AWS Intelligence Digest

Deploy the Fragnesia patch across all relevant systems to ensure network protocol implementations are secure against privilege escalation vulnerabilities, reducing the risk of system compromise.

Deploy the latest versions of AWS wrappers for Aurora PostgreSQL to enhance database security and prevent unauthorized privilege escalation.

Deploy the latest AWS Client VPN client version 5.2.2 across Windows devices to resolve the identified security issue (CVE-2025-8069) and maintain the integrity and security of VPN connections to AWS and on-premises resources.

Integrate the updated Amazon Redshift JDBC Driver version 2.2.2 into your platform to enhance security and prevent arbitrary code execution.

Deploy the updated AWS ClientVPN macOS Client version 5.2.1 across all macOS devices to address the security vulnerability and maintain system integrity.

Deploy the updated amazon-redshift-python-driver version 2.1.14 across all relevant environments to resolve the security issue and maintain the integrity of Redshift database connections.

Deploy the updated Amazon Skylight Workspace Config Service to maintain system integrity and security, reducing the risk of unauthorized privilege escalation.

While deploying Model Context Protocol (MCP) servers in production, enterprises need fine-grained access control across servers, observability into which teams use which tools, security guarantees against data exfiltration, and centralized credential management, all at scale. Amazon Bedrock AgentCore Gateway sits between MCP servers and the clients that consume them, centralizing credential management, observability, and secure […]

Deploy the updated Amazon Athena ODBC driver version 2.1.0.0 to enhance security measures, reduce risk of data breaches, and maintain compliance with industry standards.

Deploy the Graph Explorer version 3.0.1 patch across all environments to resolve the HTTPS fallback issue and enhance data security.

Integrate the latest security patches and best practices for IAM trust policies in Harmonix on AWS deployments to enhance the security posture and reduce the risk of unauthorized access and privilege escalation.

Integrate the latest Firecracker version into your platform architecture to enhance security and prevent potential host file overwrite attacks.

Deploy the latest AWS Ops Wheel version and configure network access restrictions to mitigate security risks associated with JWT token verification and Cognito User Pool attribute permissions.

Deploy the updated database engine versions to integrate the security fixes and maintain the reliability and security of the database audit logging functionality.

Deploy the latest version of the AWS API MCP Server (1.3.9) to resolve the file access restriction bypass issue and maintain the security and integrity of your AWS environment.

Deploy the updated Kiro IDE version 0.11 across development environments to ensure secure coding practices and prevent execution of malicious commands.

Adopt the latest Amazon.IonDotnet version 1.3.2 to ensure the platform is secure against the identified denial of service vulnerability.

Deploy the latest version of the rabbitmq-aws plugin (0.2.1) to ensure secure ARN resolution and protect sensitive data stored in AWS services from unauthorized access.

Deploy the updated ECS agent version 1.97.1 across your container instances to resolve the security issue and maintain the security posture of your container orchestration environment.

Integrate the updated S3 Encryption Clients into your platform to enhance security and maintain data integrity, leveraging the new key commitment feature to cryptographically bind encrypted data keys to ciphertext.

Integrate and deploy the latest security patches for AWS Research and Engineering Studio to enhance the security posture of cloud-based research environments and reduce the risk of unauthorized access and command execution.

Deploy the Ion-C version 1.1.4 update across relevant services to ensure data security and compliance with best practices.

Adopt the recommended security best practices for AWS CodeBuild webhook filters, including proper configuration and auditing, to ensure the platform's CI/CD processes are secure and resilient against potential threats.

Deploy the latest RES version to incorporate security fixes and prevent unauthorized access to sensitive desktop session data.

Deploy the latest coreMQTT version to ensure the platform remains secure and stable against potential denial of service attacks.

Integrate the latest versions of AWS SDKs into your platform to enhance security and prevent potential memory corruption attacks.

Deploy the updated QnABot on AWS version 7.3.0 across all relevant environments to ensure the security vulnerability is patched and backend resources are protected.

Deploy the updated ECS agent version 1.103.0 across ECS Windows worker instances to resolve the command injection issue (CVE-2026-7461) and maintain the security and integrity of your containerized applications.

Deploy the latest Amazon WorkSpaces client for Linux version 2025.0 to ensure secure authentication token handling and protect user workspaces from potential security breaches.

Deploy the latest Amazon Linux kernel updates and configure systems to disable affected modules to ensure platform security and prevent exploitation of the 'Dirty Frag' vulnerabilities.

Deploy the updated Kiro IDE version 0.8.140 across all development environments to eliminate the security risk associated with unsanitized input in the webview, enhancing overall platform security.

Ensure that platform configurations and security policies are updated to prevent the use of Amazon Cloud Cam devices and mitigate any potential security risks associated with the insecure device pairing vulnerability.

