Amazon SageMaker AI now features an agentic experience that transforms model customization from a months-long process into a workflow completed in days or hours. Customers building an AI solution need to carefully frame their use case goals and success criteria, prepare data, choose the right models, configure, run, and analyze multiple experiments with various models and fine tuning techniques. Once a suitable model candidate that meets the success criteria is identified, they need to figure out the most cost performant way to deploy the model. Throughout this workflow customers need to manage the undifferentiated heavy lifting of setting up the infrastructure to train and deploy the models. The new capability now enables developers to use natural language interactions with coding agents to streamline the entire journey from use case definition to production deployment of a high quality model.
The agentic experience, based on SageMaker AI model customization agent skills, delivers expertise on fine-tuning applied to a builder’s specific use case, transformation to the required data formats, comprehensive quality evaluation using LLM-as-a-judge metrics, and flexible deployment options to Amazon Bedrock or SageMaker AI endpoints. Customers can install these skills in any IDE of their choice, such as Visual Studio and Cursor. Developers can work with multiple coding agents including Kiro, Claude Code, and CoPilot, in order to optimize popular model families like Amazon Nova, Llama, Qwen, and GPT-OSS. The experience generates reusable, editable code artifacts for transparency, reproducibility, and automation through integration into AIOps pipelines
Install SageMaker AI skills in your favorite IDE using the sagemaker-ai agent plugin. SageMaker AI model customization skills are also available and pre-installed in SageMaker Studio Notebooks, along with the Kiro coding agent. All you need to do is just sign up for Kiro subscription, open the chat window in Studio Notebooks and start chatting with the agent to build the workflow. The experience supports advanced customization techniques including supervised fine-tuning for instruction tuning, direct Preference Optimization for adjusting tone and preference selections, and Reinforcement Learning for use cases with verifiable correctness.
To learn more about model customization with the AI agent experience in Amazon SageMaker AI, visit the SageMaker model customization documentation.
Today, AWS announces the preview of the Amazon Quick extension for Microsoft Outlook, which brings generative AI-powered productivity directly into your email and calendar workflows. With the extension, you can use natural language to summarize unread messages, organize your inbox, schedule meetings, and draft in-line responses all without leaving Outlook.
The Quick extension for Outlook helps you focus on what matters most by prioritizing emails, searching for specific discussions, and organizing messages into folders or flagging them for follow-up. Using conversational instructions, you can find optimal meeting times with coworkers and schedule meetings. For email threads, you can generate summaries, extract action items, and draft contextual replies that pull in relevant information from your Amazon Quick spaces and knowledge bases. You can also trigger actions in external applications using your configured integrations directly from Outlook.
The Amazon Quick extension for Microsoft Outlook is available in preview in US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), Europe (Ireland), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (London).
To get started with Amazon Quick, visit the Quick website, and sign up for an account in minutes. Read the documentation to learn more, and install the Quick extension for Outlook from the Quick download page.
Amazon Quick now supports Amazon S3 table buckets as a data source — enabling users to build dashboards, run conversational analytics, and explore Apache Iceberg tables stored in S3 table buckets. With no intermediate data warehouse or OLAP layers required, users can now interoperate with their lakehouse data in Amazon Quick for both agentic AI and BI workloads — all through a simplified data architecture.
Paired with Zero-ETL from sources like Salesforce, SAP, and Amazon Kinesis Data Firehose directly into S3 table buckets, users get near real-time insights with minimal pipeline dependencies. Getting started is straightforward: admins configure S3 table bucket permissions once, and authors can immediately create datasets and start building. S3 table bucket datasets are fully accessible through Amazon Quick's Dataset Q&A — ask a natural language question and get answers grounded in your data lake as the source of truth.
Amazon S3 table buckets as a data source in Amazon Quick is now available in all AWS Regions where Amazon Quick is available. To get started, see this blog post.
Today, Amazon EventBridge announces support for logging data plane APIs using AWS CloudTrail, enabling customers to have greater visibility into event bus activity in their AWS account for best practices in security and operational troubleshooting. Amazon EventBridge is a serverless event bus that enables customers to build event-driven applications at scale using events from AWS services, integrated SaaS applications, and custom sources.
