AWS
Amazon Web Services releases and Terraform AWS provider.
- AWS What's New securitygovernanceawsengineer ·
SageMaker Studio supports custom IAM permissions boundaries for SCP compliance
Amazon SageMaker Unified Studio now supports custom IAM permissions boundaries for roles provisioned during project creation. This allows organizations to enforce Service Control Policies (SCPs) requiring permissions boundaries, simplifying adoption without compromising security posture. Administrators can now set these boundaries at the blueprint level, ensuring all new projects automatically adhere to organizational security requirements.
feature - AWS What's New securityawsengineerretail ·
Amazon Inspector Enhances EC2 Agent-Based Scanning
Amazon Inspector has launched an improved agent-based EC2 scanning feature, the Inspector VM Scanner, which expands vulnerability detection coverage and reduces CPU utilization. This update benefits security teams by providing more comprehensive vulnerability findings across a wider range of software and applications on EC2 instances with minimal impact on production workloads. The new scanner replaces the previous engine, bringing agent-based scanning to parity with agentless coverage and is available at no additional cost.
feature patch - Google Cloud release notes securityawsazuregcpengineergovernment ·
Google SecOps updates supported default parsers
Google SecOps has updated its list of supported default parsers, adding new parsers and log types. These updates enhance security monitoring capabilities by integrating data from a wider range of security products. The changes will be reflected across regions within one to four days.
patch - AWS What's New securityobservabilityawsengineer ·
AWS Shield Advanced adds DDoS attack flow logs
AWS Shield Advanced now offers DDoS attack flow logs providing packet-level visibility into traffic during an attack. This feature enhances forensic analysis and compliance by publishing detailed log data to S3, CloudWatch Logs, or Data Firehose, enabling post-incident investigation for protected resources.
feature - AWS What's New securityobservabilityawsengineer ·
AWS Organizations now emits CloudTrail events for account membership changes
AWS Organizations now automatically emits CloudTrail events to your management account for account join and departure events. This enhances visibility for security teams and cloud administrators, enabling faster detection of unauthorized activities and facilitating security monitoring and incident investigation.
feature - AWS What's New securityawsengineermediagovernment ·
DynamoDB Streams Adds PrivateLink for FIPS Endpoints in GovCloud
Amazon DynamoDB Streams now supports AWS PrivateLink for Federal Information Processing Standard (FIPS) endpoints in AWS GovCloud (US) Regions. This enables government agencies with federal compliance requirements to establish private connectivity to DynamoDB Streams FIPS endpoints from their VPCs, enhancing security and simplifying network architecture for real-time data processing. Customers can now leverage DynamoDB Streams for compliant, secure data streaming applications while meeting federal security standards.
feature - AWS What's New securityawsgaengineer ·
AWS Backup adds OTP verification for logically air-gapped vaults
AWS Backup now requires one-time password (OTP) verification for Multi-party approval actions on logically air-gapped vaults, adding an extra security layer. Approvers must enter a code sent to their IAM Identity Center registered email to authorize protected vault operations. This feature is automatically applied to all existing and new Multi-party approval sessions for these vaults at no extra charge.
security patch - AWS What's New securitycomplianceawsengineer ·
Amazon Connect adds tag-based access control to agent login/logout report
Amazon Connect now supports tag-based access controls for the agent login/logout report. This allows administrators to grant granular access to agent login and logout information based on resource tags, aiding compliance and regulatory requirements. This feature is available in all AWS commercial and AWS GovCloud (US-West) regions.
feature - AWS What's New securityawsgaengineer ·
GuardDuty Malware Protection now scans S3 continuous backups
Amazon GuardDuty Malware Protection for AWS Backup now supports S3 continuous backups, allowing users to scan backups for malware and identify clean recovery points. This feature enables full or incremental scans within backup plans and on-demand scans, with a new API to query scan status at any point in time, providing enhanced safety for S3 data restoration.
feature - AWS What's New securityawsengineer ·
AWS Security Agent adds pentest finding verification scripts
AWS Security Agent now automatically generates verification scripts for penetration test findings, allowing security teams to reproduce and validate vulnerabilities. This new capability streamlines the triage process by automating the previously manual steps required for verification, accelerating remediation efforts.
