この日はコンテナと運用、そしてセキュリティが主要テーマでした。Amazon EKS の Kubernetes バージョンロールバック (アップグレード後 7 日以内に前バージョンへ復帰可能) が正式リリースされ、ECS ではデプロイサーキットブレーカーの設定カスタマイズ、Service Connect のゾーンアウェアルーティング、リアルタイムデプロイ可観測性、Express モードのカスタムタスク定義対応と多数の機能強化がありました。AI 領域では GovCloud での NVIDIA Nemotron / OpenAI GPT OSS モデル、サーバーレス A2A ゲートウェイ、AgentCore Memory のメタデータフィルタリング、HippoRAG、Inscribe の文書詐欺検知エージェント事例が紹介されました。セキュリティでは GuardDuty の機密ファイル改変検知、AWS Security Agent の 3 リージョン拡張、AWS Artifact の Assurance Assistant (AI によるコンプライアンス回答) が登場。一方、CVE が 3 件公表されました (AWS CLI の安全でないファイル権限、aws-cdk-lib の OS コマンドインジェクション、JDBC Wrapper の安全でないデシリアライズ)。国内では Kiro による医療情報システムのガイドライン遵守開発、Metagenomi の 35 億ベクトル検索基盤、ラクスの伝票作成 AI エージェント事例が取り上げられました。
コンテナ運用: EKS の Kubernetes バージョンロールバック GA、ECS のサーキットブレーカー設定・ゾーンアウェアルーティング・リアルタイムデプロイ可観測性
セキュリティ脆弱性: CVE 3 件公表 (AWS CLI ファイル権限、aws-cdk-lib OS コマンドインジェクション、JDBC Wrapper デシリアライズ RCE)
AI エージェント: サーバーレス A2A ゲートウェイ、AgentCore Memory のメタデータフィルタリング、AgentCore の 4 リージョン拡張・クォータ引き上げ
AI セキュリティ運用: GuardDuty の機密ファイル改変検知、AWS Security Agent の 3 リージョン拡張、AWS Artifact の Assurance Assistant
モデル/科学計算: GovCloud での Nemotron・GPT OSS モデル、Bedrock Model Profiler、SageMaker AI での BoltzGen タンパク質設計
国内事例: Kiro による医療情報システム開発、Metagenomi の 10 億超ベクトル検索基盤 (LanceDB + S3)、ラクスの伝票作成 AI エージェント
実験/運用: AppConfig の A/B テスト機能 GA、CloudWatch の log クエリからのアラーム作成、RDS Cross-Region 自動バックアップ拡張
Starting today, AWS Security Agent (now part of AWS Continuum) is available in three additional AWS Regions: Asia Pacific (Mumbai), Asia Pacific (Singapore), and South America (São Paulo). Customers in these Regions can now access core capabilities of Security Agent to proactively secure their applications throughout the development lifecycle.
With this expansion, customers gain access to STRIDE-based threat modeling (preview) that analyzes design documents and source code to surface risks early in the development lifecycle. Full-repo and PR-level code reviews (preview) are available across GitHub, GitLab, GitHub Enterprise Server, Bitbucket, and Confluence, with managed compliance packs and custom security requirements. They can trigger threat modeling, code reviews, and remediation directly from Kiro or Claude Code through the new IDE plugins and MCP integration. On-demand penetration testing delivers validated findings with reproducible attack paths and ready-to-implement fixes, and retesting confirms that applied remediations are effective. Simulated validation remains available only in US East (N. Virginia).
AWS Security Agent scales security expertise across your applications to match development velocity while providing comprehensive security coverage. To learn more, visit the documentation or see our product page.
Amazon Managed Service for Prometheus is now FedRAMP High and Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG) Impact Level (IL) 4 and 5 authorized in the AWS GovCloud (US) Regions.
Federal agencies, public sector organizations, and other enterprises with FedRAMP High and DoD CC SRG IL-4/5 compliance requirements can now use Amazon Managed Service for Prometheus to monitor and alert on their workloads with confidence that it meets the security and compliance standards required for sensitive environments.
Amazon Managed Service for Prometheus is a fully managed, Prometheus-compatible monitoring service that makes it easy to monitor and alert on operational metrics at scale. It automatically scales ingestion and storage for high-cardinality workloads, and integrates with AWS security services for fast, secure access to data.
