Many customers today rely on AWS Config for recording configuration, tracking configuration history, and evaluating compliance of their AWS resources such as Amazon Elastic Compute Cloud (EC2) instances, Amazon Simple Storage Service (S3) buckets, and even Amazon Elastic Kubernetes Service (EKS) clusters. This provides them with a comprehensive view of their AWS infrastructure configuration state […]| AWS Cloud Operations Blog
The enhanced AWS Security Hub (currently in public preview) prioritizes your critical security issues and helps you respond at scale to protect your environment. It detects critical issues by correlating and enriching signals into actionable insights, enabling streamlined response. You can use these capabilities to gain visibility across your cloud environment through centralized management in […]| AWS Security Blog
Security threats demand swift action, which is why AWS Security Incident Response delivers AWS-native protection that can immediately strengthen your security posture. This comprehensive solution combines automated triage and evaluation logic with your security perimeter metadata to identify critical issues, seamlessly bringing in human expertise when needed. When Security Incident Response is integrated with Amazon […]| AWS Security Blog
October 1, 2025: This post was updated to reflect the new name of Security Hub, which is AWS Security Hub CSPM (Cloud Security Posture Management). Security teams must efficiently validate and document exceptions to AWS Security Hub (Cloud Security Posture Management, previously known as Security Hub) findings, while maintaining proper governance. Enterprise security teams need […]| Amazon Web Services
Reimagine AIOps with Amazon CloudWatch Investigations and Amazon Nova Sonic in Amazon Bedrock to transform how cloud operations teams handle incidents. Traditional monitoring approaches require engineers to navigate multiple complex dashboards, analyze extensive logs, and manually execute remediation steps—a process that becomes particularly challenging during after-hours incidents or when away from workstations. When minutes matter […]| AWS Cloud Operations Blog
Managing logs across multiple AWS accounts and regions has always been a complex challenge for organizations. As AWS infrastructure grows to include separate accounts for production, development, and staging environments, along with regions, the complexity of log management increases exponentially. During critical incidents, especially during off-hours, teams spend valuable time, searching through multiple accounts, correlating […]| Amazon Web Services
Many of my conversations with AWS customers are about their attempts to build developer experience platforms that simplify software development and operations, automate deployments, improve software quality, reduce costs, and ensure security and compliance. Unfortunately, not all platforms live up to their expectations. The most frequently cited problem is development teams rejecting the platform that […]| Amazon Web Services
AWS Network Firewall is a managed firewall service that filters and controls network traffic in Amazon Virtual Private Cloud (Amazon VPC). Unlike traditional network controls such as security groups or network access control lists (NACLs), Network Firewall can inspect and make decisions based on information from higher layers of the OSI model, including the Transport […]| AWS Security Blog
Elastic Load Balancing simplifies authentication by offloading it to OpenID Connect (OIDC) compatible identity providers (IdPs). This lets builders focus on application logic while using robust identity management. OIDC client secrets are confidential credentials used in OAuth 2.0 and OIDC protocols for authenticating clients (applications). However, manual management of OIDC client secrets introduces security risks […]| AWS Security Blog
In our previous blog post (Part 1 of our key replication series), Automatically replicate your card payment keys across AWS Regions, we explored an event-driven, serverless architecture using AWS PrivateLink to securely replicate card payment keys across AWS Regions. That solution demonstrated how to build a custom replication framework for payment cryptography keys. Based on […]| AWS Security Blog
When modernizing applications, customers in regulated industries like government, financial, and research face a critical challenge: how to transform their systems while meeting strict digital sovereignty and security compliance requirements. A common misconception tied to this is that data must be moved to an AWS Region to fully use Amazon Web Services (AWS) security services. […]| Amazon Web Services
Managing metrics collection at scale in complex cloud environments presents significant challenges for organizations, particularly when it comes to controlling costs and maintaining operational efficiency. As the volume of metrics grows exponentially with the expansion of container deployments and other cloud-native workloads, customers often struggle to balance comprehensive monitoring with resource optimization. This can lead […]| Amazon Web Services
In this post, we demonstrate how to configure Amazon Route 53 to enable unique failover behavior for each application within multi-tenant Amazon EKS environments across AWS Regions. This solution allows organizations to maintain the cost benefits of shared infrastructure while meeting diverse availability requirements by implementing application-specific health checks that provide granular control over failover scenarios.| Containers
