この日は多数の発表があり、生成AIとコスト管理が特に活発でした。最大の話題は Claude Fable 5 が AWS で一般提供開始となり、Amazon Bedrock と Claude Platform on AWS 経由で Mythos クラスの機能が利用可能になったことです。コスト管理領域では Amazon Q を活用した Cost Anomaly Detection の AI コスト調査、Cost Explorer の Analyze with Amazon Q、Savings Plans Purchase Analyzer のターゲットカバレッジ分析などが相次いで発表されました。データベース関連では Aurora DSQL の JSONB 対応、DocumentDB のマイナーバージョン 5.0.1、RDS for PostgreSQL 19 Beta 1、Redshift の手動スナップショット課金改善が登場。CloudWatch は OpenTelemetry メトリクスと PromQL クエリに対応し、Logs Insights に 23 の新コマンドが追加されました。AWS Application Migration Service は AWS Transform MGN に改称。ML ブログでは EU 向けクロスリージョン推論や SageMaker と FHE による暗号化推論、AgentCore でのコーディングエージェントホスティングが解説されました。
生成AI: Claude Fable 5 の AWS 一般提供開始
コスト管理: Amazon Q によるコスト調査・説明、Savings Plans カバレッジ分析
データベース: Aurora DSQL の JSONB 対応、DocumentDB 5.0.1、PostgreSQL 19 Beta 1
オブザーバビリティ: CloudWatch の OpenTelemetry/PromQL 対応と Logs Insights 拡張
移行: AWS Application Migration Service の AWS Transform MGN への改称
セキュリティ: AgentCore CLI のコードインジェクション脆弱性 (CVE-2026-11393)
Amazon Redshift announces a new billing model for manual snapshots on Amazon Redshift Serverless and Amazon Redshift RG instances. With this enhancement, Amazon Redshift now meters manual snapshot storage based on the unique data blocks stored across your snapshots rather than the total size of each individual snapshot. This results in lower manual snapshot costs for customers who maintain multiple snapshots.
Customers who maintain multiple manual snapshots for disaster recovery, testing, or long-term retention will see reduced storage costs. With this new billing model, you can take more frequent manual snapshots to achieve a better recovery point objective (RPO) without proportional cost increases, enabling more robust disaster recovery strategies. The new billing model automatically applies to both existing and new manual snapshots.
The new manual snapshot billing model is available in all AWS commercial and AWS GovCloud (US) Regions where Amazon Redshift Serverless and Amazon Redshift RG instances are available. To learn more about Amazon Redshift snapshots, please visit our documentation or the blog.
Amazon Connect Customer now provides AI agent traces for self-service voice interactions, enabling you to understand how AI agents reason, act, and respond during each customer conversation. With this launch, you have full visibility into how the AI agent handled an interaction, so you can confirm what worked, diagnose issues, validate behavior, and deploy agentic experiences with confidence.
For example, if your AI agent fails to resolve a customer request, you can access the step-by-step trace directly in the Connect web UI alongside the full transcript, and see whether it reasoned incorrectly, called a tool with bad parameters, or timed out waiting for a response.
This feature is available in all AWS Regions where Amazon Connect Customer AI Agents are supported. For more information, see the Amazon Connect Customer Administrator Guide. To learn more about Amazon Connect Customer, an agentic AI solution that helps enterprises deliver exceptional customer experiences, visit the Amazon Connect Customer website.
AWS Cost Anomaly Detection now includes AI-powered cost investigation, which uses Amazon Q to analyze the root cause of detected cost anomalies. Investigating a cost change typically requires correlating cost data with AWS CloudTrail events and resource activity, which can take hours. Cost investigation delivers a plain-language explanation in minutes, helping FinOps practitioners and engineering teams move from alert to action faster.
When you investigate an anomaly, Amazon Q determines whether the cost change is usage-driven or rate-driven, identifies the contributing services, accounts, and regions, and for usage-driven changes, correlates with AWS CloudTrail to attribute the change to specific API calls and IAM principals. For organizations with a CloudTrail organization trail, the investigation works across all member accounts automatically. You can continue the conversation with follow-up questions to explore patterns or drill into specific resources.
