Amazon Athena now offers an auto-scaling solution for Capacity Reservations that dynamically adjusts your reserved capacity based on workload demand. The solution uses AWS Step Functions to monitor utilization metrics and scale your Data Processing Units (DPUs) up or down according to the thresholds and limits you configure, helping you optimize costs while maintaining query performance and eliminating the need for manual capacity adjustments. You can customize scaling behavior by setting utilization thresholds, measurement frequency, and capacity limits to match your workload needs. The solution uses Step Functions to add or remove DPUs to any active Capacity Reservation based on capacity utilization metrics in Amazon CloudWatch. Capacity automatically scales up when utilization exceeds your high threshold and scales down when it falls below your low threshold - all while adhering to your defined limits. You can further customize the solution by modifying the Amazon CloudFormation template to fit your specific requirements. The auto-scaling solution for Athena Capacity Reservations is available in AWS Regions where Capacity Reservations is supported. To get started, see Automatically adjust capacity in the Athena user guide.

AWS CloudFormation StackSets offers deployment ordering for auto-deployment mode, enabling you to define the sequence in which your stack instances automatically deploy across accounts and regions. This capability allows you to coordinate complex multi-stack deployments where foundational infrastructure must be provisioned before dependent application components. Organizations managing large-scale deployments can now ensure proper deployment ordering without manual intervention. When creating or updating a CloudFormation StackSet, you can specify up to 10 dependencies per stack instances using the new DependsOn parameter in the AutoDeployment configuration, allowing StackSets to automatically orchestrate deployments based on your defined relationships. For example, you can make sure that your networking and security stack instance complete deployment before your application stack instances begin, preventing deployment failures due to missing dependencies. StackSets includes built-in cycle detection to prevent circular dependencies and provides error messages to help resolve configuration issues. This feature is available in all AWS Regions where CloudFormation StackSets is available at no additional cost. Get started by creating or updating your StackSets auto-deployement option through the CLI, SDK or the CloudFormation Console to define dependencies using stack instances ARNs. To learn more about StackSets deployment ordering, check out the detailed feature walkthrough on the AWS DevOps Blog or visit the AWS CloudFormation User Guide.

Amazon Athena now gives you control over Data Processing Unit (DPU) usage for queries running on Capacity Reservations. You can now configure DPU settings at the workgroup or query level to balance cost efficiency, concurrency, and query-level performance needs. Capacity Reservations provides dedicated serverless processing capacity for your Athena queries. Capacity is measured in DPUs, and queries consume DPUs based on their complexity. Now you can set explicit DPU values for each query—ensuring small queries use only what they need while guaranteeing critical queries get sufficient resources for fast execution. The Athena console and API now return per-query DPU usage, helping you understand DPU usage and determine your capacity needs. These updates help you control per-query capacity usage, control query concurrency, reduce costs by eliminating over-provisioning, and deliver consistent performance for business-critical workloads. Cost and performance controls are available today in AWS Regions where Capacity Reservations is supported. To learn more, see Control capacity usage in the Athena user guide.

Amazon Quick Sight has expanded customization capabilities to include tables and pivot tables in dashboards. This update enables readers to personalize their data views by sorting, reordering, hiding/showing, and freezing columns—all without requiring updates from dashboard authors. These capabilities are especially valuable for teams that need to tailor dashboard views for different analytical needs and collaborate across departments. For example, sales managers can quickly sort by revenue to identify top performers, while finance teams can freeze account columns to maintain context in large datasets. These new customization features are now available in Amazon Quick Sight Enterprise Edition across all supported Amazon Quick Sight regions. Learn how to get started with these new customization features in our blog post.

Amazon Connect now enables you to optimize scheduling based on agent’s multiple specialized skills. You can now maximize agent utilization across multiple dimensions such as departments, languages, and customer tiers by intelligently matching agents with multiple skills to forecasted demand. You can now also preserve multi-skilled agents for high-value interactions when needed most. For example, bilingual agents can now be strategically scheduled to cover peak periods for high-value French language queues that frequently experience staffing shortages, while handling general inquiries during off-peak times. This feature is available in all AWS Regions where Amazon Connect agent scheduling is available. To learn more about multi skill agent scheduling, visit the blog and admin guide.