Integrate the latest SageMaker Python SDK versions into your machine learning platform to enhance security, maintain data integrity, and ensure secure communication, reducing the risk of unauthorized access and data breaches.

Deploy the updated AWS WAF rule and ensure all applications using React and Next.js are running the latest secure versions to protect against potential exploits.

Adopt the new protections against memory dumps in CodeBuild and review your repository access controls to ensure they align with best security practices.

Deploy the patched FreeRTOS-Plus-TCP versions to enhance network security and protect against potential attacks via crafted Router Advertisement packets.

Integrate the updated Bedrock AgentCore Starter Toolkit (version v0.1.13 or greater) to ensure proper S3 ownership verification and enhance the security posture of the platform.

Adopt the latest Amazon SageMaker Python SDK versions to enhance security and integrity verification mechanisms for model artifacts, reducing the risk of unauthorized code execution and ensuring the reliability of machine learning deployments.

Deploy the updated versions of Amazon Q Developer and Kiro to enhance security posture and maintain compliance with evolving threat landscapes in AI-driven development environments.

Deploy the updated Amazon EFS CSI Driver version v3.0.1 to enhance the security of your Kubernetes clusters using Amazon EFS and mitigate the risk of mount option injection.

Deploy the updated Amazon EMR version 7.5 to incorporate the security fix for the Secret Agent component, enhancing the platform's security posture and protecting sensitive data from potential breaches.

Deploy the updated FreeRTOS-Plus-TCP version 4.3.4 across all affected applications to enhance security and maintain compliance with industry standards.

Integrate the updated Kiro CLI version 1.28.0 into your development workflows to enhance security and maintain compliance with the latest AWS security standards.

Integrate the updated runc version (1.3.2-2) into your container management systems to enhance security. Ensure that your platform configurations are aligned with the latest security patches to maintain a secure environment.

Adopt the patched Amazon Braket SDK version 1.117.0 and enforce strict S3 bucket policies to secure quantum computing job results processing and maintain data integrity.

Deploy the updated AWS Encryption SDK for Python to maintain secure encryption standards and prevent potential data integrity issues caused by the key commitment policy bypass.

Deploy the updated Amazon Q Developer Extension for Visual Studio Code to maintain secure development environments and ensure the integrity of the codebase.

Adopt the new AWS IoT Core log event types to integrate enhanced monitoring capabilities, reducing operational toil and improving the reliability of your IoT infrastructure.

Adopt the enhanced connectivity status API in AWS IoT Device Management to integrate detailed MQTT session data, improving device management and reducing operational toil through better visibility and troubleshooting capabilities.

Adopt the new AWS Config resource types to integrate enhanced monitoring and governance capabilities, improving overall platform management and compliance.

Adopt the new CDC iterator position feature in Amazon Keyspaces to simplify architecture, reduce operational toil, and enable more efficient data processing, resulting in time saved and cost reduction.

Adopt the 32-day lookback period feature in AWS Compute Optimizer to enhance cost and performance optimization for EBS volumes and ECS services, leading to measurable improvements in resource utilization and cost savings.

Deploy the latest Graph Explorer version 3.0.1 to enhance security and prevent potential data breaches due to improper HTTPS configuration.

Adopt Kubernetes version 1.36 on Amazon EKS to integrate advanced security features and operational capabilities into your platform, reducing toil and improving cluster management efficiency.

Adopt persistent storage for Service Managed Fleets in AWS Deadline Cloud to simplify architecture, reduce operational toil, and improve performance for compute-intensive workloads.

Adopt VIF Rate Limiters to provide better control over bandwidth allocation on Direct Connect, reducing the risk of network congestion and improving the overall stability of network traffic.

Adopt the new IAM-based authorization for Amazon S3 Tables and Iceberg materialized views to streamline permissions and enhance the integration capabilities of AWS Analytics services, resulting in reduced operational toil and improved efficiency.

Adopt the new 32vCPU task sizes to extend Amazon ECS’s capability to support high-performance computing use-cases, large-scale data processing, AI inference, and other compute-intensive workloads.

Adopt the cross-account and cross-role access capability in the AWS MCP Server to simplify multi-account management, reduce toil, and enhance the developer experience with AI coding agents.

Adopt the modernized OpenSearch UI in GovCloud regions to provide users with enhanced analytics capabilities, improved usability, and dedicated collaboration spaces.

Integrate the interactive shell capability into existing AI-driven development workflows to provide a more seamless and efficient developer experience, reducing the need for external tools and enhancing overall platform utility.

Integrate the new AWS Regions for Aurora PostgreSQL, Aurora DSQL, and DynamoDB serverless databases on Vercel into your platform architecture, simplifying the setup experience for developers and reducing operational toil.