AI-powered cost investigation is available today in all commercial AWS Regions at no additional charge. Cross-account investigations that use an organization-wide CloudTrail trail delivered to Amazon CloudWatch Logs might incur standard CloudWatch Logs Insights charges based on data scanned.
To get started, navigate to AWS Cost Anomaly Detection in the AWS Billing and Cost Management console and choose Investigate with Amazon Q on any detected anomaly. To learn more, see Investigating anomaly root causes with Amazon Q in the AWS Billing and Cost Management User Guide.
AWS Application Migration Service (MGN) is now available as AWS Transform MGN. This name change reflects MGN's role as the proven replication engine powering AWS Transform, the agentic migration service.
You can choose between two rehosting experiences. Use the AWS Transform MGN console for direct control over replication and cutover. Or use the AWS Transform agentic workflow, where an agent handles discovery, wave planning, landing zone setup, network creation, and rehosting or containerization on your behalf, accelerating your path to AWS.
AWS Transform MGN retains all of its existing compliance certifications, including FedRAMP High, HIPAA, PCI DSS, ISO, and SOC 1, 2, and 3, so you can migrate with confidence. It is available in all commercial regions and both GovCloud (US) Regions.
Visit the AWS Transform MGN product page and AWS Transform MGN documentation for more information on how to rehost applications to AWS.
Amazon Aurora DSQL introduces support for the PostgreSQL JSONB data type with optional compression. You can now use code and tools that depend on PostgreSQL's JSONB type with Aurora DSQL, making it easier to store semi-structured data alongside relational data.
You can use the JSONB data type when creating or modifying tables to store semi-structured data such as system configuration metadata, API parameters, and event logs. With PostgreSQL compression enabled by default, larger JSONB payloads are stored more efficiently, helping reduce storage costs.
Get started with Aurora DSQL for free with the AWS Free Tier. For information about Regional availability, see the AWS Region table. You can learn more about Aurora DSQL data types, including JSONB, here.
AWS Lambda Managed Instances (LMI) is now available in all commercial AWS Regions, except Israel (Tel Aviv), Middle East (Bahrain), Middle East (UAE), and Asia Pacific (Auckland).
LMI lets you run Lambda functions on managed Amazon EC2 instances, giving you access to specialized compute configurations and EC2 pricing advantages while maintaining Lambda's operational simplicity. LMI fully manages instance lifecycle, OS and runtime patching, routing, load balancing, and auto-scaling, so you can focus on writing code. You can process parallel requests within each execution environment, maximizing resource utilization and improving price-performance. You can further improve costs by leveraging EC2 pricing models including Compute Savings Plans and Reserved Instances. LMI is ideal for customers requiring specialized hardware configurations, as well as those with steady-state or predictable workloads seeking to optimize costs.
You can continue building functions with familiar development workflows, including the Console and your preferred IDEs. To get started, create a capacity provider that defines your compute preferences, including VPC configuration, optional instance requirements, and scaling policies. Then, attach your Lambda functions to the capacity provider via the AWS Lambda Console, APIs, or Infrastructure as Code tooling. LMI integrates seamlessly with all Lambda event sources and tools like Amazon CloudWatch, AWS X-Ray, and AWS Config. To learn more, visit AWS Lambda pricing, AWS Lambda Managed Instances documentation, and blog.
Amazon RDS for PostgreSQL 19 Beta 1 is now available in the Amazon RDS Database Preview Environment, allowing you to evaluate the pre-release of PostgreSQL 19 on Amazon RDS for PostgreSQL. You can deploy PostgreSQL 19 Beta 1 in the Amazon RDS Database Preview Environment that has the benefits of a fully managed database.
