この日は生成AIとコンテナ、セキュリティに関する発表が中心でした。Amazon Bedrock は Anthropic および OpenAI 互換 API に最適化された新しいコンソールエクスペリエンスを公開し、モデルの比較やプロジェクト単位の評価ワークフローを提供します。また Bedrock AgentCore Runtime には、稼働中のエージェントセッションへ端末接続できる対話型シェル機能が追加されました。インフラ面では Amazon ECS with AWS Fargate が 32vCPU 構成に対応し、EC2 C8in インスタンスがアジアパシフィックと欧州の追加リージョンで利用可能になりました。分析系では S3 Tables や OpenSearch UI が GovCloud (US) に拡大。セキュリティでは Cognito と Verified Permissions による B2C アプリのアクセス制御解説に加え、Aurora PostgreSQL ラッパーの権限昇格 (CVE-2026-11400/11401) など複数の脆弱性情報が公開されました。
Amazon Bedrock: 新コンソールエクスペリエンスと AgentCore Runtime の対話型シェル
コンピュート: ECS Fargate 32vCPU 対応、EC2 C8in の追加リージョン展開
分析・GovCloud: S3 Tables 権限簡素化と OpenSearch UI の GovCloud 提供
セキュリティ: Cognito/Verified Permissions 活用と Aurora PostgreSQL 等の脆弱性情報
Amazon Elastic Container Service (Amazon ECS) with AWS Fargate now supports 32vCPU compute configurations, enabling customers to run more demanding applications with greater flexibility and performance. AWS Fargate offers 32vCPU tasks with the following memory configurations: 60 GiB, 120 GiB, or 244 GiB, for both x86-based and ARM-based workloads on Linux. These new task sizes extend Amazon ECS’s capability to support high-performance computing use-cases, large-scale data processing, AI inference, and other compute-intensive workloads. With 32vCPUs and up to 244 GiB of memory, Amazon ECS customers can now deploy larger containers and scale applications beyond previous limits, all while leveraging the reliability, security, and scalability of AWS Fargate.
To use the new 32vCPU task sizes, simply configure your task definitions to specify 32 as the vCPU value and select one of the new memory options (60, 120, or 244 GiB), then deploy your Amazon ECS services or tasks as usual via the AWS Management Console, CLI, or your infrastructure-as-code of choice. The new vCPU and memory configurations are available on both Fargate and Fargate Spot capacity providers, and existing Compute Savings Plans apply automatically. For pricing details, refer to AWS Fargate pricing page.
The 32vCPU tasks are available with Amazon ECS and AWS Fargate in all AWS commercial and AWS GovCloud (US) Regions. To learn more, refer to the Amazon ECS documentation.
Starting today, Amazon Elastic Compute Cloud (Amazon EC2) C8in instances are available in the AWS Asia Pacific (Sydney, Singapore, Malaysia) and Europe (Frankfurt) regions. C8in instances are powered by custom, sixth generation Intel Xeon Scalable processors, available only on AWS. These instances feature the latest sixth generation AWS Nitro cards, delivering up to 43% higher performance compared to previous generation C6in instances.
C8in instances deliver larger sizes and scale up to 384 vCPUs. C8in instances deliver 600 Gbps network bandwidth—the highest among enhanced networking EC2 instances—making them ideal for network-intensive workloads like distributed compute and large-scale data analytics.
C8in instances are available in US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo, Sydney, Singapore, Malaysia), and Europe (Spain, Frankfurt) regions. C8in instances are available via Savings Plans, On-Demand, and Spot instances. For more information, visit the Amazon EC2 C8i instance page.
Amazon OpenSearch Service expands its modernized operational analytics experience to GovCloud regions, including AWS GovCloud (US-East) and AWS GovCloud (US-West), enabling users to gain insights across data spanning managed domains and serverless collections from a single endpoint. The expansion includes Workspaces to enhance collaboration and productivity, allowing teams to create dedicated spaces. Discover is revamped to provide a unified log exploration experience supporting languages such as Piped-Processing-Language (PPL) and SQL, in addition to DQL and Lucene. Discover now features a data selector to support multiple sources, new visual design and query autocomplete for improved usability. This experience ensures users can access the latest UI enhancements, regardless of version of underlying managed cluster or collection.
