この日はセキュリティとエージェント型 AI、データベース系の更新が目立ちました。セキュリティ速報では Kiro IDE の実行影響のあるパスへの不十分なファイル書き込み制限(CVE-2026-10591)と Graph Explorer の HTTPS から HTTP へのフォールバック(CVE-2026-10584)の 2 件が公開されました。セキュリティブログでは Amazon Bedrock AgentCore のリソースベースポリシーによるマルチテナント AI エージェント保護、未使用の AWS KMS キー特定と誤削除防止が扱われました。機械学習では Baz による AgentCore を用いたコードレビュー精度向上、Amazon Nova Forge のハイパーパラメータ最適化、Amazon Nova 2 Lite による物体検出が紹介されました。What's New では Amazon ElastiCache for Valkey の耐久性対応、SageMaker Studio の数秒セットアップ、Amazon EKS/EKS Distro の Kubernetes 1.36 対応、RDS for Db2 の v12.1 対応などが発表されました。日本語ブログでは AWS Transform Custom による VB6 モダナイズや、オープンソースを AI 脅威から守る 1,250 万ドルの拠出が取り上げられました。
セキュリティ速報: Kiro IDE (CVE-2026-10591) と Graph Explorer (CVE-2026-10584) の脆弱性公開
エージェントAIセキュリティ: AgentCore リソースベースポリシーによるマルチテナント保護、KMS キー管理
機械学習: AgentCore でのコードレビュー精度向上、Amazon Nova Forge/Nova 2 Lite の活用
データベース/基盤: ElastiCache for Valkey の耐久性、EKS の Kubernetes 1.36、RDS for Db2 v12.1
Today, AWS announces durability support for Amazon ElastiCache. Durability enables you to use ElastiCache for workloads that require microsecond read latency but cannot tolerate data loss. With durability support, ElastiCache now stores data durably across multiple Availability Zones (AZs) using a Multi-AZ transactional log to enable fast failover, database recovery, and node restarts to prevent data loss in the unlikely event of a failure.
You can choose between two durability options: synchronous and asynchronous writes. Synchronous writes persist data across at least two AZs before responding to the client, designed for zero data loss at single-digit millisecond write latency. Asynchronous writes persist data after responding to the client, maintaining microsecond write latency at no additional cost. However, up to 10 seconds of uncommitted data could be lost in the rare event of a failure. Both options maintain microsecond read latency. You can now use ElastiCache for a broader set of use cases beyond caching where data loss is unacceptable such as AI agent long-term memory, AI agent workflow state, knowledge bases for RAG applications, payment tokenization, and real-time inventory management.
Durability for ElastiCache is available in all AWS commercial Regions, AWS China Regions, and AWS GovCloud (US) Regions starting with Valkey 9.0. To get started, create a new ElastiCache cluster and select your preferred durability option using the AWS Management Console, AWS Software Development Kit (SDK), or AWS Command Line Interface (CLI). For pricing details, visit the Amazon ElastiCache pricing page. To learn more, visit the ElastiCache documentation and blog.
Amazon SageMaker Studio quick setup now completes in under twenty seconds, reduced from over two minutes. Whether you are building ML pipelines, exploring data, developing with notebooks, or fine-tuning foundation models, you can go from sign-in to a fully configured Studio environment almost instantly.
As part of this streamlined setup, newly created Studio environments now come with serverless model customization permissions automatically configured. A new managed policy, AmazonSageMakerModelCustomizationCoreAccess, is created and attached for you, providing permissions for serverless model customization jobs including fine-tuning with custom reward functions for reinforcement learning, model evaluation, and deployment to SageMaker or Bedrock endpoints. This eliminates the need to manually create and configure IAM roles and policies before you can start experimenting. For existing Studio environments, actionable messages with direct links to documentation guide you through adding these permissions.
This feature is available in all AWS Commercial Regions where Amazon SageMaker Studio is supported. To get started, create a new Studio environment using quick setup in the SageMaker AI Console. To learn more, see Quick setup and Model Customization permissions setup in the Amazon SageMaker documentation.
AWS Deadline Cloud now supports persistent storage for Service-Managed Fleets (SMF), allowing you to maintain data across worker lifecycle events. AWS Deadline Cloud is a fully managed service that makes it easy for teams to run compute-intensive workloads in the cloud for visual effects, animation, product design, simulation, and gaming.