CloudTrail captures API activities related to Amazon EventBridge as events, including calls from the Amazon EventBridge console and calls made programmatically using Amazon EventBridge APIs. Using the information that CloudTrail collects, you can identify a specific request to an Amazon EventBridge API, the IP address of the requester, the requester's identity, and the date and time of the request. Logging EventBridge APIs using CloudTrail helps you enable operational and risk auditing, governance, and compliance of your AWS account. With the introduction of data plane logging support, the EventBridge PutEvents API is now logged to CloudTrail.
To opt-in for CloudTrail logging of the above mentioned data plane APIs, you can simply configure logging on your event bus using the AWS CloudTrail Console or by using CloudTrail APIs.
Logging data plane EventBridge APIs using AWS CloudTrail is now available in all commercial AWS Regions, AWS GovCloud (US) Regions, the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD.
To learn more about logging data plane APIs using AWS CloudTrail, see AWS Documentation. For more information about CloudTrail, see the AWS CloudTrail User Guide.
Amazon Quick now supports Dataset Q&A — a conversational analytics capability that enables users to ask natural language questions directly against their enterprise data. Alongside Dashboard Q&A, Dataset Q&A provides a powerful new way to interact with data in Amazon Quick — letting anyone with dataset access explore their data and get meaningful, actionable insights using natural language, while respecting all governance rules including Row Level and Column Level Security policies set by data owners..
Dataset Q&A is powered by Amazon Quick's text-to-SQL agent, which interprets user questions, identifies the right data, and generates precise SQL — all in a single conversational step. The agent works across various data sources users bring into Amazon Quick — generating engine- and dialect-aware optimized SQL against SPICE or AWS data assets such as Amazon Redshift, Amazon Athena, Aurora PostgreSQL, and Apache Iceberg tables stored in Amazon S3 table buckets. Data owners can enrich their datasets with custom instructions, business definitions, and field descriptions directly in Amazon Quick or through simple file uploads. These curated semantics, together with dataset metadata, are ingested into a knowledge graph that captures the meaning and relationships across data assets, enabling Quick's orchestrator to accurately identify the most relevant datasets and generate the accurate SQL. The Dataset Q&A agent delivers accurate answers across a broad range of question types — from trend analysis and time-series comparisons to ranking, multi-condition analytical queries, and open-ended exploratory questions. Dataset Q&A also includes an Explain capability, allowing users to step through the reasoning behind each answer, inspect the underlying logic, and validate that the generated SQL correctly interprets their question before acting on the result.
Dataset Q&A is now generally available in all AWS Regions where Amazon Quick is available. To get started, see this blog post.
Amazon Quick now generates dashboards from natural language prompts with Generate Analysis. You describe the dashboard you want, select up to three datasets, and review an editable plan before generation. Amazon Quick then produces organized sheets with visuals selected for your data, filter controls for exploring by different dimensions, and calculated fields such as year-over-year growth and month-over-month comparisons.. Generate Analysis reduces dashboard creation from hours of manual configuration to minutes.
With Generate Analysis, you can describe goals such as "create a sales performance dashboard with revenue trends, regional comparisons, and month-over-month growth" and receive a dashboard ready for refinement. The output works with existing publishing workflows, embedding, CI/CD pipelines, and point-and-click editing.
At launch, Generate Analysis is available to Enterprise subscription/Author Pro users. Authors also have promotional access to this capability through December 2026 as part of Amazon Quick Enterprise, provided their organization has not restricted access. Generate Analysis is now generally available in all AWS Regions where Amazon Quick is available.
To learn more, see Generating an analysis with natural language prompts in the Amazon Quick User Guide. To get started, open any dataset in Amazon Quick and choose Generate analysis.
Amazon Aurora DSQL introduces support for the PostgreSQL JSON data type with optional compression. With JSON data type support, you can now use code and tools that depend on PostgreSQL's JSON type with Aurora DSQL without modification, making it easier to store semi-structured data alongside relational data.
You can use the JSON data type when creating or modifying tables to store semi-structured data such as API payloads, configuration objects, or event logs. With PostgreSQL compression enabled by default, larger JSON payloads are stored more efficiently, helping reduce storage costs.
