この日はコンフィデンシャルコンピューティングと SageMaker 運用、セキュリティ AI が中心でした。EC2 Dedicated Hosts が AMD SEV-SNP に対応し、専有物理サーバー上での機密コンピューティングワークロード実行が可能になりました。SageMaker では Unified Studio の Terraform プロビジョニング対応、HyperPod の AMI バージョニングと自動パッチ適用 (NVIDIA ドライバや CUDA を変えずに後方互換のセキュリティパッチのみ適用) が追加されました。AWS Config は API Gateway・EC2・S3 Vectors など 8 つの新リソースタイプに対応。機械学習ブログでは Amazon Bedrock による AI 生成フィッシングの検知、SageMaker AI でのマルチターン強化学習のベストプラクティスが解説されました。日本語では前日発表の EKS バージョンロールバックと CloudFormation Express モードの解説、公共分野の AI 活用セミナー報告が公開されました。
コンフィデンシャルコンピューティング: EC2 Dedicated Hosts が AMD SEV-SNP に対応、専有物理サーバー上での機密ワークロード実行
SageMaker 運用: Unified Studio の Terraform 対応、HyperPod の AMI バージョニング・自動パッチ (ワークロード無停止)
ガバナンス: AWS Config が API Gateway / EC2 / S3 Vectors など 8 つの新リソースタイプに対応
セキュリティ AI: Amazon Bedrock による AI 生成フィッシングの検知手法
機械学習手法: SageMaker AI でのマルチターン強化学習のベストプラクティス (報酬設計・評価・監視)
国内: EKS バージョンロールバック / CloudFormation Express モードの日本語解説、公共分野の AI 活用セミナー報告
AWS Config now supports 8 additional AWS resource types across key services including Amazon API Gateway, Amazon EC2, and Amazon S3 Vectors. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources.
With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators.
You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the resources are available:
Resource Types:
Amazon SageMaker HyperPod now gives you visibility into the Amazon Machine Image (AMI) versions running across your clusters and automatically applies security patches without disrupting your workloads. SageMaker HyperPod is purpose-built infrastructure for training and deploying foundation models at scale. Cluster administrators previously had limited insight into which AMI versions were running, making drift hard to detect and security patching a manual, reactive process that was difficult to run on long multi-day training jobs and that risked changing bundled software in the AMI such as NVIDIA drivers or CUDA. These new capabilities on HyperPod help you keep clusters secure and consistent while removing the operational burden of manual patching.
With AMI versioning, you can see the exact AMI version on every instance group and node in the semantic versioning (major.minor.patch) format, quickly detect version drift, and roll back to a previous version—including the prior NVIDIA driver, CUDA, and other software stack—using the UpdateClusterSoftware API. Auto-patching is an opt-in, per-instance-group capability that applies only backward-compatible security patches as nodes become idle, so your running workloads stay undisrupted and critical AI/ML packages such as NVIDIA driver, CUDA version, and operating system kernels are never upgraded to a different major or minor version; you can enable it through the CreateCluster or UpdateCluster API. A new AMI support policy also publishes support timelines for different AMI versions after which HyperPod stops publishing security patches.
Both AMI versioning and auto-patching are available for HyperPod clusters orchestrated by Amazon EKS, in all AWS Regions where SageMaker HyperPod is supported. To learn more, see the HyperPod AMI management documentation and the new HyperPod AMI support policy.
Amazon EC2 is announcing support for AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) on Dedicated Hosts, enabling customers to run their confidential computing workloads on physical servers fully dedicated to their use.
Customers can allocate a Dedicated Host with SEV-SNP enabled and launch SEV-SNP instances on it. This gives customers the benefits of Dedicated Hosts for confidential computing workloads, including control over instance placement, and host affinity that allows customers to deploy instances to the same physical server over time. The physical host is provisioned with AMD security firmware during allocation, ensuring a customer’s confidential computing environment is up to date.
Dedicated Host SEV-SNP is available in all AWS commercial Regions with AMD instances. To learn more, visit our documentation.
