Amazon MSK Replicator now supports data replication from external Apache Kafka clusters - including on-premises, self-managed on AWS, or other cloud providers to Amazon MSK Standard brokers. This capability extends replication support to MSK Standard brokers, in addition to the existing support for MSK Express brokers. With this launch, you can migrate workloads to MSK Standard brokers, support disaster recovery by using MSK clusters as a failover or backup target, and enable data distribution across hybrid and multi-cloud environments.
MSK Replicator is a feature of Amazon MSK that automates data replication between Kafka clusters, eliminating the need to manage custom replication infrastructure or configure open-source tools. Previously, MSK Replicator supported replication from external Apache Kafka clusters to MSK Express brokers only. With this launch, you can now also replicate data from external Kafka clusters to MSK Standard brokers, using either SASL/SCRAM or mutual TLS (mTLS) authentication to connect to your external clusters. You can also use MSK Replicator to replicate data from Amazon MSK Standard to external Kafka clusters for reliable failback or multi-cloud data distribution. Unlike self-managed replication tools, MSK Replicator lets you retain your original Kafka topic names during replication while automatically avoiding infinite replication loops. It also synchronizes consumer group offsets bidirectionally, enabling you to move producers and consumers across clusters independently, in any order, without coordination constraints or the risk of data loss.
This new capability is supported in all AWS Regions where Amazon MSK Replicator is available. Visit the MSK Replicator documentation, product page, pricing page, and this AWS blog post to learn more.
Amazon SageMaker Feature Store is a fully managed capability that makes it easy to compute, store, and retrieve features for training and deploying AI models. SageMaker Feature Store now supports new capabilities for high-throughput feature ingestion, record discovery, and offline store cataloging. Data scientists can now write multiple records across multiple feature groups in a single request with BatchWriteRecord, list the records stored in a feature group without knowing each record identifier in advance with ListRecords, and create tables and databases with custom names in the offline store.
Data scientists can use BatchWriteRecord to ingest feature data at scale with fewer API calls and lower latency than writing one record at a time. BatchWriteRecord targets the online store, the offline store, or both, returns individual record failures without failing the entire request, and supports time-to-live settings at the record, request, and feature group level. With ListRecords, data scientists can retrieve the record identifiers in a feature group, one page at a time, to browse and audit feature group contents, recover record identifiers, and manage the record lifecycle. When configuring an offline store, data scientists can also create Glue and Iceberg tables with custom names. These capabilities enable data scientists to ingest features at scale and manage the records stored in SageMaker Feature Store without building custom tooling.
These capabilities are available in all AWS Regions where Amazon SageMaker Feature Store is available. For more information, see Amazon Feature Store Runtime and Offline Store Configuration documentation.
Amazon SageMaker HyperPod now supports deep health checks for Slurm-orchestrated clusters created with continuous provisioning, enabling you to proactively verify GPU accelerator health on running instances at any time. Continuous provisioning lets you start training quickly and scale instance groups asynchronously without all-or-nothing failures, and you can now pair that flexibility with comprehensive hardware validation as instances come online. This capability addresses a critical challenge where even a single unhealthy node can waste hours of compute time and delay critical workloads.
With deep health checks, you can target entire instance groups or specific instances to run comprehensive hardware stress tests and connectivity tests before committing compute resources to a job. Because continuous provisioning adds worker nodes to your Slurm cluster asynchronously as capacity becomes available, you can run deep health checks on each new node as it comes online, validating hardware before scheduling jobs on it and without interrupting workloads already running on healthy nodes. Progress and results are visible at both the instance group and instance level through the SageMaker console and APIs, providing complete visibility into GPU health, network connectivity, and multi-node communication performance. Instances undergoing checks are automatically isolated from workload scheduling and returned to service upon passing. When paired with HyperPod's automatic node recovery capability, instances that fail are automatically rebooted or replaced, ensuring cluster health.
This capability is available in all regions where Amazon SageMaker HyperPod is available. To learn more about on-demand deep health checks and continuous provisioning, see the Amazon SageMaker HyperPod User Guide.