AWS Transfer Family web apps now supports Virtual Private Cloud (VPC) endpoints, enabling private access to your web app at no additional charge. This allows your users to securely access and manage files in Amazon S3 through a web browser while maintaining all traffic within your VPC. Transfer Family web apps provide a simple and secure web interface for accessing your data in Amazon S3. With this launch, your workforce users can connect through your VPC directly, AWS Direct Connect, or VPN connections. This enables you to support internal use cases requiring strict security controls, such as regulated document workflows and sensitive data sharing, while leveraging the security controls and network configurations already defined in your VPC. You can manage access using security groups based on source IP addresses, implement subnet-level filtering through NACLs, and ensure all file transfers remain within your private network boundary, maintaining full visibility and control over all network traffic. VPC endpoints for web apps are available in select AWS Regions at no additional charge. To get started, visit the AWS Transfer Family console, or use AWS CLI/SDK. To learn more, visit the Transfer Family User Guide.

The AWS Transfer Family Terraform module now supports deploying Transfer Family endpoints with a custom identity provider (IdP) for authentication and access control. This allows you to automate and streamline the deployment of Transfer Family servers integrated with your existing identity providers. AWS Transfer Family provides fully-managed file transfers over SFTP, AS2, FTPS, FTP, and web browser-based interfaces for AWS storage services. Using this new module, you can now use Terraform to provision Transfer Family server resources using your custom authentication systems, eliminating manual configurations and enabling repeatable deployments that scale with your business needs. The module is built on the open source Custom IdP solution which provides standardized integration with widely-used identity providers and includes built-in security controls such as multi-factor authentication, audit logging, and per-user IP allowlisting. To help you get started, the Terraform module includes an end-to-end example using Amazon Cognito user pools.  Customers can get started by using the new module from the Terraform Registry. To learn more about the Transfer Family Custom IdP solution, visit the user guide. To see all the regions where Transfer Family is available, visit the AWS Region table.

Today, AWS Organizations announces support for upgrade rollout policy, a new capability that helps customers stagger automatic upgrades across their Amazon Aurora (MySQL-Compatible Edition and PostgreSQL-Compatible Edition) and Amazon Relational Database Service (Amazon RDS) including RDS for MySQL, RDS for PostgreSQL, RDS for MariaDB, RDS for SQL Server, RDS for Oracle, and RDS for Db2 databases. This capability eliminates the operational overhead of coordinating automatic minor version upgrades either manually or through custom tools across hundreds of resources and accounts, while giving customers peace of mind by ensuring upgrades are first tested in less critical environments before being rolled out to production. With upgrade rollout policy, you can define upgrade sequences using simple orders (first, second, last) applied through account-level policies or resource tags. When new minor versions become eligible for automatic upgrade, the policy ensures upgrades start with development environments, allowing you to validate changes before proceeding to more critical environments. AWS Health notifications between phases and built-in validation periods help you monitor progress and ensure stability throughout the upgrade process. You can also disable automatic progression at any time if issues are detected, giving you complete control over the upgrade journey. This feature is available in all AWS commercial Regions and AWS GovCloud (US) Regions, supporting automatic minor version upgrades for Amazon Aurora and Amazon RDS database engines. You can manage upgrade policies using the AWS Management Console, AWS CLI, AWS SDKs, AWS CloudFormation, or AWS CDK. For Amazon RDS for Oracle, the upgrade rollout policy supports automatic minor version upgrades for engine versions released after January 2026. To learn more about automatic minor version upgrades, see the Amazon RDS and Aurora user guide. For more information about upgrade rollout policy, see Managing organization policies with AWS Organizations (Upgrade rollout policy).

