AWS Partner Network (APN) Blog

Automate security and observability with Elastic and Amazon Bedrock

Ganesh Ramesh Shenoy — Thu, 18 Jun 2026 17:03:22 +0000

By: Udayasimha Theepireddy, Senior Principal Solutions Architect – Elastic
By: Ganesh Ramesh Shenoy, Solutions Architect – AWS
By: Srinivas Pendyala, Senior Partner Solutions Architect – AWS

elastic

As cloud-native architectures grow in complexity, your security analysts and site reliability engineers (SREs) need faster ways to correlate events, investigate incidents, and resolve issues. The manual hand-offs between tools pivoting across consoles, copying data, deciding next steps are where response time goes. That gap widens the moment an attacker or incident moves faster than the analyst watching the screen.

Elastic’s AI-powered features, powered by Amazon Bedrock, close that gap. Instead of stopping at detection, the platform investigates and acts, so your team moves from alert to resolution faster. Analysts reclaim the hours they spent on correlation and triage and redirect them to strategic threat hunting and operational improvements that require human judgment.

In this post, you learn how these capabilities accelerate security and observability workflows through conversational agents, automated workflows, and custom AI agents and how to get started on AWS.

Elastic’s AI-powered features on Amazon Bedrock

Elastic has evolved its AI-powered capabilities from conversational assistance to full workflow automation. What started as Elastic AI Assistant, a conversational interface for querying threat intelligence and analyzing logs, has grown into a comprehensive platform that combines intelligent agents with automated workflows.Today, Elastic’s AI-powered features include three core capabilities:

Elastic AI Assistant – The conversational AI foundation that helps you query data in natural language, summarize alerts, and receive investigation guidance
Elastic Workflows – A declarative automation engine that orchestrates multi-step processes across Elasticsearch, Kibana, and external systems like Slack, Jira, and PagerDuty. You define workflows in YAML with triggers, conditional logic, and AI steps that run automatically
Elastic Agent Builder – A framework for building custom, context-driven AI agents grounded in your data. You define agent instructions, assign tools, and deploy agents that reason across your indices to provide accurate, actionable answers via chat, API, MCP, or A2A

These capabilities work together. Agents can invoke workflows when action is required. Workflows can invoke agents when investigation or reasoning is needed. Amazon Bedrock provides the scalable foundation model layer, delivering managed access to foundation models with security and compliance built in. The default chat experience in Elastic is now powered by Agent Builder, providing an agentic interface for interactive investigation and automation. AI Assistant remains available for features such as knowledge base integration, data anonymization, and chat sharing.

You can choose the foundation model that best fits your needs. Elastic handles authentication, routing, and optimization through the Elastic-managed LLM connector, which by default uses Amazon Bedrock with Claude models. As new models become available on Amazon Bedrock, you can adopt them without disrupting your existing workflows.

Accelerating security operations

With these capabilities, you automate the full lifecycle of security investigation and response. Here is how the capabilities work together in a typical security workflow. When a security alert fires, Elastic Workflows can automatically trigger an investigation. The workflow invokes an AI agent built with Agent Builder that is grounded in your security playbooks and threat intelligence. The agent analyzes the alert context, correlates signals across indices, and surfaces findings. Based on those findings, the workflow continues with structured response actions: creating a case, notifying your team through Slack, enriching the alert with context, or triggering remediation. For interactive investigation, you use Elastic AI Assistant to ask questions in natural language. For example, you can ask: “Show me all failed login attempts from unusual geographic locations in the last 48 hours that correlate with data exfiltration patterns.” The assistant analyzes event patterns and provides recommended next steps.

Key capabilities across security operations:

Attack discovery – Automatically identifies and prioritizes coordinated threats across your environment, reducing alert noise and surfacing the incidents that matter most
Automated investigation – Workflows trigger AI agents on alert, enabling immediate triage without waiting for an analyst
Alert summarization and triage – Generates natural language summaries so you can quickly understand severity and prioritize your response
Incident response automation – Workflows orchestrate response actions across Jira, Slack, PagerDuty, and internal systems based on AI findings
Custom security agents – Build agents tailored to your SOC with specific instructions, tools, and security profiles using Agent Builder

This approach shifts your SOC from reactive, manual investigation to automated, AI-driven response. Analysts focus on decisions that require human judgment while automation handles the repetitive correlation and triage work.

Optimizing application performance and observability

As a site reliability engineer, use Elastic’s AI capabilities to diagnose and respond to performance issues across complex microservices architectures. The same agent and workflow patterns apply to observability use cases. When an observability alert fires, a workflow can invoke an AI agent to correlate signals from logs, metrics, and traces. The agent identifies the likely root cause, and the workflow orchestrates next steps: notifying the on-call engineer, creating an incident ticket, or triggering a remediation runbook. For interactive troubleshooting, you ask questions in plain language. For example: “What’s causing the latency spike in our payment service over the last hour?” Elastic AI Assistant pinpoints the root cause and recommends next steps.

Key capabilities across observability:

Root cause analysis – AI agents correlate application traces, logs, and metrics to identify performance bottlenecks across distributed services
Automated remediation – Workflows run predefined response actions when specific conditions are met, closing the loop between detection and resolution
Log analysis and interpretation – Explains error messages and log patterns in natural language, reducing time spent on manual analysis
Query assistance – Helps you write ES|QL queries for specific observability use cases, accelerating data exploration

The platform analyzes logs, metrics, and traces simultaneously, providing insights that are difficult and time consuming to gather manually. With workflows automating the response path, you can resolve issues before they affect end users.

Solution architecture

The architecture on AWS combines multiple services to deliver a scalable, secure, and high-performing solution. The following diagram shows an end-to-end AI-powered threat detection and automated remediation architecture.

A compromised IAM credential triggers unusual API activity. AWS CloudTrail, VPC Flow Logs, and AWS Security Hub stream these security events into Elastic Cloud on AWS, where they are enriched with threat intelligence and correlated by Attack Discovery – powered by Amazon Bedrock through AWS PrivateLink – to surface a high-confidence threat alert. Elastic AI Assistant helps the security analyst investigate in natural language, while Agent Builder runs deeper automated analysis. Based on the findings, Elastic Workflows automatically revoke credentials, isolate affected resources, and notify the team through Slack, PagerDuty, and Jira – reducing mean time to detect and respond from hours to minutes.

Figure 1 – End-to-end AI-powered threat detection and automated remediation architecture

Core components:

Elastic Cloud on AWS – Provides the search and analytics foundation with automatic scaling
Elastic-managed LLM – Connector that by default uses Amazon Bedrock with Claude models, handling authentication and model management automatically
Amazon Bedrock – Delivers managed access to foundation models with security and compliance
Elastic Workflows – Automation engine that orchestrates actions across Elastic and external systems
Elastic Agent Builder – Framework for deploying custom AI agents grounded in your Elasticsearch data

This architecture supports data privacy and security while delivering sub-second response times. You benefit from continuous model improvements and optimizations without manual intervention, reducing time to value.

Organizations using this approach have reduced mean time to respond by up to 99% and cut critical incidents by 95%.

Conclusion

Elastic combines its search expertise with Amazon Bedrock’s foundation models to automate security and observability workflows. With AI Assistant for conversational investigation, Workflows for automated response, and Agent Builder for custom AI agents, you get a complete platform for moving from detection to resolution faster. You can get started today and grow into these capabilities as your needs evolve.

Getting started

Elastic Cloud on AWS is available through AWS Marketplace, offering a path to deployment with integrated billing. With Elastic Cloud on AWS, focus on analyzing data instead of managing infrastructure.

After deployment, enable AI Assistant for conversational investigation, create workflows for automated response, and build custom agents with Agent Builder. The Elastic-managed LLM connector comes pre-configured to use Amazon Bedrock by default, requiring minimal setup.

To learn more, explore Elastic Security and Elastic Observability. To discuss how this solution fits your environment, contact an AWS representative.

Elastic – AWS Partner Spotlight

Elastic is an AWS Advanced Technology Partner with AWS Competencies in Security, Data & Analytics, Financial Services, Government, AI Software, and Education. Elastic participates in the AWS ISV Accelerate Program and the AWS ISV Workload Migration Program. The Elastic Search AI Platform helps everyone find the answers they need in real time, using all their data, at scale. Solutions for search, observability, security, and generative AI are used by thousands of companies, including more than 50% of the Fortune 500.

Contact Elastic | Partner Overview | AWS Marketplace

Securing enterprise ready AI agents with Auth0 for AI Agents and Amazon Bedrock AgentCore

Jose Alvarez — Thu, 18 Jun 2026 16:27:52 +0000

by: Jose Alvarez, Partner Solutions Architect – AWS
by: John Walsh, Partner Solutions Architect – AWS
by: Anthony Smith, Sr. Partner Solutions Architect – AWS
by: Wayne Smiley, Principal Solutions Engineer – Auth0
by: Kapil Patil, Sr. Partner Solutions Architect – Auth0

Auth0

AI agents do more than answer questions. They read emails, book meetings, pull customer records, and take actions across systems on behalf of your users. By extending identity controls to these agents, you give each one a proper identity, scope its permissions to exactly what it needs, and gain a clear audit trail behind every action.

Auth0 for AI Agents provides the complete identity lifecycle for agents built on Amazon Bedrock AgentCore. Together, they let the agents you build, deploy, and operate share the same identity foundation as your workforce and customer applications.

In this post, we walk through how Auth0 and AgentCore come together across the areas that matter most: authenticating users to agents, securing agent-to-agent communication, governing tool access, enforcing fine-grained authorization, and preserving human-in-the-loop approvals.

Securing AI in a world without a blueprint

AI agents are a new category of software. Unlike traditional applications that follow predefined workflows, AI agents can reason about a problem, decide which tools to use, and take actions across multiple systems on their own. Consider an agent handling an IT support request. It might look up a user’s account information in one system, reset a password in another, and search internal documentation in a third. Each step involves different data, different permissions, and different levels of risk.

Gartner predicts that 40% of enterprise applications will integrate task-specific AI agents by the end of 2026, up from less than 5% in 2025. The AWS Security Reference Architecture provides prescriptive guidance on securing agentic workloads, but when teams move fast, common shortcuts create real exposure:

Shared API keys give agents broad access without awareness of which user they’re acting for.
Hard-coded credentials sit in configuration files, where they’re difficult to rotate and hard to scope to a specific user or action.
Passing tokens through a large language model (LLM) and its reasoning layer can disclose credentials in ways that are difficult to monitor with traditional application security tooling.

These shortcuts compound when the access control model itself wasn’t built for agentic workloads. Role-based access control (RBAC), for example, assigns permissions based on a user’s role at login time. AI agents discover information dynamically during a conversation and might need different permissions for each action they take. In this case, you need authorization that evaluates permissions on an ongoing basis, at the level of individual actions, and adapts in real time as roles and relationships change.

For sensitive operations, there is also the question of when a human should still make the final call. Compliance requirements in regulated industries such as healthcare, finance, and government increasingly require that high-risk actions, like resetting a password or modifying financial records, receive explicit human approval before an agent can proceed.

These challenges point to a common need: identity and access management must sit at the center of your AI agent security strategy.

How Auth0 and Amazon Bedrock AgentCore work together

Auth0 for AI Agents and Amazon Bedrock AgentCore address different but complementary parts of this challenge. Understanding what each service is responsible for is key to seeing how they work together.

Auth0 for AI Agents gives you the enforcing function for user identity in agent workflows. It uses upstream identity providers, such as Okta or social connections, to create and maintain the user’s identity so agents operate on behalf of the authenticated and authorized user. Auth0 provides the identity context and fine-grained access control based on the user’s profile and permissions.

Amazon Bedrock AgentCore provides the runtime infrastructure for building, deploying, and operating AI agents at scale. It validates inbound requests to agents and routes outbound tool invocations through Amazon Bedrock AgentCore Gateway, acting as the execution boundary for agent interactions and applying access control across services from Amazon Web Services (AWS) and external systems.

Consistent with the AWS Shared Responsibility Model, AWS and Auth0 provide the services and controls; you’re responsible for configuring identity policies, authorization rules, and approval workflows appropriate for your workloads.

The next sections describe how Auth0 and AgentCore come together across the key areas of agent security.

Restricting access to authenticated users

Before an AI agent can respond to a request, it needs to verify who’s asking. AgentCore uses Auth0 as the identity provider through standard OpenID Connect (OIDC) discovery, so only users with the appropriate credentials and access rights can invoke an agent. Your users authenticate through the same Auth0 login experience they use across your other applications, including enterprise connections to identity providers such as Okta. That means your AI-powered workflows inherit the same multi-factor authentication (MFA) policies and session management as your traditional applications. The following screenshot shows the Auth0 dashboard with the available enterprise identity provider connections.

Figure 1: Auth0 dashboard

Delegating user identity for API calls

When an agent needs to call an external API on behalf of a user, for example to retrieve calendar events from Google or look up account information in a customer relationship management (CRM) system, it needs to act with that user’s permissions without exposing their credentials. Auth0 delegates user identity to the agent, and Auth0 Token Vault stores the access tokens from upstream identity provider connections. Agents retrieve these tokens just in time through a token exchange mechanism, scoped to the specific agent and user combination. The tokens don’t pass through the agent’s reasoning layer. This workflow is shown in the following diagram.

Figure 2: Auth0 Token Vault delegating user identity so the password reset agent can call an external API with a just-in-time federated token

Securing agent-to-agent communication

In multi-agent architectures, a supervisor agent delegates tasks to specialized subagents, and each interaction between agents needs to be authenticated. Auth0 machine-to-machine (M2M) tokens authenticate these interactions following the agent-to-agent (A2A) protocol, an open specification for how autonomous agents authenticate and exchange requests. With A2A in place, agents don’t operate on implicit trust.

Figure 3: A2A authentication flow showing how Auth0 M2M JWT tokens authenticate agent-to-agent communication between the supervisor agent and subagents.

Governing tool access through the gateway

When an AgentCore Runtime agent needs to reach external APIs or Model Context Protocol (MCP) servers, AgentCore Gateway manages and controls those outbound connections. The user’s Auth0-issued access token is included in requests to the gateway, which validates the token’s signature, expiration, audience, and custom claims before routing the invocation to downstream tools. Only requests backed by a valid, Auth0-issued identity reach downstream resources. For direct MCP integrations that bypass the gateway, authentication is handled by the MCP server’s own configuration and credential management

Figure 4: AgentCore Gateway governing tool access, with Auth0 M2M JWT validation before invoking the Lambda documentation search tool

Enforcing fine-grained authorization

Auth0 Fine-Grained Authorization (FGA) provides a framework for defining and enforcing granular permissions based on user attributes and relationships. FGA evaluates permissions at the time of each agent action and can adapt in real time as roles and relationships change, giving organizations ongoing control over what each agent can do on behalf of a given user.

Keeping humans in the loop for sensitive operations

For high-risk actions, Auth0 Client Initiated Backchannel Authentication (CIBA) lets the agent pause its workflow and send a push notification to the user’s device requesting explicit approval. AgentCore can use Auth0 CIBA actions to establish this out-of-band approval channel. The agent only proceeds after the user confirms, preserving human judgment for these operations.

Managing credentials

Both Auth0 and Amazon Bedrock AgentCore provide token vault capabilities with distinct, complementary responsibilities, and in most production deployments, you’ll use both:

Auth0 Token Vault stores tokens for upstream identity provider connections. Use it when your agent needs to act on behalf of a user against third-party APIs (such as Google, Salesforce, or Microsoft 365) without requiring repeated OAuth flows.
Amazon Bedrock AgentCore Identity token vault can initiate and run the full OAuth 2.0 approval flow needed to reach downstream resources, and it stores the resulting tokens for later noninteractive use by agents. Use it when AgentCore itself is brokering access to resources the agent depends on at runtime.

In both cases, credentials are scoped, short-lived, and aren’t exposed to the agent’s reasoning layer.

The following diagram shows the solution architecture.

Figure 5: Reference architecture showing how Auth0 for AI Agents provides OIDC login, fine-grained permissions, and async authorization for agents running on Amazon Bedrock AgentCore Runtime

Why it matters for AWS customers

If you’re already using Auth0, Amazon Bedrock AgentCore support for external identity providers gives you a straightforward path to securing AI agents with the same identity service you use to protect your existing applications. Instead of building separate identity infrastructure for AI agents, you can connect your Auth0 tenant to AgentCore and apply familiar authentication flows, user directories, and security policies to your AI-powered workflows.

This collaboration between AWS and Auth0 is designed to reduce identity overhead for your agent developers and replace fragmented security with a consistent, maintainable model. Your product teams can focus on building agent capabilities, while identity and access management is handled by services purpose-built for it.

Auth0 is offered through AWS Marketplace, making it straightforward for customers to procure and deploy on AWS.

Getting started

You can start bringing Auth0 for AI Agents and Amazon Bedrock AgentCore together in your AWS account today. Wherever you are in your agent journey, there’s a path forward.

To talk through an implementation for your workloads, contact your AWS account team or reach out through the AWS partner contact form.

Auth0 – AWS Partner Spotlight

Auth0 is an AWS Security Competency Partner that takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need.

Contact Auth0 | Partner Overview | AWS Marketplace

Transform enterprise visual content with Amazon Nova and Bria Fibo

William Quigley — Wed, 17 Jun 2026 16:48:11 +0000

By: William Quigley, Partner Solutions Architect – AWS
By: Gil Shefler, Partnerships – Bria

Bria

If you’ve tried using existing image models for marketing campaigns, product shots, or branding, you know the frustrations. Outputs are unpredictable. Brand representation drifts. Results can’t be reproduced. And the legality of the training data is an open question. The root problem is fundamental: traditional text-to-image models treat generation as a creative process rather than an engineering task. Ambiguous text prompts produce inconsistent results, making it nearly impossible to maintain brand consistency or achieve reproducible outcomes. For enterprises requiring precise control, auditability, and legal compliance, this unpredictability makes existing tools difficult to use effectively.

In this post, you’ll learn how the integration of Amazon Nova and Bria Fibo solves these enterprise challenges through a deterministic, legally compliant approach to visual content generation. You’ll learn about the architecture that enables precise control, the legal safety that protects your organization, real-world use cases, and how to get started.

A deterministic approach to visual generation

Bria Fibo is a deterministic visual foundation model (FM) that transforms unpredictable text-to-image generation into a precise, reproducible system. Rather than relying on ambiguous prompts, Fibo uses Visual Generation Language (VGL)—a structured JSON-based format that provides fine-grained control over more than 100 image attributes including lighting, composition, color, and camera settings.

Built on an 8-billion-parameter architecture, Fibo interprets structured JSON instructions to generate images with the precision enterprises need for marketing campaigns, ecommerce catalogs, and digital content that demands brand consistency and reproducibility.VGL provides machine-readable specifications for every visual parameter. This approach shifts image generation from a probabilistic guessing game into a deterministic engineering task. The model is trained on structured JSON captions of over 1,000 words, designed to understand and control different visual parameters with precision.

Legal safety through licensed data

Bria trains its models exclusively on licensed data through partnerships with Getty Images, Depositphotos, Envato, Freepik, and other accredited partners. This approach provides full copyright and privacy indemnity (subject to Bria’s terms), reducing the liability risks that affect many generative AI solutions.

Typical text-to-image FMs maximize creativity across entire images, but Bria focuses on predictable outputs with respect to brand data. Most multimodal models struggle to maintain brand integrity without costly fine-tuning. Bria also uses patented attribution technology that provides logs of source images used in generation, supporting proper compensation for content creators.

Bria’s solution is available in AWS Marketplace, with deployments on Amazon SageMaker AI, so your intellectual property is protected by containing image generation in Amazon Virtual Private Cloud (Amazon VPC).

Amazon Nova foundation models

Amazon Nova provides frontier intelligence and industry leading price performance for understanding and generating content. These state-of-the-art FMs excel at text generation and vision-language tasks at a fraction of the cost of comparable solutions—at least 75% less expensive than comparable models in their respective intelligence classes.

The vision-language capabilities of Amazon Nova enable it to understand and describe images with high accuracy, and its text generation capabilities produce structured, high-quality outputs including JSON formatting. The Nova family includes understanding models, Nova Lite and Nova Pro, that process text, image, and video inputs to generate text output. Nova models support over 200 languages.The multimodal capabilities of Amazon Nova encompass visual understanding (image and video), document visual understanding including handwriting and annotations, multimodal document processing and analysis, chart comprehension, and agentic interaction. The affordability and capability of Nova make it well-suited as an orchestration layer for complex AI workflows.

The Amazon Nova to Fibo integration architecture

The integration of Amazon Nova and Bria Fibo creates a precise, cost-effective pipeline for enterprise image generation and editing. The following workflow diagram illustrates how these systems work together to transform natural language into precise visual outputs.The workflow demonstrates how Amazon Nova translates creative prompts such as “two models in business attire walking on a city sidewalk in summer” into structured VGL specifications, which Fibo then uses for deterministic image generation. Note the bidirectional flow—this closed-loop system enables both initial generation and iterative refinement. The following figure shows the Amazon Nova and Bria architecture.