For details on the supported data types, see the Aurora DSQL documentation. Get started with Aurora DSQL for free with the AWS Free Tier. For information about Regional availability, see the AWS Region table. To learn more about Aurora DSQL, visit the webpage.
Amazon Web Services (AWS) announces the availability of Amazon EC2 I8ge instances in Europe (Paris), Asia Pacific (Thailand), Asia Pacific (Hong Kong), Asia Pacific (Seoul), and Asia Pacific (Tokyo) AWS regions. I8ge instances are powered by AWS Graviton4 processors and deliver up to 60% better compute performance compared to previous generation Graviton2-based storage optimized Amazon EC2 instances. I8ge instances use the third generation AWS Nitro SSDs, local NVMe storage, and deliver up to 55% better real-time storage performance per TB compared to previous generation Amazon EC2 Im4gn instances . They offer up to 60% lower storage I/O latency and up to 75% lower storage I/O latency variability compared to Im4gn instances.
I8ge instances are storage-optimized instances, and offer up to 120TB of local NVMe storage. They are ideal for workloads that demand rapid local storage with high random read/write performance and consistently low latency for accessing large datasets. These versatile instances are offered in eleven different sizes including two metal sizes, providing flexibility to match customers’ computational needs. They deliver up to 180 Gbps of network performance bandwidth and 60 Gbps of dedicated bandwidth for Amazon Elastic Block Store (EBS), ensuring fast and efficient data transfer for the most demanding applications.
To begin your Graviton journey, visit the Level up your compute with AWS Graviton page. To get started, see AWS Management Console, AWS Command Line Interface (AWS CLI), and AWS SDKs. To learn more, visit the I8ge instances page.
VPC Lattice resource configurations now support domain-name targets that are private to your network. You can define a resource configuration for a private FQDN and share it with other accounts, enabling secure cross-account access to privately-hosted resources.
Previously, only publicly resolvable domain-name targets could be shared using resource configurations. Customers with private DNS servers could not share FQDNs with other accounts using this mechanism. To enable this feature, set the 'Resource Config DNS Resolution' property to 'IN_VPC' on your resource gateway. VPC Lattice uses your VPC's DNS configuration to resolve FQDNs, routing traffic to the correct backend without requiring public DNS entries.
You can enable this feature through the AWS Management Console, AWS CLI, AWS SDKs, and AWS APIs. The feature is available at no additional cost in all AWS Regions where VPC Lattice is available. For more information, see the VPC Lattice user guide.
Today, we are excited to announce the availability of four new Qwen models in Amazon SageMaker JumpStart: Qwen3.5-27B-FP8, Qwen3.6-35B-A3B, Qwen3.5-0.8B, and Qwen3.5-2B.
These models address different AI application needs with specialized capabilities:
All four models are available today through Amazon SageMaker JumpStart. You can deploy them with a few clicks in Amazon SageMaker Studio or programmatically using the SageMaker Python SDK.
Amazon FSx, a fully-managed service that makes it easy and cost effective to launch, run, and scale feature-rich, high-performance file systems in the cloud, is now available in the AWS Asia Pacific (New Zealand) Region.
Amazon FSx lets you choose between four widely-used file systems: NetApp ONTAP, Windows File Server, Lustre, and OpenZFS. It supports a wide range of workloads with its reliability, security, scalability, and broad set of capabilities. Amazon FSx is built on the latest AWS compute, networking, and disk technologies to provide high performance and lower TCO. And as a fully managed service, it handles hardware provisioning, patching, and backups — freeing you up to focus on your applications, your end users, and your business.
To learn more about Amazon FSx, visit our product page, and see the AWS Region Table for complete regional availability information.
AWS Entity Resolution launches support for Machine Learning (ML) based Incremental Matching workflows in General Availability, fundamentally transforming how enterprises process entity resolution at scale. Previously, adding even a single new record required customers to reprocess their entire dataset—a process that could take up to 2 days and cost thousands of dollars. This created a critical bottleneck that forced major businesses to seek costly workarounds or alternative solutions.