Amazon EMR Serverless now supports Apache Spark 4.0.1 (preview). With Spark 4.0.1, you can build and maintain data pipelines more easily with ANSI SQL and VARIANT data types, strengthen compliance and governance frameworks with Apache Iceberg v3 table format, and deploy new real-time applications faster with enhanced streaming capabilities. This enables your teams to reduce technical debt and iterate more quickly, while ensuring data accuracy and consistency. With Spark 4.0.1, you can build data pipelines with standard ANSI SQL, making it accessible to a larger set of users who don't know programming languages like Python or Scala. Spark 4.0.1 natively supports JSON and semi-structured data through VARIANT data types, providing flexibility for handling diverse data formats. You can strengthen compliance and governance through Apache Iceberg v3 table format, which provides transaction guarantees and tracks how your data changes over time, creating the audit trails you need for regulatory requirements. You can deploy real-time applications faster with improved streaming controls that let you manage complex stateful operations and monitor streaming jobs more easily. With this capability, you can support use cases like fraud detection and real-time personalization. Apache Spark 4.0.1 is available in preview in all regions where EMR Serverless is available, excluding China and AWS GovCloud (US) regions. To learn more about Apache Spark 4.0.1 on Amazon EMR, visit the Amazon EMR Serverless release notes, or get started by creating an EMR application with Spark 4.0.1 from the AWS Management Console.

Starting today, Amazon Route 53 supports dual stack for the Route 53 DNS service API endpoint at route53.global.api.aws, enabling you to connect from Internet Protocol Version 6 (IPv6), Internet Protocol Version 4 (IPv4), or dual stack clients. The existing Route 53 DNS service IPv4 API endpoint will remain available for backwards compatibility. Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service that allows customers to register a domain, setup DNS records corresponding to your infrastructure, perform global traffic routing using Traffic Flow, and use Route 53 health checks to monitor the health and performance of your applications and resources. Due to the continued growth of the internet, IPv4 address space is being exhausted and customers are transitioning to IPv6 addresses. Now, clients can connect via IPv6 to the Route 53 DNS service API endpoint, enabling organizations to meet compliance requirements and removing the added complexity of IP address translation between IPv4 and IPv6. Support for IPv6 on the Route 53 DNS service API endpoint is available in all Commercial Regions and available at no additional cost. You can get started with this feature through the AWS CLI or AWS Management Console. To learn more about which Route 53 features are accessible via the route53.amazon.aws service endpoint, visit this page and to learn more about the Route 53 DNS service, visit our documentation.

Today, we are introducing automation rules, a new feature in AWS Compute Optimizer that enables you to optimize Amazon Elastic Block Store (EBS) volumes at scale. With automation rules, you can streamline the process of cleaning up unattached EBS volumes and upgrading volumes to the latest-generation volume types, saving cost and improving performance across your cloud infrastructure. Automation rules let you automatically apply optimization recommendations on a recurring schedule when they match your criteria. You can set criteria like AWS Region to target specific geographies and Resource Tags to distinguish between production and development workloads. Configure rules to run daily, weekly, or monthly, and AWS Compute Optimizer will continuously evaluate new recommendations against your criteria. A new dashboard allows you to summarize automation events over time, examine detailed step history, and estimate savings achieved. If you need to reverse an action, you can do so directly from the same dashboard. AWS Compute Optimizer automation rules are available in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), and South America (São Paulo). To get started, navigate to the new Automation section in the AWS Compute Optimizer console, visit the AWS Compute Optimizer user guide documentation, or read the announcement blog to learn more.

