AWS Updates Feed

← トップに戻る

AWS Updates - 2026-03-12

AWS What's New

Amazon WorkSpaces now supports Microsoft Windows Server 2025

AWS announces availability of new bundles powered by Microsoft Windows Server 2025, offered for Amazon WorkSpaces Personal and Amazon WorkSpaces Core. With these bundles, customers can launch Windows Server 2025 WorkSpaces and take advantage of the latest Windows server operating systems features. Customers can run applications such as eligible Microsoft 365 Apps for enterprise that require newer Windows versions.

While Windows Server 2016, 2019, and 2022 powered WorkSpaces bundles remain available, the Windows Server 2025 option brings enhanced security and modern capabilities such as Trusted Platform Module 2.0 (TPM 2.0), Unified Extensible Firmware Interface (UEFI) Secure Boot, Secured-core server, Credential Guard and Hypervisor-protected Code Integrity (HVCI) and DNS-over-HTTPS.

You can get started using the managed Windows Server 2025 WorkSpaces bundles or create your own custom bundle and image tailored to your requirements. For more information on Amazon WorkSpaces’ new Windows Server Bundles, visit Amazon WorkSpaces FAQs. The new WorkSpaces Windows Server 2025 support is available in all AWS Regions where Amazon WorkSpaces is available. For pricing information, visit Amazon WorkSpaces pricing page.

AWS Elastic Beanstalk launches Deployments tab with in-progress deployment logs

AWS Elastic Beanstalk now provides a Deployments tab in the environment dashboard, giving customers a consolidated view of their deployment history and real-time deployment progress with step-by-step deployment logs. Previously, customers had to wait until a deployment completed before retrieving logs, and then correlate events across multiple sources to understand what happened. With this launch, customers can view deployment status, events, and detailed logs in a single interface directly from the Elastic Beanstalk console, even while a deployment is still in progress.

The Deployments tab displays a history of recent deployments for an environment, including application deployments, configuration updates, and environment launches. Each deployment includes a detailed view with deployment events and a new consolidated log that captures each step of the deployment process, including dependency installation, application builds, .ebextensions, platform hooks, and application startup output.

This feature is supported across all Elastic Beanstalk Linux-based platform branches. It is available in all AWS Commercial Regions and AWS GovCloud (US) Regions where Elastic Beanstalk is available. For a complete list of supported Regions, see AWS Regions.

To learn more, see the AWS Elastic Beanstalk Developer Guide. For additional information, visit the AWS Elastic Beanstalk product page.

Amazon EC2 M8i and M8i-flex instances are now available in additional AWS Regions

Starting today, Amazon EC2 M8i and M8i-flex instances are now available in Europe (Ireland) and Europe (London) Regions. These instances are powered by custom Intel Xeon 6 processors, available only on AWS, delivering the highest performance and fastest memory bandwidth among comparable Intel processors in the cloud. The M8i and M8i-flex instances offer up to 15% better price-performance, and 2.5x more memory bandwidth compared to previous generation Intel-based instances. They deliver up to 20% better performance than M7i and M7i-flex instances, with even higher gains for specific workloads. The M8i and M8i-flex instances are up to 30% faster for PostgreSQL databases, up to 60% faster for NGINX web applications, and up to 40% faster for AI deep learning recommendation models compared to M7i and M7i-flex instances.

M8i-flex are the easiest way to get price performance benefits for a majority of general-purpose workloads like web and application servers, microservices, small and medium data stores, virtual desktops, and enterprise applications. They offer the most common sizes, from large to 16xlarge, and are a great first choice for applications that don't fully utilize all compute resources.

M8i instances are a great choice for all general purpose workloads, especially for workloads that need the largest instance sizes or continuous high CPU usage. The SAP-certified M8i instances offer 13 sizes including 2 bare metal sizes and the new 96xlarge size for the largest applications.

To get started, sign in to the AWS Management Console. For more information about the new instances, visit the M8i and M8i-flex instance page or visit the AWS News blog.

AWS Backup adds logically air-gapped vault support for Amazon EKS

AWS Backup logically air-gapped vault now supports Amazon EKS. Logically air-gapped vaults are a type of AWS Backup vault that allows secure sharing of backups across accounts and AWS Organizations, supporting direct restore to reduce recovery time from a data loss event.