Figure 1: Amazon Nova and Bria architecture

The following code block is the VGL generated by Amazon Nova as input to the Bria Fibo model:

{
	"short_description": "Two models dressed in professional business attire are walking on a bustling city sidewalk during a warm summer day. The scene captures the vibrant energy of urban life with clear blue skies and a backdrop of modern buildings.",
	"objects": [
		{
			"description": "A model dressed in a tailored business suit, wearing a crisp white shirt, a dark blue blazer, and black leather dress shoes. The model has short, neatly styled hair and is carrying a sleek black leather briefcase.",
			"location": "center-left",
			"relationship": "walking alongside the other model",
			"relative_size": "medium-to-large within frame",
			"shape_and_color": "humanoid, light and dark shades of blue and black",
			"texture": "smooth",
			"appearance_details": "The model's attire is polished and professional, reflecting the summer heat with a light, breathable fabric.",
			"pose": "walking confidently",
			"expression": "calm and focused",
			"clothing": "crisp white shirt, dark blue blazer, black dress shoes",
			"action": "walking",
			"gender": "male",
			"skin_tone_and_texture": "light skin, smooth",
			"orientation": "facing forward"
		},
		{
			"description": "A model dressed in a business suit, wearing a light pink blouse, a light grey blazer, and black leather dress shoes. The model has long, straight hair tied back in a low ponytail and is carrying a small black leather handbag.",
			"location": "center-right",
			"relationship": "walking alongside the other model",
			"relative_size": "medium-to-large within frame",
			"shape_and_color": "humanoid, light shades of pink, grey, and black",
			"texture": "smooth",
			"appearance_details": "The model's attire is stylish and professional, with a light, breathable fabric suitable for the summer heat.",
			"pose": "walking confidently",
			"expression": "calm and focused",
			"clothing": "light pink blouse, light grey blazer, black dress shoes",
			"action": "walking",
			"gender": "female",
			"skin_tone_and_texture": "light skin, smooth",
			"orientation": "facing forward"
		}
	],
	"background_setting": "The background features a modern cityscape with tall glass and steel buildings, lush green trees lining the sidewalk, and a clear blue sky. The sidewalk is bustling with people, and there are street vendors and cafes adding to the lively atmosphere.",
	"lighting": {
		"conditions": "bright daylight",
		"direction": "front-lit",
		"shadows": "long, soft shadows"
	},
	"aesthetics": {
		"composition": "rule of thirds",
		"color_scheme": "cool complementary colors",
		"mood_atmosphere": "energetic and professional",
		"preference_score": "very high",
		"aesthetic_score": "very high"
	},
	"photographic_characteristics": {
		"depth_of_field": "shallow",
		"focus": "sharp focus on subjects",
		"camera_angle": "eye-level",
		"lens_focal_length": "standard lens (e.g., 35mm-50mm)"
	},
	"style_medium": "photograph",
	"context": "This is a concept for a high-fashion editorial photograph intended for a business magazine spread.",
	"artistic_style": "realistic, vibrant, detailed"
}

Amazon Nova to Fibo generation

Amazon Nova acts as the intelligent interface, translating your creative natural-language prompts into VGL—the precise JSON structure that Fibo requires. The text generation capabilities of Nova verify that lighting specifications, composition rules, color palettes, and camera parameters are formatted correctly and comprehensively. Fibo then interprets these structured JSON instructions to generate exactly the images you need, reproducibly and at large production workload scale.You can now avoid the unpredictability that affects traditional generative AI systems. Instead of ambiguous text prompts that produce inconsistent results, the Amazon Nova to Fibo integration provides complete control over every visual parameter through structured, machine-readable specifications.

Image refinement loop

The ability to produce specific results extends beyond initial generation. When your existing images need refinement or editing, the vision-language models used by Amazon Nova analyze the current image, generating detailed text descriptions and captions that capture every visual element. Nova then converts these descriptions into VGL, which Fibo uses to make precise modifications while maintaining consistency with your original vision.This bidirectional workflow creates a closed-loop system for iterative creative development. You can start with a concept, generate initial visuals, analyze results, and refine outputs with precision that was previously unavailable in generative AI workflows. The following figure shows the result of Fibo’s “refine” function with the prompt “Same models in fall attire; change city scene to autumn.”

Figure 2: Fibo refine function

Cost and control

This workflow combines the price performance for orchestration and analysis of Amazon Nova with Fibo’s deterministic generation capabilities. You gain both economic efficiency and creative control. The cost savings are substantial: Nova models are at least 75% less expensive than comparable alternatives, and Fibo’s deterministic approach eliminates the waste associated with unpredictable generation requiring multiple attempts.

Enterprise benefits

The Amazon Nova and Bria Fibo integration addresses the fundamental challenges that have prevented widespread enterprise adoption of generative AI for visual content:

Predictability – Fibo’s deterministic architecture eliminates the randomness that makes traditional generative AI unsuitable for production workflows. Every parameter is explicit, disentangled, and reproducible.
Legal compliance – Bria’s 100% licensed training data and full indemnity coverage protect your organization from copyright and privacy infringement risks.
Brand consistency – Because the integration uses structured JSON, you can codify brand guidelines as machine-readable specifications, supporting on-brand outputs at high volume without manual review.
Cost efficiency – The industry-leading price performance of Amazon Nova combined with Fibo’s elimination of wasted generation attempts delivers return on investment (ROI) that makes enterprise deployment economically viable.
Workflow integration – Available in AWS Marketplace and SageMaker AI, the Amazon Nova to Fibo integration fits seamlessly into your existing enterprise infrastructure.

Real-world applications

The Amazon Nova to Fibo integration enables use cases across industries. You can automate campaign generation to produce brand-consistent visuals at high volume. Create product visualization for ecommerce with consistent catalog images across thousands of SKUs or deliver personalized ecommerce experiences with customized product imagery that maintains brand standards. And you can generate real-time sports broadcasting graphics with precise team colors and branding.These applications share common requirements: reproducibility, brand consistency, legal compliance, and cost efficiency. The Amazon Nova to Fibo integration delivers on all four dimensions.

Conclusion

The integration of Amazon Nova multimodal intelligence and cost efficiency with Fibo’s deterministic control and legal safety transforms generative AI from an experimental technology into a production-ready business tool. As you face mounting pressure to produce more content faster while maintaining brand consistency and legal compliance, this integration provides the technological foundation for scalable, responsible visual AI deployment.To get started:

Developers and architects – Try Bria Fibo using Bria API building blocks or deploy the Fibo Hugging Face model in your Amazon VPC or SageMaker AI environment. You can also explore Fibo’s Kiro integration for streamlined development workflows.
Business decision-makers – Explore Bria’s solutions in AWS Marketplace to understand deployment options and pricing models that fit your organization’s needs.

Bria – AWS Partner Spotlight

Bria is an AWS Advanced Partner and AWS AI Partner that offers an enterprise-grade visual generative AI platform available for deployment with source code or as APIs, SDKs, and iFrame. Bria AI’s platform is provided with full copyright and privacy indemnity.

Contact Bria | Partner Overview | AWS Marketplace

Build a complete SOC solution with Amazon Security Lake, Splunk, and Recorded Future Autonomous Threat Operations

Kunal Sharma — Wed, 17 Jun 2026 16:02:16 +0000

By: Kunal Sharma – Sr. Solutions Architect – AWS
By: Anthony Henry – Sr. Account Manager – AWS
By: Jon Hall – Principal Architect – Recorded Future
By: Robert Rossetti – Partner Engineer – Splunk

It’s 2:00 AM and you’re a SOC analyst triaging a suspicious sign-in alert, manually searching across five consoles to determine whether the activity is a real threat or a false positive. By the time the picture becomes clear, the threat actor has already moved laterally.
This detection-to-response gap is where Amazon Security Lake, Splunk Enterprise Security, and Recorded Future Autonomous Threat Operations provide a unified architecture that centralizes your security data, automates analysis, and accelerates response.

Traditional approaches use separate point solutions: a SIEM for log aggregation, threat intelligence feeds for context, and manual playbooks for response. This fragmented approach leaves gaps and creates operational inefficiencies.In this post, you learn how to solve the detection-to-response gap that leaves organizations vulnerable using Amazon Security Lake, Splunk Enterprise Security, and Recorded Future Autonomous Threat Operations. They work as a comprehensive SOC and SIEM solution that addresses the security lifecycle from detection to analysis to mitigation. Recorded Future is an AWS Partner that delivers real-time threat intelligence to help organizations defend against threat actors. Splunk is an AWS Partner that helps organizations build resilience through holistic security and observability. Specifically, you will learn:

How Amazon Security Lake centralizes and normalizes security data for consistent analysis
How Splunk Enterprise Security correlates events in real time and automates response workflows
How Recorded Future Autonomous Threat Operations enriches alerts with intelligence and standardizes threat hunting
How to implement this architecture in phases across your environment

The challenge: From detection to mitigation

Security operations teams struggle with three interconnected problems:

Disparate data resulting in incomplete visibility: Security data exists in silos across AWS services, software as a service (SaaS) applications, and on-premises systems, making comprehensive threat detection difficult.
Alert fatigue and manual inefficiency: Even when threats are detected, analysts face alert fatigue and spend hours manually correlating events and researching threat intelligence.
Response time challenges: The time between detection and response represents an operational gap that requires automation and integration to close effectively.

The solution: Unified detection, analysis, and mitigation

The integration of Amazon Security Lake, Splunk Enterprise Security, and Recorded Future Autonomous Threat Operations provides an architecture where each component directly targets one of the preceding challenges: centralizing data, automating analysis, and accelerating response. The following sections detail how each component works.

Detection: Amazon Security Lake

Amazon Security Lake automatically centralizes security data from AWS environments, SaaS providers, on-premises sources, and cloud platforms into a purpose-built data lake. The service uses the Open Cybersecurity Schema Framework (OCSF) to normalize security data from diverse sources into a consistent format.

Security Lake ingests data from AWS services such as AWS CloudTrail, Amazon GuardDuty, Amazon Inspector, VPC Flow Logs, and AWS Security Hub, along with third-party security tools. This centralized approach supports visibility across multi-account and multi-region AWS environments, reducing the gaps that threat actors target.

Analysis: Splunk Enterprise Security

Splunk Enterprise Security provides real-time analytics and AI-driven anomaly detection, and Risk-Based Alerting (RBA) on the security data flowing from Security Lake. Splunk Enterprise Security performs correlation across multiple data sources, applies User and Entity Behavior Analytics (UEBA) to detect anomalous activity, and provides interactive dashboards and advanced search capabilities for investigating events.

Splunk Enterprise Security uses RBA to accelerate the process of detecting risk in your environment. The risk analysis framework applies insights from cybersecurity frameworks such as MITRE ATT&CK, CIS 20, and NIST controls to identify the tactics and techniques observed in risky events. Doing so reduces alert volume, resulting in higher fidelity alerts.

Splunk Enterprise Security integrates with Splunk Security Orchestration, Automation, and Response (SOAR) for automated response workflows. With this integration, your security teams can define playbooks that run automatically when specific threat patterns are detected, reducing the time between detection and response.

Mitigation: Recorded Future Autonomous Threat Operations

Recorded Future Autonomous Threat Operations extends the architecture with AI-powered capabilities that autonomously hunt, detect, and prevent threats. Powered by real-time threat intelligence from 1+ million sources, the solution proactively tracks and enriches IoCs, malware, and threat actors across your environment.Autonomous Threat Operations standardizes threat hunting processes that previously required days or weeks of manual research. The solution integrates directly with Splunk, so autonomous agents operate within your existing security workflow without requiring analysts to switch between tools.

Architecture: How the components work together

The integrated architecture operates as an integrated pipeline where security data flows from detection through analysis to mitigation.

Data collection and normalization: Security Lake ingests security events from AWS services and third-party sources, normalizing them to OCSF format. With this data standardization, Splunk can analyze data consistently across supported data sources.
Real-time analysis: Splunk Enterprise Security receives normalized security data from Security Lake and performs real-time correlation, behavioral analysis, and threat detection. Splunk Enterprise Security applies machine learning models to identify anomalous patterns and generates alerts for security analysts.
Intelligence enrichment: Recorded Future automatically enriches security events with threat intelligence, providing context about indicators of compromise (IOCs), threat actor tactics, and patterns of unauthorized activity. This enrichment happens continuously without manual analyst intervention.
Automated response: When Splunk detects threats, Splunk SOAR runs automated playbooks that can isolate compromised resources, revoke credentials, block unexpected IP addresses, and initiate incident response workflows. Recorded Future Autonomous Threat Operations provides the intelligence that informs these automated decisions.

Integration benefits

This integrated solution delivers measurable improvements across your security operations.

Centralized visibility: Security Lake provides visibility across your cloud and on-premises environments, helping verify detection of security events across your configured data sources. You gain a single, normalized view of activity rather than switching between siloed tools.

Reduced analysis time: Automated threat intelligence enrichment and correlation reduce the time your analysts spend researching alerts and investigating events. If your security teams currently spend hours per alert on manual research, this integration can compress that timeline.

Faster response: Integration between Splunk SOAR and Recorded Future supports automated response to threats in seconds rather than hours. Your security teams can define playbooks that act on enriched intelligence without waiting for manual triage.

Standardized operations: Autonomous threat hunting creates consistent, repeatable processes that deliver reliable results with standard rigor and coverage every time.

Implementation approach

Organizations can implement this architecture in phases. This sequence builds each layer on the previous one, so that your team validates data flow and detection capabilities before adding automation.

Deploy Security Lake to centralize security data from AWS services and third-party sources using OCSF format.
Integrate Splunk Enterprise Security to analyze security data with real-time correlation and behavioral analytics.
Connect Recorded Future to enrich security events with threat intelligence from global sources.
Configure SOAR playbooks in Splunk to automate response actions based on threat intelligence.
Activate Autonomous Threat Operations to standardize threat hunting and proactively detect threats.

The workflow and components are shown in the following figure. You install the Recorded Future App for Splunk directly from Splunk’s app marketplace, Splunkbase. Security Lake subscribers can configure Splunk as a data consumer for real-time data flow from the centralized data lake, or search remotely with federated search. For configuration details, see the Splunk and Security Lake integration guide or Splunk Federated Search for ASL.

Figure 1: Unified SOC Solution: Detect, Analyze, Mitigate – An integrated framework for security operations powered by AWS CloudTrail, Amazon GuardDuty, Amazon Inspector, Splunk SOAR, and Recorded Future Autonomous Threat Operations

Use case: Detecting and mitigating credential misuse

A practical example demonstrates how the integrated architecture operates:

When a threat actor uses stolen credentials to access an AWS account, AWS CloudTrail logs the authentication event and Amazon GuardDuty detects the suspicious sign-in pattern. Security Lake ingests these events in OCSF format and delivers them to Splunk Enterprise Security.

Splunk Enterprise Security correlates the suspicious login with other security events, including unusual API calls and network traffic patterns. Recorded Future automatically enriches the alert with threat intelligence, identifying that the source IP address is associated with known threat actors.Based on this enriched intelligence, Splunk SOAR runs an automated playbook that suspends the affected account, revokes active sessions, isolates affected resources, and creates forensic snapshots for investigation.Following containment, an analyst can then use Autonomous Threat Operations to extend this initial investigation and run an automated threat hunt for similar activity across the analyst’s environment, surfacing additionally impacted users, assets, or persistence mechanisms that may have otherwise evaded the initial point-in-time investigation.

Transforming security from reactive to preemptive

By combining Amazon Security Lake, Splunk Enterprise Security, and Recorded Future Autonomous Threat Operations, your organization can build a complete SOC and SIEM solution that addresses the security lifecycle from detection to analysis to mitigation. Security Lake centralizes detection across your configured security data sources, Splunk Enterprise Security delivers real-time analysis with automated response capabilities, and Recorded Future provides intelligence-driven mitigation through Autonomous Threat Operations. This integrated architecture helps transform your security operations from reactive alert triage to proactive threat mitigation. By detecting threats across your environment, analyzing them with intelligence-driven context, and automating security actions, you can reduce your risk and strengthen your security posture.

Take the next step

To see this architecture in action, schedule a demo of Recorded Future Autonomous Threat Operations.

AWS Partner Spotlight

Recorded Future is an AWS Advanced Technology partner that provides real-time threat intelligence to help organizations defend against threat actors. With capabilities spanning the open web, deep web, and dark web, Recorded Future delivers actionable intelligence that security teams can use to anticipate and respond to threats.

Contact Recorded Future | Partner Overview | AWS Marketplace

Splunk is an AWS Advanced Technology Partner that helps organizations build resilience through holistic security and observability. Used by enterprises and government agencies worldwide, Splunk Enterprise Security and Splunk SOAR give security teams real-time analytics, automated response workflows, and the operational consistency needed to keep pace with evolving threats.

Contact Splunk | Partner Overview | AWS Marketplace

Agentic SaaS: Your next growth market is already here

Matt Yanchyshyn — Tue, 16 Jun 2026 15:58:05 +0000

By: Matt Yanchyshyn, VP, AWS Marketplace & Partner Services – AWS

Agentic AI represents the third major shift of enterprise software and how it creates value. The first brought applications from desktop to web and mobile, and the second moved software from on premises to cloud, creating a software as a service (SaaS) market worth $300 billion today and projected to reach $576 billion by 2029 that created enormous value for the software providers that moved early. Amazon Web Services (AWS) has been at the center of both, and this post explains how we can again support software providers on capturing the agentic opportunity through capabilities, distribution, and commercial models.

Users are increasingly interacting with software through AI assistants and agentic platforms that invoke capabilities on their behalf instead of the product’s own UI. Your product is still doing the work, but the user might never see it. The buying journey has changed too because the decision-making for technology is no longer owned solely by IT or engineering. Business users from human resources (HR), legal, finance, and other functions know what they need, and they’re buying it themselves. This era also brings an entirely new class of users: autonomous agents that reason, plan, and execute multistep tasks with minimal human intervention. All of this makes agentic AI an expansion of the addressable market, with new distribution channels that operate at machine speed at any hour, not a threat to existing revenue.

Agentic AI represents an evolution from software that users operate to capabilities that agentic systems execute, changing how software is built, priced, distributed, and consumed. Agents and humans alike are already choosing preferred providers based on discoverability and reliability. Your customers are building agentic systems today, and those systems will use your capabilities if they can find them, understand them, and trust them . . . or they’ll route around you.

What “Agentic SaaS” actually means

Agentic AI isn’t killing SaaS, it’s transforming it following similar patterns we’ve seen and pioneered before. Your product capabilities, your domain expertise, your customer relationships, your data moats, and decades of accumulated domain expertise don’t become less valuable in an agentic world. They provide the trusted, reliable, and well-described capabilities agents need to solve industry challenges. Agentic SaaS is the next evolution of software that’s now consumed by a hybrid workforce of both humans and agents and a growth opportunity for software providers that act today. The window for independent software vendors (ISVs) to act is measured in months, not years.

Build for agentic systems: Make current SaaS capabilities consumable by agentic systems and build your own agents for high-value workflows

This evolution doesn’t require a radical departure from SaaS engineering fundamentals. Multi-tenancy, tenant isolation, scale, security, observability, and governance remain the table stakes that enterprise buyers evaluate before any production deployment. What changes is the execution model. Agents operate autonomously, maintain complex state across sessions that can span hours, coordinate across tool chains and subagents. And they must enforce the compliance and authorization boundaries that you establish without getting you in the loop again. Most organizations build and rebuild these primitives for every framework, model, and use case change. That’s months of infrastructure work before a single agent reaches a real user.

AWS solved this at scale so you don’t have to solve it every time, and we did it based on lessons learned from implementing AI at scale for our own products. Amazon Bedrock AgentCore is our hero platform for taking agents from prototype to production. It brings runtime isolation, memory, identity, gateway, policy, and observability together and fully integrated with the rest of the AWS stack. Agent capability without accuracy is a liability, and this integration between infrastructure, model, platform, and data foundation layers enables your agents to be grounded in your proprietary data. Automated reasoning is the safety layer for the agentic era, proving mathematically that agents stay within defined boundaries, and our platform uses it to block unauthorized actions that violate policies and to enforce tool access. Security is built in by design, with network isolation and fine-grained authorization, and AWS industry certifications providing the foundation to reduce the compliance burden for your agentic deployments.

Customer adoption of agentic AI tools and features is accelerating, and we’re seeing this in the growth of AI agents and tools in AWS Marketplace. This fast-growing category went from 900 solutions at launch to over 3,300 in less than a year. Most are not standalone agents, they’re existing SaaS products that have been agentified, extending proven software to work inside agentic workflows.

The results speak for themselves:

Agentforce, Salesforce’s enterprise agentic AI solution available in AWS Marketplace, uses foundation models (FMs) through Amazon Bedrock, implemented natively on AWS Global Infrastructure, to deliver faster, smarter resolutions for customers.
CrowdStrike is deploying autonomous security agents that detect and remediate threats without human intervention.
Workday built a sales companion on AWS, an AI-powered solution that condenses structured and unstructured data to surface product intelligence for sales teams in real time, delivering a 75% reduction in sales prospecting cycle time and saving 5 hours per sales rep per week.
Zendesk customers use Amazon Bedrock and Amazon Connect to automate 80% of customer service interactions.
Druva built DruAI with Amazon Bedrock and AgentCore, transforming cyber investigations that previously took 30–60 days into minutes-long conversational workflows, with the multi-agent system now resolving 68% of customer issues without manual intervention.

These aren’t incremental features. These are companies rethinking what their software does and who uses it.

Design for agentic discoverability: Position your solutions to be found and chosen when agents select tools

Agents interact with software through APIs and structured interfaces in a similar way developers do. But although humans navigate UIs and evaluate feature lists, agents select tools based on structured metadata and natural language descriptions. Agentic discoverability is the new distribution, defined by the degree to which AI agents can find, understand, and choose to invoke your capabilities. Whereas human distribution channels reward brand familiarity and sales reach, agent selection rewards technical precision, which makes the architecture and descriptions of your product the most powerful go-to-market asset.Investing in agentic discoverability isn’t solving a one-time technical configuration. It’s building the equivalent of early domain authority, an agent selection advantage that compounds over time. While building a shopping assistant that selects from hundreds to thousands of internal tools per session, engineering teams at Amazon found that defining structured schemas and precise semantic descriptions for each tool was the central engineering challenge. The agent’s ability to identify and invoke the right tool depends directly on the quality of those descriptions.