AWS announces Lambda’s Kafka event source mapping (ESM) integration in the Amazon MSK Console, streamlining the process of connecting MSK topics to Lambda functions. This capability allows you to simply provide your topic and target function in the MSK Console while the integration handles ESM configuration automatically, enabling you to trigger Lambda functions from MSK topics without switching consoles. Customers use MSK as an event source for Lambda functions to build responsive event-driven Kafka applications. Previously, configuring MSK as an event source required navigating between MSK and Lambda consoles to provide parameters like cluster details, authentication method, and network configuration. The new integrated experience brings Lambda ESM configuration directly into the MSK Console with a simplified interface requiring only target function and topic name as mandatory fields. The integration handles ESM creation with optimized defaults for authentication and event polling configurations, and can automatically generate the required Lambda execution role permissions for MSK cluster access. To optimize latency and throughput, and to remove the need for networking setup, the integration uses Provisioned Mode for ESM as the recommended default. These improvements streamline MSK integration with Lambda and reduce configuration errors, enabling you to quickly get started with your MSK and Lambda applications. This feature is generally available in all AWS Commercial Regions where both Amazon MSK and AWS Lambda are available, except Asia Pacific (Thailand), Asia Pacific (Malaysia), Israel (Tel Aviv), Asia Pacific (Taipei), and Canada West (Calgary). You can configure Lambda’s Kafka event source mapping from the MSK Console by navigating to your MSK cluster and providing the topic, Lambda function, and optional fields under the Lambda integration tab. Standard Lambda pricing and MSK pricing applies. To learn more, read Lambda developer guide and MSK developer guide.

Today, Amazon Elastic Kubernetes Service (EKS) introduced Provisioned Control Plane, a new feature that gives you the ability to select your cluster's control plane capacity to ensure predictable, high performance for the most demanding workloads. With Provisioned Control Plane, you can pre-provision the desired control plane capacity from a set of well-defined scaling tiers, ensuring the control plane is always ready to handle traffic spikes or unpredictable bursts. These new scaling tiers unlock significantly higher cluster performance and scalability, allowing you to run ultra-scale workloads in a single cluster. Provisioned Control Plane ensures your cluster's control plane is ready to support workloads that require minimal latency and high performance during anticipated high-demand events like product launches, holiday sales, or major sporting and entertainment events. It also ensures consistent control plane performance across development, staging, production, and disaster recovery environments, so the behavior you observe during testing accurately reflects what you'll experience in production or during failover events. Finally, it enables you to run massive-scale workloads such as AI training/inference, high-performance computing, or large-scale data processing jobs that require thousands of worker nodes in a single cluster. To get started with Amazon EKS Provisioned Control Plane, use the EKS APIs, AWS Console, or infrastructure as code tooling to enable it in a new or existing EKS cluster. To learn more about EKS Provisioned Control Plane , visit the EKS Provisioned Control plane documentation and EKS pricing page.

Amazon EMR 7.12 is now available featuring the new Apache Iceberg v3 table format with Apache Iceberg 1.10. This release enables you to reduce costs when deleting data, strengthen governance and compliance through better tracking for row level changes, and enhance data security with more granular data access control. With Iceberg v3, you can delete data cost-effectively because Iceberg v3 marks deleted rows without rewriting entire files - speeding up your data pipelines while reducing storage costs. You get better governance and compliance capabilities through automatic tracking of every row’s creation and modification history, creating the audit trails needed for regulatory requirements and change data capture. You can enhance data security with table-level encryption, helping you meet privacy regulations for your most sensitive data. With Apache Spark 3.5.6 included in this release, you can leverage these Iceberg 1.10 capabilities for building robust data lakehouse architectures on Amazon S3. This release also includes support for data governance operations across your Iceberg tables using AWS Lake Formation. In addition, this release also includes Apache Trino 476. Amazon EMR 7.12 is available in all AWS Regions that support Amazon EMR. To learn more about Amazon EMR 7.12 release, visit the Amazon EMR 7.12 release documentation.

