lt;/code&gt;. When satisfied with the configuration, toggle&amp;nbsp;Currency mode&amp;nbsp;back to&amp;nbsp;Real&amp;nbsp;to begin processing real payments.&lt;/p&gt; 
&lt;p&gt;Once you have switched&amp;nbsp;&lt;strong&gt;Currency mode&lt;/strong&gt;&amp;nbsp;to&amp;nbsp;&lt;strong&gt;Real&lt;/strong&gt;, navigate to &lt;strong&gt;AI access monetization&lt;/strong&gt; in the left navigation pane to track monetization outcomes in real time. Note that the &lt;strong&gt;AI access monetization&lt;/strong&gt; dashboard only reflects activity from real currency mode and does not display test transactions.&lt;/p&gt; 
&lt;p&gt;&lt;img loading="lazy" class="alignnone wp-image-104468 size-full" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2026/06/10/1213987938308918-2b.png" alt="" width="1924" height="1906"&gt;&lt;/p&gt; 
&lt;p&gt;The&amp;nbsp;Revenue&amp;nbsp;dashboard shows&amp;nbsp;&lt;strong&gt;Total revenue&lt;/strong&gt;, revenue broken down by&amp;nbsp;&lt;strong&gt;Verified bots&lt;/strong&gt;&amp;nbsp;and&amp;nbsp;&lt;strong&gt;Unverified bots&lt;/strong&gt;, and&amp;nbsp;&lt;strong&gt;Avg. per request. &lt;/strong&gt;The&lt;strong&gt;&amp;nbsp;Top revenue sources&lt;/strong&gt;&amp;nbsp;panel groups earnings by bot category, and the&amp;nbsp;AI access patterns&amp;nbsp;panel ranks content paths by revenue generated. Use the&amp;nbsp;&lt;strong&gt;Settlements&lt;/strong&gt;&amp;nbsp;tab to reconcile payments by provider and review payment method distribution and failed payment attempts.&lt;/p&gt; 
&lt;p&gt;&lt;span style="text-decoration: underline"&gt;&lt;strong&gt;Now Available&lt;/strong&gt;&lt;/span&gt;&lt;br&gt; AI traffic monetization is available now for Amazon CloudFront customers at no additional charge beyond standard AWS WAF pricing. The capability is available in all edge locations where AWS WAF web ACLs are associated with Amazon CloudFront distributions.&lt;/p&gt; 
&lt;p&gt;To learn more about AI traffic monetization, see the&amp;nbsp;&lt;a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-ai-traffic-monetization.html"&gt;AWS WAF Developer Guide&lt;/a&gt;.&lt;/p&gt; 
&lt;a href="https://www.linkedin.com/in/esrakayabali/"&gt;— Esra&lt;/a&gt;</content:encoded>
					
					
			
		
		
			</item>
	</channel>
</rss>