AWS Elastic Beanstalk now supports TLS listeners for environments configured with a Network Load Balancer. You can configure a TLS listener with an SSL certificate and security policy, allowing the load balancer to handle secure connections and forward decrypted traffic to your instances. You can configure TLS listeners through the Elastic Beanstalk console or CLI.
Previously, Elastic Beanstalk did not support TLS listeners for NLB environments as a managed configuration option. With this launch, you can configure TLS listener settings directly through Elastic Beanstalk.
This feature is available in all AWS regions that support Elastic Beanstalk and Network Load Balancers.
To get started, see Configuring a Network Load Balancer in the AWS Elastic Beanstalk Developer Guide. For more information about SSL certificates and security policies, see the Elastic Load Balancing documentation.
Amazon Neptune now offers 1-click connect capability, enabling you to quickly connect to Neptune Database and Neptune Analytics using CloudShell.
Previously, connecting to Neptune resources required manual configuration network settings and access permissions, taking time from database administrators, developers, and data analysts who needed to query their graph databases. With 1-click connect, you can immediately start querying your Neptune resources without manual network configuration, significantly reducing setup time and technical complexity. This streamlined approach works across different network configurations, including VPC only resources. 1-click connect is particularly valuable for testing and development workflows, troubleshooting, and for customers new to Neptune who want to quickly explore and experiment with their graph data.
1-click connect is available at no additional charge in all regions where Amazon Neptune is currently offered. To learn more and how to get started, visit https://aws.amazon.com/neptune/.
Amazon Bedrock AgentCore Memory now supports metadata on long-term memory (LTM) records, enabling agents to tag, filter, and retrieve memories using structured attributes alongside semantic search. You can define up to ten indexed keys per memory resource - with support for STRING, NUMBER, and STRING_LIST types - and use different operator types to filter retrieval results.
Metadata can be attached to events at ingestion time or inferred automatically by the LLM based on extraction instructions you define on the memory resource. During ingestion, the LLM processes all events and determines how metadata is applied to the resulting memory records.
You define a metadata schema on the memory resource that includes indexed key definitions (key name, type, and optional allowed values) along with extraction instructions that guide the LLM on how to generate metadata from conversation content. With metadata filters on retrieval - agents can retrieve records by structured attributes like ticket number, priority, or date - eliminating irrelevant context and improving response accuracy.
To get started, see the Amazon Bedrock AgentCore Memory documentation. This feature is available today in all AWS Regions where Amazon Bedrock AgentCore Memory is supported.
Today, AWS Marketplace announces the Agreements API, enabling you to procure AWS Marketplace products and manage agreements programmatically. With this launch, you can generate estimates, accept offers, track charges and entitlements, update purchase orders and manage agreements all within your existing tools and workflows.
Combined with the Discovery API, the Agreements API provides an end-to-end procurement journey from product discovery to purchase. You can integrate these APIs into your procurement systems to build custom workflows and streamline operations across your organization. Partners can also use these APIs to build custom storefronts that deliver unified procurement experiences for their customers.
The AWS Marketplace Agreements APIs is available in the US East (N. Virginia) Region.
To get started, configure AWS Identity and Access Management (IAM) permissions for your AWS account and call the API through the AWS SDK. To learn more, see the AWS Marketplace Agreement APIs documentation.
Amazon ElastiCache now supports aggregation queries, making it easier to filter, group, transform, and summarize data directly in your cache with a single query. Developers can use aggregation queries to build real-time application experiences with latencies as low as microseconds over terabytes of data and results reflecting completed writes.
By running aggregations directly in-memory within ElastiCache, developers can reduce architectural complexity and improve response times without a separate analytics engine. Applications can use aggregations to power faceted navigation, category counts, rollups, and leaderboards. Applications can aggregate over the most up-to-date data to deliver real-time insights such as trending content, popular categories, and top-performing items in e-commerce marketplaces and streaming services. Aggregations can drive AI-powered personalization applications that need fast summaries over search results, and operational dashboards for live monitoring and business analytics.