PostgreSQL 19 adds native graph query support via SQL Property Graph Queries (SQL/PGQ), so you can express complex relationship traversals directly in standard SQL instead of building separate application logic or syncing data across two databases. It also introduces support for concurrent table repacking that rebuilds tables and reclaims unused storage, so production databases stay accessible during routine table maintenance. Logical replication now synchronizes sequence values to the replica automatically, eliminating manual sequence reconciliation after major version upgrade cutover. Logical replication can also be enabled dynamically without a server restart, reducing planned downtime. Please refer to PostgreSQL community announcement for more details.
Amazon RDS Database Preview Environment database instances are retained for a maximum period of 60 days and are automatically deleted after the retention period. Amazon RDS database snapshots that are created in the preview environment can only be used to create or restore database instances within the preview environment. You can use the PostgreSQL dump and load functionality to import or export your databases from the preview environment.
Amazon RDS Database Preview Environment database instances are priced as per the pricing in the US East (Ohio) Region.
Today, AWS announces target coverage analysis in Savings Plans Purchase Analyzer, a capability in AWS Billing and Cost Management that helps you plan your Savings Plans purchases based on your coverage target. Savings Plans Purchase Analyzer helps you evaluate different purchase scenarios by estimating the potential impact of Savings Plans purchases on cost, coverage, utilization, and savings.
With target coverage analysis, you can set a specific percentage of On-Demand spend to be covered by Savings Plans. Savings Plans Purchase Analyzer uses your historical usage to recommend a new purchase amount to help you reach that target. You can further customize your analysis using parameters such as custom lookback period or excluding expiring Savings Plans, and compare cost, coverage, utilization, and savings across different coverage targets. You can view your recommendations through interactive charts or access your target coverage analysis via the Purchase Analyzer API.
Target coverage analysis is available in all AWS Regions where Savings Plans Purchase Analyzer is available. To learn more, visit the AWS Savings Plans page and user guide.
Amazon CloudWatch Logs Insights query language now supports 23 new commands and functions that give you new ways to query, parse, transform, and analyze your logs. Customers analyzing logs in CloudWatch Logs Insights often need to do conditional processing, string conversions, process IP addresses, parse different file formats, and execute complex stats commands.
With this launch, CloudWatch Logs Insights provides new hash functions (md5, sha256), string functions (strcontains supporting case-insensitive search, split), conditional logic (if statement), and conversion functions (toNumber, toInt, toLong, toDouble). It also adds IP functions (ipv4ToNumber, isPrivateIP, isPublicIP, isReservedIP), analytics functions (rate, count_over_time, sum_over_time, offset, histogram), and parse functions (parse CSV, parse XML, parse multi, values, addtotals). Additionally, queries now support “limit any N” to fetch the first N results, and can use up to 10 stats commands.
These commands and functions are available today in all commercial AWS Regions. To learn more, see the Amazon CloudWatch Logs documentation.
Amazon DocumentDB (with MongoDB compatibility) now supports engine minor versions, starting with 5.0.1. This release delivers enhanced aggregation capabilities with new operators ($rand, $pow, $dateToParts, $dateFromParts), the active connections metric to monitor instances, and granular command-level performance metrics in CloudWatch (find, insert, findAndModify, update, etc.). For a full list of what's included, see release notes. Minor versions provide new features and bug fixes within the same major version, giving you more control over when and how you upgrade your clusters. We recommend upgrading to the latest minor version to benefit from these performance enhancements, bug fixes, and new capabilities.
You can specify minor version 5.0.1 when creating a new cluster, or manually upgrade an existing 5.0.0 cluster to 5.0.1 using the AWS Management Console or AWS CLI (via the modify-db-cluster command with --engine-version 5.0.1). Once you upgrade to a newer minor version, you cannot downgrade back to a previous minor version. Upgrading from 5.0.0 (LTS) to 5.0.1 gives you access to the latest features and fixes, but you will no longer be on the LTS track. If minimizing upgrades is your priority, you should remain on LTS. For more information, see Using a long-term support (LTS) release.
Amazon DocumentDB engine minor version 5.0.1 is available in all AWS Regions where Amazon DocumentDB 5.0 is available. Learn more about minor version upgrades and version support dates in the Amazon DocumentDB Developer Guide. Create or update a fully managed Amazon DocumentDB cluster in the Amazon DocumentDB Management Console.