Previously, Deadline Cloud SMF workers relied only on ephemeral storage, requiring software and assets to be reinstalled each time a worker was recycled or replaced. Now, Deadline Cloud attaches persistent Amazon Elastic Block Store (Amazon EBS) volumes to SMF workers, preserving Conda environments, Perforce workspaces, shader caches, and asset collections across worker lifecycle events. This reduces worker startup time and helps you complete jobs faster. You can configure the number of persistent volumes per worker and set a time-to-live (TTL) to control how long volumes are retained, giving you flexibility to balance storage costs with startup performance.
Persistent storage for SMF is available in all AWS Regions where Deadline Cloud is offered. Persistent volumes are priced the same as existing Service-Managed Fleets EBS pricing. See the Deadline Cloud pricing page for details. To learn more, visit the AWS Deadline Cloud product page or our user guide.
AWS Config now supports internal service linked rules, enabling AWS services to evaluate AWS resource configurations using AWS Config managed rules. Internal service linked rules extend the existing service linked recorder capability by allowing AWS services such as AWS Security Hub CSPM to deploy and manage rule evaluations for service specific functionality.
With internal service linked rules, AWS services can use AWS Config managed rules to provide integrated security and compliance capabilities. Evaluation results are delivered directly to the AWS service that deployed the rule at no charge from AWS Config to customers. Internal service linked rules operate independently of existing customer managed AWS Config recorders and rules. This allows customers to continue using AWS Config for inventory, governance, compliance, and auditing use cases while AWS services independently manage service specific evaluations.
AWS Security Hub CSPM internal service-linked rules are now available in all commercial, GovCloud, and China Regions. To learn more, see the AWS Config documentation.
Kubernetes version 1.36 introduced several new features and bug fixes, and AWS is excited to announce that you can now use Amazon Elastic Kubernetes Service (EKS) and Amazon EKS Distro to run Kubernetes version 1.36. Starting today, you can create new EKS clusters using version 1.36 and upgrade existing clusters to version 1.36 using the EKS console, the eksctl command line interface, or through an infrastructure-as-code tool.
Kubernetes version 1.36 introduces several key improvements, promoting User Namespaces to general availability for mapping container root to an unprivileged host user so that a breakout grants no node-level privileges, alongside Mutating Admission Policies for CEL-based resource mutations in the API server without webhook infrastructure. The release also brings In-Place Pod-Level Resources Vertical Scaling allowing Pods to resize their shared CPU and memory budget without restart, and Resource Health Status reporting device health in Pod status to help identify hardware-caused crash loops. To learn more about the changes in Kubernetes version 1.36, see our documentation and the Kubernetes project release notes.
EKS now supports Kubernetes version 1.36 in all the AWS Regions where EKS is available, including the AWS GovCloud (US) Regions.
You can learn more about the Kubernetes versions available on EKS and instructions to update your cluster to version 1.36 by visiting EKS documentation. You can use EKS cluster insights to check if there are any issues that can impact your Kubernetes cluster upgrades. EKS Distro builds of Kubernetes version 1.36 are available through ECR Public Gallery and GitHub. Learn more about the EKS version lifecycle policies in the documentation.
Amazon Connect Customer now enables contact center supervisors to receive real-time alerts directly on the dashboard when specific keywords, phrases, or sentiment patterns are detected during live calls and chats, enabling faster intervention and improved customer outcomes. For example, when a customer says "cancel my account" during a call, a supervisor receives an alert on the real-time dashboard, listens to the live conversation while viewing the real-time transcript and sentiment analysis, and coaches the agent over chat to resolve the issue before the customer churns.
Amazon Connect Customer real-time conversational analytics alerts on dashboards are available in all AWS commercial and AWS GovCloud (US-West) regions where Amazon Connect conversational analytics is offered. To learn more about setting up real-time conversational analytics alerts on dashboards, see the Amazon Connect Customer Administrator Guide. To learn more about Amazon Connect Customer, the AWS cloud-based contact center, please visit the Amazon Connect Customer website.
AWS IoT Core now provides two new Amazon CloudWatch Log event types that help you troubleshoot device connectivity issues and authentication errors across your Internet of Things (IoT) fleet.
The new Ping log event type is emitted when devices send MQTT Keep-alive messages, and it enables you to identify connections or devices that were unable to keep the connection alive. The new Connection.AuthNError log event type records rejected connection attempts due to authentication failure, along with detailed error codes that tell you what went wrong, so you can resolve credential and certificate issues faster.
To get started, configure event-level logging in your AWS IoT Core settings with your desired log level and Amazon CloudWatch log group destination, then opt into these new event types. The two new event types are available in all AWS Regions where AWS IoT Core is available. To learn more, see AWS IoT log entries in the AWS IoT Core developer guide.
