Tag: SysAdmin

Today, AWS announced the availability of DeepSeek OCR, MiniMax M2.1, and Qwen3-VL-8B-Instruct in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These three models bring specialized capabilities spanning document intelligence, multilingual coding, advanced multimodal reasoning, and vision-language understanding, enabling customers to build sophisticated AI applications across diverse use cases on AWS infrastructure. These models address different enterprise AI challenges with specialized capabilities: DeepSeek OCR explores visual-text compression for document processing. It can extract structured information from forms, invoices, diagrams, and complex documents with dense text layouts. MiniMax M2.1 is optimized for coding, tool use, instruction following, and long-horizon planning. It automates multilingual software development and executes complex, multi-step office workflows, empowering developers

Amazon Lightsail now offers memory-optimized instance bundles with up to 512 GB memory. The new instance bundles are available in 7 sizes, with Linux and Windows operating system (OS) and application blueprints, for both IPv6-only and dual-stack networking types. You can create instances using the new bundles with pre-configured OS and application blueprints including WordPress, cPanel & WHM, Plesk, Drupal, Magento, MEAN, LAMP, Node.js, Ruby on Rails, Amazon Linux, Ubuntu, CentOS, Debian, AlmaLinux, and Windows. The new memory-optimized instance bundles enable you to run memory-intensive workloads that require high RAM-to-vCPU ratios in Lightsail. These high-memory instance bundles are ideal for workloads such as in-memory databases, real-time big data analytics, in-memory caching systems, high-performance computing (HPC) applications, and large-scale enterprise applications that process extensive datasets in memory. These new bundles are now available in all

AWS Security Token Service (STS) now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and Oracle Cloud Infrastructure in IAM role trust policies and resource control policies for OpenID Connect (OIDC) federation into AWS via the AssumeRoleWithWebIdentity API. With this new capability, you can reference these custom claims as condition keys in IAM role trust policies and resource control policies, expanding your ability to implement fine-grained access control for federated identities and help you establish your data perimeters. This enhancement builds upon IAM's existing OIDC federation capabilities, which allow you to grant temporary AWS credentials to users authenticated through external OIDC-compatible identity providers.

Amazon CloudFront announces support for mutual TLS authentication (mTLS) for origins, a security protocol that enables customers to verify that requests to their origin servers come only from their authorized CloudFront distributions using TLS certificates. This certificate-based authentication provides cryptographic verification of CloudFront's identity, eliminating the need for customers to manage custom security controls. Previously, verifying that requests came from CloudFront distributions required customers to build and maintain custom authentication solutions like shared secret headers or IP allow-lists, particularly for public or externally hosted origins. These approaches required ongoing operational overhead to rotate secrets, update allow-lists, and maintain custom code. Now with origin mTLS support, customers can implement a standardized, certificate-based authentication approach that eliminates this operational burden. This enables organizations to enforce stri

AWS Network Firewall now supports flexible cost allocation through AWS Transit Gateway native attachments in AWS GovCloud (US) Regions, enabling you to automatically distribute data processing costs across different AWS accounts. Customers can create metering policies to apply data processing charges based on their organization's chargeback requirements instead of consolidating all expenses in the firewall owner account. This capability helps security and network teams better manage centralized firewall costs by distributing charges to application teams based on actual usage. Organizations can now maintain centralized security controls while automatically allocating inspection costs to the appropriate business units or application owners, eliminating the need for custom cost management solutions. Flexible cos

Amazon Connect now offers APIs to configure and run tests that simulate contact center experiences, making it easy to validate workflows, self-service voice interactions, and their outcomes. With these APIs, you can programmatically configure test parameters, including the caller's phone number or customer profile, the reason for the call (such as "I need to check my order status"), the expected responses (such as "Your request has been processed"), and business conditions like after-hours scenarios or full call queues. With this launch, you can also integrate testing directly into CI/CD pipelines, run multiple tests simultaneously to validate workflows at scale, and enable automated regression testing as part of your deployment cycles. These capabilities allow you to rapidly validate changes to your workflows and confidently deploy new customer experiences to production. To learn more about these features, see the

AWS HealthImaging now supports storing and retrieving lossy compressed medical images in the JPEG XL transfer syntax (1.2.840.10008.1.2.4.112). It is now simpler than ever to integrate HealthImaging with applications that require JPEG XL encoded DICOM data, such as digital pathology whole slide imaging systems. With this launch, HealthImaging stores your JPEG XL Lossy image data without transcoding, which maintains the fidelity of your data and reduces your storage costs. Further, you can retrieve stored image frames in the JPEG XL format without the latency of transcoding at retrieval time.

Amazon RDS now supports Internet Protocol version 6 (IPv6) for VPC endpoints of RDS Service APIs, in addition to the existing IPv6 support for public endpoints. This allows you to configure dual-stack (IPv4 and IPv6) connectivity to access RDS Service APIs directly from within your VPC without internet traversal. IPv6 provides an expanded address space, enabling you to scale your application on AWS beyond the limitations of IPv4 addresses. With IPv6, you can assign easy to manage contiguous IP ranges to micro-services and can get virtually unlimited scale for your applications. Moreover, with support for both IPv4 and IPv6, you can gradually transition applications from IPv4 to IPv6, enabling safer migration. This feature is available in all commercial AWS regions and AWS GovCloud (US) regions. Get started with

Amazon Connect now delivers improved estimated wait time metrics for queues and enqueued contacts, empowering organizations. This allows contact centers to set accurate customer expectations, provide convenient options such as callbacks when hold times are extended, and balance workloads effectively across multiple queues. By leveraging the improved estimated wait time metrics, contact centers can make more strategic routing choices across queues while gaining enhanced visibility for better resource planning. For example, a customer calling about billing during peak hours with a 15-minute wait is seamlessly transferred to a cross-trained team with 2-minute availability, getting help faster without repeating their issue. The metric works seamlessly with routing criteria and agent proficiency configurations. 

Today, Amazon SageMaker announced a new capability allowing you to establish connectivity between your Amazon Virtual Private Cloud (VPC) and Amazon SageMaker Unified Studio without customer data traffic going through the public internet. Customers needing to go beyond the standard data transfer protocol (HTTPS/TLS2) can choose to configure their VPC so data transfer stays within the AWS network. Through AWS PrivateLink, Network Administrators can now onboard AWS service endpoints to their VPC used by Amazon SageMaker Unified Studio. With the endpoints are onboarded, IAM policies used by Amazon SageMaker will enforce that customer data stay within the AWS network. Amazon SageMaker private access using AWS PrivateLink is available in all AWS Regions where Amazon SageMaker Unified Stu