Effective today, Amazon MSK Express Brokers support automatic topic creation with Kafka Streams. Customers can now deploy their Kafka Streams applications on Express Brokers without needing to manually pre-create or manage topics for stateful operations.
MSK Express Brokers are designed to deliver up to three times more throughput per broker, scale up to 20 times faster, and reduce recovery time by 90 percent. Kafka Streams uses topics to store state and repartition data for stateful operations. Previously, customers running Kafka Streams with Express Brokers had to manually name and pre-create these topics before deploying their application. With this launch, these topics are created automatically when the application starts, simplifying deployment and reducing operational setup for Kafka Streams applications on Express Brokers.
This capability is available today in all AWS regions where MSK Express Brokers are available. No additional configuration or setup is required to get started. To learn more, see Amazon MSK Developer Guide.
AWS Compute Optimizer now identifies idle resources for Amazon DynamoDB provisioned tables, Amazon ElastiCache (Redis and Valkey), Amazon MemoryDB, Amazon DocumentDB (provisioned and serverless), Amazon WorkSpaces, and Amazon SageMaker endpoints. This expansion enables you to detect unused resources across more of your AWS environment and identify potential cost savings.
Compute Optimizer analyzes utilization metrics to determine whether a resource is idle. Customers can set this lookback period based on the nature of their workloads. For each resource type, Compute Optimizer evaluates service-specific signals such as consumed capacity, cache hits, active connections, and CPU utilization. When Compute Optimizer identifies potential idle resources, it surfaces these recommendations, along with detailed utilization metrics and estimated savings in the console, enabling you to evaluate recommendations before acting. You can also view idle resource recommendations across all AWS accounts in your organization through the Cost Optimization Hub, with de-duplicated estimated savings with other recommendations on the same resources.
For more information about the AWS Regions where Compute Optimizer is available, see the AWS Region table. For more information about AWS Compute Optimizer, visit our product page and documentation. You can start using AWS Compute Optimizer through the AWS Management Console, AWS CLI, and AWS SDK.
AWS Cost Explorer now supports 'Analyze with Amazon Q', a new capability that delivers comprehensive cost explanations for any report you configure in Cost Explorer. With a single button click you now can receive detailed analysis from Amazon Q Developer covering your cost trends, top cost drivers, and anomalies. All analysis uses your exact filters and time-period and provides guidance to discover optimization opportunities through follow-up questions.
Previously, cost analysis required manual investigation across multiple filters and data points. With 'Analyze with Amazon Q', you simply configure your Cost Explorer view and click a single button. Amazon Q analyzes your current context and delivers explanations directly in its chat panel, adapting to what you're viewing: historical explanations for past dates, forecast explanations for future dates, or both for mixed periods. You can then ask follow-up questions to explore any insights related to your cost data in greater detail as Amazon Q maintains full conversation context throughout.
'Analyze with Amazon Q' is available in all commercial AWS Regions at no additional charge. To get started, visit the AWS Cost Explorer console, or view the user guide.
Amazon EMR Serverless now supports interactive sessions with Spark Connect, enabling you to develop and run Apache Spark applications from managed notebooks in Amazon SageMaker Unified Studio, as well as your favorite notebook environments and IDEs such as Jupyter and Visual Studio Code. You can also monitor and debug active and completed sessions in the EMR console, and get granular cost and usage visibility for individual sessions.
An interactive session provides a persistent Spark context that seamlessly spans across cells and scripts, enabling you to blend local Python code execution with remote Spark operations within a unified environment. This is enabled by Spark Connect's client-server architecture, which decouples your application client from the Spark driver and allows you to maintain your preferred development environment and tooling while Spark infrastructure runs independently on EMR Serverless. This architecture unlocks workflows including ad hoc data exploration, iterative step-by-step debugging, and incremental PySpark job development before deploying to production. For observability, you get real-time session monitoring via the Spark UI, history tracking through the Spark History Server, and session management from the EMR console or API/CLI/SDK.