For more details about Amazon Managed Service for Prometheus in AWS GovCloud (US), visit the Amazon Managed Service for Prometheus GovCloud documentation or contact your AWS account team for more information. To learn more, visit the Amazon Managed Service for Prometheus product page.
Amazon Elastic Kubernetes Service (Amazon EKS) now supports Kubernetes version rollback, enabling you to revert to the previous Kubernetes minor version within 7 days if any issues arise after an upgrade. This provides an additional safety net for your upgrade workflow, allowing you to validate the new version under real production conditions and rollback if needed.
You can initiate a rollback using the Amazon EKS console, AWS CLI, or AWS SDKs. Before proceeding, Amazon EKS evaluates your cluster rollback readiness insights that include automated checks covering API compatibility, version skew, add-on compatibility, cluster health, and more. For clusters running EKS Auto Mode, EKS automatically manages the rollback of worker nodes before reverting the control plane, honoring your configured disruption controls.
Amazon EKS version rollback is available at no additional cost in all AWS Regions where Amazon EKS is available. To get started, see version rollback in the Amazon EKS User Guide.
Amazon Elastic Container Service (Amazon ECS) Express Mode now supports custom task definitions, giving you the flexibility to use existing ECS application configurations and advanced task-level customizations with Express Mode’s simplified deployment experience. This also enables you to reuse task definitions from your existing CI/CD pipelines and infrastructure-as-code workflows, allowing you to retain established operational practices while taking advantage of Express Mode’s streamlined application deployment and infrastructure automation.
ECS Express Mode makes it easy to deploy containerized web applications and APIs by automatically handling load balancing, networking, auto scaling, monitoring, and deployments. Now you can get the same simplicity for your own custom task definitions. With this update, you can extend Express Mode services with advanced task definition capabilities, including observability and security sidecars, custom container health checks, ulimits and Linux runtime settings, and FireLens for custom log routing. Once you associate a custom task definition with an Express Mode service, you can continue managing your application either through task definition updates or directly through Express Mode, whichever you prefer.
This feature is available in all AWS Regions. To get started, create or update your ECS Express Mode service by passing your task definition using the AWS Management Console, AWS CLI, AWS SDKs, or infrastructure-as-code tools. To learn more, see the Amazon ECS Express Mode documentation and getting started walkthrough.
Today, AWS announces the general availability of experimentation tools in AWS AppConfig, a new capability that enables you to run A/B tests and feature experiments without building or managing separate experimentation infrastructure. Built on 25+ years of Amazon experimentation best practices, AWS AppConfig experimentation tools use AI-driven guidance to help you build robust experiments while providing exposure control and locked treatment allocations so you can make confident, data-driven decisions about what to ship to your customers.
Using AWS AppConfig experimentation tools, you can run A/B tests and multivariate experiments across your application stack, from UI changes and recommendation algorithms to AI model selections and prompt experiments. Define feature variations, target granular audiences using a rule builder, and set traffic allocation percentages through the AWS Management Console, CLI, API, or AWS CDK. AI-assisted experiment design can validate your setup against Amazon's best practices, helping you build experiments with sufficient statistical power. Customers set up and run the experiment in AWS AppConfig, and then analyze results using Amazon CloudWatch or existing analytics tools. At the end of the experiment, you promote the winning treatment to production through a standard AWS AppConfig safe rollout. Experiments work across workloads on Amazon EC2, AWS Lambda, Amazon ECS, Amazon EKS, and on-premises servers through AWS AppConfig Agent.
Amazon GuardDuty Runtime Monitoring now includes three new threat detections that alert security teams when sensitive files are modified on Amazon EC2 instances and container workloads running on Amazon EKS or Amazon ECS. These findings help identify post-compromise attacker activities by monitoring critical system files, including configuration files, authentication settings, and system logs. This capability is designed for security teams, DevSecOps professionals, and cloud security architects who need comprehensive threat visibility across their AWS compute environments.