The Model Context Protocol (MCP) has emerged as the industry standard for making capabilities discoverable to agents, doing for agentic capabilities what REST APIs did for web applications: make them discoverable, composable, and invokable across any agent runtime. The Agent2Agent (A2A) protocol complements MCP for cross-agent discovery: where MCP handles agent-to-tool invocation, A2A handles agent-to-agent delegation, with structured metadata describing the agent’s capabilities and interface. Supporting both protocols in your solutions maximizes the probability that agents in your domain will find and use your solution rather than a competitor’s.

Salesforce continues to lead the charge with the recent introduction of Headless 360, which makes all its capabilities accessible to agents and humans alike using APIs, MCP tools, or command line interface (CLI) commands. The surface changes, but the platform and its capabilities don’t.

AWS provides MCP and A2A support across the full stack. On the backend, you can provide an immediate agentic surface for your current capabilities without requiring rewrites converting REST APIs and serverless functions into MCP tools with Amazon Bedrock AgentCore Gateway. On the distribution front, AWS Marketplace supports listing both MCP and A2A servers, making your tools and entire agents discoverable within agentic workflows.

For customers already transacting through AWS, this removes the friction of a new vendor relationship and accelerates procurement. Agents can also interface with AWS Marketplace using agent mode through our own MCP server and a native connector available in Anthropic’s Claude, querying AWS Marketplace directly or interfacing to find solutions based on needs and problem descriptions, not keyword searches. And we’re not only building this for partners. We built the AWS Partner Central agent experience using Amazon Bedrock and AgentCore, complementing the AWS Partner Central application used by thousands of partners every day. The platform we’re providing for you to build on is the same one AWS uses to build with.

Align pricing to value: Capture the measurable outcomes that agentic usage creates

Agents create measurable, attributable business value in units that per-seat pricing was never designed to capture: a customer support agent resolving 10,000 tickets overnight, an invoice processing agent handling 50,000 lines without human review, a network monitoring agent running around the clock. Leading SaaS vendors have already begun building commercial models that capture this value, and the consistent pattern is a hybrid model: predictable base revenue from humans combined with consumption-based upside from agent usage, not a replacement of one model for the other.

The practical prerequisite is instrumentation because it provides you with powerful data to understand and show your customers precisely what their agents consumed, what outcomes they produced, and what the unit economics look like. Having the most granular outcome data will help you define pricing metrics for your category instead of matching what your competitors are pushing. This is where observability becomes a commercial capability, not merely an operational one. The ability to trace agent sessions, tool invocation, and resolution events and then map those traces to billable units is the foundation for consumption pricing.

AgentCore provides this instrumentation inherently, with built-in observability that tracks agent execution. AWS Marketplace then closes the commercial loop with support for pay-per-outcome pricing structures and private offer negotiation, so you can establish hybrid pricing models through the same channel that already distributes your existing software, without a new billing platform or a new sales motion.

Zendesk, a leader in AI-powered customer service, used AWS Marketplace to shift from per-seat licensing to outcome-based pricing where customers pay for results, such as tickets resolved. The flexible pricing infrastructure of AWS Marketplace made the transition possible without rebuilding their commercialization stack.

Build the agentic era on AWS

AWS has helped software providers navigate every major platform shift and succeed for the past two decades, and this one is no different. We provide both the platform and expertise to architect for this next generation of software solutions, supporting you to evolve from SaaS products to Agentic SaaS solutions and start winning your category today.

AWS is investing in every layer of the AI stack so you don’t have to, from custom silicon and foundation models to agentic platforms and solutions. We also launched several new programs and initiatives this year to help you make this transition, including expanding the AWS Migration Acceleration Program to cover AI-based new builds, growing AWS ISV Accelerate to support partners engaged in co-sell activities, and investing an additional $100 million in the Generative AI Innovation Center for hands-on support building and deploying agentic AI applications.

Your next growth market is already here, and it won’t wait too long. Get started today with our learning series for building agentic systems on AWS.

Sell smarter with AWS: New agentic capabilities accelerate time to revenue

Tom Thayer — Tue, 16 Jun 2026 14:16:55 +0000

By Tom Thayer, Global Leader, ACE Program – AWS
By Raj Kandaswamy, Principal PMT – AWS

AI is fundamentally changing how sales teams operate, reducing time spent on operational tasks and freeing them to focus on what matters most: building relationships and delivering customer outcomes.

Building on the AWS Partner Central agentic experience launched in March, we’re introducing new capabilities that support you at every stage of selling—from identifying the right leads and creating stronger opportunities to getting real-time insights and selling support on every deal you share with Amazon Web Services (AWS).

In this post, we’ll walk you through how these new capabilities help you build a stronger pipeline, accelerate deal progression, and get real-time qualification and guidance on every opportunity.

Drive stronger pipeline with propensity insights

A healthy pipeline is the foundation of sales success, but not all leads are created equal. When you know which prospects have the highest propensity to buy, you can focus your time on the right opportunities and move faster from outreach to close.

Partners can now submit marketing and sales leads in AWS Partner Central to receive propensity insights that increase lead conversion. This new feature helps you build a stronger pipeline by focusing on the leads most likely to convert. Submit your own leads and receive:

Propensity insights to prioritize outreach on leads with the highest likelihood of conversion.
Recommendations on which leads are eligible for programs, funding benefits, and sales motions.

These insights are only the beginning. Upcoming enhancements will include tailored sales messaging, like sales plays, call scripts, and email templates to support your outreach.

Figure 1 – View propensity insights, program eligibility, and recommended next steps for each lead you submit.

Once you’ve nurtured your strongest leads, you’re ready to create opportunities in ACE (APN Customer Engagements) with real-time selling support to help you close deals faster.

Accelerate deal progression with meaningful engagement on every opportunity

Partners told us they need faster, higher-quality engagement on co-sell submissions to increase deal velocity and reclaim time for strategic customer conversations. With 65% of Partners reporting higher close rates and 54% seeing larger deals as a result of co-sell motions (Canalys, 2024), we’re making selling with AWS faster, smarter, and more actionable on every opportunity.

To help you reduce sales cycles and accelerate time to revenue, every opportunity you submit through ACE now gets data-driven insights and real-time support. With these enhancements, you can:

Get selling support on every opportunity: Data-driven insights and tailored recommendations from the agent to keep your deals progressing.
Accelerate deal progression: Whether co-selling with AWS or progressing with agent support, you keep deals moving with sales plays, customer insights, funding eligibility, and resources to help you close.

Getting started is simple. To create an opportunity, describe a deal in plain language, upload meeting notes or a proposal, or clone an existing opportunity. Coordination happens automatically: the agent initiates workflows on your behalf, pre-populating available data, validating details, and populating customer information, so your team spends time on decisions, not data entry.

Get real-time qualification and opportunity insights

When you submit an opportunity in ACE, the agent qualifies it in real-time and delivers tailored guidance on where the opportunity stands, what actions to take, and recommendations to progress the deal.

Every opportunity receives 24/7 agent support and is matched to a co-sell motion based on the data in your submission:

AWS Field-engaged: Your opportunity is ready and matched with an AWS sales team for direct collaboration.
Agent-engaged: Your opportunity is qualified by the agent, with actionable insights to strengthen your submission and increase the likelihood of AWS sales team engagement.
Partner-led: You have 24/7 agent support, including sales plays, customer insights, and resources, to help you close faster, while you own and drive the opportunity.

Each opportunity also receives an Opportunity Quality Score, a data-driven indicator of how well your submission aligns with what drives successful co-selling. This score is a key input into which co-sell motion your opportunity receives. The agent provides recommendations to improve your score on every opportunity, giving you a clear path to strengthen your submission and increase engagement from AWS.

AWS sellers see this score as well. As your Opportunity Quality Score increases, so does the likelihood of direct engagement with AWS sales team.

Opportunities are continuously rescored as you improve your submission data. As you add detail, refine your business case, or update deal context, the score recalculates in real time. For Agent-engaged opportunities, this can move you closer to AWS Field-engaged as your score strengthens.

Figure 2 – Get data-driven insights on where your deal stands and specific recommendations to strengthen your submission.

We’re also extending Express Private Offers to accelerate co-sell deals by automating custom pricing deals directly to AWS Marketplace customers. When you enable Express Private Offers on your product, an AWS sales representative can identify your solution as the right fit for a customer and invite the customer to receive personalized pricing. You gain direct engagement with high-purchase intent customers, and deals close faster because the friction is eliminated.

Maximize your Opportunity Quality Score

To strengthen your score, focus on these actions:

Be specific in your opportunity description: Include the customer use case, desired business outcome, and relevant AWS services.
Keep your data current: Regularly update the opportunity stage, next steps, estimated revenue, and ensure correct industry and use-case tagging.
Tag your solutions and AWS products: Attach your AWS Partner Solutions and list the AWS services involved in delivery. This helps the agent match your opportunity to the right engagement motion.
Assign the correct sales team member: Insights and recommendations are delivered directly to the seller on the opportunity. Make sure the right person is listed so they can act immediately.

Figure 3 – Chat with the agent to get recommendations on strengthening your score.

Connect agents to your existing tools

Engage directly with agents in AWS Partner Central for real-time guidance and next-step recommendations. You can also connect your existing tools and systems directly to agents with the MCP Server—bringing AWS intelligence into the workflows your teams already use.

Explore automation and integration options >>

Partner testimonial

“The agentic co-sell experience provides the right level of AWS engagement without taking over account management from our reseller network,” said Danny Banks, Technical Director, Business Development at WatchGuard. “The agent enables us to advance opportunities more efficiently while continuing to refine qualification processes, which will ultimately result in better-aligned, higher-quality engagements. Strengthening co-sell engagement with AWS sellers remains our ultimate objective, and these agentic capabilities guide us on that path to ensure the highest level of service and value for our shared customers.”

Get started

Submit your leads and receive propensity insights to build your pipeline, create and manage opportunities with agent support, and get real-time recommendations to strengthen and progress every deal.

Agents are available today for Partners who have migrated to AWS Partner Central in the AWS Console.

Here’s how to get started:

Migrate to the AWS Partner Central experience in the AWS Console if you haven’t already. For step-by-step guidance, review the Migration Guide.
New Partners: Register as an AWS Partner in the AWS Console. Agentic capabilities can help you go from registration to ready-to-sell in days. Learn more >>

More agentic capabilities are coming to support Partners at every stage of their journey, from pipeline to close.

New agentic capabilities to take you from registered to ready-to-sell in days

Jen Letourneau — Tue, 16 Jun 2026 14:16:28 +0000

By Jen Letourneau, Global Leader, Partner Journey – AWS
By Payal Patel, Specialization Program Onboarding Manager – AWS
By Keren Bar Lev, AWS Marketplace Seller Innovation Manager – AWS

Whether you’ve just registered as an AWS Partner or you’re ready to list your first solution in AWS Marketplace, the goal is the same: get to market fast. Partners shared that they want to spend less time on operational steps and more time on what matters most—reaching customers and growing their business.

A Forrester Consulting report found that channel Partners who build and scale an AWS Marketplace practice can realize 234% ROI, 50% faster deal closure, and 4–5× richer deal sizes compared to traditional channels.

To accelerate time-to-revenue through AWS Marketplace, we’re expanding agentic capabilities in AWS Partner Central that take Partners from registration to ready-to-sell in days. From automated profile creation and personalized guidance for seller account setup to AWS Marketplace listing optimization, PRM readiness, and streamlined FTR validation, Partners can now unlock badging, benefits, and funding faster.

Create your profile and set up your seller account in minutes

Getting started as a Partner used to mean manually entering company details and configuring account settings. Now, your profile is pre-filled from your company website—including description, logo, locations, and industry focus—and shared with you for review.

The agent also recommends your account structure based on where you sell and guides you through tax, compliance, and payment setup—so you’re ready to transact and start reaching customers sooner.

Figure 1 – Select from the prompts to engage the agent.

Explore the demo.

Generate your AWS Marketplace listing content from your website

Publishing an AWS Marketplace listing is a key milestone for Partners looking to reach AWS customers at scale. Your website content is transformed into a complete, publish-ready listing—with product descriptions, features, use cases, and proper categorization—in minutes. Already have an AWS Marketplace listing? Get recommendations to refresh and optimize it for better discoverability.

Listings are structured with relevant keywords and categories that help customers find your solution faster.

Figure 2 – Chat with the agent to create or optimize your AWS Marketplace listing in minutes.

Once your listing is published, get guidance on setting up Partner Revenue Measurement so you can unlock revenue insights that inform your growth strategy.

Ready to list? The AWS Marketplace List & Sell Incentive offsets the cost—whether it’s your first listing, expanding to a new country, or adding self-service buying features.

You can also bring the buying experience directly to your customers from your website. AWS Marketplace Storefront lets you create a curated, branded catalog that showcases your complete solution portfolio. Transaction flows through AWS Marketplace and appears automatically on customers’ AWS invoices, giving buyers the consolidated billing and procurement simplicity they expect—while you maintain full brand ownership of the experience.

Set up and launch your storefront quickly, connect it to your CRM and IT systems through pre-built connectors or the AWS Partner Central API, and begin capturing inbound leads that flow directly into your co-sell pipeline with AWS.

Explore the demo: Create a new listing | Optimize an existing listing

Streamline your Foundational Technical Review

Validating your software solutions unlocks badging, program eligibility, and funding benefits. Now there’s a faster path to get there.

Submit existing SOC2 audit reports or completed AWS Well-Architected Framework reviews to complete the Foundational Technical Review. You’ll receive approval or actionable feedback in minutes, so you can iterate quickly and unlock benefits sooner.

Explore the de mo.

Connect agents to your existing tools

Access agents directly through the AWS Partner Central homepage. If you don’t complete all steps in one session, you’ll see exactly what remains so you can pick up where you left off.

You can also bring these capabilities into your CRM via the AWS Partner Central MCP server, directly or through Partner integrators. Your teams get AWS insights in the tools your teams already use every day—eliminating context-switching and keeping sellers focused on deals.

To help offset the cost of integrating these workflows, the Automation Incentive supports system integration and agentic workflows, unlocking real-time pipeline insights and saving hours of manual work.

What Partners are saying

Partners are seeing the timeline from registered to actively selling collapse from weeks to days.

“Partner Central agents accelerated our onboarding and co-sell motion by at least 10x,” shared Sujaiy Shiv, Founder & President at inferdat.ai. “It has completely removed the ambiguity and manual overhead that used to slow us down. The time we’re not spending navigating Partner Central is time we’re spending helping customers get gen AI into production.”

That speed extends to listing quality at scale: “The AWS Marketplace listing feature will be a real gamechanger as we roll out centralized listing-quality guidance across all of our many AWS Marketplace product listings,” said Sarah Dunworth, Program Director of SaaS Operations at IBM.“We’ll be able to easily identify quality issues and provide guidance and recommendations to the product teams, which will save them a lot of time and effort.”

For some Partners, the impact was immediate. “We were able to review our profile, ensure we were set up correctly, ask the agent follow up questions as we progressed and effectively launched four separate AWS Marketplace listings within 1 hour,” shared Mike Salazar, Co-founder & CEO of Nimbus Value. “This was critical for our company launch the next day and we leveraged it for a customer conversion three days later.”

“The AWS Marketplace listing feature transforms AWS Marketplace listing creation from a time-intensive process into a streamlined experience completed in minutes”, shared Drew Jenkins, VP of Strategic Alliances at Opti9.

And Partners are already extending these capabilities into their own workflows.

“We’re excited to integrate this agent directly into Slack and Teams so teams can get clear, contextual next steps and recommendations that help improve their AWS presence faster,” said TJ Laher, CEO of PartnerPlex AI.

Get started

The path from registered to revenue-ready now takes days. These capabilities are available in the new AWS Partner Central experience.

Here’s how to get started:

Migrate to the AWS Partner Central experience in the AWS Console if you haven’t already. Review the Migration Guide for step-by-step guidance.
Create or optimize your AWS Marketplace listing and implement PRM to unlock revenue insights.
Connect your CRM through the AWS Partner Central MCP server to bring automation into the tools your team already uses. Explore automation and integration options >>

We’re continuing to expand agentic capabilities that help Partners move faster at every stage. Learn how we’re making selling with AWS smarter.

From legacy to AI-powered: Transform your customer experience with Amazon Connect Customer Competency Partners

Lawrence Tse — Tue, 16 Jun 2026 14:06:31 +0000

By Lawrence Tse, Amazon Connect Customer Designation Owner – AWS
By Yoona Lee, Applied AI Solutions GTM Acceleration Lead – AWS
By Kelly Costlow, AWS Specializations Partner Program Lead – AWS

Today’s customers expect seamless, personalized brand experiences at every touchpoint—but legacy contact centers fall short. They rely on queues, manual routing, and handle-time metrics as control mechanisms, with AI added as a separate layer rather than built in from the start.

The data confirms the business impact. According to PwC’s 2025 Customer Experience Survey, 29% of consumers say they stopped using or buying from a brand due to poor customer experience, either online or in-person.

That’s why we’re excited to announce the Amazon Connect Customer Competency, which helps customers identify Partner solutions to transform their enterprise-wide customer experience on Amazon Web Services (AWS).

This new AWS Specialization recognizes Services Partners with technical depth and proven success on Amazon Connect Customer—from migrating legacy contact centers to operationalizing AI at scale.

Amazon Connect Customer provides a unified, AI-native solution spanning voice, chat, email, SMS, and social. Teams shift from managing queues to building loyalty, with enterprise-grade observability to move AI from pilot to production with confidence.

This is the first AWS Competency directly aligned to an AWS service, launching with two categories that reflect the accelerating shift toward AI-native customer experiences: Contact Center Transformation and AI-Powered Customer Experience.

“Customer experience is shifting from reactive to predictive, and organizations need Partners who can move at that pace,” said Sara Caleffi, Director, Applied AI Solutions GTM at AWS. “The Competency gives customers the confidence they’re working with Partners who have the expertise to deliver that transformation at scale.”

In this blog, we’ll cover the two categories, new benefits for Partners, and how to get started.

Competency categories

Amazon Connect Customer Competency Partner solutions are validated by AWS experts across two categories:

Contact Center Transformation: Transform legacy contact center environments by migrating organizations from on-premises or cloud-based systems to a modern, AI-powered customer experience on Amazon Connect Customer. Deliver end-to-end transformation using structured methodologies from discovery through post-migration optimization, enabling AI features as part of the migration to drive measurable improvement over the legacy environment.
AI-Powered Customer Experience: Design, build, and operate intelligent customer experiences using Amazon Connect Customer’s AI capabilities, including autonomous AI agents, conversational AI, agent and manager assist, and multi-channel self-service. Resolve customer issues at scale, augment human agents, and continuously improve outcomes through AI-driven insights while maintaining rigorous governance, observability, and testing practices.

New benefits for Amazon Connect Customer Competency Partners

We’re increasing our investment in Partners’ success through the following key initiatives:

Additional Marketing Development Funds – Receive $50K in Marketing Development Funds (MDF) in 2026 and 2027 for achieving the Amazon Connect Customer Competency.
AWS Migration Acceleration Program funding – Unlock funding to offset customer migration costs.
AWS PartnerEquip: Live Amazon Connect Track – Access strategic and confidential content, including product roadmaps, feature release previews, and demos, as part of the AWS PartnerEquip event series. To attend live events in your region or tune in virtually, register for an upcoming session.
Signature benefits – Receive dedicated co-selling support, private strategy sessions, and AWS guest speaker support at Partner-led customer events.

To learn more, review the AWS Specialization Program Benefits Guide in AWS Partner Central (login required).

Launch Partners

The AWS Competency Program is designed to highlight AWS Partners who have demonstrated technical proficiency and proven customer success in specialized solution areas.

We invite you to explore the following Amazon Connect Customer Competency launch Partner solutions recommended by AWS:

Contact Center Transformation

Accenture
Caylent
Deloitte
Genpact
Infosys Ltd
NeuraFlash
NTT DATA Inc.
PricewaterhouseCoopers
Pronetx, Inc.
Salesforce
TTEC Digital
USAN
Zendesk

Success story

Partners are already helping customers close the gap between AI investment and measurable business outcomes on Amazon Connect Customer.

Pronetx helped New York Cancer & Blood Specialists replace 30,000+ manual calls monthly with an AI-powered contact center on Amazon Connect Customer—increasing patient enrollments by 54% in 8 weeks.

Read the full case study

Customers: Work with an Amazon Connect Customer Competency Partner

Amazon Connect Customer Competency Partners offer purpose-built contact center transformation and AI-powered customer experience services to help you modernize your customer experience operations—ensuring seamless, personalized interactions at every touchpoint.

Discover solutions and connect with validated Amazon Connect Customer Competency Partners or explore solutions listed in AWS Marketplace.

Partners: Become an Amazon Connect Customer Competency

AWS Partners looking to get their solutions validated through the AWS Specialization Program must be validated or differentiated members of the Services Path prior to applying. This AWS Competency replaces the Amazon Connect Service Delivery designation, which will be deprecated on June 1, 2027.

Ready to apply? Review the Specialization Partner Program Guide for instructions on how to apply in AWS Partner Central (login required).