feature - AWS What's New securityawssnowflakeengineer ·
AWS Secrets Manager supports Datadog and Snowflake external secrets
AWS Secrets Manager now supports managed external secrets for Datadog keys and Snowflake Programmatic Access Tokens. This feature automates the rotation of third-party credentials, enhancing security and operational efficiency for managing sensitive access keys. The update primarily impacts engineers and architects responsible for managing cloud credentials and secrets across multiple services.
feature - AWS What's New securityawssecurity-advisory ·
Amazon RDS Custom for SQL Server adds latest GDR updates
Amazon RDS Custom for SQL Server now supports the latest General Distribution Release (GDR) updates for SQL Server 2019 and 2022. These updates include critical security fixes for vulnerabilities CVE-2026-32167 and CVE-2026-32176. Affected users are encouraged to upgrade their instances via the AWS Management Console, SDK, or CLI to enhance security.
security patch - AWS What's New securityawsgaengineer ·
Amazon QuickSight supports customer-managed encryption keys
Amazon QuickSight now allows customers to encrypt their data using customer-managed keys (CMK) via AWS Key Management Service (KMS). This feature enhances security and compliance for organizations by giving them control over their encryption keys and offering detailed audit trails through CloudTrail. The new capability is now generally available in all AWS Regions where QuickSight is offered.
feature - AWS What's New securityobservabilityawsengineer ·
AWS Security Hub detects unused IAM permissions and credentials
AWS Security Hub now identifies unused IAM permissions, roles, and credentials across your organization, addressing identity risks at scale. This new capability consolidates identity risk findings with existing security posture information in a single console, enabling teams to prioritize remediation based on actual organizational risk. The feature, included with Security Hub Essentials, automatically creates an IAM Access Analyzer in each member account to evaluate access activity and suggest least-privilege policies.
feature - AWS What's New securityawsgaarchitect ·
AWS Security Hub Extended adds 21 partner solutions across 9 categories
AWS Security Hub Extended now integrates 21 curated partner solutions across nine security categories, including endpoint, identity, and AI security. This expansion offers customers greater flexibility to choose solutions matching their enterprise needs, with unified billing and pricing advantages. The new solutions emit findings in the OCSF schema, aggregating into Security Hub for comprehensive risk identification and response.
feature - AWS What's New securityawsengineer ·
Amazon Inspector Now Available in AWS Asia Pacific (Taipei) Region
Amazon Inspector, an automated vulnerability management service, is now available in the AWS Asia Pacific (Taipei) Region. This expansion extends its security scanning capabilities for EC2 instances, container images, and Lambda functions to customers in this region. It helps users discover workloads, assess vulnerabilities, and receive security findings automatically.
feature - AWS What's New securityinfraawsengineer ·
AWS Secrets Manager Agent Adds Pre-fetching and IAM Role Assumption
AWS Secrets Manager Agent now supports pre-fetching secrets at startup and assuming IAM roles for retrieval. Pre-fetching reduces application startup latency and optimizes costs by using the BatchGetSecretValue API, while IAM role assumption enables secure cross-account secret access. These features enhance security and reduce operational overhead for developers managing secrets.
feature - Azure Updates securityawsazuregaengineer ·
Azure Files SMB now supports Managed Identity authentication (GA)
Azure Files SMB now supports Managed Identities, allowing applications to authenticate using Entra-issued tokens instead of static credentials. This enhances security by aligning with Zero Trust principles and eliminates the need to manage account keys.
feature patch - Google Cloud release notes securityinfraawsgcpgapreviewsecurity-advisoryengineerenergy ·
GCP May 2026 Updates: Backup, KMS, Load Balancing, GKE, Spanner
Google Cloud has released several updates across its services, including backup and DR enhancements, general availability for Cloud KMS metrics, new variables for Application Load Balancers, and support for concurrent node pool upgrades in GKE. These changes aim to improve performance, security, and flexibility for various workloads, impacting engineers and architects managing cloud infrastructure.
feature patch security announcement - Google Cloud release notes aisecurityawsgcpgapreviewsecurity-advisoryengineer ·
Google Cloud updates: BigQuery, Cloud Workstations, COS, Gemini
Google Cloud's latest updates include a billing label change for BigQuery Data Transfer Service, enhanced workstation authorization URLs in Cloud Workstations, and an LTS refresh for Container Optimized OS with numerous security fixes. Gemini Enterprise sees GA for its Box data store integration and an Early Access program for the Gemini Distillation Service is launching. These changes affect BigQuery users, Cloud Workstations administrators, COS users, and those leveraging Gemini Enterprise.
patch security feature announcement