The new detections—Persistence:Runtime/SensitiveFileModified, PrivilegeEscalation:Runtime/SensitiveFileModified, and DefenseEvasion:Runtime/SensitiveFileModified—help identify attempts to maintain persistent access, escalate privileges, and evade detection after an initial system compromise. By monitoring five specific file operations (open-for-write, rename, symlink, link, and unlink) directly, these findings can detect threats even when attackers use obfuscated techniques that bypass traditional command-line monitoring. The correlation-based analysis distinguishes malicious behavior from legitimate administrative operations, helping reduce false positives while providing actionable intelligence with MITRE ATT&CK® tactics mapping and remediation recommendations.
These sensitive file modification findings are now available to all customers who have enabled GuardDuty Runtime Monitoring for their Amazon EC2, Amazon EKS, or Amazon ECS workloads. A 30-day free trial is available for new users. To learn more, see Amazon GuardDuty Findings. To receive programmatic updates on new Amazon GuardDuty features and threat detections, please subscribe to the Amazon GuardDuty SNS topic.
Amazon Bedrock AgentCore is now available in four additional AWS Regions: Asia Pacific (Bangkok), Asia Pacific (Malaysia), Europe (Milan), and Europe (Spain). Amazon Bedrock AgentCore is the platform to build, connect, and optimize agents. It helps engineers ship agents fast with any framework and any model, connect them to enterprise systems and tools, and optimize them continuously, with security enforced at the infrastructure layer that agents can't bypass.
With this expansion, customers in these regions can build and run agents closer to their end users with lower latency. AgentCore capabilities including agent runtime, identity and access control, policy management, session persistence, tool connectivity, and observability are available in these regions at launch.
For more information on AgentCore, visit the AgentCore product page or the AgentCore Developer Guide. To learn about pricing, visit AgentCore pricing. For region availability, visit Supported AWS Regions.
Cross-Region Automated Backup replication for Amazon RDS is now available in four additional AWS Regions. This launch allows you to setup automated backup replication between Mexico (Central) and Europe (Ireland) or US West (N. California); between Asia Pacific (Taipei) and Asia Pacific (Singapore) or Asia Pacific (Tokyo); between Asia Pacific (New Zealand) and Asia Pacific (Singapore), Asia Pacific (Sydney), or Asia Pacific (Melbourne); and between Asia Pacific (Thailand) and Asia Pacific (Singapore) or Asia Pacific (Jakarta) Regions.
Automated Backups enable recovery capability for mission-critical databases by providing you the ability to restore your database to a specific point in time within your backup retention period. With Cross-Region Automated Backup replication, RDS will replicate snapshots and transaction logs to the chosen destination AWS Region. In the event that your primary AWS Region becomes unavailable, you can restore the automated backup to a point in time in the secondary AWS Region and quickly resume operations. As transaction logs are uploaded to the target AWS Region frequently, you can achieve a Recovery Point Objective (RPO) of within the last few minutes.
You can setup Cross-Region Automated Backup replication with just a few clicks on the Amazon RDS Management Console or using the AWS SDK or CLI. Cross-Region Automated Backup replication is available on Amazon RDS for PostgreSQL, Amazon RDS for MariaDB, Amazon RDS for MySQL, Amazon RDS for Db2, Amazon RDS for Oracle, and Amazon RDS for Microsoft SQL Server. For more information, including instructions on getting started, read the Amazon RDS documentation.
Amazon Elastic Container Service (Amazon ECS) now gives you more control over when a service deployment is considered failed and automatically rolled back. You can now customize deployment circuit breaker settings to match your application's startup behavior, deployment needs, and tolerance for task failures, so rollback works the way you need across different applications and environments.
The ECS deployment circuit breaker automatically detects failed deployments and rolls them back to the last successful deployment once a failure threshold is reached. With this launch, you can set the deployment circuit breaker threshold using either a fixed task failure count or a percentage of your service's desired task count, and choose how failures are counted using either a consecutive model, where the counter resets when a healthy task starts, or a cumulative model, where failures keep adding up throughout the deployment. For example, you can set lower thresholds for faster rollbacks in development and test environments, or allow more tolerance for applications that experience expected startup failures before stabilizing.
This feature is available in all AWS Regions where Amazon ECS is available. You can configure deployment circuit breaker settings for new and existing ECS services using the AWS Management Console, AWS CLI, AWS SDKs, AWS CloudFormation, AWS CDK, and Terraform. To learn more, see the ECS deployment circuit breaker documentation.