Accelerate customer outcomes with the AWS Business Value Realization motion

Bhargs Srivathsan — Tue, 16 Jun 2026 14:06:03 +0000

By Bhargs Srivathsan, Director Customer Success Center of Excellence – AWS
By Cynthia Starr, Sr. Manager, Partner Led Customer Success – AWS
By Zehra Ladiwala, Partner CS Development Manager – AWS

AI is reshaping the technology landscape at a pace we’ve never seen before, and with it, the bar for what customers expect from their Partners has shifted. It’s no longer enough to deploy the right technology, customers want Partners who understand their business, align to their goals, and can demonstrate real, measurable impact from their Amazon Web Services (AWS) investments.

The data reinforces this. According to a 2026 AWS Market Study, 80% of customers interviewed are moving toward outcome-based commercial models. To help Services Partners meet this shift, we’re introducing the Business Value Realization (BVR) motion, which provides funding, enablement resources, and specialized support to lead post-sales customer success.

Partners who demonstrate excellence in driving customer outcomes can earn the AWS BVR Competency, a new AWS Specialization that unlocks the full suite of BVR motion benefits and serves as a powerful differentiator in the market.

“Customers are investing significantly in technology, but many aren’t yet seeing the full return,” said Bhargs Srivathsan, Director, Customer Success Center of Excellence at AWS. “That gap is exactly what the Business Value Realization motion is designed to close from defining what success looks like in business terms to proving it with the AWS BVR Competency, which recognizes Partners with the demonstrated success and deep expertise to deliver real outcomes.”

In this blog, we’ll share the market data behind the BVR motion, the benefits available to Partners who achieve the BVR Competency, and early results from Partners already putting it into practice.

Market study: How Customer Success and a Focus on Value Realization Set Winning Consulting Partners Apart

A 2026 AWS Market Study examined how Services Partners are investing in customer success capabilities and what it means for their bottom line. Across Partner segments, the data shows a clear correlation between customer success maturity and financial performance:

$3.50 in gross profit for every dollar invested in customer success over five years, with 79% breaking even within two years.
Four Partner archetypes emerged based on customer success maturity—from Implementation Boutiques to End-to-End Transformation Leaders—with most Partners falling somewhere in the middle.
Returns rise sharply with maturity – from $2.70 to $3.90 across the spectrum, with the most advanced Partners seeing 10-11% revenue growth and 6-7 percentage point margin expansion over three years.
Customers pay up to a 20% premium for proven customer success capabilities, specifically value mapping, change management, and outcome tracking.

Benchmark your customer success maturity and see where you stand. Read the full study >>

Benefits

The AWS BVR Competency is the key that unlocks the full BVR motion—giving you access to funding, enablement, and specialized support designed to help you build and scale customer success practices.

Business Value Realization Toolkit: Execute customer success engagements at scale with domain and industry-specific market intelligence, benchmarks, value drivers, and business case models, plus ready-to-use templates for value realization planning and business value calculations across today’s most relevant enterprise AI transformation use cases.
Funding: Unlock funding tied to customer outcomes, not just delivery milestones, with automated requests through AWS Partner Central so you can focus on execution.
Enablement: Accelerate team readiness through domain-specific adoption playbooks, immersive BVR-focused hands-on workshops, and self-service learning on AWS Skill Builder, covering the BVR approach, Business Value Realization Plans, post-sales engagement, and change management.
Partner Success Specialists support: Access specialized post-sales support to build and scale customer success capabilities, from operationalizing success frameworks to establishing repeatable practices and applying AWS best practices for post-launch adoption.

In addition to these benefits, the new agentic capabilities in AWS Partner Central support you through the post-sales journey, including automated milestone tracking and intelligent notifications as engagements progress through each phase.

AWS Business Value Realization Competency

The AWS BVR Competency recognizes Partners who excel at helping customers define, measure, and achieve business outcomes from their cloud investments. It signals to customers that you have the leadership commitment, enabled teams, and proven track record to deliver measurable outcomes beyond technical implementations.

In addition to the AWS Specialization Program and BVR motion benefits, BVR Competency Partners receive $50K in Marketing Development Funds (MDF) in 2026 and 2027. They also gain visibility with the AWS Specialization badge, priority placement in Partner Solutions Finder, and enhanced presence in customer-facing channels.

To learn more, review the AWS Specialization Program Benefits Guide in AWS Partner Central (login required).

Launch Partners

We invite you to explore the following AWS BVR Competency launch Partners recommended by AWS:

Success stories

Early results from pilot Partners demonstrate the impact of BVR in action.

Tower Insurance and Deloitte
Deloitte helped Tower Insurance move from pilot to production in 10 weeks—achieving a 26% improvement in call handling time, 18% faster email handling, and 8,200 agent hours freed up.

“In just 10 weeks, Tower demonstrated that AI-driven experiences can be delivered at pace, with stability, strong governance, and real business impact,” said Kylie Bryant, Partner at Deloitte.

Read the story

Promptly and DoiT

DoiT helped Promptly consolidate fragmented data and build AI-powered experiences for patients and staff—with Amazon Q Developer now accounting for 30-40% of code written and a 25% improvement in development speed.

“Anyone from any department can get the information they need quickly, easily, and efficiently using AI agents,” said Dr. Anish Kapur, CEO and Founder at Promptly.

Read the story

United Express and Caylent

Caylent helped United Express build an agentic AI observability solution for its critical weight and balance system—delivering a 90% improvement in mean time to detect and resolve issues and saving 336 hours of manual log analysis monthly.

“The quicker we can identify issues, the quicker we can fix or prevent them to deliver excellent customer service in the moments that matter most,” said Thomas Jacobs, Product Owner at United Express.

Read the story

Get started

Whether you’re formalizing existing customer success capabilities or building them from the ground up, the BVR motion gives you a clear path forward. Here’s how to get started:

Achieve the BVR Competency: Review the Program Guide and BVR learning requirements, and access the application in AWS Partner Central (login required).
Unlock BVR benefits: Once you’ve achieved the Competency, nominate qualifying customer engagements to access funding, dedicated support, and resources.

How Public AI delivers sovereign LLM inference on AWS and Intel

Nicolas Jourdan — Mon, 15 Jun 2026 15:29:38 +0000

by: Nicolas Jourdan, Sr. Specialist Solutions Architect AI/ML – AWS
by: Diego Bailón Humpert, Global AWS Data & AI/ML GTM Lead – Intel
by: Malte Reimann, Solutions Architect – AWS
by: Joshua Tan, Product Lead – Public AI

Intel

When research institutions release open-weight large language models (LLMs), their work is largely done. The weights land on services such as Hugging Face, the paper gets published, and the team moves to the next project. But for the businesses and public institutions that want to actually use these models, the work is only beginning. They need API endpoints, auto scaling infrastructure, and integration paths that no research lab is set up to provide.

This gap is showing up everywhere sovereign AI is being built. National initiatives such as Swiss AI train multilingual models, AI Singapore builds Southeast Asian language models, and the Allen Institute for AI (Ai2) releases models with open weights, training code, and training data. Each publishes weights and research, but none operates production inference services. That isn’t their mission.

The Public AI Inference Utility (IU) has changed that. It deploys sovereign open-weight models on Amazon Elastic Compute Cloud (Amazon EC2) instances powered by Intel processors, exposing public inference endpoints so organizations can test and integrate these models without provisioning their own infrastructure. Amazon Web Services (AWS) provided the managed infrastructure to launch quickly within Swiss jurisdiction; Intel-powered EC2 instances made the architecture cost-effective enough to replicate across other sovereign initiatives.

In this post, we walk through how Public AI built a production inference platform on Amazon Elastic Kubernetes Service (Amazon EKS) and Intel-powered EC2 instances for the Apertus model launch, and why that architecture is replicable for other sovereign LLM initiatives.

“Training the model was our contribution to open AI research. AWS makes our innovation easily accessible to any organization that can now run our model privately on AWS global infrastructure.” — Martin Jaggi, Associate Professor at EPFL and Head of Machine Learning and Optimization Laboratory

What is Public AI?

Public AI is a global initiative to build AI as public infrastructure, open, auditable, and governed in the public interest. It brings together governments, research institutions, and open source communities to deploy sovereign AI systems that are accessible and transparent.

The Public AI Inference Utility is the operational core of this vision: a distributed inference layer that aggregates compute from partners (including national labs, cloud providers, and public institutions) and exposes it through a unified API and chat interface. By pooling infrastructure and demand across jurisdictions, the IU reduces duplication, improves utilization, and provides a viable alternative to closed AI ecosystems. In practice, it allows newly released open-weight models to be served reliably at scale while preserving data privacy and enabling local governance.

Why Public AI chose AWS

Public AI is the international launch partner of the Swiss AI initiative, providing inference access to the Apertus model family, Switzerland’s first large-scale, fully open, multilingual LLM developed by EPFL, ETH Zurich, and the Swiss National Supercomputing Centre (CSCS). A publicly accessible inference endpoint is essential for newly released models: companies, public institutions, and developers want hands-on experience with a model before committing to their own hosting on services such as Amazon SageMaker AI.

As a nonprofit, open-source community with lean engineering resources, Public AI faced a demanding launch. The Apertus release was expected to draw thousands of concurrent users at peak, and popular open source inference stacks such as vLLM didn’t support the Apertus architecture until only weeks before the model release. The goal was clear: deliver a scalable inference interface (both a chat-style UI for broad accessibility and an API for developers) within a narrow timeline.

AWS provided the infrastructure foundation and hands-on expertise to make this possible. Early in the process, AWS solutions architects and specialists worked with the Public AI team on enablement sessions, reference architectures, and guidance on service selection. Together, they built a production stack in the AWS Europe (Zurich) – eu-central-2 Region, which kept inference workloads and user data within Swiss jurisdiction, a key requirement for sovereign AI deployment.

The architecture is a fully containerized stack on Amazon EKS Auto Mode, designed so a single inference request flows cleanly from user to model and back:

Entry – End users reach a hosted Open WebUI chat interface; developers connect through an API gateway. Both paths are protected by AWS WAF, with Amazon CloudFront fronting the chat interface.
Authentication – Amazon Cognito handles user identity and access for both interfaces.
Routing and inference – Requests are routed through a gateway layer to auto scaling vLLM deployments. The Apertus 8B variant runs on Intel-powered Amazon EC2 R8i instances; the larger 70B variant runs on GPU-powered instances. Check the Amazon EKS best practices guide for CPU inference to dive deeper.
Responsible AI – Amazon Bedrock Guardrails enforces safety policies including blocking of prohibited topics across both model variants inline with each request.
State and storage – Amazon Aurora Serverless v2 PostgreSQL-Compatible Edition handles persistent data, Amazon ElastiCache for Valkey provides caching, Amazon Simple Storage Service (Amazon S3) stores objects, and Amazon Elastic File System (Amazon EFS) shares files across pods. Container images are managed in Amazon Elastic Container Registry (Amazon ECR).

This architecture, shown in the following diagram, gives Public AI what a sovereign, nonprofit inference provider needs most: the ability to go from zero to production scale quickly within a specific jurisdiction, scale with demand, and operate reliably, without building or managing physical infrastructure.

Figure 1: Solution Architecture

How Intel provides choice for sovereign inference

With the Apertus deployment running, Public AI turned to the next challenge: how to scale from one model in one country to many sovereign LLMs across many jurisdictions. That requires an inference platform that is cost-effective for budget-conscious research institutes, built on open source software to provide transparency, and available in every region where sovereign models need to run.

Intel-powered EC2 instances meet all three requirements. Intel Xeon processors are available across the full spectrum of AWS deployment options: AWS Regions worldwide, AWS Local Zones for low-latency metropolitan deployments, and AWS Outposts for on-premises workloads that must remain within national boundaries. This broad availability means Public AI can replicate its inference architecture in new jurisdictions without re-engineering the stack. Each European research institute can select the deployment model that fits its sovereignty, latency, and regulatory requirements while running the same Intel Xeon-based infrastructure underneath.

For smaller language models—the 8B-parameter class that many sovereign initiatives produce—Intel-powered EC2 R8i instances offer a cost-effective alternative to specialized AI accelerators. R8i instances deliver up to 40% higher performance on deep learning inference workloads compared to the previous R7i generation, reducing total cost of ownership while providing ample compute for production inference. The open source ecosystem around Intel architecture, including optimized LLM serving with vLLM on Intel, lets research institutes deploy standardized inference frameworks without licensing fees or proprietary dependencies.

Conclusion

Since its launch, the Public AI Inference Utility has served thousands of active users daily and sustained thousands of concurrent users at peak—researchers, developers, public institutions, and enterprises exploring what a sovereign, multilingual LLM can do for their use cases. That sustained demand confirms that the architecture built on Amazon EKS, Intel-powered EC2 instances, and other AWS services can handle real-world production traffic while maintaining performance, security, and data residency.More importantly, the Apertus deployment established a repeatable blueprint. As governments and research institutes continue to train open-weight models—each with their own language coverage, compliance requirements, and sovereignty constraints—the need for a turnkey inference layer grows. Public AI, powered by AWS infrastructure and Intel’s broadly available Xeon-based compute, is positioned to onboard new models quickly, deploy them within the required jurisdictions, and give organizations an immediate path from published weights to usable API endpoints.Organizations evaluating sovereign LLM deployment can get started in three places:

Try the live Apertus endpoint at Public AI to see what the model can do.
Review the Intel Xeon for small language model inference guide and Amazon EC2 R8i instance documentation to evaluate the compute layer for your own model.
Contact your AWS account team to discuss reference architectures for your jurisdiction.

The blueprint Public AI established for Apertus is ready to onboard the next sovereign LLM, whichever country, language, or research institute it comes from.

Intel – AWS Partner Spotlight

Intel and Amazon Web Services (AWS) have collaborated for over 20 years to develop flexible technologies and software optimizations tailored for critical enterprise workloads. This collaboration allows our AWS Partners to help their customers migrate and modernize their applications and infrastructure to manage cost and complexity, accelerate business outcomes, and scale to meet current and future computing requirements.

Contact Intel | Partner Overview | AWS Marketplace

Unified Secrets Security with GitGuardian and AWS Secrets Manager

Nic Gumina — Tue, 09 Jun 2026 21:48:03 +0000

By: Pierre Le Clezio, Lead Product Manager – GitGuardian
By: Nic Gumina, Senior Security Consultant – AWS
By: Manu Chandrasekhar, Senior DevOps Consultant – AWS
By: Dan Parlin, Security Consultant – AWS

The rise of AI coding assistants and Model Context Protocol (MCP) servers, which provide AI tools with access to external data sources, has accelerated the secret management challenge as developers increasingly share configuration files and context with AI tools that inadvertently expose sensitive credentials. API keys, access tokens, and credentials end up in Git repositories and continuous integration and continuous delivery (CI/CD) logs. While organizations invest in secrets management solutions like AWS Secrets Manager—a fully managed service for storing, rotating, and retrieving credentials—security teams still face a fundamental challenge: you can’t secure what you can’t see.

Organizations lack answers to critical questions. They don’t know which vaulted secrets have been exposed in code, whether developers have shared credentials through AI tool configurations, how many duplicate credentials exist across accounts, or how many orphaned secrets remain that no application uses.The visibility gap leads to:

Credential exposure: Hardcoded secrets in version control systems create attack vectors that persist even after rotation
Secret sprawl (the uncontrolled proliferation of credentials across systems): Duplicate credentials across accounts expand your attack surface
Compliance gaps: Inability to track secret lifecycles undermines audit requirements
Remediation delays: Without correlation between secret inventory and code exposure, security teams lack the context to prioritize and act quickly.

With multi-account AWS architectures, the need for unified visibility becomes critical. Without it, duplicate credentials and orphaned secrets across accounts go undetected, leaving attack surfaces unaddressed. Organizations need more than just a vault. They need visibility across the entire secret lifecycle, from developer workstations to production environments.

GitGuardian and AWS Secrets Manager

GitGuardian is an AWS Partner specializing in non-human identity (NHI) security, which focuses on protecting machine credentials such as API keys, service accounts, tokens, and secrets management. GitGuardian can be integrated with code repositories, container registries, package registries, documentation platforms, and messaging channels. GitGuardian’s integration with Secrets Manager addresses the visibility challenge that organizations face by bridging the gap between your secret vault and your code. This post focuses on deriving the usage context by integrating Secrets Manager with GitGuardian’s cross-repository scanning capabilities. The following figure illustrates GitGuardian’s key capabilities across the secrets security lifecycle, from detection and remediation to NHI governance.

Figure 1: GitGuardian key capabilities

The key component that makes these capabilities possible is ggscout, GitGuardian’s external collector that safely catalogs secrets from Secrets Manager and correlates them with exposed credentials detected across your repositories. ggscout uses the Hashed Message Secret Lookup (HMSL) protocol, a cryptographic hashing approach that converts secrets into secure fingerprints locally within your AWS infrastructure. Because only anonymized fingerprints leave your environment, your actual secrets remain within your AWS infrastructure. Only hashed fingerprints and metadata are transmitted to GitGuardian, maintaining your security posture and compliance requirements while enabling secret correlation and exposure analysis. For most environments, ggscout can run on an Amazon Elastic Compute Cloud (Amazon EC2) t3.small instance, keeping operational costs minimal.

Key capabilities

Using GitGuardian and the Secrets Manager integration, enables teams to gain continuous visibility and control over their secret’s lifecycle. Here are the key capabilities you get from this integration:

Detect vaulted secret exposures: This capability identifies when secrets stored in Secrets Manager have been exposed in code. When integrated with your organization’s source control systems, GitGuardian’s platform continuously monitors them across both internal repositories and public-facing code and correlates any detected credentials against your Secrets Manager inventory. When a developer accidentally commits a credential that’s already vaulted, you get an immediate alert with full context: which secret was exposed, where it appeared, and whether it’s visible internally or on the public internet. This transforms a raw “secret detected” alert into actionable intelligence, so you can prioritize your response based on the actual scope of exposure.
Prioritize incident response: Not all secrets pose equal risk. You prioritize remediation based on exposure severity (public compared to internal), sensitivity level, usage context, and rotation status. Knowing which systems depend on the secret, when it was last rotated, and what level of access it grants is crucial for prioritizing remediation. The information about which systems depend on the secret, when the secret was last rotated, and level of access the secret grants you is crucial in making that decision. For instance, a publicly exposed production database credential requires immediate rotation, while a development API key in a private repository might be scheduled for the next sprint.
Identify secret sprawl across AWS accounts: Multi-account AWS architectures are a best practice for security and organizational boundaries, but they hide duplicate secrets across account boundaries. You gain visibility into identical credentials stored across multiple AWS accounts and unused secrets to decommission. By identifying duplicate secrets, you can consolidate credentials, reduce your attack surface, and simplify attack surface.
Track remediation progress: GitGuardian’s remediation tracking gives incident managers real-time visibility into the remediation status from pull requests, making it straightforward to monitor code fixes from initiation through PR merge. Teams can streamline the entire secrets remediation lifecycle: tracking pending fixes, verifying secret removal, and confirming pull request activity, all from a single, collaborative workflow.
Establish continuous governance policies: You can implement rotation policies to identify secrets that haven’t been rotated within your policy time frame, set customizable thresholds to flag long-lived credentials, and automatically surface orphaned secrets for review, turning secrets management from a reactive cleanup into a continuous, policy-driven process.

Prerequisites

Before starting the implementation, ensure you have the following in place:

An AWS account with appropriate AWS Identity and Access Management (IAM) permissions for Secrets Manager access (cross-account read access if using multi-account architecture)
A GitGuardian account and API credentials (sign up at GitGuardian)
Deployment infrastructure: Amazon EC2 (t3.small or larger), Amazon Elastic Kubernetes Service (Amazon EKS) cluster, or Docker environment
IAM permissions for cross-account Secrets Manager read access (if scanning multiple accounts)
Source control systems to connect to GitGuardian for code scanning
AWS Command Line Interface (AWS CLI) installed and configured (required for Amazon EC2 and AWS EKS deployment methods)

Implementation roadmap

When your organization wants to introduce a continuous governance process using GitGuardian, use the following phased approach.

Note: The resources deployed in this implementation (Amazon EC2 instances, Amazon EKS clusters, and AWS Lambda functions) will incur AWS charges. Review the pricing pages for Amazon EC2, Amazon EKS, and AWS Lambda to estimate costs for your environment. Remember to clean up resources when no longer needed to avoid ongoing charges.

Phase 1 – Deployment (1–2 days): Deploy ggscout in your AWS environment using your preferred deployment method: Amazon EC2 instance based, Docker containers for containerized environments, or using Helm charts in an Amazon EKS cluster. Connect ggscout to your GitGuardian account.

Deployment guide: Deploy ggscout to your preferred environment. For detailed deployment steps, see the ggscout documentation. Key configuration parameters include your GitGuardian API token, AWS Region, and Secrets Manager access credentials.

Verification: Verify deployment by checking that ggscout successfully connects to GitGuardian (check logs for connection confirmation) and completes the initial scan (verify that scan completion status in the GitGuardian dashboard shows all configured accounts).

Phase 2 – Assess (2–3 days): Configure read-only access to Secrets Manager across your accounts. Run your initial scan to catalog all secrets and their metadata. Review the baseline report to understand your current secret landscape. The total number of secrets in your AWS environment, their age distribution, rotation status, and any immediate red flags like secrets older than your policy allows become immediately visible, as shown in Figure 2.

Figure 2: NHI governance with criticality

Phase 3 – Analyze (3–5 days): Review detected exposures that match secrets in Secrets Manager. Identify duplicate secrets across AWS accounts. Prioritize remediation based on exposure severity and secret sensitivity. This analysis reveals which of your vaulted secrets have been exposed in code, where duplicates exist, and which secrets pose the highest risk to your organization. Use this baseline to define or revisit your security tolerance. For example, any public exposure of a production secret requires immediate rotation, while internal exposures in archived repositories can be scheduled.

