Quick Sight in Amazon Quick now supports custom sort for filter controls, giving authors control over how values appear in dropdown and list controls. Previously, filter control values were always sorted alphabetically. With custom sort, authors can arrange values to match business logic or rank them by a related metric, so the most relevant options appear first.
Custom sort applies to dropdown and list controls, both single-select and multi-select. Authors can choose ascending, descending, or a fully user-defined order for controls with manually entered values. For controls tied to a dataset column, authors can sort by that column or by a different field using aggregation functions like Sum, Average, Count, Min, and Max. For example, a priority field can be ordered as Critical, High, Medium, Low instead of alphabetically, or a list of product categories can be ranked by total revenue so top sellers surface first.
This feature is now available in all Amazon Quick regions where Quick Sight is supported. Learn more about sorting filter control values in the Amazon Quick User Guide.
Amazon Bedrock now supports OpenAI's open-weight GPT OSS models (120B and 20B) and NVIDIA Nemotron (Nano 9B v2, Nano 12B v2, Nano 30B, Super 120B) models expanding your ability to build and scale generative AI applications with diverse, high-performance foundation models. This offers the flexibility to leverage OpenAI's and NVIDIA's latest models alongside other leading AI models through a single, unified API—allowing you to select the best model for each specific use case without changing your application code.
OpenAI GPT OSS models deliver powerful language understanding and generation capabilities with open-weight architectures, enabling enterprises to build sophisticated AI applications with transparency and flexibility. NVIDIA Nemotron models offer both small language model (SLM) and large language model (LLM) capabilities delivering high compute efficiency and accuracy that developers can use to build specialized agentic AI systems. The models are fully open with open weights, datasets, and recipes facilitating transparency and confidence for developers and enterprises.
These models are powered by Mantle, a new distributed inference engine for large-scale machine learning model serving on Amazon Bedrock. Mantle simplifies and expedites onboarding of new models onto Amazon Bedrock, provides highly performant and reliable serverless inference with sophisticated quality of service controls, unlocks higher default customer quotas with automated capacity management and unified pools, and provides out-of-the-box compatibility with OpenAI API specifications. With OpenAI GPT OSS and NVIDIA Nemotron models available in Amazon Bedrock on AWS GovCloud (US), you can accelerate innovation while benefiting from AWS's enterprise-grade security, seamless scaling, and cost-optimization features compliantly.
Amazon CloudWatch now provides a visual configuration editor for the CloudWatch agent directly in the Amazon EC2 console, enabling you to set up and manage observability for your EC2 instances without hand-editing JSON. The CloudWatch agent collects infrastructure and application metrics, logs, and traces from EC2 instances and sends them to CloudWatch and AWS X-Ray. With the new visual editor, you can build agent configurations graphically, selecting metrics, log sources, and deployment targets, and deploy with a single click.
From the EC2 console, you can select one or more instances, install the CloudWatch agent, or create tag-based policies for automated fleet-wide management. From the instance detail page, you can view agent status, update configurations, and troubleshoot agent health. Automated policies automatically apply the correct monitoring settings to every new instance, including those launched by auto-scaling.
To get started, navigate to the Amazon EC2 console, select an instance, and choose the EC2 monitoring tab to access the CloudWatch agent management experience. CloudWatch in-console agent management is available in all AWS Commercial Regions at no additional cost. Standard CloudWatch pricing applies for metrics, logs, and other telemetry collected by the agent.
Today, AWS announced the availability of paraphrase-multilingual-MiniLM-L12-v2, Microsoft Table Transformer Detection, and Bielik-11B-v3.0-Instruct in Amazon SageMaker JumpStart.
Paraphrase-multilingual-MiniLM-L12-v2 from Sentence Transformers is a lightweight semantic similarity model that maps sentences and paragraphs to a 384-dimensional dense vector space across 50+ languages. It is well suited for finding semantically similar content within and across languages, making it ideal for cross-lingual semantic search, multilingual document clustering, and sentence similarity scoring without requiring language-specific configuration.
Microsoft Table Transformer Detection is a DETR-based object detection model trained on the PubTables-1M dataset, purpose-built for detecting tables in unstructured documents such as PDFs and scanned images. It is well suited for document digitization pipelines and automated data extraction workflows that require reliably locating tabular content at scale across research papers, financial reports, and other document types.