With this enhancement, AWS Entity Resolution enables businesses to process only the new records added since their last workflow run. This launch provides dramatic efficiency gains: processing 1M incremental records in less than 1 hour which is a 95% reduction in processing time compared to current workloads , while also significantly reducing infrastructure costs. The feature supports incremental workloads up to 50M incremental records over datasets containing up to 1 billion historical base records, making AWS Entity Resolution viable for continuous, large-scale enterprise workloads that were previously economically unfeasible.
You can start using incremental ML workflows in all AWS Regions where AWS Entity Resolution is available. For more information on starting an incremental ML workflow, see our user guide. For more information about AWS Entity Resolution, visit our product page.
Amazon Web Services (AWS) is announcing new CloudWatch Alarms capabilities in the AWS Console Mobile Application. You can now investigate alarms and move from notification to root cause faster with interactive graphs, AI-generated logs summaries, natural language logs search, and streamlined access to related metrics and resources.
When a CloudWatch Alarm triggers, engineers often need to quickly understand what went wrong. Previously, investigating an alarm on the mobile app required switching between multiple screens and services to view metrics, access logs, and identify the root cause. This update brings these capabilities together in a single view, reducing the time from notification to resolution.
CloudWatch Alarms now include interactive graphs that let you visualize the metric that triggered the alarm, zoom in on specific time windows, and explore the data to quickly identify anomalies. You can access related logs and review an AI-generated summary that highlights key contributing factors. To refine log search results, you can type queries, use voice input, or select pre-saved Logs Insights queries using natural language. A time selector lets you view custom time ranges and adjust time zones to match your operational needs. Related metrics and resources are conveniently displayed alongside the alarm, facilitating a more thorough investigation.
To get started, download the AWS Console Mobile App from the Apple App Store or Google Play Store, then navigate to CloudWatch in the app to investigate Alarms. The AWS Console Mobile App is available in all AWS Commercial Regions at no additional cost. For more information, visit the AWS Console Mobile Application product page.
Amazon Web Services (AWS) is announcing new CloudWatch Alarms capabilities in the AWS Console Mobile Application. You can now investigate alarms and move from notification to root cause faster with interactive graphs, AI-generated logs summaries, natural language logs search, and streamlined access to related metrics and resources.
When a CloudWatch Alarm triggers, engineers often need to quickly understand what went wrong. Previously, investigating an alarm on the mobile app required switching between multiple screens and services to view metrics, access logs, and identify the root cause. This update brings these capabilities together in a single view, reducing the time from notification to resolution.
CloudWatch Alarms now include interactive graphs that let you visualize the metric that triggered the alarm, zoom in on specific time windows, and explore the data to quickly identify anomalies. You can access related logs and review an AI-generated summary that highlights key contributing factors. To refine log search results, you can type queries, use voice input, or select pre-saved Logs Insights queries using natural language. A time selector lets you view custom time ranges and adjust time zones to match your operational needs. Related metrics and resources are conveniently displayed alongside the alarm, facilitating a more thorough investigation.
To get started, download the AWS Console Mobile App from the Apple App Store or Google Play Store, then navigate to CloudWatch in the app to investigate Alarms. The AWS Console Mobile App is available in all AWS Commercial Regions at no additional cost. For more information, visit the AWS Console Mobile Application product page.
Amazon WorkSpaces Applications now supports host-to-client URL redirection, which automatically launches URLs from streaming sessions in the user's local browser. Administrators can configure allow and deny URL patterns through the AWS Management Console to control which web content is redirected, enabling organizations to keep sensitive applications securely within the streaming environment while offloading resource-intensive content such as video streaming to local devices.
With host-to-client URL redirection, organizations reduce the load on streaming infrastructure by shifting bandwidth-heavy web workloads to local devices, lowering infrastructure costs without impacting the end-user experience. The feature works for browser navigation and embedded links in applications such as Microsoft Word, with support for Chrome and Edge web browsers on the streaming host. URLs in the configured allow list open in the user's local default browser automatically.
Host-to-client URL redirection for Amazon WorkSpaces Applications is available in multiple AWS Regions including US East (N. Virginia and Ohio), US West (Oregon), Asia Pacific (Malaysia, Mumbai, Seoul, Singapore, Sydney, and Tokyo), Canada (Central), Europe (Frankfurt, Ireland, London, Milan, and Paris), South America (São Paulo), Israel (Tel Aviv), AWS GovCloud (US-West and US-East).