Analysis guide: For guidance on reviewing scan results and configuring exposure policies, see the GitGuardian NHI governance documentation.

Verification: Confirm analysis completion by verifying that all detected exposures have been reviewed and prioritized in the GitGuardian dashboard.

Figure 3: Tracking secret exposure lifecycle

Phase 4 – Automate (1–2 weeks): Schedule ggscout to run daily or weekly to enable teams to track secret exposure continually, as shown in figure 3. Configure alerts for new exposures of vaulted secrets. Set up automated notifications for secrets approaching rotation deadlines and for re-use of existing secrets as shown in figure 4. After Phase 3 remediation is complete, expand scanning to additional AWS Regions and accounts by deploying ggscout instances or configuring cross-account access. Continuous monitoring detects new exposures as they occur, rather than discovering them weeks or months later during security audits.

Automation guide: For configuring scheduled scans and alert integrations, see the GitGuardian integrations documentation.

Verification: Validate automation by confirming scheduled scans run successfully (check scan history in the GitGuardian dashboard) and test that alerts trigger correctly by simulating an exposure.

Figure 4: Breached policies for secret duplication

Phase 5 – Monitor (ongoing): By tracking KPIs such as time-to-remediation and rotation compliance rate, teams can move beyond reactive cleanup and start identifying trends across their secrets posture. These metrics simplify identifying recurring gaps, measure improvement over time, and continuously refine governance policies based on real incident data. You can view this metrics using the GitGaurdian monitoring dashboard, as shown in the following figure.

Figure 5: GitGuardian monitoring dashboard overview

Clean up resources

To avoid incurring ongoing AWS charges, delete or decommission all resources created during implementation when they are no longer needed. Follow these steps:

Stop and terminate Amazon EC2 instances running ggscout: Navigate to the Amazon EC2 console, select the instances, and choose Instance state and then choose Terminate instance.
Remove the Helm release by running helm uninstall ggscout.
Delete the EKS cluster based on your provisioning method (infrastructure as code, eksctl, or manually from the console )
Remove Lambda functions created for automated remediation workflows by navigating to the Lambda console and deleting each function associated with the integration.
Delete any associated IAM roles and policies created for ggscout access, including cross-account roles used for Secrets Manager read access. Review and remove these from the IAM console.

Conclusion

The combination of AWS Secrets Manager and GitGuardian gives you visibility and automation across the secret’s lifecycle, from creation to usage to rotation to decommissioning. By integrating GitGuardian with Secrets Manager, organizations gain continuous visibility into their secrets security posture, detecting exposures as they occur and establishing governance policies that prevent future incidents.You now have the visibility and governance controls to build a unified secrets security strategy. Start by deploying ggscout, running your initial scan, and reviewing the baseline report.After initial deployment, extend the integration with these next steps:

Implement automated remediation workflows: Use GitGuardian webhooks with Lambda to trigger automatic secret rotation when exposures are detected, reducing mean time to remediation.
Integrate with your incident response pipeline: Connect GitGuardian alerts to your existing SIEM, ticketing, or ChatOps tools to embed secrets incidents into your established workflows.

For more information and detailed deployment guides, explore these resources:

GitGuardian – AWS Partner Spotlight

GitGuardian is an AWS Partner specializing in NHI security and secrets management, providing end-to-end solutions from secrets detection in code to remediation, observability, and proactive prevention of leaks.

Contact GitGuardian | Partner Overview | AWS Marketplace

Automate compliance session review with Teleport and Amazon Bedrock

JP Boreddy — Mon, 08 Jun 2026 20:45:34 +0000

By: Ben Arent, Director of Product – Teleport
By: JP Boreddy, Senior Solutions Architect – AWS

Teleport

Compliance frameworks such as SOC 2, PCI DSS, FedRAMP, and HIPAA require organizations to record and review interactive infrastructure sessions. But manual review is difficult to sustain at volume, so not everything that is recorded is fully analyzed.

Teleport, an AWS Partner and AWS Marketplace seller, provides identity-aware access management for infrastructure. It delivers unified, zero-trust access (requiring verification for every access request) to Amazon Web Services (AWS) resources through certificate-based authentication, automated auditing, and just-in-time provisioning (which grants access only when needed and for limited duration).

Teleport Identity Security and Amazon Bedrock, a fully managed service that makes foundation models (FMs) available through a unified API, make review compliance sustainable at scale. Together, they automatically summarize, classify risk, and alert on SSH, Kubernetes, and database sessions. Session recordings can become actionable security intelligence instead of an unwatched compliance artifact.

Why session reviews matter

Recording sessions without analyzing them still carries cost. Organizations accumulate thousands of hours of recordings that satisfy the mandate of SOC 2, PCI DSS, FedRAMP, and HIPAA to capture certain required data. However, the requirement to review this data becomes a staffing problem. Some teams dedicate multiple full-time employees to watching playback. Standing session review is the equivalent of standing privileges: persistent, costly, and poorly matched to actual risk. In the same way that just-in-time access replaced persistent permissions, automated analysis can replace persistent human review, letting reviewers jump straight to the moments that matter. The question shifts from “did someone watch this?” to “did anything in this session require attention?” That’s the issue Teleport and AWS address together: turning a compliance artifact that accumulates cost into security intelligence that drives action, without adding headcount.

The following screenshot shows a Teleport SSH session on an Amazon Elastic Compute Cloud (Amazon EC2) instance, capturing an attempt to exfiltrate /etc/passwd.

Figure 1: A Teleport SSH session recording

How it works

The integration between Teleport and AWS follows a four-stage pipeline that transforms raw session recordings into risk-classified audit intelligence. Each stage builds on capabilities inherent in both platforms:

Identity-attributed session recording – Teleport captures interactive SSH, Kubernetes, and database sessions, including structured JSON events and optional enhanced eBPF (Extended Berkeley Packet Filter)-based session recording, from across AWS and self-hosted infrastructure. Recordings are stored with server-side encryption using AWS Key Management Service (AWS KMS), specifically SSE-KMS. Customers can use a customer managed AWS KMS key for additional control over key policies and audit trails, and events are identity-attributed at capture time.
LLM-powered summarization using Amazon Bedrock – When a session ends, Teleport’s inference policy engine evaluates whether it matches configured summarization criteria based on session type, user traits, or resource labels. Matched sessions are sent to Amazon Bedrock, where a foundation model such as Claude by Anthropic in Amazon Bedrock or Amazon Nova 2 Pro (preview) generates a natural-language summary of what occurred. The Teleport Auth Service authenticates to Amazon Bedrock using AWS Identity and Access Management (IAM) roles, with bedrock:InvokeModel permissions scoped to specific model ARNs.
Risk classification – Within the same invocation, Amazon Bedrock assigns a risk classification (Low, Medium, High, or Critical) based on commands executed, signs of obfuscation or encoding, and deviation from expected behavior. Risk scores describe session activity, not the operator, and order human review rather than drive automated decisions. Classifications are emitted as structured audit events. The following is a screenshot of an SSH session recording showing detection of an AWS credential exfiltration attempt.
Audit events and security information and event management (SIEM) integration – Teleport emits the summary and risk level as structured audit events alongside the original session metadata. These events flow through Teleport’s audit log export to existing SIEM tools such as Splunk, Elastic, or Amazon Security Lake. Security teams can then build alerts (for example, triggering an incident response workflow whenever a Critical-risk session involves a production database) without ever manually reviewing a recording.

Figure 2: An SSH session recording showing detection of an AWS credential exfiltration attempt

The following steps describe how Teleport AI session summaries are generated:

A user logs into Teleport using the tsh command line interface (CLI) to start a session.
Teleport proxies the connection to Amazon EC2 over SSH.
Teleport audits and records the SSH session, storing the recording as a TAR file.
After the session, the Teleport auth server processes the recording and forwards it to the AI summarization layer.
Teleport’s identity security module authenticates the request and passes it to Amazon Bedrock, which categorizes the session and generates a timeline using an inference policy that selects models based on session kind and user traits.
The resulting session summary is uploaded back to storage alongside the original recording.

The following architecture diagram shows an overview of the Teleport and Amazon Bedrock session review pipeline.

Figure 3: Architecture diagram

Why Amazon Bedrock

Session recordings contain sensitive data such as commands, host names, and output that might include credentials or internal system details. A key reason organizations choose Amazon Bedrock is that inference happens entirely within the customer’s AWS account. On-demand inference doesn’t use customer inputs or outputs to train or improve FMs, and no data is shared with third parties. Invocations of bedrock:InvokeModel are logged to AWS CloudTrail, giving security teams an audit trail. Together, Teleport and Amazon Bedrock help session analysis inherit the same security controls as session recording.

Teleport captures the session, and the Amazon Bedrock InvokeModel API analyzes it, so that data stays in the customer’s AWS account in the selected AWS Region. Together, these layers provide defense in depth:

Teleport enforces TLS 1.2 or higher to encrypt data in transit end to end.
IAM controls which FMs can be invoked.
AWS KMS handles encryption-at-rest keys.
AWS PrivateLink is designed to keep recordings from traversing the public internet for inference.
Pair AWS PrivateLink to Amazon Bedrock with Amazon Virtual Private Cloud (Amazon VPC) endpoints for AWS Security Token Service (AWS STS) and AWS KMS to keep the inference path off the public internet.

This shared security posture helps organizations meet the requirements of compliance frameworks that typically mandate session recording. These include SOC 2, PCI DSS, FedRAMP, and HIPAA-eligible workloads when a Business Associate Addendum (BAA) is in place. Data residency stays within the customer’s chosen Region.

Prerequisites

Before you begin, confirm you have the following in place:

A Teleport Enterprise Cloud account (a Teleport Identity Security free trial is available)
An AWS account with Amazon Bedrock access in a supported Region
IAM permissions to create and modify IAM roles and policies, including bedrock:InvokeModel
Basic familiarity with IAM roles and trust policies

Walkthrough: Configure integration between Teleport and Amazon Bedrock

In this section, you configure the integration between Teleport and Amazon Bedrock to automatically summarize and risk-classify your infrastructure sessions. By the end, you have a working pipeline that generates AI-powered summaries for SSH, Kubernetes, and database sessions.

An inference model resource tells Teleport which Amazon Bedrock FM to use for analysis. The inference policy acts as a filter, determining which sessions trigger AI summarization based on criteria like user role, resource type, or session duration. Together, these configurations control both the analysis engine and when it runs. Complete these high-level steps:

Start with Teleport Enterprise Cloud – Teleport Enterprise Cloud provides a default configuration for Enterprise Cloud customers. Sign in to your Teleport cluster and verify you have a role with permission to create inference resources.
Define the inference model resource – In Teleport, create an inference model resource that specifies your Amazon Bedrock FM Amazon Resource Name (ARN) and the IAM role the Teleport Auth Service will assume (configured in step 4).
Create the inference policy – Define an inference policy that controls which sessions are summarized and at what scope. You can filter by session type, user traits, or resource labels.
Configure the IAM policy in AWS – Create an IAM policy with bedrock:InvokeModel permissions scoped to your chosen inference model ARN. Attach it to the Teleport Auth Service’s IAM role. For the specific IAM policy JSON and various configuration options, refer to the Teleport Session Recording Summaries documentation.

For the full configuration walkthrough, refer to the Teleport Session Recording Summaries documentation and the official Amazon Bedrock documentation.

Verification

To verify the integration is working correctly:

Start a test SSH session to a configured resource.
Run a few commands and end the session.
Navigate to the Teleport audit session recordings and confirm the corresponding recording tile with a summary button.
Check the summary by choosing the summary button.
Validate the session is discoverable using Session Recording Search.

Conclusion

Compliance frameworks require you to record sessions as well as understand what happened in them. For most organizations, that understanding has depended on manual review: someone watches playback, writes a summary, and flags anything unusual. It’s manageable at small scale but becomes impractical when you’re recording thousands of sessions a month across SSH, Kubernetes, and database infrastructure. Together, Teleport Identity Security and Amazon Bedrock make compliance review sustainable at scale. The four-stage pipeline (record, summarize, classify, and alert) turns each qualifying session recording into a structured, risk-scored event that flows directly into your existing security tools. Sessions that need attention get flagged. Sessions that don’t need attention still get documented. Auditors get evidence that helps customers demonstrate the session-review expectations of SOC 2, PCI DSS, FedRAMP, and HIPAA where those frameworks apply to the customer’s program. The architecture keeps sensitive session data within your AWS environment. Amazon Bedrock is invoked through your own account, and network controls such as AWS PrivateLink help prevent recordings from traversing the public internet for inference.

Disclaimer: This content is provided for informational purposes. It is not a turnkey production deployment. You should work with your security and legal teams to meet your organizational security, regulatory, and compliance requirements before deploying.

Teleport is available in AWS Marketplace, where you can consolidate billing through your existing AWS account. You can also start a free trial to explore session recording summaries and the full Identity Security platform in your own environment. For detailed setup instructions, consult the Teleport session summaries documentation.

For related reading, refer to AWS Security Blog posts and Video security analysis for privileged access management using generative AI and Amazon Bedrock on the AWS Blog.

Teleport – AWS Partner Spotlight

Teleport is an ISV Accelerate AWS Partner, providing identity-native infrastructure access for SSH, Kubernetes, databases, and applications. Teleport replaces legacy access tools with a unified platform that enforces identity-based, zero-trust access across cloud and on-premises environments for both human and non-human identities.

Contact Teleport | Partner Overview | AWS Marketplace

Hybrid cloud from data gravity to business agility with Cloudera on AWS

Tamara Astakhova — Tue, 02 Jun 2026 17:04:11 +0000

By: Attila Kanto, Senior Director, Engineering, R&D – Cloudera
By: Tushar Sharma, Senior Product Manager, R&D – Cloudera
By: Peter Darvasi, Principal Engineer, Public Cloud, R&D – Cloudera
By: Tamara Astakhova, Sr. Partner Solutions Architect – AWS

Cloudera

In financial services, the Digital Operational Resilience Act (DORA) and the EU Data Act have created an innovation gap. Multi-petabyte data lakes remain on premises because of compliance risks, while advanced AI capabilities like Amazon Nova, Amazon Bedrock AgentCore, and P5/P6 GPU instances are available only in the cloud. Financial institutions can’t apply state-of-the-art cloud AI to their data, leaving them unable to stop the newest fraud events in real-time.

In this post, we introduce hybrid elasticity, a zero-migration data access model that decouples data residency from compute elasticity, transforming your data center into a dynamic hybrid data hub with on-demand cloud scale.

The zero migration data access hybrid architecture

Cloudera and Amazon Web Services (AWS) collaborate to offer a zero-migration burst capability using accelerated computing. The concept is straightforward. Your steady-state workloads and data remain securely in your on-premises data center. Peak demand is offloaded to ephemeral cloud compute resources for generative AI inference, fraud detection, or stress testing.

Our unique value proposition is that this model allows compute resources to access datasets in-place within a workload context.

Zero-migration agility means you avoid the cost, compliance risk, and potential data sovereignty breach associated with moving petabytes of data or rewriting applications.

Data residency means your authoritative data never leaves the on-premises environment. Cloud instances access it securely through high-speed AWS Direct Connect links, process it in memory or temporary storage (NVMe-based storage), and write results back. By using this zero-copy approach, you can minimize compliance footprint and eliminate duplicate storage costs.

Governance parity keeps your security context and data asset lineage centralized on premises through Cloudera Shared Data Experience (SDX), which extends automatically to the cloud.

The business benefits are immediate, including reduced operational costs, enhanced data security, and improved agility. You achieve this without rewriting applications, managing a full migration, or maintaining data-replication pipelines.

How AWS and Cloudera make this possible

The collaboration between Cloudera and AWS combines Cloudera’s unified data platform with the elastic infrastructure of AWS to deliver cloud elasticity without sacrificing on-premises security and governance.

Cloudera’s unified runtime across on-premises and cloud deployments uses identical service versions on both. This provides workload portability by default, so workloads run in the cloud without costly refactoring.

Cloudera’s centralized security and governance is another significant business enabler. With the Cloudera platform, you don’t duplicate or rebuild your security policies. Shared Data Experience (SDX) extends your existing on-premises security and governance framework directly to your cloud compute jobs.

Consistent authentication and authorization means users accessing data from the cloud have the same permissions as they do when accessing data from on premises, authorized and audited by Apache Ranger.

Consistent lineage preserves data lineage from hybrid workloads in on-premises Apache Atlas right alongside your on-premises jobs.

Enhanced control means that you can apply stricter, context-aware policies, such as geo-location-based rules limiting data access from the cloud network or automatically masking sensitive columns only when a cloud-based application accesses them.

AWS provides the infrastructure with on-demand, elastic compute and networking capabilities, making this model economically viable.

By using elastic compute, you can instantly provision elastic compute resources (including cost-efficient AWS EC2 instances powered by AWS Graviton) for compute-heavy workloads like Apache Spark, Hive, or Impala, processing data in memory or on temporary high-speed storage (NVMe volumes on AWS) on top of Cloudera Data Hubs, which you decommission immediately when finished.

Secure connectivity comes through AWS Direct Connect, which provides high-bandwidth, low-latency, and secure network connectivity between the on-premises data and the AWS Cloud.

The following diagram shows how Cloudera’s cloud compute on AWS accesses on-premises data directly through Direct Connect. Through this architecture, financial institutions can keep sensitive data on premises for compliance while running real-time fraud detection and AI workloads in the cloud. Data teams can launch new analytics projects in hours instead of months without costly migration or replication.

Figure 1 – Cloudera and AWS zero-migration data access architecture

Together, Cloudera provides the unified security and governance layer, and AWS supports the elastic compute and network connectivity. This combination enables job offloading while maintaining consistent security and policy enforcement.

The new Cloudera Hybrid Data Hub provides on-demand cloud compute with secure access to datasets from associated on-premises clusters within a workload context.

Real-world application: Weekend fraud crisis

To understand the strategic impact of the zero-migration data access hybrid architecture, consider the following composite scenario inspired by challenges faced by Tier 1 banks. On Friday afternoon at a global financial services firm, a fraud detection specialist detects a sophisticated new fraud pattern. Someone is generating a huge number of synthetic identities. These fake personas, generated by AI, are highly convincing and bypass the bank’s existing rule-based fraud detection system. To address the threat, the data science team needs to retrain its massive fraud-detection model, combining high-velocity transaction data from the last 5 days with historical data from the last 10 years. However, the bank’s on-premises cluster is already running at 95% capacity processing standard end-of-week regulatory reports. There are no compute resources left on premises to perform the retraining process.

Traditionally, they have two options. Wait until Monday—when computing resources become available—to run the process, giving the unauthorized user an additional 60 hours to continue their activity. Or attempt to migrate 500 TB of sensitive transaction logs and personally identifiable information (PII) to a public cloud, a process that would take significant time and trigger a compliance audit.

Instead, by using Cloudera’s zero-migration data access capabilities on AWS, engineers can transform this bottleneck into business agility.

On-demand elasticity means they can spin up Amazon Elastic Compute Cloud (Amazon EC2) compute instances on AWS instantly to handle the workload without waiting for local hardware availability.

Sovereign access means these instances connect securely to the on-premises data lake to process sensitive data in-place without permanently moving regulated information off-site.

Extended on-premises governance uses the same Apache Ranger policies and Apache Atlas lineage from the home data center to maintain full auditability across environments.

Context-aware protection supports applying stricter policies, such as column-level masking, specifically when data is accessed by cloud-based applications.

Zero-waste efficiency means cloud resources are decommissioned the moment a job finishes, so the company pays only for the compute used while avoiding the cost of idle on-premises infrastructure.

The fraud detection model is retrained within 4 hours and new scenarios are created and deployed to the rule-based fraud detection system to support proper real-time alerts. This addresses the emerging fraud event. By reducing the complex task of retraining a fraud model from 2.5 days to a few hours. They have significantly accelerated their time-to-value, safeguarding both financial assets and brand reputation.

Conclusion

With Cloudera’s hybrid data platform on AWS, you finally have the flexibility to burst to the cloud on your own terms. You gain immediate business advantage from autoscaling cloud compute without rewriting applications, managing full migration costs and risks, or building new data pipelines. It creates a strategic bridge giving your critical workloads the power they need, when they need it, while keeping data and governance under your control.

Discover which of your workloads are ready for hybrid execution by reading our in-depth benchmark analysis on hybrid performance under bandwidth constraints. Learn more about Cloudera Hybrid Data Hubs and contact Cloudera today for a hybrid workload assessment.

Cloudera – AWS Partner Spotlight

Cloudera is an AWS Advanced Partner with AWS Data & Analytics and AI Software Competency that that provides a fast, easy, and secure platform to help customers use data to solve demanding business challenges.

Contact Cloudera | Partner Overview | AWS Marketplace

Bring context from the physical world to AI with Wherobots on AWS

Ragib Ahsan — Mon, 01 Jun 2026 21:38:39 +0000

By: Damian Wylie, Head of Product – Wherobots
By: Ben Pruden, Head of Go-to-Market – Wherobots
By: Damion Harrylal, Senior Solutions Architect – AWS
By: Ragib Ahsan, Worldwide AI Acceleration Architect II – AWS

Wherobots

Generating context for AI systems to interpret the physical world on Amazon Web Services (AWS) is a data problem. An insurer needs to reprice wildfire policies using satellite burn boundaries joined with building footprints and weather patterns. A logistics team needs to reroute deliveries using real-time road and storm data. The spatial data for these use cases exists in Amazon Simple Storage Service (Amazon S3) data lakes and publicly available sources, but the complex spatial data processing operations required to make it AI-ready—coordinate transformations, raster imagery joins, and specialized spatial functions such as geostatistics, go beyond what general-purpose analytical systems were designed to handle.