Bielik-11B-v3.0-Instruct is an 11-billion-parameter generative language model developed by SpeakLeash and ACK Cyfronet AGH, trained on multilingual corpora spanning 32 European languages with a strong emphasis on Polish. It excels at Polish and European language dialogue, STEM and mathematical reasoning, logic and tool-use tasks, and enterprise applications requiring deep linguistic understanding across European languages.
With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases. To get started with these models, navigate to the Models section of SageMaker Studio or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.
Today, AWS announced the availability of Gemma 4 E4B, Gemma 4 26B-A4B, and Gemma 4 31B in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These three instruction-tuned models from Google DeepMind bring multimodal capabilities with configurable reasoning, native function calling, and multilingual support across 140+ languages, enabling customers to build sophisticated AI applications across diverse use cases on AWS infrastructure.
All three models share a common set of capabilities that address a broad range of enterprise AI use cases:
Thinking - Built-in reasoning mode that lets the model think step-by-step before answering
Image Understanding - Object detection, document and PDF parsing, screen and UI understanding, chart comprehension, OCR including multilingual, and handwriting recognition
Video Understanding - Analyze video content by processing sequences of frames
Interleaved Multimodal Input - Freely mix text and images in any order within a single prompt
Function Calling - Native support for structured tool use, enabling agentic workflows
Coding - Code generation, completion, and correction
Multilingual - Out-of-the-box support for 35+ languages, pre-trained on 140+ languages
Customers can choose the model that best fits their workload: Gemma 4 E4B additionally supports audio input for automatic speech recognition (ASR) and speech-to-translated-text translation across multiple languages.
With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases. To get started with these models, navigate to the Models section of SageMaker Studio or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.
Amazon CloudFront now allows you to invalidate cached objects by cache tag, enabling you to remove groups of related content from CloudFront edge locations with a single invalidation request. Cache tag invalidation simplifies common operational workflows such as updating product information across multiple pages, managing legal takedown requests, handling regulatory compliance requests, and refreshing content across multi-tenant platforms.
Previously, invalidating related objects that didn't share a common URL path required tracking individual URLs or using broad wildcard patterns that could unnecessarily clear unrelated content. With invalidation by cache tag, developers and site reliability engineers can tag cached objects when returning an object by including a specified header in HTTP responses with comma-separated tag values. When needed, they can invalidate all objects sharing a tag in one request, maintaining high cache hit ratios while ensuring end users see fresh content within seconds. You can configure the header name through the Amazon CloudFront console, AWS CLI, or API, and assign multiple tags per object for flexible, precise cache management. Over the years, CloudFront has made improvements to propagation times. Currently, invalidations take effect in under 5 seconds at P95. The end-to-end completion time, which includes reporting the invalidation status back, is under 25 seconds at P95.
Amazon CloudFront invalidation by cache tag is available in all AWS Regions where CloudFront is offered except China (Beijing, operated by Sinnet) and China (Ningxia, operated by NWCD). To learn more, view the Invalidations By Cache Tag documentation. Each cache tag is priced as one path. For details on pricing, refer to the CloudFront pricing page.
Amazon DocumentDB (with MongoDB compatibility) is now available in the Canada West (Calgary) region adding to the list of available regions where you can use Amazon DocumentDB.
Amazon DocumentDB is a fully managed, native JSON database that makes it simple and cost-effective to operate critical document workloads at virtually any scale without managing infrastructure. Amazon DocumentDB is designed to give you the scalability and durability you need when operating mission-critical MongoDB workloads. Storage scales automatically up to 128TiB without any impact to your application. In addition, Amazon DocumentDB natively integrates with AWS Database Migration Service (DMS), Amazon CloudWatch, AWS CloudTrail, AWS Lambda, AWS Backup and more. Amazon DocumentDB supports millions of requests per second and can be scaled out to 15 low latency read replicas in minutes with no application downtime.
To learn more about Amazon DocumentDB, please visit the Amazon DocumentDB product page and pricing page. You can create a Amazon DocumentDB cluster from the AWS Management console, AWS Command Line Interface (CLI), or SDK.