Spark Connect on Amazon EMR Serverless is available with EMR release 7.13 in all AWS Regions where Amazon EMR Serverless is available. The SageMaker Unified Studio experience is available in supported regions. To get started, visit the EMR Serverless Interactive Sessions User Guide or the Amazon SageMaker Unified Studio Getting Started guide.
AWS Backup support for Amazon Elastic Kubernetes Service (EKS) is now available in the AWS European Sovereign Cloud (Germany) Region. This expansion brings fully-managed, policy-based data protection and recovery to your Amazon EKS clusters in this newly supported Region — including automated scheduling, retention management, immutable vaults, and cross-Region and cross-account copies.
You can use AWS Backup for Amazon EKS to protect entire EKS clusters, specific namespaces, or individual persistent volumes using a centralized, agent-free solution that replaces custom scripts or third-party tools. Use AWS Backup to protect your clusters for disaster recovery, compliance requirements, or before EKS cluster upgrades.
To get started, visit the AWS Backup console, refer to the AWS Backup documentation, or read the AWS News Blog.
Amazon CloudWatch now lets you ingest metrics via the OpenTelemetry Protocol (OTLP) and query them using Prometheus Query Language (PromQL). You pay per GB ingested, with 15 months of storage included.
Custom OTel metrics and AWS vended metrics from more than 70 services are queryable together in PromQL. CloudWatch provides a Prometheus-compatible query API that works with Grafana and other Prometheus-compatible tools. For Amazon EKS customers, Container Insights with OpenTelemetry provides curated dashboards and metrics enriched with OpenTelemetry semantic conventions. You can enable it from the EKS console or via CloudFormation, CDK, or Helm.
If you're already using CloudWatch Container Insights, you can dual-publish Classic and OTel metrics simultaneously and migrate alarms and dashboards on your own schedule.
Available in all commercial AWS Regions except Middle East (UAE), Middle East (Bahrain), and Israel (Tel Aviv). For pricing details, see the Amazon CloudWatch pricing page. To get started, see the Amazon CloudWatch metrics documentation.
Claude Fable 5 is generally available on AWS and makes Mythos-level capabilities available to all customers, with strong safeguards designed to make it safe for broader use. Fable 5 is state-of-the-art on nearly all tested benchmarks and delivers a step-change in autonomous knowledge work and coding for developers and enterprises building production AI applications. Claude Mythos 5, the same model without those safety classifiers, is available to a small group of customers who currently have access to Claude Mythos Preview.
Claude Fable 5 can run for extended periods on complex knowledge work and coding tasks without intervention, representing a fundamental shift in the types of problems customers can solve with AI. It is built for professional tasks in finance, legal, marketing, sales, data, and engineering — proactively self-updating skills based on learnings, developing its own evaluation harnesses, and verifying its work before delivery.
Customers have two ways to access Claude Fable 5: Amazon Bedrock and Claude Platform on AWS. Amazon Bedrock keeps your data within AWS infrastructure and provides access to Claude Fable 5 through a unified service with AWS-managed features like Guardrails, Knowledge Bases, and regional data residency. To learn more, see Amazon Bedrock documentation and regional availability.
Claude Platform on AWS, operated by Anthropic, gives you direct access to Anthropic's native Claude platform experience with unified AWS billing and authentication. To get started, see the Claude Platform on AWS documentation.