Amazon SageMaker Unified Studio now supports custom asset types for IAM-based domains. With custom asset types, domain administrators can catalog any format of asset within the SageMaker Unified Studio, such as medical imaging files in Amazon S3, revenue dashboards built in PowerBI, or PDF research reports generated by a third-party platform. Custom asset types bring all assets, regardless of their underlying format, into the SageMaker catalog so teams can search, discover, and subscribe to them without needing separate tools or processes.
To get started, an administrator can create a custom asset type with a name, description, and optional metadata forms that define the fields each asset should carry. Individual assets can then be created from that type, enriched with glossary terms and README documentation to add business context for humans and AI agents, and published for discovery. Once published, anyone in the domain can find the asset by name, type, or glossary term and request a subscription through the same governed workflow used for all other catalog assets.
Custom asset types for IAM-based domains are available in all AWS Regions where Amazon SageMaker Unified Studio is available. To learn more, visit the SageMaker Unified Studio user guide.
AWS Client VPN is now available in four new regions: Canada West (Calgary), Mexico (Central) and two in Asia Pacific - New Zealand and Taipei. This fully managed service enables customers to securely connect their remote workforce to resources in AWS or on-premises networks.
AWS Client VPN eliminates the need for hardware VPN appliances and complex operational management through its pay-as-you-go model. Organizations can easily manage and monitor VPN connections through a single console.
To learn more about Client VPN:
Amazon Timestream for InfluxDB now publishes events to Amazon EventBridge when your database instances or clusters undergo state changes. Events are emitted for lifecycle operations including creation, deletion, compute and storage scaling, parameter group updates, maintenance windows, and reboot — covering both successful completions and failures.
With this capability, customers can use Amazon EventBridge rules to programmatically react to database operations without polling the API for status. DevOps teams can build automation workflows that trigger when a scaling operation completes, operations teams can route failure events for immediate alerting, and compliance teams can persist all events to Amazon CloudWatch Logs or Amazon S3 for audit trails. Events are published to the default Amazon EventBridge event bus in your account with source aws.timestream-influxdb, supporting content-based filtering and routing to any EventBridge target including AWS Lambda functions, AWS Step Functions, Amazon SQS queues, Amazon SNS topics, and cross-account event buses.
This capability is available in all AWS Regions where Amazon Timestream for InfluxDB is available. Standard Amazon EventBridge pricing applies for rule evaluation and target delivery. To get started, open the Amazon EventBridge console and create a rule with source aws.timestream-influxdb. For more information, see the Amazon Timestream for InfluxDB documentation and pricing page.
Today, AWS announces Replace Root Volume using an existing EBS volume, a new option for replacing the root volume of a running Amazon EC2 instance. Customers can now use an EBS volume as the target for a root volume replacement, in addition to the existing options of replacing from a snapshot or an AMI. This option supports customers running stateful workloads who need to include specific metadata or software on the root volume before the application boots.
Many customers use Replace Root Volume today to apply operating system patches and configuration changes without stopping the instance. However, customers who needed specific metadata or software on the root volume had to first capture an volume with data as a snapshot or register it as an AMI before they could replace the root volume. These intermediate steps added time and operational overhead. Customers can now configure the volume directly and use it as the new root volume, removing the snapshot and AMI creation steps. This reduces operational overhead and speeds up root volume patching for stateful workloads where downtime is costly.
Using an EBS volume when replacing a root volume of an EC2 instance is available in all commercial AWS Regions and AWS GovCloud (US) regions. To get started, see Replace an EC2 instance root volume in the Amazon EC2 User Guide.
AWS is announcing the general availability of Amazon EC2 Storage Optimized I8g instances in AWS GovCloud (US East, US West) regions. I8g instances offer the best performance in Amazon EC2 for storage-intensive workloads. I8g instances are powered by AWS Graviton4 processors that deliver up to 60% better compute performance compared to previous generation I4g instances. I8g instances use the latest third generation AWS Nitro SSDs, local NVMe storage that deliver up to 65% better real-time storage performance per TB while offering up to 50% lower storage I/O latency and up to 60% lower storage I/O latency variability. These instances are built on the AWS Nitro System, which offloads CPU virtualization, storage, and networking functions to dedicated hardware and software enhancing the performance and security for your workloads.