To learn more about host-to-client URL redirection for Amazon WorkSpaces Applications, see host to client URL redirection. For more information about Amazon WorkSpaces Applications, visit the Amazon WorkSpaces Applications page.
Amazon CloudWatch Logs Insights query language now supports querying log groups using tags, making it easier to analyze logs without listing the log groups explicitly. In addition to querying logs by log group names, data sources, and facets, customers can now query using log group tags.
Tags are key-value pairs that customers can assign to log groups to categorize them — for example, Environment: Production, Application: PaymentService, or Owner: TeamName. With this launch, customers can run a query across all log groups that share common tags. As log group tags are added or removed, queries automatically reflect the matching log groups, reducing operational overhead as environments grow.
Querying by log group tags is available today in all commercial AWS Regions. To learn more, see the Amazon CloudWatch Logs documentation.
AWS Identity and Access Management (IAM) has increased maximum quotas for six resources:
These updates address common scaling constraints customers encounter as their AWS environments grow. With these higher maximum quotas, you have more flexibility to customize your IAM controls and support additional workloads that require creation of IAM resources.
Customers can view current IAM quotas in the IAM and AWS STS quotas. To request quota increases for accounts in AWS commercial regions, use the Service Quotas console in US East (N. Virginia). In AWS GovCloud (US) and China Regions, customers can request increases through AWS Support. For more information, see Requesting a Quota Increase in the Service Quotas User Guide.
Amazon OpenSearch Service expands Cluster Insights availability to all OpenSearch versions and Elasticsearch version 6.8 and above, bringing proactive cluster health and performance visibility through the Console. In addition, a new Unused Index insight helps customers identify indices in an OpenSearch cluster that have had zero search and indexing activity over the past 30 days, and provides actionable recommendation to optimize costs.
Cluster Insights now supports expanded version coverage — customers running OpenSearch 1.0 and later, and Elasticsearch 6.8 and later, can easily identify and resolve performance and stability risks before they impact workloads. Additionally, the new Unused Index insight detects indices with no search or indexing activity and recommends migration to warm or cold storage tiers for cost optimization. These insights are available through the Console, OpenSearch Service Notifications, OpenSearch UI, and Amazon EventBridge, giving users instant visibility into cluster health along with actionable recommendations to prevent issues before they affect stability or performance.
Cluster Insights is available at no additional cost in all Regions where Amazon OpenSearch Service is available. View the complete list of supported Regions here. To learn more about Cluster Insights, refer to our technical documentation.
AWS Backup for Amazon EKS now completes cluster state backups up to 10x faster. This performance improvement enables you to back up Amazon EKS clusters with a large numbers of namespaces and Kubernetes resources significantly faster, reducing backup windows from days to hours for the largest clusters. AWS Backup is a policy-based, fully managed, and cost-effective solution that enables you to centralize and automate data protection of Amazon EKS along with other AWS services that span compute, storage, and databases. The performance improvement is automatically enabled at no additional cost in all AWS Regions where AWS Backup support for Amazon EKS is available.
AWS Backup support for Amazon EKS is available in all AWS commercial Regions and AWS GovCloud (US) Regions. For more information on regional availability and pricing, see the AWS Backup pricing page.
To learn more about AWS Backup for Amazon EKS, visit the product page and technical documentation. To get started, visit the AWS Backup console.
Amazon Bedrock AgentCore brings enterprise-grade agentic AI capabilities to workloads with elevated compliance needs in the AWS GovCloud (US-West) Region. AgentCore is a platform for building, deploying, and operating AI agents securely at scale—without managing infrastructure. With AgentCore, organizations can accelerate agents from prototype to production using any framework and any model, while maintaining the security and compliance controls required for government and regulated workloads.
AgentCore provides composable services that work together or independently. AgentCore Runtime deploys agents with complete session isolation and support for long-running workloads. AgentCore Gateway converts existing Application Programming Interfaces (APIs) and Lambda functions into agent-ready tools through the Model Context Protocol (MCP), giving agents secure access to enterprise data and services. AgentCore Identity integrates with existing identity providers for automated authentication and permission delegation, while AgentCore Observability and Evaluations provide real-time monitoring and continuous quality assessment of agent performance in production.