In this post, we demonstrate how to use a Raspberry Pi 5 as an Amazon EKS hybrid node to process edge workloads while maintaining cloud connectivity. We show how to set up an EKS cluster that connects cloud and edge infrastructure, secure connectivity using WireGuard VPN, enable container networking with Cilium, and implement a real-world IoT application using an ultrasonic sensor that demonstrates edge-cloud integration.| Amazon Web Services
AWS Identity and Access Management (IAM) Access Analyzer is an important tool in your journey towards least privilege access. You can use IAM Access Analyzer access previews to preview and validate public and cross-account access before deploying permissions changes in your environment. For the permissions already in place, one of IAM Access Analyzer’s capabilities is that […]| Amazon Web Services
Until recently, building AI agents meant wrestling with complex orchestration frameworks. Developers wrote elaborate state machines, predefined workflows, and extensive error-handling code to guide language models through multi-step tasks. We needed to build elaborate decision trees to handle “what if the API call fails?” or “what if the user asks something unexpected?” Despite this effort, […]| Amazon Web Services
In this post, we explore the migration path from AWS CodeDeploy to Amazon ECS for blue/green deployments, discussing key architectural differences and implementation considerations. We examine three different migration approaches - in-place update, new service with existing load balancer, and new service with new load balancer - along with their respective trade-offs in terms of complexity, risk, downtime, and cost.| Amazon Web Services
AWS Organizations enables customers to centrally manage their AWS accounts. Since many customers prefer to automate the account creation process, they can leverage CreateAccount API, thereby creating an account vending pipeline. This pipeline standardizes the deployment of policies, roles, and resources across new accounts while managing the complete lifecycle through eventual account closure. Through this […]| AWS Cloud Operations Blog
Modern architectures generate vast amounts of observability data across metrics, logs, and traces. When issues arise, teams spend hours—sometimes days—manually correlating information across multiple dashboards to identify root causes, directly impacting MTTR and productivity. Amazon CloudWatch Application Signals addresses this challenge by providing deep application visibility through automatic instrumentation, capturing key metrics like latency, error […]| AWS Cloud Operations Blog
AWS Config tracks configuration changes across your AWS resources and AWS Organizations. AWS Config uses the configuration recorder to detect changes and records them as configuration items (CIs). As your infrastructure grows and becomes more complex, choosing the appropriate recording frequency becomes critical for maintaining operational visibility, meeting compliance requirements, and supporting your security posture. Since the launch of the periodic recording […]| AWS Cloud Operations Blog
Organizations leveraging AWS CloudTrail to audit API access encounter a common challenge: CloudTrail data volume grows proportionally with AWS infrastructure expansion. A multi-account AWS organization generating millions of API calls daily can quickly amass terabytes of CloudTrail logs. When security teams conduct incident investigations or account activity audits, querying these logs in Amazon Athena becomes […]| AWS Cloud Operations Blog
Determining how to protect and recover an application can often be easier than determining how quickly your business needs that application recovered. Establishing the correct recovery objective targets at an application level is a critical part of business continuity planning, though. This blog is intended to help customers as they establish or reevaluate recovery targets, […]| Amazon Web Services
In this post, we introduce an automated, GitOps-driven approach to resource optimization in Amazon EKS using AWS services such as Amazon Managed Service for Prometheus and Amazon Bedrock. The solution helps optimize Kubernetes resource allocation through metrics-driven analysis, pattern-aware optimization strategies, and automated pull request generation while maintaining GitOps principles of collaboration, version control, and auditability.| Amazon Web Services
In this post, we explore how to build highly available Kubernetes applications using Amazon EKS Auto Mode by implementing critical features like Pod Disruption Budgets, Pod Readiness Gates, and Topology Spread Constraints. Through various test scenarios including pod failures, node failures, AZ failures, and cluster upgrades, we demonstrate how these implementations maintain service continuity and maximize uptime in EKS Auto Mode environments.| Amazon Web Services
In this post, we show you how to swiftly deploy inference workloads on EKS Auto Mode and demonstrate key features that streamline GPU management. We walk through a practical example by deploying open weight models from OpenAI using vLLM, while showing best practices for model deployment and maintaining operational efficiency.| Containers
In this post, we demonstrate how to utilize the Kubecost Amazon EKS add-on to reduce infrastructure costs and enhance Kubernetes efficiency through Container Request Right Sizing, which helps identify and fix inefficient container resource configurations. We explore how to review Kubecost's right sizing recommendations and implement them through either one-time updates or scheduled automated resizing within Amazon EKS environments for continuous resource optimization.| Containers