Amazon RDS for MySQL now supports community MySQL Innovation Release 9.6 in the Amazon RDS Database Preview Environment, allowing you to evaluate the latest Innovation Release on Amazon RDS for MySQL. You can deploy MySQL 9.6 in the Amazon RDS Database Preview Environment which provides the benefits of a fully managed database, making it simpler to set up, operate, and monitor databases.
MySQL 9.6 is the latest Innovation Release from the MySQL community. MySQL Innovation releases include bug fixes, security patches, as well as new features. MySQL Innovation releases are supported by the community until the next innovation minor, whereas MySQL Long Term Support (LTS) Releases, such as MySQL 8.0 and MySQL 8.4, are supported by the community for up to eight years. Please refer to the MySQL 9.6 release notes and Amazon RDS MySQL release notes for more details.
Amazon RDS Database Preview Environment supports both Single-AZ and Multi-AZ deployments on the latest generation of instance classes. Amazon RDS Database Preview Environment database instances are retained for a maximum of 60 days and are automatically deleted after the retention period. Amazon RDS database snapshots created in the Preview Environment can only be used to create or restore database instances within the Preview Environment.
Amazon RDS Database Preview Environment database instances are priced the same as production RDS instances created in the US East (Ohio) Region. For further information, see Working with the Database Preview Environment. To get started with the Preview Environment from the RDS console, navigate here.
Amazon OpenSearch Service now supports index-level encryption, enabling you to encrypt data at rest on a per-index basis using AWS Key Management Service (KMS) customer managed keys. You can use different customer managed keys for different indexes on the same domain, enabling more granular, tenant-specific encryption policies.
Index-level encryption builds on the existing encryption at rest capability in Amazon OpenSearch Service. While domain-level encryption uses a single AWS KMS key to encrypt all data on a domain, index-level encryption lets you specify a customer managed key for each index, isolating encrypted data across indexes. To get started, register your KMS key using the Amazon OpenSearch Service API, then specify the key ARN in the index settings when creating an encrypted index.
Index-level encryption is available at no additional cost for Amazon OpenSearch Service domains running OpenSearch version 3.3 or later. This feature is available in 14 AWS Regions: US West (Oregon), US East (Ohio), US East (N. Virginia), South America (São Paulo), Europe (Paris), Europe (London), Europe (Ireland), Europe (Frankfurt), Canada (Central), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Singapore), Asia Pacific (Seoul), and Asia Pacific (Mumbai).
To learn more, see Index-level encryption in the Amazon OpenSearch Service Developer Guide.
Today, Amazon Quick introduces new and upgraded Microsoft 365 extensions in preview for Excel, PowerPoint, and Word, enabling Quick to perform tasks directly within users’ Microsoft 365 environments. These extensions allow you to use AI to perform complex local tasks such as redlining documents, building financial models, and creating presentation-ready decks.
The Microsoft Excel extension helps with complex spreadsheet analysis, creating pivot tables and charts, and importing and cleaning data. The Microsoft PowerPoint extension helps you create and refine presentations from Quick data using organization-defined templates. Updates to the Microsoft Word extension include the ability to generate formatted documents with Word primitives, make sweeping edits with track changes enabled, and participate as a reviewer in comments.
These extensions transform daily work across teams. Finance teams can build complex models by describing what they need, and sales teams can draft proposals that automatically pull from CRM data. Marketing teams can create branded presentations without manual formatting, legal teams can streamline contract reviews, and IT teams can automate routine data analysis that previously required manual effort.
Amazon Quick extensions are available in US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), Europe (Ireland), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (London).
Start working with Amazon Quick by signing up for an account. To learn more about Amazon Quick, visit the Quick website, and install extensions on the Quick download page.
AWS Lambda now supports creating serverless applications using Ruby 4.0. Developers can use Ruby 4.0 as both a managed runtime and a container base image, and AWS will automatically apply updates to the managed runtime and base image as they become available.
Ruby 4.0 is the latest long-term support (LTS) release of Ruby and is expected to be supported for security and bug fixes until March 2029. In addition to providing access to the latest Ruby language features, the Lambda Runtime for Ruby 4.0 also adds support for Lambda advanced logging controls, providing customers with JSON structured logs, configurable logging levels, and the ability to configure the target Amazon CloudWatch log group.