In this post, we show you how to use Wherobots on AWS to turn raw spatial data into AI-ready context. You will see how customers like Leaf Agriculture, SatSure, and Aarden apply Wherobots’ capabilities in production, and find out how to get started.

AWS customers can easily utilize Wherobots to bridge the gap from raw data to context that AI can utilize, at any scale. You can process county-to-global scale spatial data stored in Amazon S3 into context that today’s AI systems can reason about, using a distributed query engine, inference pipelines, and integrations with agents. For the insurer in the wildfire scenario, this means going from raw satellite imagery to a risk-scored portfolio overlay in hours rather than weeks, without building custom infrastructure.

Rise in demand for physical world intelligence

Risk assessment, route optimization, and land monitoring depend on spatial data that AI systems can consume. For teams building on AWS, the more you are answering physical world questions with spatial data, the more demand you have for spatial infrastructure that can keep pace. According to Gartner, earth intelligence opportunities will exceed $20 billion by 2030. Spatial data processing at this scale requires infrastructure designed for spatial workloads — single-machine systems like PostGIS don’t scale, and general-purpose analytical systems do not support the coordinate reference systems, raster imagery joins, or spatial functions these workloads demand. Two principles should shape your approach to this challenge. First, spatial data should be AI-ready, reduced into actionable spatial context through inference and preprocessing workflows. Second, spatial data should be treated as a core data type in your infrastructure. When infrastructure is built around this data at the start, solutions become faster to build, cost less to run, and teams can innovate on shorter cycles.

How Wherobots grounds AI in the physical world

Building AI that understands the physical world generally requires three capabilities:

Scalable inference on imagery or sensor data
A fast and efficient engine for spatial data processing
Interfaces for agentic use

With Wherobots on AWS, you get these three capabilities running on AWS:

Assess risk faster with scalable inference using RasterFlow

Going back to the wildfire example, assessing risk at scale requires running inference on satellite and drone imagery to detect burned areas, vegetation loss, and structural damage. With RasterFlow, you can go from raw earth observation imagery and sensor data to AI-ready spatial features and earth intelligence. This solution lets you run distributed PyTorch model inference across your satellite and drone imagery on demand, with automatic mosaicking, prediction, and vectorization of results loaded into Apache Iceberg tables stored in Amazon S3.

Join and enrich spatial data at scale with WherobotsDB

After you have vectorized spatial features, you need to join, filter, and enrich them with other datasets to produce actionable context. WherobotsDB handles this at scale with native support for raster, vector, and tabular data operations on a distributed, Spark-based architecture that reads directly from your S3 buckets without copying data (zero-copy).

Wherobots was designed from the ground up for the coordinate transformations, raster imagery joins, and spatial functions these workloads require. As shown in Figure 1, WherobotsDB is the only query engine capable of finishing the SpatialBench queries at a scale factor of 1,000 (SF1000) in less than 10 hours. See the Apache Sedona SpatialBench documentation for full methodology, instance types, and test conditions.

Figure 1 – Apache Sedona SpatialBench query capability matrix

In benchmarks run on comparable AWS instance configurations, spatial operations ran significantly faster in WherobotsDB and at a fraction of the cost compared to the next-closest-performing Spark engine, as shown in Figure 2.

Figure 2 – Apache Sedona SpatialBench aggregated costs at SF1000

Wherobots also led the effort to add native GEO type support to Apache Iceberg, enabling spatial capabilities across an open lakehouse architecture. This means your spatial data can live in the same scalable infrastructure as the rest of your data, reducing vendor lock-in and storage costs.

Query spatial data with AI agents and coding assistants

The Wherobots Model Context Protocol (MCP) server lets large language models (LLMs) and AI agents explore your data lake and lakehouse connected to the Wherobots Data Catalog and other integrated catalogs, generate and run spatial SQL queries, and produce insights from natural language. This brings spatial reasoning into your AI agent workflows through the Spatial AI coding Assistant, so you don’t need to write spatial code. The Wherobots Spatial AI Coding Assistant plugs into integrated development environments (IDEs)—such as Kiro, Visual Studio Code, and Cursor—pairs your LLM with the Wherobots MCP server to understand the spatial context of datasets in Amazon S3, transforming natural language into code that runs on WherobotsDB.

How Wherobots runs on AWS

Wherobots integrates natively with the AWS services your teams already use, so you can keep your existing security model, governance, and billing in place.

Storage. Reads from and writes to Amazon S3 using private connectivity and AWS Identity and Access Management (IAM) role-based access control. Wherobots writes results as Apache Iceberg tables directly to S3.

Deployment. Deploy Wherobots in a VPC within your own Amazon Virtual Private Cloud (Amazon VPC) for full network isolation (in-VPC deployment) or run it serverless with no infrastructure to manage.

Data governance. Wherobots integrates with AWS Glue (including the Data Catalog) or Databricks Unity Catalog on AWS for unified governance across spatial and non-spatial assets.

Orchestration. Integrates with Apache Airflow, including Amazon Managed Workflows for Apache Airflow (Amazon MWAA).

AI and imagery. RasterFlow runs entirely on AWS, running inference on imagery in Amazon S3 and writing vectorized results back as Iceberg tables.

Wherobots is available through AWS Marketplace with consolidated billing. AWS Marketplace simplifies discovery and deployment and gives you a single place to manage software procurement alongside your AWS spend.

Architecture overview

As shown in figure 3, Wherobots fits into your existing AWS data architecture as a specialized compute engine within Amazon VPC, using IAM-based access controls.

Figure 3 – Wherobots on AWS architecture

Figure 4 shows an example data pipeline used by AWS and Wherobots customers to create AI context for the physical world, commonly including Amazon Relational Database Service (Amazon RDS) for PostgreSQL in the gold layer for low-latency application serving.

Figure 4 – Example data pipeline frequently used by AWS and Wherobots customers for creating context about the physical world on AWS

Customers building a physical world AI with Wherobots and AWS

Leaf Agriculture provides a unified API and query layer across over 60 machine and tractor telemetry types, covering millions of acres of farmland globally. Partnering with AWS and Wherobots, Leaf deployed a modern spatial data stack that is fast and cost-efficient.

“Previously, our data volumes and processing requirements were increasing faster than we could keep up with, burdening our team with costly rebuilds. Now with Wherobots on AWS, not only can we easily scale to millions of acres, we also can rest assured that our costs won’t spiral out of control.”

– G. Bailey Stockdale, CEO, Leaf Agriculture

SatSure uses satellite data and AI across agriculture, banking, financial services, and infrastructure. Using RasterFlow, SatSure runs distributed inference on satellite imagery at scale, vectorizing predictions into Iceberg tables for downstream analysis.

“RasterFlow meaningfully accelerates the work SatSure and Wherobots already do together. By automating mosaicking, preprocessing, and distributed inference into a single, on-demand workflow, it removes much of the engineering overhead required to operationalize our models at national and multi-season scale.”

– Rashmit Singh, CTO, SatSure

Aarden.ai, founded by former Zillow data infrastructure engineers, uses Wherobots to combine parcel-level data with land cashflow intelligence and feed AI models that build prospectuses far faster than traditional approaches.

“Spark is incredibly powerful, but it’s also a huge learning curve. Wherobots shortened the painful part of Spark and gave us production-grade scalability without having to babysit clusters. We were able to accelerate our spatial data processing from over 7 days to less than 30 minutes, a 300x improvement.”

– Ben Hudson, Co-founder and Head of Applied Science, Aarden.ai

Getting started

Get started using a free trial by subscribing to Wherobots through the AWS Marketplace. You can then continue with on-demand usage and consolidated billing. Visit wherobots.com for documentation, tutorials, and use case examples, or contact the Wherobots team to schedule a technical discussion or demo.

Wherobots – AWS Partner Spotlight

Wherobots is an AWS Partner and the AI Context Engine for the Physical World, offering purpose-built spatial data and AI infrastructure running natively on AWS. Founded by the original creators of Apache Sedona (over 70 million downloads), Wherobots is 3 times faster and delivers up to 45% better price-performance than most alternatives. From startups to enterprises, organizations use Wherobots to build AI systems that understand the physical world, processing petabyte-scale spatial data into operational intelligence across financial services, insurance, energy, agriculture, logistics, telecommunications, and more.

Contact Wherobots | Partner Overview | AWS Marketplace

Say Hello to 169 New AWS Competency Partners Added in May

Nick Paris — Mon, 01 Jun 2026 17:50:31 +0000

By Nick Paris, APN Marketing Manager – AWS Partner Network

The AWS Partner Network (APN) is a global community that leverages Amazon Web Services (AWS) technologies, programs, expertise, and tools to build solutions and provide services for customers.

The APN has more than 130,000 partners from over 200 countries, with 70% headquartered outside of the United States. Together, partners and AWS provide innovative solutions, solve technical challenges, win deals, and deliver greater customer value.

To achieve APN specializations such as AWS Competency, AWS Service Delivery, AWS Service Ready, and AWS Managed Service Provider (MSP), organizations must undergo rigorous technical validation and assessment of their AWS solutions and practices.

NEW! AWS Competency Partners

To succeed with cloud adoption in today’s complex IT environment and continue to advance in the future, customers can team up with an AWS Competency Partner.

The AWS Competency Program validates and promotes AWS Partners with demonstrated technical expertise and proven customer success in specialized areas across industries, use cases, and workloads. Guidance from these skilled professionals can lead to better business and bigger results.

Team up with our newest AWS Competency Partners:

AWS Advertising and Marketing Technology Competency

Sigmoid | NAMER | Ad Platforms; Audience & Customer Data Management

AWS AI Competency

A&I Solutions | NAMER | Generative AI Consulting Services
A&I Solutions | NAMER | Agentic AI Consulting Services
ADL Digital Lab | LATAM | Generative AI Consulting Services
Alpha Data PJSC | EMEA | Agentic AI Consulting Services; Generative AI Consulting Services
Andersen | NAMER | Generative AI Consulting Services
AppSquadz Software | NAMER | Generative AI Consulting Services
apser | EMEA | Agentic AI Consulting Services
Artefact | EMEA | Agentic AI Consulting Services; Generative AI Consulting Services
Arthurite Integrated Solutions | EMEA | Agentic AI Consulting Services; Generative AI Consulting Services
Avahi | NAMER | Agentic AI Consulting Services; Generative AI Consulting Services
Blend | NAMER | Agentic AI Consulting Services
BRQ | NAMER | Agentic AI Consulting Services; Generative AI Consulting Services
Chaos Gears | EMEA | Agentic AI Consulting Services
Cloud&Cloud – Yonetim.Academy | EMEA | Generative AI Consulting Services
CloudSoftway | EMEA | Agentic AI Consulting Services; Generative AI Consulting Services
CloudStok Technologies | APAC | Generative AI Consulting Services
CloudZenia | APAC | Agentic AI Consulting Services
Cognetiks Consulting | EMEA | Agentic AI Consulting Services
Cognitivo AI | LATAM | Agentic AI Consulting Services
Corley | EMEA | Agentic AI Consulting Services; Generative AI Consulting Services
Daus Data by Matica Partners | EMEA | Generative AI Consulting Services
DevOpsGroup | EMEA | Generative AI Consulting Services
DG Global Technology | APAC | Generative AI Consulting Services
Ecloudvalley | China | Agentic AI Consulting Services
Eficens Systems | NAMER | Agentic AI Consulting Services
ETECH SYSTEM | APAC | Agentic AI Consulting Services
Fission Labs | NAMER | Generative AI Consulting Services
GOStack | EMEA | Generative AI Consulting Services
HCLTech | NAMER | Agentic AI Consulting Services
iCXeed | NAMER | Generative AI Consulting Services
Indra Sistemas (Minsait) | EMEA | Agentic AI Consulting Services
Intellias | EMEA | Generative AI Consulting Services
ITTStar Consulting | NAMER | Generative AI Consulting Services
JMA Systems | Japan | Generative AI Consulting Services
Kyndryl | NAMER | Agentic AI Consulting Services
Kyobo DTS (Digital Technology Service) | APAC | Generative AI Consulting Services
Lauren Group | NAMER | Agentic AI Consulting Services
Loomsberg Consulting Technology | EMEA | Agentic AI Consulting Services; Generative AI Consulting Services
MadeinWeb | NAMER | Agentic AI Consulting Services; Generative AI Consulting Services
Mayhive | EMEA | Generative AI Consulting Services
Mist Avinya Technologies | APAC | Generative AI Consulting Services
nClouds | NAMER | Agentic AI Consulting Services
Neurons Lab | EMEA | Agentic AI Consulting Services
Noventiq | EMEA | Agentic AI Consulting Services
OpsTree Global (Techprimo) | NAMER | Generative AI Consulting Services
PA Consulting | EMEA | Agentic AI Consulting Services; Generative AI Consulting Services
Point B | LATAM | Generative AI Consulting Services
PT Mastersystem Infotama Tbk | APAC | Agentic AI Consulting Services; Generative AI Consulting Services
Pump | NAMER | Generative AI Consulting Services
RapidScale | NAMER | Agentic AI Consulting Services
Redington Gulf | EMEA | Generative AI Consulting Services
RevStar | NAMER | Agentic AI Consulting Services; Generative AI Consulting Services
Sela Cloud | EMEA | Agentic AI Consulting Services
Steamhaus | EMEA | Generative AI Consulting Services
Stefanini IT Solutions | LATAM | Agentic AI Consulting Services
Successive Technologies | NAMER | Agentic AI Consulting Services
Tech Holding | NAMER | Generative AI Consulting Services
Tribe Networks | EMEA | Agentic AI Consulting Services; Generative AI Consulting Services
V2G Systems | EMEA | Agentic AI Consulting Services; Generative AI Consulting Services
VeUP | NAMER | Agentic AI Consulting Services; Generative AI Consulting Services
West Loop Strategy | NAMER | Generative AI Consulting Services
Whistlemind Technologies | APAC | Generative AI Consulting Services
福州领克狐科技有限公司 | China | Generative AI Applications
高帆破浪科技（浙江）有限责任公司 | China | Generative AI Applications
Agilix Labs | NAMER | Generative AI Applications
Beijing Yun Shi Shu Ju Technology | China | Agentic AI Applications
Bynder B.V. | NAMER | Agentic AI Applications; Generative AI Applications
experienz | EMEA | Generative AI Applications
fxiaoke | China | Generative AI Applications
GAIIFF | NAMER | Agentic AI Applications; Generative AI Applications
iMBrace Limited | China | Generative AI Applications
IntSig Information | China | Generative AI Applications
IntSig Information | China | Agentic AI Applications
ITNIO TECH | China | Generative AI Applications
Krikey AI | NAMER | Generative AI Applications
Neubird | NAMER | Agentic AI Applications
Overcast HQ | EMEA | Generative AI Applications
Pier Cloud | NAMER | Agentic AI Applications
Qlik Technologies | NAMER | Agentic AI Applications
SHOPLAZZA | China | Generative AI Applications
Sonrai Security | NAMER | Agentic AI Applications
Staple AI | APAC | Generative AI Applications
Sumo Logic | NAMER | Agentic AI Applications
TwelveLabs | NAMER | Foundation Models and App Development
Vespa.ai Norway AS | EMEA | Infrastructure and Data
Zixun Info Tech | China | Generative AI Applications

AWS Automotive Competency

Celonis SE | EMEA | Autonomous Mobility; Connected Mobility; Digital Customer Experience; Manufacturing; Product Engineering; Software Defined Vehicle; Supply Chain; Sustainability

AWS Cloud Operations Competency

1cloudstar | APAC | Monitoring & Observability
GoCloud | EMEA | Cloud Governance

AWS Cloud Operations Competency

HIBERUS IT DEVELOPMENT SERVICES | EMEA | Cloud Governance
Viadex | EMEA | Cloud Financial Management

Consumer Goods Competency

Retool | NAMER | IT & Digital Transformation; Manufacturing; Marketing; Product Development; Supply Chain; Unified Commerce

AWS Data & Analytics Competency

Ancrew Global Services | APAC | Consulting Services
Apexon | NAMER | Consulting Services
DataSunrise | NAMER | Data Governance and Security; Data Integration and Preparation
TigerData | NAMER | Data Analytics Platforms

AWS DevOps Competency

allOps Solutions | EMEA | Consulting Services
Base2Services | APAC | Consulting Services
Euristiq | EMEA | Consulting Services
GOStack | EMEA | Consulting Services
Leapfrog Technology | NAMER | Consulting Services
NuVista AI | NAMER | Consulting Services
Oddball | NAMER | Consulting Services
SEC AND DEVOPS AI | APAC | Consulting Services

AWS Digital Sovereignty Competency

Bespin Global Technologies | EMEA | Consulting Services

AWS Education Competency

Anjana Cloud9 Solutions | NAMER | Consulting Services

AWS Financial Competency

Perficient | NAMER | Banking; Capital Markets; General Financial Services; Insurance; Payments
合肥富港盛技术有限公司 | China | General Financial Services

AWS Government Competency

Rocket.Chat | NAMER | Defense & National Security

AWS Life Sciences Competency

Proxima Research | NAMER

AWS Manufacturing and Industrial Competency

Belden | NAMER | Smart Manufacturing; Smart Products and Services; Sustainability

AWS Media & Entertainment Competency

Braze | NAMER | Archive; Broadcast; Content Production; Data Science and Analytics; Direct to Consumer; Media Supply Chain and Archive; Publishing
Firstlight Media d/b/a Quickplay | NAMER | Data Science and Analytics; Direct to Consumer; Media Supply Chain and Archive; Publishing
Reuters Imagen | EMEA | Archive

AWS Migration and Modernization Competency

Ona | EMEA | Low Code and Application Integration
Daiwa Institute of Research | Japan | Migration Services
Elitery | APAC | Migration Services
Evolve Cloud Services | NAMER | Migration Services

AWS Migration and Modernization Competency

Futurecloud Technology | China | Migration Services
Info Services | NAMER | Migration Services; Modernization Services
Invisibl Cloud Solutions | NAMER | Migration Services
Qucoon | EMEA | Migration Services
Teracloud | LATAM | Migration Services

AWS MSSP Services Competency

Optiv Security | NAMER | Incident Response

AWS Nonprofit Competency

Docebo | NAMER | Fundraising and Operations Tools

AWS Resilience Competency

10Pearls | NAMER | Resilience Design
cloudvests | NAMER | Resilience Recovery
Ghaim | EMEA | Resilience Recovery
Mindware FZ | EMEA | Resilience Design

AWS Retail Competency

Commerce Architects | NAMER | Consulting Services
TemaBit | EMEA | Consulting Services
ClickHouse | NAMER | Advanced Data Insights
Meltwater | NAMER | Advanced Data Insights

AWS SAP Competency

Quantum Integrators Group | NAMER | Consulting Services

AWS Security Competency

Bytes | EMEA | AI Security; Application Security; Compliance and Privacy; Data Protection; Perimeter Protection
Digitspot Solutions | EMEA | AI Security; Application Security; Compliance and Privacy; Data Protection; Identity and Access Management; Infrastructure Protection; Perimeter Protection; Threat Detection and Response
Modus Create | NAMER | AI Security
Cloudanix Inc | NAMER | Identity and Access Management
Okta, Inc (acquired Auth0) | NAMER | Identity and Access Management

AWS Small and Medium Business (SMB) Competency

Exabytes | APAC | Small and Medium Business
Graaho Technologies | NAMER | Small and Medium Business
Horus Technologies | NAMER | Small and Medium Business
INCO | LATAM | Small and Medium Business
Licencias Online | LATAM | Small and Medium Business
Meyi Cloud | APAC | Small and Medium Business
Nublit by Domus Global | LATAM | Small and Medium Business
SNS – Saturn Networking Solutions | EMEA | Small and Medium Business

AWS Storage Competency

Adamas Tech Consulting | APAC | Consulting Services
Cognitivo AI | LATAM | Consulting Services
Cygnet.One | APAC | Consulting Services

AWS Telecom Competency

OneByZero | APAC | Communication as a Service (CaaS)

AWS Managed Service Provider Program

Applogika | NAMER | Consulting Services
axcess.io | NAMER | AI Security; Application Security; Compliance and Privacy; Data Protection; Perimeter Protection
Beijing Nancal Ryun Digital Technology | China | AI Security; Application Security; Compliance and Privacy; Data Protection; Identity and Access Management; Infrastructure Protection; Perimeter Protection; Threat Detection and Response
Beijing Tongtian cloud computing | China | AI Security
Benilar | EMEA | Identity and Access Management
CloudiQS | EMEA | Identity and Access Management
Cloudride | EMEA | Small and Medium Business
CTAC | NAMER | Small and Medium Business
HAND Enterprise Solutions | China | Small and Medium Business
Info Services | NAMER | Small and Medium Business
ISV Jen | NAMER | Small and Medium Business
Meyi Cloud | LATAM | Small and Medium Business
SourceFuse | NAMER | Small and Medium Business
Xebia | EMEA | Small and Medium Business

Amazon Connect Delivery Partners

Accenture Federal Services | NAMER | Consulting Services

AWS Glue Delivery Partners

Codex | APAC | Consulting Services
Nusummit Technologies | APAC | Consulting Services

More Value, Greater Profitability for AWS Partners

Our mission is to make the AWS Partner Network (APN) with AWS Marketplace your preferred route to market and empower partners to deliver differentiated value to millions of AWS customers, helping you to win more, win bigger, and win faster.