You can now protect your Amazon EKS clusters in logically air-gapped vaults. A logically air-gapped vault stores immutable backup copies that are locked by default, and isolated with encryption using AWS owned keys or customer-managed keys. You can store your Amazon EKS backups in a logically air gapped vault either the same account or across other accounts and Regions. This helps reduce the risk of downtime, ensure business continuity, and meet compliance and disaster recovery requirements.

You can get started using the AWS Backup console, API, or CLI. Target Amazon EKS backups to a logically air-gapped vault by specifying it as the primary target or copy destination in your backup plan. Share the vault for recovery using AWS Resource Access Manager (RAM) or access it via Multi-party approval. Once available, you can initiate direct restore jobs from that account, eliminating the overhead of copying backups first.

AWS Backup logically air-gapped vault support for Amazon EKS is available in 24 AWS Regions. For more information and detailed regional availability, visit the AWS Backup documentation.

AWS Private CA Connector for SCEP now supports AWS PrivateLink

AWS Private CA Connector for SCEP now supports AWS PrivateLink, allowing your clients to request certificates from within your Amazon Virtual Private Cloud (VPC) without traversing the public internet. With this launch, you can create VPC endpoints to connect to your SCEP connector privately, keeping all traffic within the AWS network.

AWS Private CA Connector for SCEP is a managed connector that enables you to use the Simple Certificate Enrollment Protocol (SCEP) to issue certificates from AWS Private Certificate Authority (CA). SCEP is widely used for automated certificate enrollment and renewal for mobile devices, network equipment, and IoT devices. AWS PrivateLink support simplifies network connectivity by eliminating the need for internet gateways, NAT devices, or VPN connections to access your SCEP connector endpoints, while helping you meet compliance requirements that mandate private connectivity for certificate management.

AWS PrivateLink support for AWS Private CA Connector for SCEP is available in all AWS Regions where the connector is available. For more information about Regional availability, see the AWS Region Table.

To learn more and get started, visit the AWS Private CA Connector for SCEP documentation. For more information, please refer to the AWS PrivateLink documentation.

AWS Glue zero-ETL integrations with Amazon DynamoDB as the source support new configurations

AWS Glue zero-ETL now supports configurable change data capture (CDC) refresh intervals and on-demand data ingestion for integrations with Amazon DynamoDB as the source. This enhancement can help you to customize how frequently data changes are captured from your Amazon DynamoDB tables, with refresh intervals ranging from 15 minutes to 6 days, and trigger immediate data ingestion when needed. These capabilities bring zero-ETL integrations from Amazon DynamoDB sources to feature parity with zero-ETL integrations from SaaS sources, like Salesforce, SAP, and ServiceNow, ensuring consistent functionality across different source types.

With configurable CDC refresh intervals, you can optimize your data pipeline performance by adjusting the frequency of change capture to match your specific business requirements—whether you need near real-time updates every 15 minutes or can work with longer intervals up to 6 days to reduce costs. The on-demand ingestion capability allows you to immediately capture critical data changes without waiting for the next scheduled CDC interval. This functionality is ideal for scenarios that require data to be immediately available for analytics, reporting, or downstream applications and helps strike a balance between data freshness requirements and operational efficiency.

These features are available today in all AWS regions where AWS Glue zero-ETL is supported.


To get started with configuring CDC refresh intervals and on-demand ingestion for your Amazon DynamoDB integrations, see the AWS Glue User Guide. To learn more about AWS Glue zero-ETL integrations, visit the AWS Glue documentation

Amazon Bedrock AgentCore Memory announces streaming notifications for long-term memory

Amazon Bedrock AgentCore Memory now supports streaming notifications for long-term memory, eliminating the need to poll for changes. Long-term memory extracts insights from agent interactions to deliver personalized experiences in future interactions. Developers now receive push notifications whenever memory records are created or modified.

Updates stream directly to Amazon Kinesis each time a memory record is created or modified. This enables developers to trigger downstream workflows, refresh application state, and audit memory updates automatically without writing polling logic or managing refresh intervals.

This feature is available in 15 AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), Canada (Central), and South America (São Paulo). 

To learn more about implementing streaming notifications in AgentCore Memory, visit the documentation.

Amazon S3 introduces account regional namespaces for general purpose buckets

You can now create Amazon S3 general purpose buckets in your own reserved namespace, eliminating the need to find globally unique bucket names and making it easier to build workloads that utilize a bucket per customer, team, or dataset. With account regional namespaces, you can create predictable bucket names across multiple AWS Regions with assurance that the names you want will always be available for you to use.