Today, AWS Payments Cryptography announces support for hybrid post-quantum (PQ) TLS to secure API calls. With this launch, customers can future-proof transmissions of sensitive data and commands using ML-KEM post-quantum cryptography. Enterprises operating highly regulated workloads wish to reduce post-quantum risks from “harvest now, decrypt later”. Long-lived data-in-transit can be recorded today, then decrypted in the future when a sufficiently capable quantum computer becomes available. With today’s launch, AWS Payment Cryptography joins data protection services such as AWS Key Management Service (KMS) in addressing this concern by supporting PQ-TLS. To get started, simply ensure that your application depends on a version of AWS SDK or browser that supports PQ-TLS. For detailed guidance by language and platform, visit the PQ-TLS enablement documentation. Customers can also validate that ML-KEM was used to secure the TLS session for an API call by reviewing tlsDetails for the corresponding CloudTrail event in the console or a configured CloudTrail trail. These capabilities are generally available in all AWS Regions at no added cost. To get started with PQ-TLS and Payment Cyptography, see our post-quantum TLS guide. For more information about PQC at AWS, please see PQC shared responsibility.

Today, Amazon Elastic Kubernetes Service (EKS) and Amazon Elastic Container Service (ECS) announced fully managed MCP servers enabling AI powered experiences for development and operations in preview. MCP (Model Context Protocol) provides a standardized interface that enriches AI applications with real-time, contextual knowledge of EKS and ECS clusters, enabling more accurate and tailored guidance throughout the application lifecycle, from development through operations. With this launch, EKS and ECS now offer fully managed MCP servers hosted in the AWS cloud, eliminating the need for local installation and maintenance. The fully managed MCP servers provide enterprise-grade capabilities like automatic updates and patching, centralized security through AWS IAM integration, comprehensive audit logging via AWS CloudTrail, and the proven scalability, reliability, and support of AWS. The fully managed Amazon EKS and ECS MCP servers enable developers to easily configure AI coding assistants like Kiro CLI, Cursor, or Cline for guided development workflows, optimized code generation, and context-aware debugging. Operators gain access to a knowledge base of best practices and troubleshooting guidance derived from extensive operational experience managing clusters at scale. To learn more about the Amazon EKS MCP server preview, visit EKS MCP server documentation and launch blog post. To learn more about the Amazon ECS MCP server preview, visit ECS MCP server documentation and launch blog post.

Amazon Elastic Container Service (Amazon ECS) Managed Instances is now available in the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. ECS Managed Instances is a fully managed compute option designed to eliminate infrastructure management overhead while giving you access to the full capabilities of Amazon EC2. By offloading infrastructure operations to AWS, you get the application performance you want and the simplicity you need while reducing your total cost of ownership. Managed Instances dynamically scales EC2 instances to match your workload requirements and continuously optimizes task placement to reduce infrastructure costs. It also enhances your security posture through regular security patching initiated every 14 days. You can simply define your task requirements such as the number of vCPUs, memory size, and CPU architecture, and Amazon ECS automatically provisions, configures and operates most optimal EC2 instances within your AWS account using AWS-controlled access. You can also specify desired instance types in Managed Instances Capacity Provider configuration, including GPU-accelerated, network-optimized, and burstable performance, to run your workloads on the instance families you prefer. To get started with ECS Managed Instances, use the AWS Console, Amazon ECS MCP Server, or your favorite infrastructure-as-code tooling to enable it in a new or existing Amazon ECS cluster. You will be charged for the management of compute provisioned, in addition to your regular Amazon EC2 costs. To learn more about ECS Managed Instances, visit the feature page, documentation, and AWS News launch blog.

Amazon Relational Database Service (Amazon RDS) for Oracle now offers Oracle Database Standard Edition 2 (SE2) License Included R7i and M7i instances in Asia Pacific (Taipei) region. With Amazon RDS for Oracle SE2 License Included instances, you do not need to purchase Oracle Database licenses. You simply launch Amazon RDS for Oracle instances through the AWS Management Console, AWS CLI, or AWS SDKs, and there are no separate license or support charges. Review the AWS blog Rethink Oracle Standard Edition Two on Amazon RDS for Oracle to explore how you can lower cost and simplify operations by using Amazon RDS Oracle SE2 License Included instances for your Oracle databases. To learn more about pricing and regional availability, see Amazon RDS for Oracle pricing.