Starting today, Amazon Elastic Compute Cloud (Amazon EC2) X8i instances are available in the Asia Pacific (Seoul), Asia Pacific (Malaysia) and Asia Pacific (Tokyo) regions. These instances are powered by custom Intel Xeon 6 processors available only on AWS. X8i instances are SAP-certified and deliver the highest performance and fastest memory bandwidth among comparable Intel processors in the cloud. They deliver up to 43% higher performance, 1.5x more memory capacity (up to 6TB), and 3.3x more memory bandwidth compared to previous generation X2i instances.
X8i instances are designed for memory-intensive workloads like SAP HANA, large databases, data analytics, and Electronic Design Automation (EDA). Compared to X2i instances, X8i instances offer up to 50% higher SAPS performance, up to 47% faster PostgreSQL performance, 88% faster Memcached performance, and 46% faster AI inference performance. X8i instances come in 14 sizes, from large to 96xlarge, including two bare metal options.
To get started, visit the AWS Management Console. X8i instances can be purchased via Savings Plans, On-Demand instances, and Spot instances. For more information visit X8i instances page.
Amazon SageMaker Unified Studio now supports Terraform for provisioning. Customers can use the open-source terraform-aws-sagemaker-unified-studio module to deploy a SageMaker Unified Studio domain through version-controlled templates. With this launch, platform teams can bring SageMaker Unified Studio into their existing infrastructure-as-code pipelines, maintaining consistency across development, staging, and production accounts.
Amazon SageMaker Unified Studio is a unified development environment where data teams can build end-to-end data and AI workflows using familiar tools—from data integration and analytics to machine learning and generative AI—all governed by a shared catalog. Administrators provision domains to give their organization a single, managed workspace with built-in access control, data governance, and cross-service connectivity. With this launch, the Terraform module handles the infrastructure of SageMaker Unified Studio domain with provisioned IAM roles. Sub-modules let teams enable blueprints, compose blueprints into project profiles, and create projects independently. Customers can also create projects with existing IAM roles. This integration is enabled through the Terraform AWS Cloud Control Provider.
This feature is available in all AWS Regions where Amazon SageMaker Unified Studio is available. To get started, see examples provided in terraform-aws-sagemaker-unified-studio module on GitHub and the Amazon SageMaker Unified Studio documentation.
AWS CodeBuild now supports Amazon Linux 2023 for on-demand build hosts through a new host kernel selection setting. AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With this launch you can choose whether your build host uses Amazon Linux 2 (Linux kernel 4) or Amazon Linux 2023 (Linux kernel 6).
Amazon Linux 2023 offers several improvements over Amazon Linux 2, including an updated Linux kernel and glibc, along with package additions, upgrades, and removals. For a full comparison, see Comparing AL2 and Amazon Linux 2023. You can validate Amazon Linux 2023 at your own pace by setting the host kernel on a new or non-production project and running your builds there, while your production projects keep running unchanged on their current kernel.
Host kernel selection is available in all AWS Regions where CodeBuild is offered except the AWS GovCloud (US) and China Regions, which only support Amazon Linux 2023.
To get started, see the following resources:
2026 年 6 月 30 日、AWS CloudFormation Express モードについてお知らせし […]
Kubernetes コントロールプレーンのアップグレードは、長い間、一度行うと元に戻せないものでした。オープ […]
こんにちは。アマゾン ウェブ サービス ジャパン合同会社 パートナー ソリューション アーキテクト の深井宣之 […]
In this post, we share best practices for reliable multi-turn RL training. We cover how to build a training environment you can trust, set up an external evaluation, design a reward aligned with the end task, manage what changes once the agent runs for multiple turns, and monitor the metrics that tell you when to iterate.
Social engineering through phishing remains one of the most common tactics for launching cyberattacks. AI-generated phishing email messages now pose a new challenge for security teams managing email systems, significantly raising the risk because of their advanced sophistication. Modern social engineers use generative AI and open source intelligence (OSINT) to craft thousands of unique messages […]