To learn more about Amazon Bedrock AgentCore, visit the AgentCore product page. For details about AgentCore in AWS GovCloud (US), visit the GovCloud documentation.
Last week, I took some time off in York, England, often described as the most haunted city in the country. I wandered through the ruins of abbeys that have stood for nearly a thousand years, walked along medieval walls, and spent an evening on a ghost tour hearing stories passed down through centuries. There’s something […]
This article shows you how to identify and secure open proxies in your AWS environment to prevent abuse, protect your IP address reputation, and control costs. An open proxy is a server that forwards traffic on behalf of internet users without requiring authentication. While proxies can support legitimate use cases such as load balancing or […]
Bulletin ID: 2026-025-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2026/05/04 15:30 PM PDT
Description:
Amazon Skylight Workspace Config Service ( slwsconfigservice) is a critical background service within Amazon WorkSpaces that manages system configuration, monitors health, and updates components. We identified CVE-2026-7791 which allows a local non-admin authenticated user to escalate privileges to SYSTEM by exploiting a race condition in the Skylight Workspace Config Service's log file archival process.
Impacted versions: < 2.6.2034.0 of the Windows Amazon Skylight Workspace Config Service (slwsconfigservice)
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
Today, Amazon SageMaker AI introduces capacity aware instance pool for new and existing inference endpoints. You define a prioritized list of instance types, and SageMaker AI automatically works through your list whenever capacity is constrained at creation, during scale-out, and during scale-in. Your endpoint provisions on available AI Infrastructure without manual intervention. This capability is available for Single Model Endpoints, Inference Component-based endpoints, and Asynchronous Inference endpoints.
In this post, you learn how to get started with Dataset Q&A, explore real-world use cases with hands-on examples, and discover advanced capabilities like auto-discovery across all your data assets and multi-dataset querying in a single conversation.
Amazon Quick introduces Amazon S3 Tables (Apache Iceberg tables) as a new data source. With this feature, customers can directly query and visualize Apache Iceberg tables stored in an Amazon S3 table bucket without the need for intermediate data layers. In this post, we explored how Amazon Quick’s new Amazon S3 Tables data source enables near real-time analytics while streamlining modern data architectures.
Building meaningful dashboards demands hours of manual setup, even for experienced BI professionals. Amazon Quick now generates complete multi-sheet dashboards from natural language prompts, taking you from one or more datasets to a production-ready analysis in minutes. Data analysts building recurring operations reports, program managers preparing a leadership review, or engineers exploring a new dataset can […]
Amazon SageMaker AI now offers an agentic experience that changes this. Developers describe their use case using natural language, and the AI coding agent streamlines the entire journey, from use case definition and data preparation through technique selection, evaluation, and deployment. In this post, we walk you through the model customization lifecycle using SageMaker AI agent skills.
Generate recommendations from production traces, validate them with batch evaluation and A/B testing, and ship with confidence. AI agents that perform well at launch don’t stay that way. As models evolve, user behavior shifts, and prompts get reused in new contexts they were never designed for. Agent quality quietly degrades. In most teams, the improvement […]
Generate recommendations from production traces, validate them with batch evaluation and A/B testing, and ship with confidence. AI agents that perform well at launch don’t stay that way. As models evolve, user behavior shifts, and prompts get reused in new contexts they were never designed for. Agent quality quietly degrades. In most teams, the improvement […]
Generate recommendations from production traces, validate them with batch evaluation and A/B testing, and ship with confidence. AI agents that perform well at launch don’t stay that way. As models evolve, user behavior shifts, and prompts get reused in new contexts they were never designed for. Agent quality quietly degrades. In most teams, the improvement […]
Business leaders across industries rely on operational dashboards as the shared source of truth that their teams execute against daily. But dashboards are built to answer known questions. When teams need to explore further, ad-hoc, multi-dimensional, or unforeseen questions, they hit a bottleneck. They wait hours or days for BI teams to build new views […]