Adopt the new EKS Capabilities integration with Amazon CloudWatch Vended Logs to provide enhanced monitoring and troubleshooting capabilities, leading to improved operational efficiency and reduced toil.

Adopt the redesigned Amazon Bedrock console to provide your teams with an optimized environment for building and scaling generative AI applications, leveraging the latest models and streamlined workflows to improve development efficiency and outcomes.

Adopt Amazon MQ for RabbitMQ in the AWS European Sovereign Cloud (Germany) Region to simplify architecture and reduce operational toil, leveraging managed message broker capabilities and high-performance instance types.

Adopt Amazon Cognito's multi-Region replication to integrate robust disaster recovery mechanisms into your authentication architecture, ensuring high availability and resilience across multiple AWS Regions.

Adopt the AgentCore integration in Step Functions to enable sophisticated AI-driven automation, reducing the need for custom code and manual processes, thereby lowering operational toil and improving workflow efficiency.

Adopt the conversation history feature in Amazon SageMaker Data Agent to simplify analytical workflows, reduce toil, and improve productivity for data teams.

Integrate the multi-turn reinforcement learning capability into your AI model training workflows to achieve higher task accuracy with lower-cost models, utilizing built-in MLflow tracking and evaluation metrics for optimized performance.

Adopt the new Db2 v12.1 support in Amazon RDS to enhance database service offerings, enabling the use of Db2 Community Edition for cost-effective development and testing environments.

Adopt the new ARC Region switch execution blocks to integrate automated database scaling and failover into your multi-Region application architecture, enhancing resilience and reducing operational toil.

Adopt GPT-5.4 on Amazon Bedrock in AWS GovCloud (US-West) to provide your teams with cutting-edge AI capabilities, enhancing productivity and ensuring compliance with government standards.

Adopt Amazon RDS for SQL Server BYOM to provide a managed database service that supports high availability, automated backups, and monitoring, while enabling customers to reuse their existing SQL Server licenses.

Adopt the new public transit and intermodal routing features to offer enhanced route calculation services, improving the platform's capability to support complex mobility and logistics applications.

Integrate ElastiCache durability into your architecture to support new use cases requiring both low latency and data persistence, improving application reliability and performance.

Adopt the CUR 2.0 integration with Athena and Redshift to simplify cost data architecture, reducing the need for custom data warehouse solutions and enabling faster, SQL-based querying of cost data stored in Amazon S3.

Integrate the new Nextflow v26.04 capabilities in AWS HealthOmics to enhance bioinformatics workflows, reducing operational toil and improving the readability and maintainability of workflows.

Adopt GPT-5.5 and Codex on Amazon Bedrock to provide your teams with advanced AI capabilities for software development, benefiting from isolated queues, automated capacity management, and existing AWS governance controls.

Adopt M8azn instances to integrate advanced compute capabilities into your architecture, reducing latency and improving performance for compute-intensive workloads.

Integrate the HyperPod troubleshooting skills into your AI/ML infrastructure to enhance diagnostic capabilities, automate cluster health validation, and provide actionable recommendations based on AWS best practices.

Integrate tenant-level suppression lists in Amazon SES to provide isolated email sending capabilities for multi-tenant applications, improving overall email deliverability and tenant management.

Adopt EFA-only network interfaces in Amazon SageMaker HyperPod to simplify architecture and reduce operational toil by optimizing inter-node communication and avoiding IP address exhaustion, leading to more efficient and scalable AI/ML cluster deployments.

Adopt M8i and M8i-flex instances to leverage enhanced performance and memory bandwidth, reducing operational toil and improving the overall platform efficiency for general-purpose workloads.

Integrate customer-managed keys into Amazon Quick Research to simplify architecture, reduce operational toil, and enhance security posture by allowing organizations to manage their own encryption keys.

You can use the new console experience on Amazon Bedrock to browse and compare the latest AI models side by side, organize work into projects with streamlined evaluation workflows, and access project-aware live documentation with auto-prefilled code snippets ready to copy and run.

Deploy monitoring solutions to detect IMDS traffic in on-premises environments and ensure that AWS tools are correctly configured to avoid interacting with unexpected IMDS endpoints.

Introduction Pinterest launched in 2009 with a mission to bring everyone the inspiration to create a life they love. As one of the early cloud pioneers, Pinterest grew to hundreds of thousands of resources and exabytes of data within a single AWS account well before most cloud-native organizations operated at that scale or the best […]

If you manage DNS across multiple AWS accounts with Amazon Route 53 Profiles, achieving least-privilege access for each team can be challenging. Without fine-grained permissions, one team might inadvertently modify another team’s resources leading to governance gaps, security risks, and slower adoption of centralized DNS management. The new fine-grained AWS Identity and Access Management (AWS […]

Integrate NVIDIA Nemotron 3 Ultra into your AI/ML architecture on Amazon SageMaker to utilize its advanced capabilities for sustained multi-step reasoning and orchestration of autonomous agents.