Amazon RDS for Db2 now supports IBM Db2 v12.1. With Db2 v12.1, RDS now supports Db2 Standard, Db2 Advanced, and Db2 Community Edition. Db2 Community Edition provides all the features available in Standard and Advanced Editions, with no commercial software licensing charges for development and test applications. This allows you to easily start developing and testing Db2 applications with a managed database service without worrying about software licensing.
To use Db2 Community Edition, get a free IBM Customer ID from the IBM website and create your database instances using the the Amazon RDS console. For details, see Amazon RDS for Db2 documentation. For information about new features included in Db2 12.1, visit IBM documentation.
Amazon RDS for Db2 12.1 with support for Db2 Community Edition is available in all the AWS Regions where Amazon RDS for Db2 is currently available.
AWS、Anthropic、Google、Microsoft、OpenAI は Linux Foundation と共同で 1,250 万ドルを拠出し、AI による脆弱性レポートの急増からオープンソースエコシステムを守る取り組みを発表しました。基盤モデルが重大な脆弱性発見でセキュリティ研究者を上回り始めるなか、AWS は Alpha Omega を通じてメンテナーがバグを迅速に検証・修正できるツールと自動化を提供します。
この記事では、AWS Transform custom のエージェンティック AI 機能を活用して、組織固有のビジネスルールを維持しながら VB6 アプリケーションを大規模にモダナイズする方法を紹介します。
2026 年 5 月 29 日、AWS ジャパン 大阪オフィスにて「AWS Business Innovation Series – West Japan」の第 2 回を開催しました。AI ワークアシスタント「Amazon Quick」をテーマに、座学・ハンズオン・ハッカソンの 3 ステップでデータ接続からエージェント構築までを体験いただき、参加者全員が半日で自社業務に活用できるチャットエージェントを作り上げました。当日の様子と参加者の声をお届けします。
Software as a service (SaaS) providers building AI-powered applications on Amazon Bedrock AgentCore often need to serve multiple tenants with distinct security requirements from a shared infrastructure. Some tenants require cross-account access from their own Amazon Web Services (AWS) accounts, while others mandate that traffic stay within a private virtual private cloud (VPC) for regulatory […]
As you scale your use of Amazon Web Services (AWS), managing KMS keys becomes increasingly important. Whether you manage a handful of keys or thousands across multiple AWS accounts and AWS Regions, there’s often a need to audit key usage to help you meet compliance requirements, evaluate your risk posture, and optimize key management costs. […]
Bulletin ID: 2026-037-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 06/02/2026 08:45 AM PDT
Description:
Kiro is an agentic IDE users install on their desktop. We identified CVE-2026-10591. Insufficient access control restrictions in the file write tool in Kiro IDE prior to version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths (such as .vscode/tasks.json), enabling auto-execution on folder open.
Impacted versions: <0.11
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
Bulletin ID: 2026-038-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 06/02/2026 12:15 PM PDT
Description:
Graph Explorer is an open source application that provides visualization and exploration of data in graph databases such as Amazon Neptune. We identified CVE-2026-10584 where, under certain circumstances, the server silently falls back to HTTP when HTTPS is enabled but certificates are unavailable, resulting in cleartext transmission of sensitive information.
Impacted versions: >= 1.1.0 AND < 3.0.1
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
This post walks through how Baz built their Spec Review agent using Amazon Bedrock and Amazon Bedrock AgentCore. We'll cover the architecture decisions, implementation details, and the business outcomes they achieved by leveraging these AWS services to automate their code review process
In this post, we'll walk through implementing object detection with Amazon Nova 2 Lite. You'll learn how to deploy an object detection application using Amazon Bedrock, AWS Lambda, and Amazon API Gateway. You'll also learn how to craft effective prompts, process structured JSON output, and visualize results. We explore practical applications across manufacturing, agriculture, and logistics.
Fine-tuning for domain-specific tasks means improving performance in one area without degrading the model’s general capabilities, and getting that balance right is harder than it looks. This post walks through how to navigate that balance, from selecting the right customization strategy for your data and task, to configuring the training parameters that most influence outcomes, like learning rate, batch size, and checkpointing. We also cover the common mistakes that lead to wasted training runs and how to catch them early, so you can improve domain performance without degrading general capabilities or burning through compute on avoidable failures. By the end, you will know how to improve domain performance without degrading general capabilities and how to avoid the expensive failures that come from getting the balance wrong.