Amazon EC2 I8g instances are designed for I/O intensive workloads that require rapid data access and real-time latency from storage. These instances excel at handling transactional, real-time, distributed databases, including MySQL, PostgreSQL, Hbase and NoSQL solutions like Aerospike, MongoDB, ClickHouse, and Apache Druid. They're also optimized for real-time analytics platforms such as Apache Spark, data lakehouse and AI LLM pre-processing for training. I8g instances are available in 11 different sizes with up to 48xlarge including one metal size, 1.5 TiB of memory, and 45 TB local instance storage. They deliver up to 100 Gbps of network performance bandwidth, and 60 Gbps of dedicated bandwidth for Amazon Elastic Block Store (EBS).
To learn more, visit EC2 I8g instances.
You can now connect AI agents directly to the AWS MCP Server using AWS Sign-In. Agents connect using industry-standard OAuth without requiring additional authentication software. Existing AWS identities, sign-in methods, IAM permissions, and governance controls you have already set up continue to apply.
Developers can authorize agents interactively through a browser or programmatically using non-interactive (headless) authorization. Administrators can govern OAuth access using familiar IAM policies together with new OAuth capabilities, including global condition keys, token introspection and revocation APIs, dynamic client registration, and CloudTrail audit events.
To learn more, see the OAuth Support for the AWS MCP Server blogpost, Sign-In with OAuth 2.0 in the AWS Sign-In User Guide, and Setting up the AWS MCP Server in the Agent Toolkit for AWS User Guide.
AWS Database Migration Service (DMS) Schema Conversion now supports AI agent automation through the AWS MCP Server. You can connect AI coding agents, including Kiro, Claude Code, and Cursor, to DMS Schema Conversion and run complete migration workflows using natural language directly from your IDE. Agents create projects, browse source metadata, convert schemas, generate assessment reports, and export results autonomously.
The DMS Schema Conversion skill, dms-schema-conversion, loads on demand and provides agents with predefined procedures, including API patterns, schema exclusions, and operational sequencing rules. Agents follow these procedures rather than improvising from general knowledge, reducing trial-and-error loops. They can also help convert remaining code objects such as stored procedures, functions, and triggers, building on the generative AI capabilities launched at re:Invent 2024.
AI agent automation is available for all existing DMS Schema Conversion source and target engine pairs at no additional charge. For regional availability, see the Supported AWS Regions page. To get started, see Using AI agents with DMS Schema Conversion in the documentation.
AWS Organizations now automatically applies security controls by default when you create a new organization via AWS Organizations console, simplifying initial security configuration by automatically applying core security controls. This approach safeguards multi-account environments by protecting against unintended member account departures from your organization. CloudOps administrators and central security teams get immediate protection in their new organizations from day one.
When you create a new organization using the AWS Organizations console, the service automatically applies service control policies (SCPs) that prevent member accounts from leaving the organization or closing themselves. These controls help enterprises migrating to AWS or starting a new organization establish strong governance patterns without requiring deep security expertise. The security defaults are intentionally lightweight to provide protection without impeding legitimate operations. You maintain full control to modify or disable these settings at any time.
This feature is available in US East (N. Virginia), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Beijing), and China (Ningxia). To learn more, visit the AWS Organizations documentation.
Amazon DocumentDB (with MongoDB compatibility) now supports R8g.24xlarge and R8g.48xlarge database instances. R8g instances are powered by AWS Graviton4 processors and feature DDR5 memory, enabling customers to achieve higher throughput and support larger working sets in memory. With R8g.24xlarge (96 vCPUs, 768 GiB memory) and R8g.48xlarge (192 vCPUs, 1,536 GiB memory), customers can run more demanding workloads such as high-concurrency transactional applications, large-scale document processing, and memory-intensive operational workloads.
Customers can get started with R8g.24xlarge and R8g.48xlarge instances through the AWS Management Console, CLI, and SDK by modifying their existing Amazon DocumentDB database cluster or creating a new one. R8g instances are available for Amazon DocumentDB 5.0+ on both Standard and IO-Optimized cluster storage configurations. For more information including region availability, visit our pricing page and documentation.