Reconstructing distributed denial of service (DDoS) attack traffic used to mean combining data from multiple sources after the fact. AWS Shield Advanced attack flow logs change that—they capture traffic metadata during attacks so you can pinpoint sources, verify mitigations, and feed your existing analysis pipelines. Shield publishes logs to Amazon Simple Storage Service (Amazon S3), […]

This post introduces Kiro for Life Sciences, a Kiro power package that transforms Kiro into a unified research interface spanning more than 100 databases across 24 scientific disciplines.

Many organizations maintain a backup strategy built on the assumption that the backups themselves are clean. Ransomware can sit dormant in your environment for weeks, spreading across production systems while nightly backup jobs preserve it alongside your data. By the time the threat is identified, those backups are no longer recovery points; they are artifacts […]

Amazon Cognito now offers multi-Region replication that automatically synchronizes user data, credentials, and pool configurations to a secondary AWS Region, enabling uninterrupted authentication during regional failovers without forced password resets—plus new support for customer managed KMS keys for encryption control.

This post is co-written with Danny Teller from Tipalti. Tipalti is a global payables automation platform processing billions of dollars annually for thousands of customers worldwide. The platform handles complex payment workflows requiring high availability, data integrity, and rapid scaling during peak processing periods. This blog post will show you how Tipalti modernized a legacy […]

Introduction Private connectivity from AgentCore Gateway to your targets reduces compliance scope and simplifies auditing making it a common requirement in regulated environments. Whether your targets run inside an Amazon Virtual Private Cloud (Amazon VPC), across AWS accounts, in other AWS Regions, on-premises, or in multicloud environments, you need connectivity patterns that keep traffic off the public […]

Discover how hybrid elasticity introduces a zero-migration data access model that decouples data residency from compute elasticity, enabling enterprises to transform existing data centers into dynamic hybrid data hubs with on-demand cloud scale without moving data.

Integrate durability for ElastiCache into your architecture to provide enhanced data protection and resilience, ensuring that critical applications can tolerate infrastructure failures without data loss.

In this post, we show you how Doczy.ai™ uses generative AI on AWS to automate contract intelligence at scale, transforming unstructured documents into structured, actionable insights, so organizations can automate critical business processes and unlock the full value of their data.

Today, we’re excited to announce the ability to reference a secret in AWS Secrets Manager for AgentCore Identity, so you can reference your own preconfigured secret from Secrets Manager and retain full control over how it is managed. With this ability, you can extend your organization’s existing secrets governance processes to AgentCore. You can provide an existing, preconfigured AWS Secrets Manager secret to use with your credential provider resources. You retain full control over its encryptio

Learn more about Captain, an agentic AI companion built by Bundesliga Media and embedded inside the official Bundesliga app.

Integrate Amazon Quick's VPC connectivity for MCP into your platform to provide secure access to private MCP servers, reducing the risk of exposing sensitive data and enhancing the capabilities of your AI-driven applications.

This post gives you a practical framework for turning project experience into organizational learning and shows how Amazon Web Services (AWS) AI services accelerate the process.

Adopt the multipart download feature in AWS Tools for PowerShell to integrate enhanced data transfer capabilities, reducing the complexity of managing large file downloads and improving overall platform performance and efficiency.

As previously announced, version 3 of the AWS SDK for .NET entered maintenance mode on March 1, 2026. In alignment with our SDKs and Tools Maintenance Policy, AWS SDK for .NET V3 has now reached end-of-support as of June 1, 2026.  Starting June 1, 2026, there are no plans for further updates or releases for V3, including security fixes. […]

Adopt the AWS IoT Device SDK for Swift to provide developers with a robust toolset for building and managing IoT applications, reducing development time and enhancing application performance.

Adopt the Rigetti Cepheus-1-108Q device to expand your quantum computing infrastructure, integrating its advanced features such as tunable couplers and intermodule couplers to enhance performance and reliability.

Integrate the findings from the Spring 2026 SOC reports into your architecture and compliance strategies to ensure your AWS-based solutions meet the highest security and regulatory standards.

OpenAI frontier models GPT-5.5 and GPT-5.4, and Codex, the OpenAI coding agent, are now generally available on Amazon Bedrock. Deploy frontier models on Bedrock's high performance inference engine with built-in security, governance, and pay-per-token pricing.

As previously announced, version 4 of the AWS Tools for PowerShell entered maintenance mode on March 1, 2026. In accordance with our SDKs and Tools Maintenance Policy, AWS Tools for PowerShell V4 has now reached end-of-support as of June 1, 2026.  Starting June 1, 2026, there are no plans for further updates or releases for V4, including security fixes. Previously published releases should continue […]