The Ruby 4.0 runtime is available in all AWS Regions, including China Regions and the AWS GovCloud (US) Regions.
You can use the full range of AWS deployment tools, including the Lambda console, AWS CLI, AWS Serverless Application Model (AWS SAM), CDK, and AWS CloudFormation to deploy and manage serverless applications written in Ruby 4.0. For more information on using Ruby 4.0 in Lambda, see our documentation. For more information about AWS Lambda, visit our product page.
このブログは AWS のスペシャリストソリューションアーキテクト Suhail Fouzan、ソリューションア […]
本ブログは、奈良市 AI・行革推進課 染川 実希 様、株式会社日立システムズ 山田 健太郎 様、アマゾン ウェブ サービス ジャパン合同会社 ソリューションアーキテクト 松本 侑也 の共著です。奈良市における個人番号利用事務系ネットワーク上での生成AI活用の取り組みについてご紹介します。自治体の個人番号利用事務系 (マイナンバー系ネットワーク) は、機微情報を扱うためネットワークが厳格に分離されており、生成AIの活用は困難とされてきました。本ブログでは、ガバメントクラウド上の個人番号利用事務系ネットワークにおいても、生成AIを活用することで業務効率化への将来的な期待と、実務における有用性を確認した、奈良市と日立システムズの取り組みをご紹介します。
3 月下旬、世界中の AWS スペシャリストが集まる最も活気あふれるイベントの 1 つである Speciali […]
2026 年 4 月 14 日、アマゾン ウェブ サービス ジャパン合同会社(以下、AWS ジャパン)は、「フ […]
Generative AI brings promising innovation, transforming how individuals and organizations approach everything from customer service to content creation and more. As AI continues to expand its capabilities, organizations are increasingly focused on how they can integrate the responsible AI concepts into the development lifecycle of their AI applications. Research from Accenture and Amazon Web Services […]
Bulletin ID: 2026-021-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2026/04/29 12:00 PM PDT
Description:
FreeRTOS-Plus-TCP is a scalable, open source, and thread-safe TCP/IP stack for FreeRTOS.
- CVE-2026-7422: Insufficient packet validation in the IPv4 and IPv6 receive paths allows an adjacent network device to send a packet that bypasses checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the target device's own registered endpoints.
- CVE-2026-7423: Integer underflow in the ICMP and ICMPv6 echo reply handlers allows an adjacent network device to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the field is large enough, resulting in a heap out-of-bounds read.
Impacted versions: >=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <=V4.4.0
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
Bulletin ID: 2026-022-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2026/04/29 12:20 PM PDT
Description:
FreeRTOS-Plus-TCP is an open-source, scalable TCP/IP stack for FreeRTOS. We identified CVE-2026-7424, where an integer underflow issue in the DHCPv6 sub-option parser could allow an adjacent network user to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (IP task freeze requiring hardware reset).
Impacted versions: FreeRTOS-Plus-TCP >=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <= V4.4.0
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
Bulletin ID: 2026-023-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2026/04/29 12:30 PM PDT
Description:
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation designed for FreeRTOS, providing a standard Berkeley sockets interface and support for essential networking protocols including IPv6, ARP, DHCP, DNS, and Router Advertisement (RA). We identified CVE-2026-7425 and CVE-2026-7426, one of them being out-of-bounds read and another one being out-of-bounds write issues respectively in the IPv6 Router Advertisement option parser where insufficient validation of length fields allows memory operations without proper bounds checking.
Either issue can be exploited by any device on the local network that can send crafted Router Advertisement packets. No authentication or user interaction is required.
Impacted versions: >=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <=V4.4.0
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
In this post, you will learn how to design namespace hierarchies, choose the right retrieval patterns, and implement AWS Identity and Access Management (IAM)-based access control for AgentCore Memory.
This post was co-written with Yash Munsadwala, Adam Hood, Justin Guse, and Hector Hernandez from PwC. Contract analysis often consumes significant time for legal, compliance, and procurement teams, especially when important insights are buried in lengthy, unstructured agreements. As contract volumes grow, finding specific clauses and assessing extracted terms can become increasingly difficult to scale. […]