Today, AWS announces that partners can associate one or more AWS Marketplace solutions and product listings from their AWS Marketplace catalog directly to co-sell opportunities in AWS Partner Central. Previously, opportunities required partners to use solutions specially created for co-selling, which meant partners managed their solutions for the AWS Marketplace catalog and solutions for co-selling separately. Partners can now associate their existing AWS Marketplace listings with opportunities to track fulfillment more effectively.
When creating or editing an opportunity in AWS Partner Central in the AWS Console, Partners can select one of the following options: (1) AWS Marketplace solutions and products, (2) AWS Marketplace solutions only, (3) AWS Marketplace products only, or (4) Other. Partners can associate up to 10 AWS Marketplace Solutions and up to 10 AWS Marketplace Products with a single opportunity. This includes AWS Marketplace listings within AWS accounts that have an established subsidiary account connection. The same capability is available programmatically through the AWS Partner Central Selling API. To progress an opportunity to the Committed or Launched stage, an AWS Marketplace Solution, AWS Marketplace Product, or Partner Solution must be associated.
This capability is generally available in AWS Partner Central in the AWS Console. To learn more, review creating an opportunity and attach AWS Marketplace listings to ACE opportunities guides, or explore how to leverage the programmatic implementation option with the AWS Partner Central Selling API.
AWS Artifact now includes Assurance Assistant, an AI-powered capability that generates citation-backed responses to security and compliance questions about AWS services. AWS Artifact is the service through which AWS provides compliance reports, certifications, and agreements to customers. Assurance Assistant helps third-party risk managers, compliance officers, security engineers, and auditors accelerate vendor assessments and due diligence questionnaire (DDQ) completion by providing sourced answers grounded in verified AWS compliance documentation.
Assurance Assistant offers two modes: single-question mode for immediate on-screen responses, and questionnaire upload mode for bulk processing of XLSX files including industry-standard formats such as CAIQ, SIG, and custom DDQs. All responses include citations from AWS compliance documentation — including SOC reports, ISO certifications, and C5 attestation packages — so customers can independently verify information against source materials. Responses can be exported selectively or in full, with or without citations, in the original file format. To control access, two new IAM managed policies are available: AWSArtifactComplianceInquiriesReadOnlyAccess and AWSArtifactComplianceInquiriesFullAccess.
Assurance Assistant is available at no additional charge through the AWS Artifact console in all commercial AWS Regions. AWS Artifact is a globally accessible service; customers do not need to select a specific Region to use Assurance Assistant.
To learn more about Assurance Assistant, see Managing compliance inquiries in the AWS Artifact User Guide. For general information about AWS Artifact, see the AWS Artifact product page.
Amazon Elastic Container Service (Amazon ECS) now provides real-time deployment observability in the Amazon ECS Console. With this launch, customers can track deployment progress, monitor deployment health, and diagnose failures directly from the console, and understand exactly what is happening during a deployment, identify issues as they occur, and reduce the time it takes to troubleshoot and resolve deployment failures.
The enhanced deployment observability introduces a live deployment timeline that shows each phase, service events, and task launch and termination progress with automatic refresh. You can monitor deployment health in real time using circuit breaker status with live task failure proximity and threshold tracking, deployment alarm state, and health checks at both the container and load-balancer level. To diagnose deployment failures faster, you can view failed tasks directly in the deployment timeline with diagnostic context and deep links to related services such as AWS CloudTrail, reducing the need to navigate across multiple tools to pinpoint the root cause of a failure.
These capabilities are available at no additional charge in all AWS commercial Regions, and AWS GovCloud (US) Regions for all Amazon ECS services using the rolling update deployment type. To get started, navigate to any Amazon ECS service in the Amazon ECS Console and select the Deployments tab.
Amazon Elastic Container Service (Amazon ECS) introduces zone-aware routing for ECS Service Connect, enabling customers to reduce cross Availability Zone (AZ) data transfer costs and latency by automatically prioritizing service-to-service traffic within the same AZ.
With this launch, ECS Service Connect preferentially routes requests to endpoints in the same AZ as the originating task while dynamically adjusting traffic weights as endpoints scale to maintain balanced load across target services. Previously, as customers distributed their applications across AZs for resiliency, service-to-service traffic led to significant cross-zone data transfer, requiring trade-offs between cost and resilience. Zone-aware routing eliminates this trade-off, and when local endpoints become unhealthy or fall below capacity thresholds, traffic automatically redistributes across healthy AZs to maintain availability without overloading any single zones.