We’re aligning the AWS Partner experience—including programs, incentives, and enablement—around AWS services and the partner business models: business outcome solutions, technology solutions, managed services, services, and resell.

These enhancements provide you with more relevant and prescriptive guidance, where you need it, and in a consistent and predictable manner. Your profitability, along with helping you drive new business, is our number one goal.

In 2026, we’ll continue to ensure that AWS Marketplace and our AWS Partner programs provide demonstrated pathways to success—helping you drive greater customer value and profitability. There’s an exciting journey ahead, and we’re thrilled to be on it together!

Learn how AWS is transforming the partner experience >>

Data-driven optimization and AI-powered orchestration for Nextflow with Fovus on AWS

Ragib Ahsan — Thu, 28 May 2026 18:41:04 +0000

By: Quang Minh Le, Founding Software Engineer
By: Sunny Sharma, Founding PMM, HPC & AI
By: Gokhul Srinivasan, Senior Partner Solutions Architect – AWS
By: Ragib Ahsan, AI Acceleration Architect II – AWS

Fovus

If you run Nextflow pipelines on Amazon Web Services (AWS), you’ve probably encountered a persistent inefficiency: static resource configurations that apply the same Amazon Elastic Compute Cloud (Amazon EC2) instance type uniformly across pipeline steps with fundamentally different hardware needs. Memory-bound alignment steps, single-threaded QC tools, I/O-saturating binary alignment/map (BAM) conversion, and embarrassingly parallel variant callers each share the same static resource definition. Lightweight steps are overprovisioned, more demanding steps fail and restart, and most of the Amazon EC2 instance catalog goes unused. In practice, static configurations can overspend by 70–85%. As sequencing costs have dropped from approximately $50,000 per genome in 2010 to under $200–$300 today (NHGRI), the volume of genomic data requiring computational processing has grown correspondingly. NHGRI estimates that genomic research now generates on the order of 2–40 exabytes of data annually, making computational processing the primary operational bottleneck. Pharmaceutical companies, genome centers, and clinical labs processing hundreds to thousands of samples per week feel this directly in research velocity, cost, and reproducibility.

In this post, you will see how Fovus optimizes each Nextflow process individually through per-process benchmarking and data-driven optimization, walk through benchmark results from nf-core/rnaseq and nf-core/sarek pipelines, and find out how to get started with a no cost pilot. Nextflow has emerged as the workflow language of choice for these workloads. Its containerized execution model, native AWS Batch integration, and the nf-core library of curated pipelines make it well-suited for cloud-scale genomics. Fovus, an AWS Software and HPC Competency Partner, addresses this by benchmarking each process individually and using the resulting data to assign each Nextflow process the Amazon EC2 instance type, memory configuration, parallel computing settings, and storage strategy it needs.

The challenge: Heterogeneous steps, static configs, and manual work

Fovus benchmarking of nf-core/rnaseq and nf-core/sarek reveals the spread of performance bottleneck types across their top processes:

nf-core/rnaseq process characteristics:

Process	Primary bottleneck	Parallel scalability
SALMON_INDEX	Compute and memory	High
SALMON_QUANT	Compute and memory	High
TRIMGALORE	Compute	High
PICARD_MARKDUPLICATES	Memory	Low
STAR_ALIGN	Memory	Mid
QUALIMAP_RNASEQ	Memory	Low
DUPRADAR	Compute and I/O	Low
RSEQC_READDUPLICATION	Memory	Low
RSEQC_READDISTRIBUTION	Compute	Low

nf-core/sarek (30 times Whole Genomic Sequencing (WGS)) process characteristics:

Process	Primary bottleneck	Parallel scalability
BASERECALIBRATOR	Compute	Low
BWAMEM1_MEM	Compute	High
CNNSCOREVARIANTS	Compute and I/O	High
CNVKIT_BATCH	Memory	Mid
CRAM_TO_BAM	I/O	High
DEEPVARIANT	Compute and I/O	High
ENSEMBLVEP_VEP	Compute	Mid
FASTP	Compute and I/O	High
FASTQC	Compute	Low
FREEBAYES	Compute	Low
GATK4_APPLYBQSR	Compute and memory	Low
GATK4_MARKDUPLICATES	Memory	Low
HAPLOTYPECALLER	I/O and memory	Low
MANTA_GERMLINE	Compute	High
MERGE_CRAM	Compute	Low
SAMTOOLS_REINDEX_BAM	Memory	Low
SAMTOOLS_STATS	Compute	Low
STRELKA_SINGLE	Compute	Mid
TIDDIT_SV	Compute and memory	High

A single static resource configuration can’t capture this variability. Fovus tackles this with benchmarking-data-driven optimization and AI-powered orchestration.

How Fovus works: Benchmark, optimize and run, continuously improve

Fovus integrates with Nextflow through nf-fovus, a lightweight Nextflow plugin that requires no code changes to your pipelines or containers. Your pipelines run unchanged – Fovus generates the Nextflow configuration file for nf-fovus and handles AWS orchestration.

Figure 1: Fovus integration workflow

Fovus uses AWS CloudFormation to deploy a managed HPC cluster within your own virtual private cloud (VPC) with a head node in a public subnet orchestrating compute across private subnets. Fovus dynamically selects the optimal Amazon EC2 instances for each process, sizing, storage, and parallel computing settings tailored per-process. A distributed file system built on Amazon Simple Storage Service (Amazon S3) with local SSD caching provides high-performance POSIX-compatible storage for I/O-intensive steps. Inputs and outputs flow through your Amazon S3 bucket.

You can optimize your pipelines in three steps with Fovus:

Figure 2: HPC strategy space exploration graph

Benchmark. Fovus auto-profiles each pipeline process individually against representative inputs—measuring bottlenecks, resource consumption, and the performance impacts of applicable HPC strategies on AWS. Benchmarking runs automatically at no charge with minimal setup.
Optimize and run. At run time, an AI optimization engine ingests the benchmark profiles and determines the optimal HPC strategy and configurations for minimizing time-cost per process. It selects Amazon EC2 instance types and sizes, Amazon Elastic Block Store (Amazon EBS) storage configurations, parallel computing settings, and Amazon EC2 Spot Instances or on-demand routing based on benchmarking data and real-time AWS instance pricing and availability dynamics. A per-run priority dial lets you balance cost against time. Running your Nextflow pipeline on AWS with Fovus requires a single command using the Fovus command line interface (CLI), or a few clicks in the web UI. There are no AWS Batch or AWS ParallelCluster environments to manage and no configuration to tune by hand.
Continuously improve. As AWS rolls out new infrastructure, Fovus automatically updates benchmarking profiles so your pipelines use the latest technologies. This requires no workflow changes and sustains time-cost optimality as infrastructure evolves.

Figure 3: Fovus deployment architecture on AWS

Key capabilities:

Per-process HPC strategy optimization: Benchmarking-data-driven, not human-guessed
Memory checkpointing: Fovus Memguard snapshots process state at intervals and upon Spot Instance interruption. Interrupted runs auto-resume from the last checkpoint with Spot-to-Spot failover, making Spot Instances practical for long-running processes that previously required on-demand.
Intelligent Spot Instance deployment: Automatically uses Spot Instances with Spot-to-Spot failover and availability-aware strategy optimization to improve cost efficiency.
Hybrid strategy distribution: Ranks strategies by time and cost. Workloads automatically spill from first-optimal to second-optimal choices as capacity fills, with optional multi-Region sweeps for processes with limited I/O footprint.
Customer guardrails: Configurable constraints on the scope of HPC strategy optimization, AWS Regions, and spend applied at the infrastructure layer.
Distributed file system: POSIX-compatible distributed file system using local SSD as a transparent Amazon S3 cache, provisioned per-process based on measured I/O demand.

Benchmarking results

We ran nf-core/rnaseq and nf-core/sarek end-to-end on AWS with Fovus, benchmarked using automated profiling and executed with optimized per-process configurations. The following tables compare on-demand and Spot Instance costs.

Results: nf-core RNA-seq

CPU-only, test_full, eight samples, approximately 100 million paired-end reads for each sample.

Run configuration	AWS cost with Fovus	Walltime (h) with Fovus
On-demand—minimize cost	$14.42	9h 12m 36s
Spot Instance with memory checkpointing—minimize cost	$5.72	8h 15m 36s

As shown in the preceding table, the cost is approximately $0.70 per sample on Spot Instances—a 70–85% cost savings compared to single-config cloud deployments, providing 3–7 times higher dollar efficiency.

Results: nf-core Sarek – 30x WGS (CPU-Only*)

Test full germline (30 times WGS, single nucleotide/ondel multi-caller/structural variant/copy number variant/annotation):

Run configuration	AWS cost with Fovus	Walltime (h) with Fovus
On-demand—minimize cost	$12.45	9h 39m 25s
Spot Instance with memory checkpointing—minimize cost	$6.15	9h 29m 2s

Test full normal-tumor pair:

Run configuration	AWS cost with Fovus	Walltime (h) with Fovus
On-demand—minimize cost	$5.30	4h 26m 7s
Spot Instance with memory checkpointing—minimize cost	$2.22	5h 1m 11s

The Spot Instance run matches on-demand wall time almost exactly (9h 29m compared to. 9h 39m) while cutting cost by more than half. Memory checkpointing makes this possible: interruptions are absorbed invisibly and full Spot Instance savings are captured with no reliability tradeoff.

Note: These results reflect a CPU-only strategy. Fovus supports GPU-accelerated tools, which can deliver further improvements on wall time.

Deployment: Bring your own cloud (BYOC)

Fovus deploys directly within your AWS account: Your data, compute, and pipeline execution remain inside your existing cloud environment. Fovus is designed to support HIPAA compliance requirements and data sovereignty and aligns with your organization’s AWS security and governance policies, with no data leaving your account boundary. Pricing is consumption-based—a fee on the AWS spend managed by Fovus, with no license fees, per-seat charges, or upfront commitments. The result is lower cost or higher efficiency than unoptimized workloads, with savings that offset the Fovus cost.

Getting started: No-cost pilot

Fovus provides a pilot workspace to benchmark your pipelines and generate optimized Nextflow configurations for immediate testing on AWS. For teams already running Nextflow, migration is a single file replacement—swap your existing nextflow.config with the Fovus-generated one. No pipeline modifications, no container changes, no workflow rewrites.

Conclusion

Running a heterogeneous Nextflow pipeline under a single shared resource configuration leaves money and time behind. With Fovus, each process has its own optimized HPC strategy and configurations, determined based on benchmarking data and executed automatically through AI-powered orchestration. The results: Approximately $0.70 per sample for nf-core/rnaseq and $6.15 for a full 30 times germline WGS on Spot Instances (CPUs only). For teams on cloud or on-premises clusters, Fovus demonstrates that you can achieve lower costs and faster results by running HPC workloads on AWS.

Resources

Fovus – Free benchmarking and pilot workspace
AWS Marketplace – Fovus listing
nf-core Pipeline Catalog
Amazon EC2 Spot Instances
NHGRI DNA Sequencing Costs Data – Source for sequencing cost figures
NHGRI Genomic Data Science Fact Sheet –- Source for genomic data volume estimates

Note: Fovus performance and cost figures are from actual runs of nf-core/rnaseq (test_full, 8 samples, approximately 100 million PE reads) and nf-core/sarek (30 times WGS, SN/Indel multi-caller/SV/CNV/annotation). AWS costs reflect Amazon EC2 and Amazon EBS charges at time of execution. Results vary by pipeline, input data, AWS Region, and prevailing Spot Instances pricing. Speed and cost comparisons are based on unoptimized single-config cloud deployments.

.
.

Fovus – AWS Partner Spotlight

Fovus is an AWS Advanced Technology Partner that provides an AI-powered serverless HPC platform that simplifies and optimizes cloud HPC for enterprises. It provides intelligent, scalable, affordable supercomputing power at your fingertips to accelerate scientific discoveries and engineering breakthroughs, helping you achieve more with less.

Contact Fovus | Partner Overview | AWS Marketplace

Accelerate vendor evaluation with AWS Specializations and AWS Marketplace

Kelly Costlow — Wed, 27 May 2026 14:46:54 +0000

By: Soonam Kurian, Global Tech Leader, AWS Specializations – AWS
By: Kelly Costlow, Global Program Manager, AWS Specializations – AWS

AWS Specializations and AWS Marketplace Vendor Insights make your vendor evaluation more efficient by surfacing pre-validated technical capabilities and transparent, up-to-date security postures, allowing faster, more confident vendor selection decisions aligned to your unique requirements.

Traditional vendor assessment takes 8–12 weeks across procurement, security, and technical teams. You spend 6 weeks—50% of evaluation time—researching partners. Your teams manually collect compliance documentation, assess architectures, and validate controls. Retail, healthcare, and financial services organizations face additional challenges verifying solutions meet security standards and industry frameworks such as Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), or AWS System and Organization Controls (SOC) 2.

A multilayered validation framework addresses these challenges through objective, standardized assessments. In this post, you’ll learn how two complementary mechanisms, AWS Specializations and AWS Marketplace Vendor Insights, can help you perform vendor evaluation due diligence more efficiently.

AWS Specializations: Finding the right partner

Identifying AWS Partners with specialized expertise for your specific business use cases is a significant challenge. AWS Specializations helps you identify partner solutions vetted through objective, Amazon Web Services (AWS) defined technical validations across more than 115 solution areas spanning industries, use cases, workloads, and AWS services. This helps you focus your evaluation on partners who have already met rigorous, standardized criteria. A total of 87% of AWS customers rank AWS Specializations as a top three selection criterion, and 96% expect partner directory listings to have undergone validation (AWS Customer Survey, 2024, n=556).

When a partner holds an AWS Specialization, it means they have passed objective technical validations AWS defines for that specific domain, provided examples of successful customer engagements, and demonstrated a solution validated by AWS. To earn and maintain a Specialization, partners must also sustain a strong team of trained and certified technical individuals. Partners undergo rigorous assessment across organizational practices, solution architecture, customer success demonstration, and domain-specific requirements. For example, the AWS Retail Competency evaluates retail-specific use cases such as personalization engines, and the AWS Data and Analytics Competency assesses data lake architectures, real-time processing capabilities, and analytics optimization.

AWS prioritizes the following aspects when evaluating partner capabilities:

Architecture excellence – Assess multi-AZ deployment, scalability mechanisms, disaster recovery strategies, and native AWS service integration patterns. Validate solutions against the AWS Well-Architected Framework, examining AWS service leverage, integration patterns, deployment automation, monitoring capabilities, and issue response procedures.
Security and compliance – Verify that solutions meet industry standards and implement encryption, access controls, and issue management practices. Assess IAM policies, encryption implementations, network segmentation, and monitoring capabilities against compliance frameworks.
Proven customer success – Demonstrate production deployments with quantifiable business outcomes. Qualify partner solutions through customer case studies demonstrating real-world effectiveness, including architecture diagrams, AWS services utilized, and measurable outcomes.
Domain expertise – Evaluate domain-specific expertise for AWS Specializations through Validation Checklists (VCLs), tailored assessment frameworks unique to each Specialization area. VCLs define specific technical criteria, solution requirements, and best practices that partners must demonstrate for their target domain.

AWS imposes a rigorous Specialization validation process that verifies partners meet proven technical standards and customer success criteria, giving you a strong, objective foundation to build on. The due diligence required to identify the right partner for your specific workloads and business outcomes depends on your unique requirements.

Your benefits

Being able to use AWS Specializations to identify AWS Partners with the right expertise for your specific business use cases offers several advantages:

Efficient partner discovery – You identify partners with AWS validated technical expertise across specific domains, focusing your evaluation on prequalified candidates rather than starting from scratch.
Objective validation baseline – You use the AWS standardized assessment work as a credible starting point, directing your team’s effort toward evaluating fit for your specific requirements.
Targeted partner discovery – You quickly locate partners with proven domain expertise that directly aligns with your specific business requirements.

These benefits accelerate procurement cycles. AWS Specialization criteria give you a reliable signal of partner capability, freeing your teams to focus evaluation time on what matters most: fit for your unique workloads, scale, and business context.

The following graphic illustrates the evaluation aspects and customer benefits of using AWS Specializations to find the right partner.

Figure 1: AWS Specializations: Finding the right partner

AWS Marketplace Vendor Insights: Security transparency

AWS Marketplace is a curated digital catalog where you find, buy, deploy, and manage third-party software, data, and services that that you need to build solutions and run your businesses.

AWS Marketplace Vendor Insights streamlines software risk assessments to support your procurement process and help verify solutions meet your standards. After you discover products addressing specific business requirements, identify products with available Vendor Insights by filtering results under Refine results and choosing Security profiles. Then access detailed security information from the Vendor Insights section on the product details page. You can use Vendor Insights to monitor product security profiles in near real time from a single console, reducing IT security approval time from months to hours.

Vendor Insights compiles security and compliance information from three complementary sources:

Industry standard audit reports – ISO 27001, AWS System and Organization Controls (SOC) 2 Type II, Payment Card Industry Data Security Standard (PCI DSS), and other compliance certifications provide third-party validated evidence of security controls and compliance adherence.
Self-assessment and Consensus Assessment Initiative Questionnaire (CAIQ) – Seller-reported security practices and controls.
AWS Audit Manager – Automated evidence collection from seller production environments using AWS Config rules provides continuous, real-time security posture monitoring.

This multilayered approach provides continually updated security postures rather than static, point-in-time assessments, giving your security teams the current, structured information they need to complete assessments efficiently.

Your benefits

The up-to-date information provided by Vendor Insights offers you these benefits:

Rapid assessments – Complete software risk assessments in hours instead of weeks.
Continuous monitoring – Track post-procurement security controls with automated notifications for compliance certificate expirations and data residency changes.
Centralized visibility – View a single dashboard across your AWS Marketplace software purchases.

Real-world application

A multinational retailer with more than 500 stores across North America seeks a customer data platform (CDP) to consolidate customer interactions across ecommerce, mobile apps, point-of-sale systems, and loyalty programs. The retailer faces regulatory requirements that include PCI DSS Level 1 for payment data.

Evaluation process

Agent mode combines the AWS Marketplace product catalog with specialized knowledge from trusted third parties through a conversational interface purpose-built for software procurement. The retailer uses agent mode’s conversational interface to describe CDP requirements in natural language or upload requirement documents, receiving instant product recommendations. The retailer then selects from preset tasks, such as comparing specific products. The product comparison feature creates summaries of overall fit for each of the top three product recommendations based on customer reviews, features, and AWS integration capabilities. The following screenshot shows the product comparison screen agent mode.

Figure 2: Agent mode for AWS Marketplace product discovery

After the retailer identifies promising CDP candidates, they access Vendor Insights directly from product detail pages to monitor security profiles and compliance artifacts in near real time from a single console. The Overview tab shows the product’s security certifications. The retailer requests subscription to Vendor Insights to view the detailed security profile, including data security, access management, and business resiliency.

The following screenshot shows a partner overview in Vendor Insights.

Figure 3: AWS Marketplace Vendor Insights overview

The retailer uses AWS Partner Solutions Finder to evaluate partners’ technical capabilities through the AWS Specializations they hold. The partner profile highlights AWS Specializations such as Competencies and Service Validations the partner attained, AWS Partner programs they participate in, and validated solutions and customer case studies.

Figure 4: AWS Partner Solution Finder

For example, a retailer uses a combination of Vendor Insights and Partner Solution Finder to identify three vendors that we’ll call Vendor A, Vendor B, and Vendor C.

Vendor A holds AWS Retail and AWS Data and Analytics Competencies. Vendor Insights shows SOC 2 Type II, ISO 27001, and PCI DSS Level 1 certifications current within 90 days. Solution resources available on AWS Marketplace demonstrate Amazon Kinesis for real-time ingestion, Amazon Simple Storage Service (Amazon S3) with encryption for data lake storage, Amazon Redshift for analytics, and AWS Lambda for event processing. Four retail customer case studies show implementations for companies with similar scale, including a national grocery chain achieving 360-degree customer view with 99.9% uptime.

Vendor B lists AWS Data and Analytics Competency but lacks retail-specific validation. Vendor Insights profile shows SOC 2 Type II, but PCI DSS certification expired 120 days prior. Customer case studies demonstrate financial services and healthcare expertise, but no retail implementations.

Vendor C displays AWS Retail Competency without AWS Data and Analytics Competency. Vendor Insights shows current compliance certifications, but solution documentation reveals limited real-time processing capability, relying primarily on batch ETL processes.

The AWS Marketplace agent also generates purchase proposals with insights gathered throughout the discovery process, supporting you to confidently engage pre-vetted solutions without investing time and resources in redundant technical evaluations.

The retailer selects Vendor A based on dual Specialization alignment, current compliance posture, proven retail success, and technical architecture fit. Complementary vendor evaluation mechanisms from AWS reduced selection time from 10 weeks to 3 weeks (a 70% reduction).

How the framework works together

The integrated validation framework combines rigorous partner validation through Specializations, AI-powered discovery through AWS Marketplace agent mode, and continuous security monitoring through Vendor Insights. Together, these mechanisms streamline weeks of manual vendor research into an efficient evaluation workflow, giving your teams objective, structured inputs so you can focus evaluation effort on assessing fit for your unique requirements. The evaluation workflow consists of these steps:

Identify your vendor selection need.
Define your evaluation criteria.
Search AWS Marketplace.
Perform evaluations:
a. Evaluate the partner profile.
b. Evaluate Vendor Insights.
Compare the vendors’ technical capabilities and security profiles.
Make a decision. If the vendor meets your criteria, proceed to step 7. If the vendor doesn’t meet your criteria, return to step 3.
Select the vendor that meets your requirements.
Continue to monitor security risk profile of the selected vendor.

