この日は Amazon Cognito を中心とするアイデンティティとセキュリティの強化が目立ちました。Amazon Cognito がマルチリージョンレプリケーションに対応し、新しい Lambda トリガーによるフェデレーションサインインのカスタマイズや、次世代インフラによる高度な機能の解放が発表されました。セキュリティブログでは AWS Shield Advanced のフローログによる DDoS 攻撃の可視化も取り上げられました。日本語ブログでは Cognito マルチリージョンレプリケーション、ElastiCache for Valkey の耐久性、Amazon Bedrock 上での OpenAI GPT-5.5/GPT-5.4/Codex の利用開始に加え、ポスト量子暗号によるシークレット保護や AI 時代のセキュリティ体制強化が解説されました。エージェント/開発ツール分野では AWS MCP Server のクロスアカウント・クロスロールアクセス対応、AWS CLI の Agent Toolkit for AWS 対応が発表されました。機械学習では NVIDIA Nemotron 3 Ultra が Amazon SageMaker JumpStart で利用可能になり、SageMaker Data Agent は会話へのビジネスコンテキスト統合に対応しました。
アイデンティティ: Amazon Cognito のマルチリージョンレプリケーション、Lambda トリガー、次世代インフラ
セキュリティ: AWS Shield Advanced のフローログによる DDoS 可視化、ポスト量子暗号、AI 時代の体制強化
エージェント/開発ツール: AWS MCP Server のクロスアカウント対応、AWS CLI の Agent Toolkit 対応
機械学習: NVIDIA Nemotron 3 Ultra の SageMaker JumpStart 提供、SageMaker Data Agent の拡張
AWS Deadline Cloud now gives you an easier way to deliver plugins to cloud workers when using service-managed fleets. AWS Deadline Cloud is a fully managed service that helps teams run compute-intensive workloads in the cloud for visual effects, animation, product design, simulation, and gaming.
Previously, deploying plugins to cloud workers required custom scripting or manual configuration for each digital content creation (DCC) application and version. With this feature, you upload your plugin files to a prescribed path in your queue's job attachments Amazon S3 bucket, much like copying plugins into a shared folder on your workstation, and Deadline Cloud automatically syncs them to workers when a job session starts. This simplifies pipeline setup, reduces configuration errors, and helps you start jobs with the correct plugins in place. Plugin sync is now generally available for Blender and Autodesk Maya, with support for additional DCC applications coming soon.
Plugin sync for service-managed fleets is available in all AWS Regions where Deadline Cloud is offered. To learn more, see Sync plugins to workers in the AWS Deadline Cloud Developer Guide, or visit the AWS Deadline Cloud product page.
Amazon Cognito now supports multi-Region replication, enabling you to synchronize user and machine identity data — including credentials, user pool configurations, and federation setups — to a secondary user pool in a standby Region you designate in near real-time. This capability helps you improve the resilience of your authentication system by providing a standby replica that can accept traffic in case there is a regional service disruption.
In the event of a disruption in the primary Region, you can redirect traffic to the secondary user pool. Signed-in users continue accessing their applications without re-authenticating, and registered users can sign in with their existing credentials. Authentication methods continue to work in the secondary Region, including username/password, federation with social identity and SAML/OIDC providers, and machine-to-machine authorization flows.
Multi-Region replication is available as an add-on for user pools in Essentials or Plus feature tiers. You can start using this feature in the following AWS Regions: US East (Ohio, N. Virginia), US West (N. California, Oregon), Asia Pacific (Mumbai, Seoul, Singapore, Sydney, Tokyo), Canada (Central), Europe (Frankfurt, Ireland, London, Paris, Stockholm), and South America (São Paulo). To get started, configure multi-Region replication using the AWS Management Console, AWS Command Line Interface (CLI), or AWS Software Development Kits (SDKs) by adding a replica user pool. Visit the pricing page for pricing details and the developer guide for instructions.
Amazon Aurora PostgreSQL, Amazon Aurora DSQL, and Amazon DynamoDB serverless databases are now available on Vercel Marketplace and v0 by Vercel in additional AWS Regions, offering you more flexibility to build applications with Vercel and AWS databases from the Regions of your choice.