Zone-aware routing is enabled by default for all new and existing services and requires no additional infrastructure or application code changes. Existing services require a one-time redeployment to enable the new routing behavior. You can use Amazon VPC Flow Logs with AZ metadata to monitor cross-AZ traffic patterns and validate routing effectiveness. This feature is available in all AWS commercial and AWS GovCloud (US) Regions, where ECS Service Connect is supported at no additional cost. For more details, refer to our documentation and launch blog post.
Amazon CloudWatch allows you to create alarms on log data using log queries, and get alerted on anomalies without leaving your log analysis workflow.
With today's launch, you can configure an alarm on log query and specify the alarm threshold directly, thereby eliminating the need to first create metric filters or custom metrics as intermediate steps. This streamlines the path to actively monitoring the data in your logs, and monitoring and alerting on it. For example, you can write a query to count error rates by service, set a threshold, and receive an alarm notification with log context when errors spike - all in a single workflow. Alarms created from log queries support all standard CloudWatch Alarm actions, including Amazon SNS notifications, and Amazon EventBridge integrations.
This feature is available in all commercial AWS Regions except Middle East (UAE), and Middle East (Bahrain). You can create log query-based alarms using the Amazon CloudWatch console, AWS Command Line Interface (AWS CLI), AWS CloudFormation, and AWS SDKs. For pricing details and documentation, see the Amazon CloudWatch pricing and visit the Amazon CloudWatch documentation.
Amazon Bedrock AgentCore has increased the default runtime quota limits, giving customers greater capacity to scale their agent-based workloads. AgentCore is the platform for developers to build, connect, and optimize AI agents.
The new default limits support up to 5,000 active concurrent sessions in US East (N. Virginia) and US West (Oregon), and 2,500 in all other supported Regions. All AWS Regions where AgentCore is available now support 200 agent interactions per second and 25 new sessions created per second. This means customers can run more AI agents simultaneously while handling high-throughput workloads out of the box.
To learn more, visit the AgentCore product page or see the AgentCore Developer Guide. For all quota limits, see the AgentCore Quotas documentation.
Learn how Kubernetes version rollbacks for Amazon EKS let you reverse cluster upgrades within seven days. This new feature provides a safety net for upgrade failures—no cluster rebuilds required—turning Kubernetes version upgrades into a reversible, low-risk operation.
医療情報システム開発で避けて通れない数多くの業界ガイドラインに対して、AI 駆動開発でどう立ち向かうか。本記事では、ガイドラインの知識を Agent Skills、開発標準を Agent Steering として Kiro に与え、必要なときに必要な分だけコンテキストを参照させながら、人間が意思決定権を持って協働する「Kiro をチームの一員に育て上げる」アプローチを紹介します。
Amazon OpenSearch Service にログ分析に特化した新エンジンが加わりました。価格性能比は最大 4 倍、取り込み速度は 2 倍、ストレージコストは最大 70% 削減されます。OpenSearch の強みである全文検索も犠牲にならず、同じデータに対してそのまま使えます。
アプリケーションの TLS 証明書を管理している場合、証明書が期限切れになると、顧客にエラーが表示されるか、サ […]
リアルタイム分析、バッチ処理、ビデオエンコーディング、科学モデリング、CPU ベースの機械学習推論など、計算量 […]
はじめに AWS Summit Japan 2026(6/25-26 @幕張メッセ)にご来場いただいた皆様、あ […]
本ブログは株式会社ラクス様と Amazon Web Services Japan 合同会社が共同で執筆しました […]
Metagenomi は LanceDB、Amazon S3、AWS Lambda を組み合わせ、35 億件のタンパク質エンベディングを低コストで保存・検索するサーバーレスソリューションを構築しました。データをバケット分割して並列インデックス化し、map-reduce 方式で検索する設計により、常時稼働サーバーなしで数十億ベクトル規模の近似最近傍検索を実現しています。
If you manage secrets across multiple AWS accounts or need faster secret access for latency-sensitive applications, this post shows you how to meet those requirements using two new features of the AWS Workload Credentials Provider (provider). You will learn how to configure role chaining for cross-account secret retrieval and prefetching of secrets to reduce cold-start […]
Today, you can use AWS Network Firewall to protect traffic flowing to and from containerized applications on Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS) clusters. If you run AI and machine learning (ML) workloads on Amazon EKS—such as model inference, RAG pipelines, or JupyterHub—your containerized workloads require the same […]
Bulletin ID: 2026-049-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 07/01/2026 11:45 AM PDT
Description:
The AWS Command Line Interface (AWS CLI) is a unified tool for managing AWS services from the command line. We identified CVE-2026-13769 in AWS CLI on Unix-like systems where the umask has not been configured to restrict file permissions (the default on most systems) wrote credential and configuration files with world-readable permissions, which allows other local users on the same host to read credentials.