Aggregations are available in all commercial AWS Regions, AWS GovCloud (US) Regions, and China Regions, for node-based clusters running ElastiCache version 9.0 for Valkey at no additional cost. Valkey is the most permissive open source and vendor-neutral alternative to Redis and the recommended engine on ElastiCache. To get started, create a new Valkey 9.0 or above cluster or upgrade an existing cluster using the AWS Management Console, AWS SDK, or AWS CLI. To learn more, read the aggregations blog and see the ElastiCache documentation.
Amazon ElastiCache now supports real-time hybrid search that combines vector similarity with full-text search in a single query, without a separate search service. Applications can combine semantic meaning with exact keyword matching that captures both intent and precise terms to deliver more relevant results than either method alone. Customers can use ElastiCache to combine full-text and vector similarity search across billions of embeddings from popular providers like Amazon Bedrock, Amazon SageMaker, Anthropic, and OpenAI with latency as low as microseconds and up to 99% recall.
ElastiCache makes data searchable as soon as writes complete, so applications always search the most current vectors and text. Developers can use hybrid search to build AI agent memory and RAG systems that retrieve relevant context by exact terms and meaning to improve generative AI responses while reducing token costs. E-commerce and streaming platforms can use hybrid search to surface relevant matches, whether users search by exact product name, description, or both. ElastiCache for Valkey delivers the lowest latency vector search with the highest throughput and best price-performance at 95%+ recall rate among popular vector databases on AWS.
Hybrid search is available in all commercial AWS Regions, AWS GovCloud (US) Regions, and China Regions, for node-based clusters running ElastiCache version 9.0 for Valkey at no additional cost. Valkey is the most permissive open source and vendor-neutral alternative to Redis and the recommended engine on ElastiCache. To get started, create a new Valkey 9.0 or above cluster or upgrade an existing cluster using the AWS Management Console, AWS SDK, or AWS CLI. To learn more, read this blog and see the ElastiCache documentation.
Amazon ElastiCache now supports real-time full-text, exact-match, and numeric range search directly in your cache without a separate search service. Applications can use ElastiCache to search terabytes of data with latency as low as microseconds and throughput up to millions of search operations per second. Developers can combine any of these search types in a single query to power real-time, scalable search across frequently changing data.
ElastiCache makes data searchable as soon as writes complete, so applications always search the most current data. This is ideal for frequently updated datasets such as user session details, product inventory, and transaction records. Exact-match search enables instant lookup of records by precise values such as usernames, content IDs, or genres across streaming and gaming applications. Numeric range queries enable filtering by transaction amounts, date ranges, or player scores in financial applications and leaderboards. Developers can use full-text search with prefix, suffix, and fuzzy matching to power product discovery in e-commerce platforms, or combine search types to filter by category, price, and ratings.
Full-text, exact-match, and numeric range search is available in all commercial AWS Regions, AWS GovCloud (US) Regions, and China Regions, for node-based clusters running ElastiCache version 9.0 for Valkey at no additional cost. Valkey is the most permissive open source and vendor-neutral alternative to Redis and the recommended engine on ElastiCache. To get started, create a new Valkey 9.0 or above cluster or upgrade an existing cluster using the AWS Management Console, AWS SDK, or AWS CLI. To learn more, read this blog and see the ElastiCache documentation.
Starting today, Amazon Elastic Cloud Compute (Amazon EC2) P6-B300 instances are available in the US East (N. Virginia) Region. P6-B300 instances provide 8xNVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory.
P6-B300 instances deliver 2x networking bandwidth, 1.5x GPU memory size, and 1.5x GPU TFLOPS (at FP4, without sparsity) compared to P6-B200 instances, making them well suited to train and deploy large trillion-parameter foundation models (FMs) and large language models (LLMs) with sophisticated techniques. The higher networking and larger memory deliver faster training times and more token throughput for AI workloads.
P6-B300 instances are now available in p6-b300.48xlarge size in the following AWS Regions: US West (Oregon), AWS GovCloud (US-East) and US East (N. Virginia). To learn more about P6-B300 instances, visit Amazon EC2 P6 instances.