Amazon CloudWatch Container Insights now supports Neuron UltraServers on Amazon EKS, providing enhanced observability for customers running large-scale, high-performance machine learning workloads on multi-instance nodes. This new capability enables data scientists and ML engineers to efficiently monitor and troubleshoot their containerized ML applications, offering aggregated metrics and simplified management across Neuron UltraServer groups. Neuron UltraServers combine multiple EC2 instances into a single logical server unit, optimized for machine learning workloads using AWS Trainium and Inferentia accelerators. Container Insights, a monitoring and diagnostics feature in Amazon CloudWatch, automatically collects metrics from containerized applications. With this launch, Container Insights introduces a new filter specifically for UltraServers in EKS environments. You can now select an UltraServer ID to view new aggregate metrics across all instances within that server, replacing the need to monitor individual instances separately. In addition to per-instance metrics, you can now view consolidated performance data for the entire UltraServer group, streamlining the monitoring of ML workloads running on AWS Neuron. Amazon CloudWatch Container Insights is available in all commercial AWS Regions, and the AWS GovCloud (US). To get started, see AWS Neuron metrics for AWS Trainium and AWS Inferentia in the Amazon CloudWatch User Guide

AWS Lambda announces new capabilities for Provisioned mode for Kafka event source mappings (ESMs) that allow you to group your Kafka ESMs and support higher density of event pollers, enabling you to optimize costs up to 90% for your Kafka ESMs. With these cost optimization capabilities, you can now use Provisioned mode for all your Kafka workloads, including those with lower throughput requirements, while benefiting from features like throughput controls, schema validation, filtering of Avro/Protobuf events, low-latency invocations, and enhanced error handling. Customers use Provisioned mode for Kafka ESM to fine-tune the throughput of the ESM by provisioning and auto-scaling polling resources called event pollers. Charges are calculated using a billing unit called Event Poller Unit (EPU). Each EPU supports up to 20 MB/s of throughput capacity, and a default of 4 event pollers per EPU. With this launch, each EPU automatically supports a default of 10 event pollers for low-throughput use cases, improving utilization of your EPU capacity. Additionally, you can now group multiple Kafka ESMs within the same Amazon VPC to share EPU capacity by configuring the new PollerGroupName parameter. With these enhancements, you can reduce your EPU costs up to 90% for your low throughput workloads. These optimizations enable you to maintain the performance benefits of Provisioned mode while significantly reducing costs for applications with varying throughput requirements. This feature is available in all AWS Commercial Regions where AWS Lambda’s Provisioned mode for Kafka ESM is available. Starting today, existing Provisioned mode for Kafka ESMs will automatically benefit from improved packing of low-throughput event pollers. You can implement ESM grouping through the Lambda ESM API, AWS Console, CLI, SDK, CloudFormation, and SAM by configuring the PollerGroupName parameter along with minimum and maximum event poller settings. For more information about these new capabilities and pricing details, visit the Lambda ESM documentation and AWS Lambda pricing.

Today, AWS announces Amazon Elastic Container Service (Amazon ECS) Express Mode, a new feature that empowers developers to rapidly launch containerized applications, including web applications and APIs. ECS Express Mode makes it easy to orchestrate and manage the cloud architecture for your application, while maintaining full control over your infrastructure resources. Amazon ECS Express Mode streamlines the deployment and management of containerized applications on AWS, allowing developers to focus on delivering business value through their containerized applications. Every Express Mode service automatically receives an AWS-provided domain name, making your application immediately accessible without additional configuration. Applications using ECS Express Mode incorporate AWS operational best practices, serve either public or private HTTPS requests, and scale in response to traffic patterns. Traffic is distributed through Application Load Balancer (ALB)s, and automatically consolidates up to 25 Express Mode services behind a single ALB when appropriate. ECS Express uses intelligent rule-based routing to maintain isolation between services while efficiently utilizing the ALB resource. All resources provisioned by ECS Express Mode remain fully accessible in your account, ensuring you never sacrifice control or flexibility. As your application requirements evolve, you can directly access and modify any infrastructure resource, leveraging the complete feature set of Amazon ECS and related services without disruption to your running applications. To get started just provide your container image, and ECS Express Mode handles the rest by deploying your application in Amazon ECS and auto-generating a URL. Amazon ECS Express Mode is available now in all AWS Regions at no additional charge. You pay only for the AWS resources created to run your application. To deploy a new ECS Express Mode service, use the Amazon ECS Console, SDK, CLI, CloudFormation, CDK and Terraform. For more information, see the AWS News blog, or the documentation.