Impacted versions: <=1.44.77 (v1) AND <=2.34.28 (v2)
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
Bulletin ID: 2026-050-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 07/01/2026 12:15 PM PDT
Description:
AWS CDK (aws-cdk-lib) is an open-source framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. We identified CVE-2026-13760, an OS command injection issue in the NodejsFunction Docker bundling pipeline in aws-cdk-lib before 2.260.0 that could allow an actor who controls dependency version strings in a project's package.json file to execute arbitrary commands on the host running the CDK toolchain via injected shell metacharacters in the OsCommand helper. This issue requires the actor to control the content of a package.json dependency version string that is processed during Docker-based bundling with nodeModules specified.
Impacted versions: < 2.260.0
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
Bulletin ID: 2026-051-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 07/01/2026 12:45 PM PDT
Description:
The AWS Advanced JDBC Wrapper is an open-source JDBC driver wrapper that extends a JDBC driver to enable Amazon Aurora and AWS Cloud features such as failover handling and caching. We identified CVE-2026-14265, an issue in the RemoteQueryCachePlugin of the AWS Advanced JDBC Wrapper. When this plugin is enabled, query results read from the shared Redis/Valkey cache are deserialized without class filtering. An actor with write access to the shared cache infrastructure could insert a crafted serialized Java object that, when read by an application, results in execution of arbitrary code on the application server.
Impacted versions: >=3.3.0 AND <=4.0.0
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
In this post, we demonstrate how to deploy BoltzGen on SageMaker AI and run an end-to-end protein design experiment. By the end of the walkthrough, you have a working setup that scales from quick validation runs to production batch processing. The setup offers two execution modes for different stages of research and uses step-level caching to reduce compute expenses during iterative workflows.
The Amazon Bedrock Model Profiler is an open source tool that aggregates model metadata from multiple AWS APIs and external sources into a single, searchable interface. In this post, you’ll learn what the Model Profiler provides, the real-world scenarios it supports, and how to deploy it in your own environment in under five minutes.
In this post, you will learn how Inscribe developed an agentic AI system using Amazon Bedrock that reasons across documents the way an expert fraud analyst would. With this new agentic AI system, Inscribe now detects tampered, fabricated, and AI-generated financial documents in under 90 seconds. This is a 20x improvement over traditional manual review, while maintaining the accuracy and explainability required by financial services regulations.
In this post, we demonstrate how to implement HippoRAG using a comprehensive AWS stack. We use Amazon Bedrock for LLM capabilities, Amazon Neptune for graph database functionality, Amazon Neptune Analytics for advanced graph algorithms including Personalized PageRank, and Amazon Titan Embeddings for vector representations. This implementation showcases how to build and deploy HippoRAG within AWS infrastructure for enterprise-scale applications.
In this post, you will learn how metadata works across configuration, ingestion, and retrieval, explore enterprise use cases including multi-agent and multi-tenant architectures, and discover best practices for implementation.
In this post, you will learn how to build a serverless A2A gateway on AWS that hosts multiple agents behind a single domain using path-based routing (/agents/{agentId}). Standard A2A clients work without modification.
We're excited to introduce US-based frontier open-weight models in AWS GovCloud (US). With this release, Amazon Bedrock now supports OpenAI’s open-weight GPT OSS models (120B and 20B) and NVIDIA Nemotron (Nano 9B v2, Nano 12B v2, Nano 30B, Super 120B) models. In this post, we cover these models and their capabilities, the inference options for data residency, the available service tiers and how to get started.