This week, the AWS IoT Device SDK for Swift reached general availability. As a member of the Swift Server Workgroup (SSWG), this one caught my attention. The SDK brings production-ready MQTT 5 connectivity, Device Shadow, Jobs, and fleet provisioning to Swift developers on macOS, iOS, tvOS, and Linux. I’m curious to see what you will build with it. […]
プログラマティック広告(※)に携わる DSP(Demand-Side Platform)・SSP(Supply […]
2026 年 6 月 8 日週、AWS IoT Device SDK for Swift が一般公開されました […]
こんにちは。流通小売・消費財・飲食業界を担当するソリューションアーキテクトチームです。いよいよ 6 月 25 […]
Enabling security tooling is the starting point. Making it operational—where findings drive decisions, response times are measurable, and your security posture improves week over week—is where most organizations struggle. This blog post provides a phased maturity roadmap for organizations that have already enabled AWS Security Hub and Amazon GuardDuty. These two services form the foundation […]
Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered AI security, network protection, identity management, compliance frameworks, and supply chain security. Read […]
Bulletin ID: 2026-040-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 06/08/2026 11:45 AM PDT
Description:
The AWS AgentCore CLI (@aws/agentcore) is a developer tool for managing agent infrastructure lifecycle on Amazon Bedrock AgentCore. We identified CVE-2026-11393 in which improper neutralization of triple-quote characters during Python code generation may allow an authenticated user in the same AWS account to inject arbitrary Python code into the source file generated by the "agentcore add agent ‐‐type import" command.
Specifically, the collaborationInstruction field of a Bedrock Agent collaborator association was interpolated into a triple-quoted Python docstring using single-quote escaping rather than triple-quote escaping. A user with bedrock:AssociateAgentCollaborator IAM permission could craft a collaborationInstruction value containing """ to break out of the docstring boundary in the generated main.py of the imported agent. If that generated file was subsequently executed - either via agentcore dev on the developer's local machine, or via agentcore deploy followed by agentcore invoke in the AgentCore Runtime environment - the injected Python would run with the credentials available in that context.
Impacted versions:
- @aws/agentcore >= 0.4.0 AND <= 0.14.1
- preview versions >= 0.3.0-preview.7.0 and <= 1.0.0-preview.8
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
In this post, we walk you through the Nova Sonic Test Harness, an open source framework that we built to solve both problems. It serves as a rapid iteration tool for tuning system prompts and tool configurations (run a conversation, see results, adjust, repeat) and as a comprehensive evaluation framework for validating voice agent quality at scale. It runs complete multi-turn conversations with Amazon Nova Sonic automatically, evaluates them using LLM-as-judge techniques, and can even detect cases where the model’s audio output doesn’t match its text output (audio hallucinations). No microphone required.
In this post, we cover the structure of Amazon Quick ARNs and provide a practical mental model for working with them. By the end, you can look at an ARN and immediately understand what it means for your migration strategy, diagnose permission issues faster, and design multi-tenant architectures with confidence.
This blog has previously discussed FHE for ML inference in the post Enable fully homomorphic encryption with Amazon SageMaker endpoints for secure, real-time inferencing, but this post goes a little further. That previous post showed how to implement FHE-based inference 'from scratch' by hand-crafting a linear-regression algorithm using a low-level library called SEAL. Instead, this post shows a much more flexible and higher-level approach based on concrete-ml, a high-level library built specifically for FHE-based inference. It supports several common types of models 'out of the box' and is even API compatible with the well-known ML library scikit-learn.
In this post, we introduce mathematical optimization, explain how it fits within the broader AI landscape, and showcase real-world success stories where the Innovation Center has partnered with customers to deliver concrete results.
Amazon Bedrock AgentCore Runtime gives each agent session its own isolated microVM with a persistent workspace, secure tool access through Gateway, and built-in observability—so you can run Claude Code, Codex, Kiro, and Cursor in parallel without sharing secrets, ports, or filesystems. Close the lid, go to dinner, and pick up where you left off tomorrow.
With access to the latest generative AI models and high-performance accelerated compute in high global demand, AWS customers need tools to take advantage of model availability and capacity across multiple AWS Regions, while still meeting their security and privacy requirements. cross-Region Inference (CRIS) on Amazon Bedrock meets these needs by automatically routing requests across multiple […]
Building event-driven multi-tenant SaaS applications typically requires compute isolation between tenants to prevent data leakage, maintain security boundaries, and ensure compliance. Traditionally, you had to choose between two approaches: sharing execution environments across tenants (risking cross-tenant contamination of in-memory state) or managing separate Lambda functions per tenant (which introduces operational overhead, increasing costs, and complicating […]