AWS is announcing starting today, Amazon EC2 I7ie instances are now available in AWS Asia Pacific (Hyderabad) region. Designed for large storage I/O intensive workloads, I7ie instances are powered by 5th Gen Intel Xeon Processors with an all-core turbo frequency of 3.2 GHz, offering up to 40% better compute performance and 20% better price performance over existing I3en instances. I7ie instances offer up to 120TB local NVMe storage density for storage optimized instances and offer up to twice as many vCPUs and memory compared to prior generation instances. Powered by 3rd generation AWS Nitro SSDs, I7ie instances deliver up to 65% better real-time storage performance, up to 50% lower storage I/O latency, and 65% lower storage I/O latency variability compared to I3en instances.
I7ie are high density storage optimized instances, ideal for workloads requiring fast local storage with high random read/write performance at very low latency consistency to access large data sets. These instances are available in 9 different virtual sizes and deliver up to 100Gbps of network bandwidth and 60Gbps of bandwidth for Amazon Elastic Block Store (EBS).
To learn more, visit the I7ie instances page.
Kiro の超過利用に関する 2 つの新機能をご紹介します。チーム向けには、AWS Service Quotas コンソールからアカウント単位で超過利用の上限を設定できるようになりました。個人開発者向けには、有料プラン利用者が前払いで購入できるアドオンクレジットパック (最小 5 ドルから) を追加しました。後から届く想定外の請求書に驚かされることなく、支出をコントロールしながら Kiro を使い続けられます。
本記事では、AWS Cloud WAN のルーティングポリシーを使い、ハイブリッド環境やマルチサイト環境で一般的に見られる3つの実運用シナリオを取り上げます。Transit Gateway 環境からの移行中のルート伝播制御、複数の Direct Connect ロケーション間のパス選択の改善、そして同一 ASN を持つネットワーク間の接続の許可という課題を、集中型のポリシー適用ポイントとしての AWS Cloud WAN でどのように解決できるかを解説します。
こんにちは。アマゾン ウェブ サービス ジャパン合同会社 パートナーソリューションアーキテクトの深井 宣之です […]
AWS Japan パブリックセクターでは月次でセキュリティワークショップイベントを開催しています。Claude Mythos / Project Glasswing の登場によりセキュリティを取り巻く状況が変化する中、第 3・4 回は「Claude Mythos 時代の脅威への対応」をテーマに実施しました。本記事では、第 3 回の Amazon Inspector による脆弱性管理と、第 4 回の AWS Security Agent によるプロアクティブなセキュリティ評価を扱った開催レポートをお届けします。
AWS MCP Server using the same credentials and sign-in methods that you already use for connecting to the AWS Management Console or AWS Command Line Interface (AWS CLI) through a familiar browser-based experience powered by industry-standard OAuth. This new sign-in path supports AWS Identity and Access Management (IAM) federation, AWS IAM Identity Center, and root […]
Specification-driven composition addresses a common scalability bottleneck in data pipelines. Data pipelines often start as simple scripts, but as they grow, you duplicate transformation logic and small changes cascade across multiple workflows. Copying and modifying data transformation logic across scripts leads to workflows that become difficult to manage at scale. Tracking what each pipeline does […]
In this post, we walk through five capabilities now available in SageMaker HyperPod inference: multi-tier data capture for auditing and model improvement, direct deployment from Hugging Face Hub, local NVMe model loading for faster cold starts, automated Route 53 DNS for custom domains, and pod-level IAM through custom service accounts.
In this post, we show where MCP tool design goes wrong and how to fix it with practical context engineering approaches.
Development teams building serverless applications with AI coding agents face the question of how to let those agents generate and execute code without losing control over governance. Agent-generated code needs a secure environment to execute, isolated from production systems and the developer’s local environment. Addressing this requires three things working together: a secure execution sandbox, […]
Development teams building serverless applications with AI coding agents face the question of how to let those agents generate and execute code without losing control over governance. Agent-generated code needs a secure environment to execute, isolated from production systems and the developer’s local environment. Addressing this requires three things working together: a secure execution sandbox, […]