These steps are illustrated in the following graphic.

Figure 5: Vendor evaluation framework

Conclusion

AWS validates partners through rigorous assessment of specialized domain expertise, technical capabilities, and transparent security postures. AWS Specializations signal that a partner has passed objective, domain-specific technical validations defined by AWS, completed AWS verified customer engagements, and maintained a certified and trained technical team. Vendor Insights provides continuous security transparency through standardized dashboards and current compliance attestations.

These mechanisms make your vendor evaluation more efficient, surfacing credible, structured information faster so your teams can direct effort where it matters most: evaluating which partner best fits your specific workloads, requirements, and business context.

Use Vendor Insights to evaluate vendors and take advantage of these benefits:

Accelerated evaluation cycles – AWS validated partner criteria and centralized security profiles reduce time spent on baseline research, which means your teams can focus on fit assessment.
Increased confidence – Objective, AWS defined validation criteria provide a credible foundation; 87% of AWS customers actively use Specializations in selection processes.
Accelerated procurement – Standardized information facilitates rapid comparison across multiple vendors.
Maintained compliance – Continual monitoring maintains ongoing security posture visibility.

Get started today

Start by exploring AWS Marketplace agent mode to discover solutions for your business requirements through natural conversation. Then evaluate partners using AWS Specializations badging on AWS Partner Solution Finder and AWS Marketplace Vendor Insights security profiles to identify vendors meeting your technical and security requirements. Finally, filter specific specializations using AWS Partner Solution Finder to discover the right partners and their solutions by industries, use cases, AWS Partner Program participation, AWS service usage, and geographical presence.

Accenture and AWS accelerate data transformation with agentic AI

Rajdeep Banerjee — Tue, 26 May 2026 18:58:56 +0000

By: Mark Stanger, Lead Architect, Semantic Layer – Accenture
By: Aditi Pendse, Lead Data Architect, Agentic Data Platforms & Cloud Modernization – Accenture
By: Sandeep Chatterjee, Product Lead, Agentic Data Discovery – Accenture
By: Rajdeep Banerjee, Senior Partner Solutions Architect – AWS

Accenture

Enterprises that treat data as a strategic asset will define the next era of competitive advantage. The opportunity is significant: agentic AI can autonomously discover, migrate, govern, and consume data at a pace and scale that was impossible only 2 years ago. Accenture and Amazon Web Services (AWS) are accelerating enterprise data transformation with three agentic AI solutions now available in AWS Marketplace, purpose-built to make enterprise data ready for generative AI and agentic applications.

Organizations are actively working to scale generative AI solutions. The Accenture Pulse of Change finds that nearly nine in ten organizations plan to increase AI investment in 2026, and most view it as a driver of revenue growth. Yet only one in five report redesigning end-to-end processes with AI at the core. Gartner projected that at least 30% of generative AI projects will be abandoned after proof of concept by end of 2025. This gap can be put down to data readiness rather than AI capability. Data remains fragmented across platforms, poorly documented, and locked in legacy formats that AI models can’t effectively use.

Accenture Agentic Data Discovery for AWS, Accenture Agentic Data Modernization for AWS, and Accenture Agentic Semantic Layer for AWS address this gap directly. Together, they transform how organizations discover, migrate, govern, and consume enterprise data, closing the readiness gap that stands between AI ambition and AI impact.

Agentic solutions across the data lifecycle

The three solutions map to four phases of data transformation: assess and discover, capture data for AI, curate data for AI, and consume data with AI. Organizations don’t need to follow these phases sequentially. You can start wherever you are and run multiple workstreams simultaneously, whether that means discovering current data estates, migrating legacy platforms, or building a semantic layer for AI consumption. The solutions are complementary but independent. Accenture Agentic Data Discovery identifies and prioritizes data assets. Accenture Agentic Data Modernization migrates and transforms them. Accenture Agentic Semantic Layer federates access to data wherever it resides, across AWS and other platforms, making it queryable by AI agents and applications without requiring data centralization.

Accenture Agentic Data Discovery for AWS

Most organizations don’t fully understand their own data landscape. Reports are undocumented, lineage is unknown, and shadow IT creates blind spots that block AI initiatives before they start.Accenture Agentic Data Discovery deploys intelligent agents that scan metadata across databases, schemas, and extract, transform, and load (ETL) code to build a comprehensive, continuously updated inventory of your data estate. The agents classify data assets as active or inactive, enabling prioritization for migration and modernization efforts. The solution delivers automated discovery across your entire data landscape, uncovering hidden patterns and delivering inventory, volumetrics, and object distribution insights. Interactive visualizations provide comprehensive views of your data estate, including sensitive data detection for personally identifiable information (PII) and protected health information (PHI). A conversational AI interface means data stewards and architects can query the data landscape in plain English, no SQL required, with agents analyzing and responding in real time. An end-to-end lineage viewer traces data flows across on-premises and cloud-based systems, with progressive graph expansion showing upstream and downstream dependencies.An example Accenture customer using Data Discovery achieved approximately 50% inventory rationalization based on inactive and one-time inventory identification. They consolidated approximately 25% of their inventory through detailed similarity analysis across data, code, and business intelligence assets. And they performed comprehensive technical analysis of over 1,400 reports with end-to-end lineage to support modernization planning.

Accenture Agentic Data Modernization for AWS

Migrating legacy data platforms to AWS is a resource-intensive phase of cloud transformation. Organizations face months of manual code conversion, data mapping, and testing, with quality and governance often addressed as afterthoughts.

Accenture Agentic Data Modernization deploys purpose-built agents that automate three workstreams. For code migration, Data Engineer agents handle the full lifecycle of legacy code transformation, from ingesting source ETL scripts, stored procedures, and SQL dialects to chunking, reviewing, converting, and optimizing code for target platforms. Supported conversions include Oracle, Teradata, Db2, Informatica PowerCenter, and DataStage to Amazon Redshift, Amazon Athena, Amazon Simple Storage Service (Amazon S3) with Apache Iceberg, Snowflake, PySpark, and others. For data quality and governance, Data Quality Engineer agents discover and profile source data, define quality rules, validate data against those rules, and generate verification scripts. For automated testing, Data Testing agents translate business requirements into test cases, generate test scripts, run them against target environments, and validate results, eliminating the manual testing bottleneck that typically extends migration timelines.

Agents are built on Amazon Bedrock AgentCore, enabling accelerated deployment within your AWS environment. By applying Agentic Data Modernization, organizations are modernizing legacy platforms, improving confidence in migrated data through automated testing and quality agents, and unlocking scalable data marketplaces backed by AWS led co-innovation.

Accenture Agentic Semantic Layer for AWS

As organizations modernize their data estates on AWS, a new challenge emerges how to make that data truly consumable for analytics, generative AI, and agentic applications without introducing new silos, duplication, or governance risk. The Agentic Semantic Layer for AWS addresses this challenge by creating a governed, AI-ready abstraction that sits above enterprise data, transforming raw, distributed datasets into business‑meaningful knowledge that can be safely and easily consumed.The solution accelerates decision-making by translating complex, distributed data into trusted, business-ready insights. Business users can query data in natural language and receive consistent, governed answers with minimal technical team involvement, while AI teams benefit from reusable, standardized metrics and semantics. This enables high-value use cases such as executive self-service analytics, domain-specific copilots, autonomous reporting, and AI-driven decision support across structured and unstructured data.At its core, the Agentic Semantic Layer establishes a shared semantic foundation that bridges technical data structures and business intent. Using AI-assisted ontology creation, it captures enterprise concepts, relationships, and metrics in a formalized model that reflects how the business thinks about its data. This semantic model becomes the backbone for analytics, natural language querying, and agentic workflows, providing all consumers with a consistent and trusted understanding of enterprise information.The solution is designed around a “data in place” philosophy. Rather than forcing organizations to centralize or duplicate data, it federates access across sources wherever they reside, whether in Amazon Redshift, Amazon S3, Amazon Athena, operational databases, or third-party platforms such as Snowflake. A knowledge graph engine continuously enriches the semantic layer with metadata, lineage, and contextual relationships. As new sources are onboarded, the layer adapts automatically, preserving alignment between physical data assets and business semantics and creating a living knowledge fabric that supports both traditional business intelligence (BI) and advanced agentic AI scenarios.Governance and trust are built in by design. Enterprise access controls, data classification, and policy enforcement are integrated directly into semantic resolution, which means users and AI agents only access what they’re authorized to see. Organizations can confidently expose data through natural language interfaces and semantic APIs while maintaining regulatory compliance and data sovereignty.An example Accenture client using the Agentic Semantic Layer deployed over 300 data products across 25 domains, achieved a 600% throughput improvement for data sourcing teams, and realized 30–40% data infrastructure savings through smart data productization while building readiness for future agentic AI workloads.

Conclusion

The future of enterprise data management is agentic, intelligent, and automated. Organizations that adopt these capabilities can gain competitive advantages in an AI-driven marketplace.AWS and Accenture invite enterprise leaders to explore how these agentic data solutions can accelerate your data transformation journey. Whether you’re beginning to assess your data landscape, planning a major migration, or building the semantic infrastructure for AI applications, these solutions provide the capabilities, governance, and scale that enterprise success requires.

Connect with the Accenture AWS Business Group to learn how we can help you transform your data estate into a strategic asset that powers innovation, drives insights, and enables the agentic AI applications of tomorrow.

The Accenture and AWS Partnership advantage

The collaboration between Accenture and AWS brings together complementary strengths that uniquely position these solutions for enterprise success. AWS provides comprehensive cloud infrastructure capabilities, with AI services through Amazon Bedrock and robust data infrastructure. Accenture contributes more than 16 years of partnership experience, having migrated over 110,000 workloads to AWS and delivered more than 4,100 joint projects across global clients.

This partnership has been recognized with multiple 2025 AWS awards, including Global Consulting Partner of the Year and Global GenAI Partner of the Year. More importantly, it combines the technical innovation of AWS with Accenture’s deep understanding of enterprise transformation challenges, regulatory requirements, and industry-specific needs.

Accenture – AWS Partner spotlight

Accenture is an AWS Premier Tier Services Partner and managed service provider (MSP) that provides end-to-end solutions to migrate to and manage operations on Amazon Web Services (AWS). By working with the Accenture AWS Business Group (AABG), a strategic collaboration by Accenture and AWS, organizations can accelerate the pace of innovation to deliver disruptive products and services.
Contact Accenture | Partner Overview | AWS Marketplace

Generative AI using TiDB and Amazon Bedrock

Akshata Raghunatha — Tue, 26 May 2026 16:39:48 +0000

By: Henrique Leandro, Head of Global Solutions Architect – PingCAP
By: Akshata Raghunatha, Partner Solutions Architect – AWS
By: Satish Subramanian, Manager, Partner Solutions Architect – AWS

PingCAP

The shift from conversational chatbots to autonomous, goal-driven systems is changing how we think about application architecture. Instead of predictable, human-paced interactions, we’re beginning to design for software that acts continuously — planning, evaluating, revising, and executing without waiting for a user to choose “Submit.”

In this blog post, we explore how TiDB Cloud, an AWS Partner Network (APN) Partner, addresses the unique data layer challenges introduced by autonomous AI agents. We look at how TiDB Cloud’s distributed architecture, powered by TiDB Cloud’s serverless compute-storage separation model, supports these emerging patterns on AWS — particularly when paired with Amazon Bedrock for reasoning and embedding workloads using the TiDB console.

The challenge: when the user isn’t human

In these systems, the database is no longer responding to occasional human queries. Instead, it responds to agents that generate SQL automatically and create temporary schemas. These agents expect immediate access to both transactional records and contextual history.

Autonomous agents don’t behave like customers signing in during business hours. They work in loops — planning, executing, evaluating results, and trying again. A single instruction such as “optimize supply chain logistics” can unfold into thousands of internal operations. Agents can create temporary tables to isolate experiments, branch schemas to test alternative strategies, and persist large volumes of intermediate reasoning state.

For platform leaders, the question isn’t whether agents will increase load — it’s how to support unpredictable, burst-heavy workloads without losing control of cost or operational stability. Architectures built around fixed capacity and manual tuning start to feel misaligned when the user is a machine (AI agent) operating continuously.

From a data perspective, that behavior surfaces several practical challenges:

Metadata management becomes non-trivial. If agents routinely create and discard schemas, the underlying database must handle that churn without degrading performance.
Concurrency patterns become less predictable. Workloads can move from idle to highly parallel in seconds, especially if multiple agents begin exploring variations simultaneously.
Cost becomes tightly coupled to elasticity. When compute must remain provisioned as a contingency, idle time becomes expensive. In autonomous systems, unused capacity isn’t only inefficient — it directly affects economic viability.

TiDB Cloud: a data layer designed for elastic systems

TiDB Cloud approaches these challenges with a distributed architecture that separates compute from storage. In this model, data persists in Amazon Simple Storage Service (Amazon S3) while compute resources scale independently. This separation changes the economics and behavior of the database layer.

Independent scaling of storage and compute

Because storage and compute are decoupled, compute resources can scale dynamically. They scale up during periods of heavy agent activity and scale down when workloads subside. Data remains durable in object storage, while stateless processing nodes are allocated as needed.

For agent-driven systems, this model aligns infrastructure costs more closely with actual usage. When activity slows, compute doesn’t need to remain fully provisioned. When activity spikes, additional capacity can be introduced without re-architecting the system.

Branching as a first-class capability

Agents often need isolated environments to test ideas. If an agent restructures a schema or rewrites a data model, that experimentation should be done in a way that doesn’t jeopardize production.

TiDB Cloud supports serverless branching using copy-on-write techniques. A branch can be created quickly, allowing an agent or a developer to explore a hypothesis in isolation. After the task is complete, that branch can be discarded, or reset to sync with the latest parent state.

This brings database workflows closer to the way teams already treat application code: versioned, testable, and disposable when necessary.

Unifying transactional and hybrid search workloads

Autonomous agents rarely ask just one kind of question. Within a single reasoning chain, an agent may draw on transactional memory for state, retrieve related context through hybrid search, match against domain-specific keywords, and reference analytical summaries of recent data. Each of these is a different access pattern, and traditionally each has required a different system.

Instead of stitching together separate engines for vector search, full-text search, real-time analytics, and relational queries, TiDB Cloud integrates row-based storage for transactions, columnar storage for real-time analytics, and native vector and full-text search for hybrid retrieval.

This reduces architectural fragmentation and keeps state consistent across access patterns. The result is a database that acts as durable memory for the agent – searchable across modalities and transactionally accurate.

Reference architecture: TiDB Cloud and Amazon Bedrock

In practice, the integration works as follows:

Applications call Amazon Bedrock embedding models to convert documents and queries into vector representations.
TiDB stores those embeddings in native vector columns alongside the transactional data.
An orchestration layer, typically implemented using AWS Lambda, Amazon Elastic Container Service, or frameworks like LangChain, coordinates the workflow, retrieving relevant context using vector similarity search in TiDB.
The orchestration layer passes the retrieved context to an Amazon Bedrock text generation model, then writes the agent’s resulting decisions back to TiDB as structured transactions.

Figure 1 – Reference architecture for TiDB Cloud and Amazon Bedrock.

The architecture shown in the preceding figure consists of the following:

Presentation layer – End users: application interface for user queries and responses.
Application layer – Custom application: frontend and middleware orchestrating user interactions and API calls.
AI/ML services layer – Models:
- Amazon Bedrock text model: foundation model for response generation.
- Amazon Bedrock embeddings model: converts documents and queries to vector embeddings.
Vector database layer – TiDB: stores and retrieves vector embeddings for semantic search.
Storage layer – Amazon S3: document repository for source data.

Together, these layers separate reasoning from persistence while maintaining a cohesive data model.

Use cases

TiDB Cloud on AWS supports a broad range of autonomous agent workloads — from real-time fraud detection to multi-tenant software-as-a-service (SaaS) operations — and can be configured using the TiDB console, shown in the following screenshot. The following example use cases illustrate how teams are combining TiDB’s unified HTAP architecture with Amazon Bedrock to build production-ready AI systems across industries.

Figure 2 – TiDB console.

Conversational analytics for ecommerce

An ecommerce platform uses TiDB Cloud on AWS to store product catalogs, inventory, and order data. An autonomous agent powered by Amazon Bedrock translates natural language queries — such as “which products are trending but running low on stock?” — into SQL executed against TiDB’s HTAP engine. The agent combines real-time transactional data with analytical aggregations in a single query, eliminating the need for a separate data warehouse.

Fraud detection in financial services

A fintech company stores transaction records in TiDB Cloud on AWS. An agent uses Amazon Bedrock for reasoning and TiDB’s vector search to match transaction embeddings against known fraud signatures. The agent queries millions of transactions in real time (using OLTP) while running analytical pattern detection (using OLAP) — all within a single distributed database.

Multi-tenant SaaS operations

A SaaS platform uses TiDB Cloud’s distributed SQL to serve thousands of tenants. An autonomous agent provisions new tenant databases, monitors usage patterns, and identifies churn signals — all through SQL operations using TiDB on AWS. The serverless branching capability allows the agent to test schema changes in isolation before applying them to production. This TiDB blog post highlights how TiDB empowered Atlassian’s Forge platform to support a massive, multi-tenant architecture with over 3 million tables — all within a single cluster.

Live operations in gaming

A gaming company stores player profiles, match history, and in-game economy data in TiDB Cloud on AWS. An agent analyzes player engagement, detects anomalous behavior patterns using vector similarity search, and recommends live event configurations — querying millions of concurrent player records without manual sharding.

GenAI experimentation without heavy setup

Agentic architectures are still evolving. Teams often need room to prototype and iterate before committing to production-scale designs.

TiDB Cloud on AWS provides a managed, serverless environment that teams can use to experiment with branching, vector search, and SQL-driven agents without standing up complex infrastructure. This simplifies validating workload assumptions and refining architectural decisions before scaling further. This TiDB blog post highlights how TiDB Cloud enabled extreme write throughput and low-latency state reconstruction that a monolithic database couldn’t sustain for a successful public launch with a more than 2 million transaction waitlist within weeks.

Conclusion

The question isn’t whether autonomous agents will transform your architecture — it’s whether your database will be ready when they do. The teams building tomorrow’s AI systems are choosing infrastructure today.

By running TiDB Cloud on AWS and integrating with Amazon Bedrock, organizations can design a database layer that supports transactional accuracy, hybrid retrieval, real-time analytics, and rapid experimentation within a unified architecture. Instead of working around database constraints, architects can focus on shaping how autonomous systems behave, and how they evolve. Unlike architectures that require separate databases for transactions, analytics, and hybrid search, TiDB Cloud unifies these capabilities while maintaining the elasticity and cost efficiency autonomous systems demand.

Ready to build your agentic architecture? Explore TiDB Cloud on AWS Marketplace or contact PingCAP to discuss your specific use case.

PingCAP – AWS Partner Spotlight

PingCAP is an AWS Advanced Technology Partner that provides TiDB Cloud, a fully managed distributed SQL database designed for hybrid transactional and analytical processing (HTAP) workloads.

Contact PingCAP | Partner Overview | AWS Marketplace

Announcing the Regional 2026 AWS Partners of the Year for Latin America

Andrew Somera — Fri, 22 May 2026 16:09:00 +0000

By: Andrew Somera, Head of Partner Experiences

We are excited to announce the regional 2026 AWS Partners of the Year for Latin America. These annual awards recognize AWS Partner Network (APN) members who consistently deliver exceptional results and drive innovation for our customers.

Throughout 2026, our winning partners have demonstrated their expertise by delivering transformative cloud solutions and creating measurable business value through AWS technologies. They’ve successfully guided customers through complex migrations and helped organizations optimize their AWS environments for maximum impact.

The collaboration between AWS and our partners continues to be fundamental to customer success. These partnerships drive innovation and help customers take full advantage of AWS services to accelerate their growth.

Regional Awards are comprised of the following four awards:

Consulting Partner of the Year: Recognizes our top AWS Consulting Partners that have provided significant contributions related to revenue, launched opportunities, net new certified individuals, and AWS designations earned.
Rising Star Consulting Partner of the Year: Recognizes AWS Consulting Partners that have seen significant YoY growth in their business.
Technology Partner of the Year: Recognizes our top AWS Technology Partners that are using AWS to lower costs, increase agility, and innovate faster.
Rising Star Technology Partner of the Year: Recognizes AWS Technology Partners that have seen significant YoY growth in their business.

Please join us in congratulating our 2026 AWS Partner of the Year award winners!

Northern Latin America (NOLA) Winners

Consulting Partner of the Year – Escala24x7
Rising Star Consulting Partner of the Year – JumpCube
Technology Partner of the Year – Truora
Rising Star Technology Partner of the Year – DanaConnect

Southern Latin America (SOLA) Winners

Consulting Partner of the Year – Dinocloud
Rising Star Consulting Partner of the Year – Craftech
Technology Partner of the Year – Hackmetrix
Consulting Partner of the Year – Horizon

Mexico Winners

Consulting Partner of the Year – XalDigital
Rising Star Consulting Partner of the Year – Globaltask
Technology Partner of the Year – Cerby
Rising Star Technology Partner of the Year – EVOLVENX

Brazil Winners

Consulting Partner of the Year – Compass UOL
Rising Star Consulting Partner of the Year – A3 Data
Technology Partner of the Year – VTEX
Rising Star Technology Partner of the Year – Pier Cloud