AWS Device Farm enables mobile and web developers to test their apps using real mobile devices and desktop browsers. Starting today, you can connect to a fully managed Appium endpoint using only a few lines of code and run interactive tests on multiple physical devices directly from your IDE or local machine. This feature also seamlessly works with third-party tools such as Appium Inspector — both hosted and local versions — for all actions including element inspection. Support for live video and log streaming enables you to get faster test feedback within your local workflow. It complements our existing server-side execution which gives you the scale and control to run secure enterprise-grade workloads. Taken together, Device Farm now offers you the ability to author, inspect, debug, test, and release mobile apps faster, whether from your IDE, AWS Console, or other environments. To learn more, see Appium Testing in AWS Device Farm Developer Guide.

Amazon ECR now supports managed container image signing to enhance your security posture and eliminate the operational overhead of setting up signing. Container image signing allows you to verify that images are from trusted sources. With managed signing, ECR simplifies setting up container image signing to just a few clicks in the ECR Console or a single API call. To get started, create a signing rule with an AWS Signer signing profile that specifies parameters such as signature validity period, and which repositories ECR should sign images for. Once configured, ECR automatically signs images as they are pushed using the identity of the entity pushing the image. ECR leverages AWS Signer for signing operations, which handles key material and certificate lifecycle management including generation, secure storage, and rotation. All signing operations are logged through CloudTrail for full auditability. ECR managed signing is available in all AWS Regions where AWS Signer is available. To learn more, visit the documentation.

AWS Cost Anomaly Detection now features an improved detection algorithm that enables faster identification of unusual spending patterns. The enhanced algorithm analyzes your AWS spend using rolling 24-hour windows, comparing current costs against equivalent time periods from previous days each time AWS receives updated cost and usage data. The enhanced algorithm addresses two common challenges in cost pattern analysis. First, it removes the delay in anomaly detection caused by comparing incomplete calendar-day costs against historical daily totals. The rolling window always compares full 24-hour periods, enabling faster identification of unusual patterns. Second, it provides more accurate comparisons by evaluating costs against similar times of day, accounting for workloads that have different morning and evening usage patterns. These improvements help reduce false positives while enabling faster, more accurate anomaly detection. This enhancement to AWS Cost Anomaly Detection is available in all AWS Regions, except the AWS GovCloud (US) Regions and the China Regions. To learn more about this new feature, AWS Cost Anomaly Detection, and how to reduce your risk of spend surprises, visit the AWS Cost Anomaly Detection product page and getting started guide.

AWS Application Load Balancers (ALB) now supports Health Check Logs that allows you to send detailed target health check log data directly to your designated Amazon S3 bucket. This optional feature captures comprehensive target health check status, timestamp, target identification data, and failure reasons. Health Check Logs provide complete visibility into target health status with precise failure diagnostics, enabling faster troubleshooting without contacting AWS Support. You can analyze target’s health patterns over time, determine exactly why instances were marked unhealthy, and significantly reduce mean time to resolution for target health investigations. Logs are automatically delivered to your S3 bucket every 5 minutes with no additional charges beyond standard S3 storage costs. This feature is available in all AWS Commercial Regions, AWS GovCloud (US) Regions and AWS China Regions where Application Load Balancer is offered. You can enable Health Check Logs through the AWS Management Console, AWS CLI, or programmatically using the AWS SDK. Learn more about Health Check Logs for ALBs in the AWS documentation.