Starting today, Amazon Elastic Compute Cloud (Amazon EC2) P6-B200 instances accelerated by NVIDIA Blackwell GPUs are available in AWS GovCloud (US-West) Region. These instances offer up to 2x performance compared to P5en instances for AI training and inference.
P6-B200 instances feature 8 Blackwell GPUs with 1440 GB of high-bandwidth GPU memory and a 60% increase in GPU memory bandwidth compared to P5en, 5th Generation Intel Xeon processors (Emerald Rapids), and up to 3.2 terabits per second of Elastic Fabric Adapter (EFAv4) networking. P6-B200 instances are powered by the AWS Nitro System, so you can reliably and securely scale AI workloads within Amazon EC2 UltraClusters to tens of thousands of GPUs.
P6-B200 instances are now available in p6-b200.48xlarge size in the following AWS Regions: US West (Oregon), US East (N. Virginia, Ohio) and AWS GovCloud (US-West). To learn more about P6-B200 instances, visit Amazon EC2 P6 instances.
Amazon Bedrock AgentCore Runtime now supports bring-your-own file system, enabling developers to attach their Amazon S3 Files and Amazon EFS access points directly to agent runtimes. AgentCore Runtime mounts the file system into every session at a path you specify, and your agent reads and writes files using standard file operations - no custom mount code, no privileged containers, and no download orchestration before the agent can start working is needed.
This complements the existing managed session storage (in public preview), which AgentCore Runtime can automatically provision. Bring-your-own file system is for the data you already own and want to share: skills, tool libraries, reference datasets, knowledge bases, and project files that should be available across sessions, across microVM lifecycles, or across multiple agents. Developers can mount an Amazon S3 Files file system to access data through both standard file operations and S3 APIs, with changes automatically synchronized between the file system and the S3 bucket. Alternatively, they can mount an Amazon EFS access point for a purpose-built, shared NFS file system. Both options deliver sub-millisecond latency for active data and support NFS close-to-open consistency.
This unlocks patterns that were previously difficult to build. Agents can load shared skills, prompt templates, or curated datasets at session start without re-downloading at every new session initialization. Long-running workflows can persist intermediate results and resume work in future sessions. Multiple agents, or multiple sessions of the same agent, can collaborate on the same dataset, with one producing outputs that another consumes as inputs.
To get started, developers provide an access point ARN, and the agent runtime must be configured with a VPC. Bring-your-own file system is available across all 15 AWS Regions where AgentCore Runtime is supported. For the full list, see Supported AWS Regions. To learn more, see File system configurations in AgentCore Runtime.
AWS Site-to-Site VPN now supports modifying tunnel bandwidth between standard (up to 1.25 Gbps) and large (up to 5 Gbps) on existing connections, making it easier to update your VPN connections’ bandwidth per your organization’s need.
Previously, changing tunnel bandwidth required deleting and recreating the connection, which generated new tunnel IP addresses and meant updating your on-premises VPN device configuration and firewall rules. With this launch, tunnels are upgraded while preserving your IP addresses, CIDR blocks, pre-shared keys, and all configuration settings, eliminating the need to make any changes to your on-premises device.
This feature is available in the following AWS Regions: US East (N. Virginia, Ohio), US West (N. California), AWS GovCloud (US-West), Europe (Frankfurt, London, Paris, Spain, Stockholm), Asia Pacific (Hong Kong, Hyderabad, Jakarta, Malaysia, Mumbai, New Zealand, Osaka, Seoul, Sydney, Taipei, Thailand, Tokyo), Africa (Cape Town), Mexico (Central), and South America (São Paulo). To learn more and get started, visit the AWS Site-to-Site VPN documentation.
Amazon OpenSearch Service now supports the VPC egress option, which allows your virtual private cloud (VPC) domain to establish private network connections to resources in your VPC, such as ML models, AWS services, and custom applications, without exposing traffic to the public internet.
