AWS Deadline Cloud now supports running custom scripts before and after job submission, giving studios the ability to integrate their pipeline directly into the submission workflow. AWS Deadline Cloud is a fully managed service that simplifies render management for teams creating computer-generated graphics and visual effects for films, television, web content, and design.
With the new submission scripting capability, you can configure scripts that run automatically as part of every job submission. Pre-submission scripts run before job attachments are uploaded, allowing you to validate job configurations, discover and add additional input files such as textures or caches, modify submission parameters, or enforce studio policies. Post-submission scripts run after the job is created, enabling you to send notifications, update tracking systems, or log submission details. Scripts are defined in a simple YAML or JSON configuration file placed in your job bundle directory or in a shared studio-wide directory using an environment variable, making it easy for pipeline teams to enforce standards across all artists. Each script receives job metadata automatically and supports configurable timeouts.
To get started, visit the Deadline Cloud Client documentation.
AWS Marketplace sellers can now delete bank accounts directly from the Payment Settings page in the AWS Marketplace Management Portal (AMMP). This new self-service capability addresses a long-standing gap in payment account management, allowing sellers to remove ACH-type and SWIFT-type bank accounts without contacting customer service. This enhancement is particularly valuable for global enterprises and ISVs managing multiple currencies and banking relationships.
With this update, sellers gain complete control over their payment account management. Key benefits include the ability to clean up unused accounts, remove failed or outdated banking relationships, and reduce payment routing risks. The feature also includes Last Updated timestamps to help differentiate between modified bank accounts.
To learn more, see the AWS Marketplace Seller Guide.
Amazon EC2 High Memory U7i-8TB instances (u7i-8tb.112xlarge) are now available in AWS Europe (Stockholm, Zurich) regions, U7in-16TB instances (u7in-16tb.224xlarge) are now available in the AWS US East (Ohio) region, and U7in-24TB instances (u7in-24tb.224xlarge) are now available in the AWS Europe (Stockholm) region. U7i instances are part of the AWS 7th generation and are powered by custom fourth-generation Intel Xeon Scalable processors (Sapphire Rapids). U7i-8TB instances offer 8 TiB of DDR5 memory, U7in-16TB instances offer 16 TiB of DDR5 memory, and U7in-24TB instances offer 24 TiB of DDR5 memory, enabling customers to scale transaction processing throughput in a fast-growing data environment.
U7i-8TB instances deliver 448 vCPUs and support up to 100 Gbps of Amazon EBS bandwidth, 100 Gbps of network bandwidth, and ENA Express. Both U7in-16TB and U7in-24TB instances deliver 896 vCPUs and support up to 100 Gbps of Amazon EBS bandwidth for faster data loading and backups, 200 Gbps of network bandwidth, and ENA Express. U7i instances are ideal for customers running mission-critical in-memory databases like SAP HANA, Oracle, and SQL Server.
To learn more about U7i instances, visit the High Memory instances page.
Amazon Connect now provides eight new metrics to measure and improve AI agent performance, including goal success rate, faithfulness score, and tool selection accuracy. These metrics offer visibility into the quality of AI-driven customer interactions, enabling measurement and continuous improvement of AI agent outcomes. With this launch, you can monitor whether AI agents successfully resolved customer requests, assess faithfulness and detect contextual hallucinations. You can also evaluate tool selection and utilization accuracy, and capture customer feedback through thumbs up/down ratings when enabled.
You can access these new metrics through Amazon Connect's AI Agent Performance dashboard, or through the GetMetricDataV2 API and zero-ETL data lake for custom reporting or integration with your existing analytics workflows.
This feature is available in all AWS Regions where Amazon Connect AI Agents is supported. For more information, see the Amazon Connect Administrator Guide. To learn more about Amazon Connect, an AI-native solution that turns every customer interaction into a moment worth remembering, visit the Amazon Connect website
Amazon Connect now provides audit logging for agent activity status changes made through analytics dashboards to AWS CloudTrail. This enhancement provides visibility into who changed agent activity status, and when changes occurred, helping contact centers maintain clear audit trails. For example, if an agent is scheduled to be on break, a supervisor can change an agent's status from "Available" to "Break", this action is now captured in CloudTrail with details including the supervisor's identity, timestamp, and the specific status change.
Logging agent activity status changes made from analytics dashboards to AWS CloudTrail is available in all AWS commercial and AWS GovCloud (US-West) regions where Amazon Connect is offered. To get started, ensure CloudTrail logging is enabled for your AWS account, and status changes made through Amazon Connect analytics dashboards will automatically appear in your CloudTrail logs. To learn more about dashboards, see the Amazon Connect Administrator Guide. To learn more about Amazon Connect, the AWS cloud-based contact center, please visit the Amazon Connect website.
Amazon Bedrock AgentCore Gateway and Identity now provide secure and controlled egress traffic management for your applications, enabling seamless communication with resources in your Virtual Private Cloud (VPC). VPC egress for AgentCore Gateway targets and Identity credential providers are offered in both managed and self-managed configurations.
With VPC egress support, customers can now invoke private resources (e.g., EKS-hosted MCP servers) directly from their AgentCore Gateway. Managed VPC egress covers most customer use cases. For more complex networking setups, customers can configure their own VPC Lattice resources. AgentCore Identity VPC egress supports connectivity to Identity Providers (IdPs) running inside a customer’s VPC. This enables two key capabilities: validating inbound access tokens issued by your private IdP and fetching tokens from your IdP for outbound request authentication. Finally, this launch supports private DNS resolution for managed VPC egress resources across Gateway and Identity.