The expanded OpenSearch analytics helps users gain insights from their operational data by providing purpose-built features for observability, security analytics, and search use cases. With the enhanced Discover interface, users can now analyze data from multiple sources without switching tools, improving efficiency. Workspaces enable better collaboration by creating dedicated environments for teams to work on dashboards, saved queries, and other relevant content. Availability of the latest UI updates across all versions ensures uninterrupted access to the newest features and tools.
OpenSearch UI can connect to OpenSearch domains (above version 1.3) and OpenSearch serverless collections. To get started, create an OpenSearch application in AWS Management Console. Learn more at Amazon OpenSearch Service Developer Guide.
AWS Glue Data Catalog now supports AWS IAM-based authorization for Amazon S3 Tables and Apache Iceberg materialized views. With IAM-based authorization, you can define all necessary permissions across storage, catalog, and query engines in a single IAM policy.
This capability simplifies the integration of S3 Tables or materialized views with any AWS Analytics service, including Amazon Athena, Amazon EMR, Amazon Redshift, and AWS Glue. You can also opt in to AWS Lake Formation at any time to manage fine-grained access controls using the AWS Management Console, AWS CLI, API, and AWS CloudFormation.
This feature is now available in AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. To learn more, visit the S3 Tables documentation and the AWS Glue Data Catalog documentation.
Amazon Bedrock AgentCore Runtime now supports interactive shells through a new InvokeAgentRuntimeCommandShell API, opening a persistent, PTY-backed terminal directly into a running agent session over WebSocket. This complements the existing InvokeAgentRuntimeCommand API for one-shot execution, giving developers a full terminal experience inside an isolated microVM with colors, tab completion, Ctrl+C, terminal resize, and automatic reconnect on network drop.
This is particularly important for developers hosting coding agents such as Claude Code, OpenAI Codex, Amazon Kiro on AgentCore Runtime. In addition to the asynchronous command execution they already had, they can now authenticate, drop into the microVM hosting their coding agent, and interact with it like a local terminal: interact with the agent, inspect files, run ad-hoc commands, or debug the environment state. The shell carries persistent state across commands within the same session, so environment variables, working directory, and command history all behave as expected.
Each interactive session is identified by a runtime session ID and a shell ID. Passing both back when reconnecting lands you in the exact same shell. Brief network drops reconnect automatically, and longer disconnects can be resumed manually using the same IDs. A single agent runtime supports up to 10 concurrent shells, allowing developers to open multiple terminals against the same or multiple microVMs and watch agents work different branches in parallel.
To get started using the AgentCore CLI: `agentcore exec --it --runtime <runtime-arn>`. To learn more, see Interactive Shells (Terminals) and Shell execution in AgentCore Runtime for a comparison of both shell modes.
You can use the new console experience on Amazon Bedrock to browse and compare the latest AI models side by side, organize work into projects with streamlined evaluation workflows, and access project-aware live documentation with auto-prefilled code snippets ready to copy and run.
Modern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental pillars of application security that answer critical questions: Who are you? and What are you allowed to do? Implementing these controls correctly can be challenging for developers, especially when building data-intensive applications with frameworks like […]
Bulletin ID: 2026-039-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 06/025/2026 12:15 PM PDT
Description:
Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL.
We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.
Impacted versions:
- AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1
- AWS Advanced Go Wrapper release 2026-04-06
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/07/23 6:00 PM PDT
Updated Date: 2025/07/25 6:00 PM PDT
Description:
Amazon Q Developer for Visual Studio Code (VS Code) Extension is a development tool that integrates Amazon Q's AI-powered coding assistance directly into the VS Code integrated development environment (IDE).
AWS is aware of and has addressed an issue in the Amazon Q Developer for VS Code Extension, which is assigned to CVE-2025-8217.
AWS Security has inspected the code and determined the malicious code was distributed with the extension but was unsuccessful in executing due to a syntax error. This prevented the malicious code from making changes to any services or customer environments.
We will update this bulletin if we have additional information to share.
Affected version: Amazon Q Developer for Visual Studio Code Extension (version 1.84.0)