Account regional namespaces help simplify bucket creation and management as your data storage needs grow in size and scope. To get started, add the new bucket namespace request header when creating buckets through the CreateBucket API or by updating your AWS CloudFormation templates to include your unique account regional suffix in the requested name. Additionally, cloud security teams can use service control policies (SCP) and IAM policies to enforce that users only create buckets in their account regional namespace, helping teams enforce consistent bucket naming practices across their enterprise.

Account regional namespaces for S3 general purpose buckets are now available in 37 AWS Regions including the AWS China and AWS GovCloud (US) Regions at no additional cost through the AWS Management Console, S3 REST API, AWS CLI, AWS SDK, and AWS CloudFormation. To learn more, read the AWS News Blog or visit the S3 user guide

AWS CDK Mixins is now generally available

AWS announces the general availability of CDK Mixins, a new feature of the AWS Cloud Development Kit (CDK) that lets you add composable, reusable abstractions to any AWS construct, whether L1, L2, or custom, without rebuilding your existing infrastructure code. CDK Mixins are available through the aws-cdk-lib package and work across all construct types, giving you flexibility to apply the right abstractions where and when you need them.

Previously, teams had to choose between immediate access to new AWS features using L1 constructs or the convenience of higher-level abstractions with L2 constructs, often requiring significant rework to meet security, compliance, or operational requirements. CDK Mixins simplify the maintenance of custom construct libraries. CDK Mixins let you apply features like auto-delete, bucket encryption, versioning, and block public access directly to constructs using a simple .with() syntax, combine multiple Mixins into custom L2 constructs, and apply compliance policies across an entire scope. Developers can use Mixins.of() for advanced resource type or path-pattern filtering. Enterprise teams can now enforce reusable security and compliance policies across their infrastructure while maintaining day-one access to new AWS features.

CDK Mixins are available in all AWS regions where AWS CloudFormation is supported.

To get started with CDK Mixins, visit the AWS documentation.

OpenSearch UI supports Cross Account Data Access to OpenSearch domains

Amazon OpenSearch Service now supports cross-account data access, enabling users to access OpenSearch domains hosted in different AWS accounts from within a single OpenSearch UI application. With this feature, you can query or build dashboard with data from OpenSearch domains across different accounts in the same region - without switching to a new endpoint or replicating data. Cross-account data access is available for OpenSearch domains hosted in both public and Virtual Private Cloud (VPC) configurations.

With cross-account data access, teams no longer need to consolidate data into a single account or maintain costly data pipelines to enable unified analysis across organizational boundaries. This makes it easier to build centralized observability, search, and security analytics workflows that span multiple AWS accounts while keeping data in place and maintaining each account's access controls. Cross-account data access supports both IAM (including SAML via IAM federation) and IAM Identity Center (IdC) for end user authentication.

Cross-account data access to OpenSearch domains is available in all AWS Regions where OpenSearch UI is available. To learn more, see Cross-account data access to OpenSearch domains in the Amazon OpenSearch Service Developer Guide.

New LZA MCP Server for AI-assisted configuration management

The Landing Zone Accelerator on AWS (LZA) Model Context Protocol (MCP) Server is now open source, enabling organizations to manage LZA deployments through natural language conversations with AI assistants.

Using the new LZA MCP Server, you can streamline configuration tasks that previously required time-intenstive manual work. The LZA MCP Server provides 20 specialized tools that help you search documentation across multiple LZA versions, manage configurations, monitor pipelines, and surface actionable insights when deployment failures occur.

The server operates as a containerized MCP endpoint compatible with IDEs including Kiro, Amazon Q Developer, and Claude Code, using temporary credentials following AWS security best practices.

The LZA MCP Server is open source and available now. Visit the AWS Labs GitHub repository to view the source, download, and get started. The LZA MCP Server is available in all commercial AWS Regions and AWS GovCloud (US) Regions where Landing Zone Accelerator is supported.

 

AWS News Blog

Introducing account regional namespaces for Amazon S3 general purpose buckets

AWS launches a new feature of Amazon S3 that lets you create general purpose buckets in your own account regional namespace simplifying bucket creation and management as your data storage needs grow in size and scope.

AWS Security Blog

How to manage the lifecycle of Amazon Machine Images using AMI Lineage for AWS

As organizations scale their cloud infrastructure, maintaining proper lifecycle management of Amazon Machine Images (AMIs) is a critical component of their security and risk management goals. AMIs provide the essential information required to launch Amazon Elastic Compute Cloud (Amazon EC2) instances, however; they present security and compliance challenges if not tracked and managed throughout their […]