この日は少数の発表にとどまり、いずれも Amazon RDS と AWS Payment Cryptography に関するものでした。AWS Payment Cryptography はリソースベースポリシー (RBP) を用いた鍵のクロスアカウント共有をサポートし、社内外の複数アカウントにまたがる暗号鍵の管理をより柔軟にしました。単一の鍵素材を保持したまま、インポート/エクスポートに頼らずにリソース単位のアクセス制御でクロスアカウントアクセスを実現できます。また Amazon RDS for SQL Server が、AWS 専用のカスタム Intel Xeon 6 プロセッサを搭載した M8i および R8i インスタンスに対応し、同等の第 7 世代 Intel ベースインスタンスと比べて最大 15% の価格性能向上と 2.5 倍のメモリ帯域幅を提供します。
Payment Cryptography: リソースベースポリシーによる鍵のクロスアカウント共有
データベース: RDS for SQL Server が Intel Xeon 6 搭載 M8i / R8i インスタンスに対応
Amazon Relational Database Service (Amazon RDS) for SQL Server now supports M8i and R8i instances. These instances are powered by custom Intel Xeon 6 processors, available only on AWS, delivering the highest performance and fastest memory bandwidth among comparable Intel processors in the cloud. The M8i and R8i instances offer up to 15% better price-performance and 2.5x more memory bandwidth compared to equivalent 7th generation Intel-based instances.
To use the new M8i and R8i instances, you can modify your existing RDS database instance or create a new RDS database instance from the RDS Management Console, or using the AWS SDK or CLI.
See Amazon RDS for SQL Server Pricing for up-to-date pricing and regional availability.
AWS Payment Cryptography now supports cross account sharing of keys using resource-based policies (RBP). With this new feature, customers can more easily manage cryptographic keys across multiple accounts both internal and external to their company, providing more flexibility to manage keys at scale. With AWS Payment Cryptography, you can simplify cryptography operations in your cloud-hosted payment applications with a service that grows elastically with your business and has been assessed as compliant with PCI PIN Security and Point-to-Point Encryption (P2PE) requirements.
Many customers utilize multiple AWS accounts to delineate different workloads, applications or use cases for payment processing following AWS PCI DSS Guidance. While this pattern is also common with traditional infrastructure, this often leads to duplicating cryptographic material, making lineage and access controls more difficult overall. With the launch of Payment Cryptography integration with RBP, customers can keep a single copy of key material and leverage concise, per-resource access control to enable cross account access without relying on import/export flows.
This feature is available across all AWS Regions where AWS Payment Cryptography is available. To learn more about this feature or to get started with the service, consult the AWS Payment Cryptography user guide.