This post was co-written by FactSet’s Cloud Infrastructure team, Gaurav Jain, Nathan Goodman, Geoff Wang, Daniel Cordes, Sunu Joseph and AWS Solution Architects, Amit Borulkar and Tarik Makota. At FactSet, their goal for cloud platform on AWS Cloud is to have high developer velocity alongside enterprise governance. They wanted application teams to have a frictionless […]| Amazon Web Services
This blog post was authored by Robert Northard, Principal Container Specialist SA, Eric Chapman, Senior Product Manager EKS, and Elamaran Shanmugam, Senior Specialist Partner SA. Introduction Amazon Elastic Kubernetes Service (Amazon EKS) Hybrid Nodes transform how you run generative AI inference workloads across cloud and on-premises environments. Extending your EKS cluster to on-premises infrastructure allows you […]| Amazon Web Services
In this post, we demonstrate how to deploy the DeepSeek-R1-Distill-Qwen-32B model using AWS DLCs for vLLMs on Amazon EKS, showcasing how these purpose-built containers simplify deployment of this powerful open source inference engine. This solution can help you solve the complex infrastructure challenges of deploying LLMs while maintaining performance and cost-efficiency.| Amazon Web Services
In this post, we dive deep into cluster networking configurations for Amazon EKS Hybrid Nodes, exploring different Container Network Interface (CNI) options and load balancing solutions to meet various networking requirements. The post demonstrates how to implement BGP routing with Cilium CNI, static routing with Calico CNI, and set up both on-premises load balancing using MetalLB and external load balancing using AWS Load Balancer Controller.| Amazon Web Services
This post demonstrates how you can modernize legacy SOAP applications using Amazon API Gateway and AWS Lambda to create bidirectional proxy architectures that enable integration between SOAP and REST systems without disrupting existing business operations. Many organizations today face the challenge of maintaining critical business systems that were built decades ago. These legacy applications power […]| Amazon Web Services
As an Enterprise Strategist, I’ve noticed that discussions about multicloud are often marked by confusion and contradictory advice. Some advisers warn against adopting a multicloud strategy, while others suggest that you will miss an industry-wide transformation if you don’t. There are legitimate reasons for and against multicloud strategies; success depends on balancing potential business value […]| AWS Cloud Enterprise Strategy Blog
AWS achieved a 15.9% year-over-year cost reduction by measuring the total economic cost of delivering software units rather than relying on traditional development productivity metrics.| Amazon Web Services
In this post, we show you how to implement comprehensive monitoring for Amazon Elastic Kubernetes Service (Amazon EKS) workloads using AWS managed services. This solution demonstrates building an EKS platform that combines flexible compute options with enterprise-grade observability using AWS native services and OpenTelemetry.| AWS Architecture Blog
When we introduced the Strands Agents SDK, our goal was to make agentic development simple and flexible by embracing a model-driven approach. Today, we’re excited to highlight how you can use Claude 4’s interleaved thinking beta feature with Strands to further simplify how you write AI agents to solve complex tasks with tools. With a […]| AWS Open Source Blog
In this post, we share how Pegasystems (Pega) built Launchpad, its new SaaS development platform, to solve a core challenge in multi-tenant environments: enabling secure customer customization. By running tenant code in isolated environments with AWS Lambda, Launchpad offers its customers a secure, scalable foundation, eliminating the need for bespoke code customizations.| AWS Architecture Blog
Do you have thousands of Amazon CloudWatch alarms across AWS Regions and want to quickly identify which ones are low-value alarms or misconfigured alarms across regions? Are you looking for ways to identify alarms which are in ‘ALARM’ or ‘IN_SUFFICIENT’ state for several days and need to be revisited? Do you need a cleanup mechanism […]| Amazon Web Services
AWS Service Catalog lets you centrally manage your cloud resources to achieve governance at scale of your Infrastructure as Code (IaC) templates. AWS Service Catalog supports AWS CloudFormation natively and allows customers to use other IaC such as Terraform Community and Terraform Cloud via Service Catalog reference engine. We often hear customers asking how to […]| Amazon Web Services
Data powers groundbreaking generative AI; curate diverse, high-quality datasets to cultivate innovation, while mitigating risks and biases.| Amazon Web Services
We are delighted to share with you a brand new experience for file storage using AWS Amplify! This powerful storage solution seamlessly integrates with Amazon Simple Storage Service (Amazon S3) and offers developers greater control and flexibility over their file structure via Amplify’s fullstack TypeScript developer experience. Whether you’re an experienced developer or new to […]| Amazon Web Services
We are thrilled to announce the general availability of AWS Amplify Gen 2, a fullstack TypeScript experience for building cloud-connected apps. AWS Amplify helps you accomplish two jobs: Host your web app Build and connect to a cloud backend With Amplify Gen 2, every part of your app’s cloud backend is defined in TypeScript. Need […]| Amazon Web Services
For more than a decade, organizations have embraced data lakes to overcome the technical limitations of data warehouses and evolve into more data-centric entities. While many organizations have used data lakes to explore new data use cases and improve their data-driven approaches, others have found the promised benefits hard to achieve. As a result, the […]| Amazon Web Services