To get started, you can describe your idea in v0 using natural language. The tool automatically generates a spec-driven design, deploys code and infrastructure, and stores your application data in the AWS database that best fits your needs with no hands-on coding or provisioning required. Vercel provides an end-to-end setup experience where you can create database resources in seconds under a new AWS account or link to an existing one, all without leaving Vercel. New AWS accounts created from Vercel include access to all three databases and $100 USD in credits, usable across any of these database options for up to six months. You can manage your plan, add payment information, and view usage details anytime from the AWS settings portal in the Vercel dashboard. To learn more, visit v0 or the AWS landing page on the Vercel Marketplace.
You can now create an Aurora PostgreSQL database or Amazon DynamoDB table through Vercel from 17 AWS Regions enabled by default, and Aurora DSQL from 16 AWS Regions including: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), and South America (São Paulo).
AWS Databases deliver security, reliability, and price performance without the operational overhead, whether you're prototyping your next big idea or running production AI and data driven applications. For more information, visit the AWS Databases webpage.
Amazon Elastic Kubernetes Service (Amazon EKS) Capabilities can now be configured as log delivery sources using Amazon CloudWatch Vended Logs. This enables customers to monitor and troubleshoot their EKS Capabilities for Argo CD, AWS Controllers for Kubernetes (ACK), and kro (Kubernetes Resource Orchestrator) by monitoring logs collected from the managed controllers that run in AWS-managed infrastructure.
Customers can enable log delivery for each capability using CloudWatch APIs or the AWS Console. Logs are configured as a CloudWatch Vended Logs delivery source, enabling reliable, secure log delivery to CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose destinations.
This feature is available in all AWS Regions where the EKS Capabilities feature is supported. Standard CloudWatch Vended Logs pricing applies based on the chosen destination. There is no additional EKS charge.
To learn more about EKS Capabilities, visit the Amazon EKS documentation.
Amazon SageMaker Data Agent now integrates with SageMaker Catalog business context and metadata, enabling data practitioners to discover datasets and generate more accurate SQL and Python code using business terminology instead of cryptic technical table names. This integration allows the Data Agent to leverage the business context that companies have invested months curating in their SageMaker Catalog, including those synced from Collibra, Atlan, and Alation, to deliver more accurate data discovery and code generation.
With this capability, data practitioners can ask questions like "Calculate customer retention rate" or "What data do I have on customer churn?" and the Data Agent will search glossary terms, custom metadata forms, asset summaries, and README content to identify the correct tables and columns. The agent generates more accurate code on first attempt by understanding business context, plans multi-step workflows with the correct sequence of tables and transformations, and respects data governance by checking subscription status and providing access request links when needed. Organizations maximize their existing catalog investment without changing the current data workflows, reducing time-to-insight, and enabling data teams to work in business language rather than deciphering technical table names.
This integration is available in SageMaker Unified Studio notebooks and Query Editor in all AWS Regions where Amazon SageMaker Unified Studio is available. To learn more, visit the Amazon SageMaker Unified Studio page and Amazon SageMaker Data Agent documentation.
Today, AWS announced cross-account and cross-role access for the AWS Model Context Protocol (MCP) Server, part of the Agent Toolkit for AWS. This feature allows developers using AI coding agents like Kiro, Claude Code, or Codex to work across multiple AWS accounts and AWS Identity and Access Management (IAM) roles within a single session, with no restarts required. Previously, switching profiles required stopping the AI coding session, updating local AWS credentials, and restarting the MCP server for every account change. Now, AI agents using the AWS MCP Server can specify a profile on each command, allowing users to switch between accounts and roles seamlessly.
Cross-account access helps developers move faster across multi-account environments. For example, a DevOps engineer can query CloudWatch logs across production and staging accounts to diagnose a performance issue, or an application developer can update a Lambda configuration in one account and adjust an S3 bucket policy in another, all within the same conversation. Each request specifies which profile to use, so there is no risk of commands reaching the wrong account.
To get started, see Multi-profile support in the Agent Toolkit for AWS user guide. The AWS MCP Server is available in the US East (N. Virginia) and Europe (Frankfurt) Regions.