AgentCore Gateway and Identity are available in fourteen AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), and Europe (Stockholm).
Learn more about VPC egress capabilities through AgentCore Gateway documentation, and AgentCore Identity documentation. Get started with the AgentCore CLI.
Amazon Quick now integrates with Vee, the AI assistant from Visier's people analytics platform, through the model context protocol (MCP). HR business partners, finance managers, and operations leaders can now get governed access to live workforce intelligence from Visier directly within their Amazon Quick workspace without switching tools.
After setting up the connection in Quick using Visier’s remote MCP server, you can ask questions in natural language about headcount, attrition, tenure, and open requisitions and receive answers grounded in Visier's governed workforce data model. Vee can also be invoked from automated Quick Flows to run recurring workforce reviews or draft documents. Quick intelligently routes relevant prompts to Vee and returns contextualized answers alongside enterprise knowledge – such as budgets, policies, and plans stored in Quick Spaces – so every answer reflects the full organizational picture.
The Visier integration with Amazon Quick is available in all AWS Regions where Amazon Quick is available.
To get started with Amazon Quick, visit the website. To learn more about the Visier integration, read the Visier integration guide, see the blog, and explore more integrations on the integrations page.
AWS Lambda now supports Provisioned Mode for event source mappings (ESMs) that subscribe to Apache Kafka event sources in the Asia Pacific (Taipei), AWS GovCloud (US-East), and AWS GovCloud (US-West) Regions. Provisioned Mode allows you to optimize the throughput of your Kafka ESM by provisioning event polling resources that remain ready to handle sudden spikes in traffic, helping you build highly responsive and scalable event-driven Kafka applications with stringent performance requirements.
Customers building streaming data applications often use Kafka as an event source for Lambda functions, relying on Lambda's fully managed ESM to automatically scale polling resources in response to events. However, for event-driven Kafka applications that need to handle unpredictable bursts of traffic, lack of control over the throughput of ESM can lead to delays in your users' experience. Provisioned Mode for Kafka ESM enables customers to fine-tune the throughput of their Amazon Managed Streaming for Apache Kafka (MSK) ESM or self-managed Kafka ESM by provisioning and auto-scaling between a minimum and maximum number of polling resources called event pollers. With this launch, this feature is now available in three additional regions.
You can activate Provisioned Mode for MSK ESM or self-managed Kafka ESM by configuring a minimum and maximum number of event pollers in the ESM API, AWS Console, AWS CLI, AWS SDK, and AWS CloudFormation. You pay for the usage of event pollers, along a billing unit called Event Poller Unit (EPU). To learn more, read the Lambda ESM documentation and AWS Lambda pricing.
AWS announces availability of new Linux bundles for Amazon WorkSpaces Personal, including Rocky Linux 9, Red Hat Enterprise Linux 9, and Ubuntu 24.04. With these bundles, customers can launch WorkSpaces powered by the latest enterprise-grade Linux operating systems and take advantage of modern versions of Linux packages only available in these updated releases.
While Rocky Linux 8, Red Hat Enterprise Linux 8, and Ubuntu 22.04 powered WorkSpaces bundles remain available, the new OS options bring access to the latest software ecosystems, improved security postures, and extended long-term support lifecycles offered by each respective distribution. These new bundles also provide a migration path for Amazon Linux 2 customers ahead of its end of life in June 2026.
You can get started using managed Rocky Linux 9, Red Hat Enterprise Linux 9, or Ubuntu 24.04 WorkSpaces bundles by selecting one when creating a new Linux WorkSpace. These new bundles are available in all AWS Regions where Amazon WorkSpaces is available. For pricing information, visit the Amazon WorkSpaces pricing page.
As outlined in the AWS post-quantum cryptography (PQC) migration plan, addressing the risk of harvest now, decrypt later (HNDL) attack is an important part of your post-quantum plan. Upgrading the client-side of your workloads to support quantum-resistant confidentiality is an important aspect of your side of the PQC shared responsibility model. Timelines to plan and […]
Bulletin ID: 2026-018-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2026/04/24 09:15 AM PDT
Description:
AWS Ops Wheel is an open-source tool that helps teams make random selections using a virtual spinning wheel, deployed into customer AWS accounts via CloudFormation.
CVE-2026-6911 relates to an issue where JWT token signature verification was not enforced in the v2 API.
CVE-2026-6912 relates to an issue in the v2 Cognito User Pool configuration where attribute write permissions were insufficiently restricted.
Impacted versions: AWS Ops Wheel v2 deployments PR-163 and earlier
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
Bulletin ID: 2026-019-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2026/04/24 13:30 AM PDT
Description:
Multiple security issues have been identified in the tough library and tuftool CLI utility. tough is a Rust library used for generating, signing, and managing TUF (The Update Framework) repositories, and tuftool is the command-line interface for repository management Operations.
The following issues have been identified:
- CVE-2026-6966
- CVE-2026-6967
- CVE-2026-6968
Impacted versions:
- tough: versions 0.1.0 through 0.21.x (inclusive)
- tuftool: versions 0.1.0 through 0.14.x (inclusive)
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
In this post, we show how connecting the Visier Workforce AI platform with Amazon Quick through Model Context Protocol (MCP) gives every knowledge worker a unified agentic workspace to ask questions in. Visier helps ground the workspace in live workforce data and the organizational context that surrounds it while letting your users act on the conversational results without switching tools.