When you enable the VPC egress option, OpenSearch Service adds network interfaces to the subnets you selected for the domain and routes outbound traffic into your VPC. You can enable or disable the VPC egress option using the Amazon OpenSearch Service console, AWS CLI, or the CreateDomain and UpdateDomainConfig API operations.
VPC egress is now supported in all AWS Regions where Amazon OpenSearch Service is available. To get started, refer to Routing domain egress traffic through your VPC.
Posted on: May 7, 2026
Amazon Redshift now extends concurrency scaling to support high-volume data ingestion workloads, enabling concurrency scaling for Amazon Redshift COPY queries from Amazon S3. This means your data pipelines no longer have to choose between ingestion speed and query performance—even during peak demand.
Organizations running time-sensitive data operations—real-time analytics, continuous ETL, or high-frequency reporting—often face ingestion bottlenecks during traffic spikes. Until now, concurrency scaling supported read queries, but write-heavy workloads could still experience resource contention with concurrent queries. With this launch, Amazon Redshift automatically provisions additional compute capacity to absorb burstiness in ingestion workloads, delivering:
This feature is generally available across all AWS commercial regions and AWS GovCloud (US) regions for both Amazon Redshift Serverless and provisioned data warehouses. No migration or configuration changes are required — enable concurrency scaling and your ingestion workloads will benefit immediately. To learn more, visit the Amazon Redshift concurrency scaling documentation.
Amazon RDS for SQL Server now supports M8a and R8a instances powered by 5th Generation AMD EPYC processors. On RDS for SQL Server, R8a and M8a instances deliver up to 70% higher throughput than comparable x86 instances for commonly used instance sizes.
Each vCPU in M8a and R8a instances corresponds to a physical CPU core, designed to deliver consistent per-core performance. For workloads with high I/O requirements, M8a and R8a instances provide up to 75 Gbps of network bandwidth and 60 Gbps of Amazon EBS bandwidth. Additionally, M8a and R8a instances support the RDS for SQL Server optimize CPU feature, which allows customers to reduce their vCPU-based Microsoft SQL Server licensing charges by adjusting the number of vCPUs enabled on their instance. All instances are built on the AWS Nitro System using sixth-generation Nitro Cards.
Amazon RDS for SQL Server M8a and R8a instances are available in all commercial AWS Regions where these instances are offered in Amazon EC2. Customers can purchase these instances using On-Demand pricing or as part of their Database Savings Plan. To learn more, visit the Amazon RDS for SQL Server pricing page and Amazon RDS User Guide.
Amazon SES Mail Manager is now available in AWS GovCloud (US) regions, expanding Mail Manager coverage to 30 AWS regions.
Amazon SES Mail Manager provides a centralized gateway to manage all inbound and outbound email traffic with advanced routing, filtering, and archiving capabilities. It simplifies complex email infrastructure by replacing the need for multiple third-party tools with a single, scalable solution integrated directly into AWS. This gives organizations greater visibility and control over their email flows while reducing operational overhead and cost.
The new Mail Manager regions include AWS GovCloud (US-East) and AWS GovCloud (US-West). The full list of Mail Manager region availability is here.
To learn more, visit the SES Mail Manager documentation.
Today, Amazon Bedrock AgentCore announces the preview of AgentCore payments, enabling AI agents to autonomously access and pay for APIs, MCP servers, web content, and other agents. Built in partnership with Coinbase and Stripe, AgentCore payments is the first managed payment capabilities purpose-built for autonomous agents, handling the full payment lifecycle from wallet authentication through transaction execution to spending governance and observability. As AI agents become more capable and services shift to pay-per-use models built for machine consumption, developers need infrastructure that lets their agents transact without building bespoke billing integrations, credential management, orchestration logic, budgeting, and observability from scratch.
With AgentCore payments, developers connect a Coinbase CDP wallet or Stripe Privy wallet as a payment connection, set session-level spending limits, and their agent transacts autonomously during execution. When an agent encounters a paid resource and receives an HTTP 402 response, AgentCore handles the x402 protocol negotiation, wallet authentication, stablecoin payment, and proof delivery back to the endpoint, all without interrupting the agent's reasoning loop. Spending limits are enforced deterministically at the infrastructure layer, and every transaction is observable through the same logs, metrics, and traces developers already use in AgentCore. The Coinbase x402 Bazaar MCP server is also available through AgentCore Gateway, providing over 10,000 x402 endpoints that agents can search, discover, and pay for autonomously.