Today, AWS announced that the AWS Command Line Interface (CLI) allows users to install the Agent Toolkit for AWS across multiple coding agents with a simple interactive wizard. The Agent Toolkit for AWS gives coding agents the tools, guidance, and guardrails they need to operate safely, effectively, and efficiently on AWS. Starting today, customers can simply type `aws configure agent-toolkit` to install the Agent Toolkit across Kiro, Claude Code, Codex, Cursor, and other popular coding agents. Additionally, customers can now use the AWS CLI to easily search for, install, and manage skills from the Agent Toolkit for AWS to equip their agents with expert guidance to complete tasks.
The Agent Toolkit for AWS consists of the AWS MCP Server (which provides a secure, auditable agent interface to 15,000+ AWS APIs), a suite of 40+ agent skills (which give agents expert guidance across storage, networking, analytics, and more), and three plugins (which bundle the MCP server and curate sets of skills into a single install). Using the AWS CLI, customers can now install and configure the MCP server and a customizable set of skills across multiple coding agents via an easy-to-use, interactive wizard. The AWS CLI automatically detects which coding agents are installed and allows users to choose which skills to install for which agents. Customers can then use the CLI to search for available skills, install new skills, and update existing skills.
To get started, see AWS CLI in the Agent Toolkit for AWS user guide. The AWS MCP Server is available in the US East (N. Virginia) and Europe (Frankfurt) Regions.
本ブログでは、Amazon ElastiCache for Valkey の新機能である耐久性(Durability)についてご紹介します。この機能により、ElastiCache をキャッシュだけでなく永続的なデータストアとしても利用できるようになります。同期書き込みではデータ損失ゼロを実現し、非同期書き込みではマイクロ秒の書き込みレイテンシーを維持しながら最大10秒のデータ損失リスクに抑えます。Multi-AZ トランザクションログを使用したアーキテクチャ、パフォーマンス測定結果、AWS CLI を使った具体的な設定方法まで詳しく解説します。
AWS Secrets Manager が ML-KEM を使用したハイブリッドポスト量子鍵交換をデフォルトで有効化しました。これにより harvest now, decrypt later (HNDL) 攻撃から将来の量子コンピュータの脅威に備えてシークレットを保護します。Secrets Manager Agent、Lambda 拡張機能、CSI Driver、各種 AWS SDK のアップグレード要件と、CloudTrail を使った接続検証手順を詳しく説明します。
OpenAIの最先端モデルであるGPT-5.5とGPT-5.4、そしてOpenAIのコーディングエージェントであるCodexが、Amazon Bedrockで一般提供開始となりました。Bedrockの高性能推論エンジンに、セキュリティ、ガバナンス、トークン単位の料金体系を組み込んだ状態で、最先端モデルをデプロイできます。
ウェブアプリケーションおよびモバイルアプリのデベロッパーと連携するデベロッパーアドボケートとして、私は、リージ […]
Anthropic が Claude Mythos Preview モデルを発表し、AWS およびその他の主要組織と共に Project Glasswing を立ち上げてから、まだ数週間しか経っていません。これにより、サイバーセキュリティの将来と、基盤モデルの能力が急速に向上することが組織にとって何を意味するのかについて、多くの議論が生まれています。
You can use Amazon Cognito user pools to add sign-up and sign-in functionality to your web and mobile applications. You can authenticate users directly with Amazon Cognito managed accounts using passwords, passwordless flows, or custom authentication flows, or let users federate in through external identity providers (IdP) using SAML, OpenID Connect, or social providers such […]
Reconstructing distributed denial of service (DDoS) attack traffic used to mean combining data from multiple sources after the fact. AWS Shield Advanced attack flow logs change that—they capture traffic metadata during attacks so you can pinpoint sources, verify mitigations, and feed your existing analysis pipelines. Shield publishes logs to Amazon Simple Storage Service (Amazon S3), […]
Amazon Cognito recently introduced high-throughput performance for demanding workloads, customer-managed keys for full control over data encryption at rest, and multi- Region replication for business continuity improvement. These capabilities were made possible through a next-generation storage infrastructure designed for extensibility and scale. To deliver this, we migrated hundreds of millions of user profiles, and you […]
Deploy NVIDIA Nemotron 3 Ultra on Amazon SageMaker JumpStart. Get 5x faster inference and 30% lower cost for agentic AI workloads with this frontier reasoning model.