AgentCore payments is available in preview in the following AWS Regions: US East (N. Virginia), US West (Oregon), Europe (Frankfurt), and Asia Pacific (Sydney). Learn more about it through the blog, deep dive using the documentation, and get started with the AgentCore CLI.
We are pleased to announce that AWS Resource Explorer, a managed capability that simplifies the search and discovery of resources, is now available in the AWS GovCloud Regions (US-East) and (US-West).
You can search for your AWS resources either using the AWS Resource Explorer console, the AWS Command Line Interface (AWS CLI), the AWS SDKs, or the unified search bar from wherever you are in the AWS Management Console. From the search results displayed in the console, you can go to your resource’s service console and Region with a single step, and take action.
To turn on AWS Resource Explorer, visit the AWS Resource Explorer console. Read about getting started in our AWS Resource Explorer documentation, or explore the AWS Resource Explorer product page.
AWS announces the general availability of the AWS MCP Server, a managed remote Model Context Protocol (MCP) server that gives AI agents and coding assistants secure, authenticated access to all AWS services. The AWS MCP Server is part of the Agent Toolkit for AWS, a suite of tooling that includes the MCP Server, skills, and plugins that help coding agents build more effectively and efficiently on AWS.
AWS X-Ray SDKとDaemonは2026年2月にメンテナンスモードへ移行します。今後のトレース計装にはOpenTelemetryが推奨されます。本記事では移行の背景、スケジュール、移行先の選択肢、新機能について解説します。
週刊生成AI with AWS, What's Next with AWS の大型発表が中心の2026年4月27日週号 - 奈良市と日立システムズ様の個人番号利用事務系での GenU 活用事例を紹介。また、AWS Retail & CPG EXPO 2026 や製造業の生成 AI ラウンドテーブルの開催報告、Amazon Q Developer サポート終了のお知らせなどのブログ記事も。サービスアップデートでは Amazon Bedrock の OpenAI モデル/Codex/マネージドエージェント(限定プレビュー)や AgentCore の最適化機能、Amazon Quick のデスクトップアプリをはじめとする 14 件のアップデートを紹介。
We have released our latest compliance guide, ISO/IEC 42001:2023 on AWS, which provides practical guidance for organizations designing and operating an Artificial Intelligence Management System (AIMS) using AWS services. As organizations deploy AI and generative AI workloads in the cloud, aligning with globally recognized standards such as ISO/IEC 42001:2023 becomes an important step toward strengthening […]
Bulletin ID: 2026-026-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2026/05/06 17:30 PM PDT
Description:
Amazon is aware of an issue in the Linux kernel (CVE-2026-31431) that could potentially allow an authenticated local user to escalate privileges.
With the exception of the services listed below, AWS customers are not affected. See below for specific guidance on affected services. As a best practice, AWS recommends that you apply all security patches and software version updates as soon as they become available.
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
Tomofun, the Taiwan-headquartered pet-tech startup behind the Furbo Pet Camera, is redefining how pet owners interact with their pets remotely. To reduce costs and maintain accuracy, Tomofun turned to EC2 Inf2 instances powered by AWS Inferentia2, the Amazon purpose-built AI chips. In this post, we walk through the following sections in detail.
Today, we're announcing a preview of Amazon Bedrock AgentCore Payments, a new set of features in Amazon Bedrock AgentCore that enables AI agents to instantly access and pay for what they use. AgentCore Payments was developed in partnership with Coinbase and Stripe.
Today, we're announcing a preview of Amazon Bedrock AgentCore Payments, a new set of features in Amazon Bedrock AgentCore that enables AI agents to instantly access and pay for what they use. AgentCore Payments was developed in partnership with Coinbase and Stripe.