AWS Identity and Access Management (IAM) access advisor now enables you to automate the analysis of your IAM permissions across all your accounts using IAM access advisor APIs with the AWS Command Line Interface (AWS CLI) or SDK . IAM access advisor helps you audit service access, remove unnecessary permissions, and set appropriate permissions providing the last timestamp when an IAM entity (e.g., user, role, or a group) accessed an AWS service.
AppStream 2.0 introduces APIs to simplify app entitlements and enable delivery of virtualized apps
Today, Amazon AppStream 2.0 announced dynamic app framework APIs. Using these APIs, you can dynamically build application catalogs for your users from a single AppStream 2.0 application image, or deliver virtualized apps from a third party solution. This reduces the number of application images you need to maintain, because you no longer need to create an image, stack, and fleet for each user group.
You can build your own solution using these APIs, or leverage a third party dynamic app provider. The apps managed by a dynamic app provider can either be installed on an AppStream 2.0 image, or be delivered off-instance from a Windows file share or application virtualization service.
To build your own solution, or find third party dynamic app providers, see Manage App Entitlement with the Dynamic App Framework . The dynamic app framework APIs are available today at no additional charge in all AWS Regions where AppStream 2.0 is offered. AppStream 2.0 offers pay-as-you-go pricing. Please see Amazon AppStream 2.0 Pricing for more information, and try our sample applications.
Introducing AWS Resource Access Manager
AWS Resource Access Manager (RAM) provides customers a simple way to share their resources across AWS accounts or within their AWS Organization. Many AWS customers use multiple AWS accounts to provide administrative and billing autonomy to their teams. These customers can now centrally create resources and use RAM to share them across accounts, leading to a reduction in operational overhead for customers while maintaining the benefits of a multi-account strategy. Using RAM to share resources eliminates the need for customers to create duplicate resources in each of their accounts and drives down costs. Consumption of shared resources is governed by access control policies in AWS Identity & Access Management and Service Control Policies in AWS Organizations, enabling customers to leverage their existing investments in security and governance controls. At this time, customers can share Amazon Route 53 Resolver Rules, AWS Transit Gateways, Subnets, and AWS License Manager Configurations using RAM.
AWS Resource Access Manager is available to customers at no additional charge and is offered in US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), and EU (Paris) regions. Click here to get started and here to learn more about AWS Resource Access Manager.
Amazon RDS Supports Publishing PostgreSQL Log Files to Amazon CloudWatch Logs
You can now publish logs from your RDS for PostgreSQL databases to Amazon CloudWatch Logs in Amazon RDS. Supported logs include PostgreSQL system logs and upgrade logs.
Publishing these logs to CloudWatch Logs allows you to maintain continuous visibility into PostgreSQL system logs, and upgrade logs for your PostgreSQL databases. For example, you can set up Amazon CloudWatch Alarms to notify you on frequent restarts which are recorded in the PostgreSQL system log. Similarly, alarms for events recorded in PostgreSQL logs can be created to alert on unwanted changes made to your databases. You may also enable logging of slow queries and create alarms to monitor them in the PostgreSQL logs and enable timely detection of long-running queries.
CloudWatch Logs provide a durable archive destination for your database logs. You can specify a retention period to indicate how long you want CloudWatch to retain your logs. Additionally, with CloudWatch Logs, you can perform ad hoc searches across multiple logs. This capability is particularly useful for troubleshooting, audits, and log analysis. You can also export logs from CloudWatch to Amazon S3 .
Refer to the RDS for PostgreSQL documentation for more information. To start publishing logs from RDS for PostgresQL databases to CloudWatch Logs, visit the AWS RDS Management Console or download the latest AWS SDK or CLI .
Amazon RDS for PostgreSQL makes it easy to set up, operate, and scale PostgreSQL deployments in the cloud. See Amazon RDS for PostgreSQL Pricing for regional availability.
Amazon Connect is Now Available in the Asia Pacific (Tokyo) AWS Region
Amazon Connect is now available in the Asia Pacific (Tokyo) AWS Region. With this launch, your business in Japan can offer the best possible customer service experience to your customers. This also lets you provision your Amazon Connect cloud contact center with the other AWS services you use.
Alexa for Business Adds WPA2 Enterprise Wi-Fi Support for Shared Echo Devices
Alexa for Business now allows organizations to connect select Echo devices managed by Alexa for Business to their corporate WPA2 Enterprise Wi-Fi network. Many organizations prefer to have all devices on their WPA2 enterprise protected network to simplify network and device management. This new feature lets you connect the Echo devices to your existing WPA2 wireless network without having to create a guest or WPA2 personal network.
Amazon Connect is Now Available in the AWS Asia Pacific (Tokyo) Region
Amazon Connect is now available in the Asia Pacific (Tokyo) AWS Region. With this launch, your business in Japan can offer the best possible customer service experience to your customers. This also lets you provision your Amazon Connect cloud contact center with the other AWS services you use.
Additional AI Language Services Are Certified as PCI DSS Compliant
Amazon Comprehend, Amazon Translate, and Amazon Transcribe are now certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS), a proprietary information security standard administered by the PCI Security Standard Council . This means that these services are certified to handle cardholder data (CHD) and sensitive authentication data (SAD), including merchants, processors, acquirers, issuers, and service providers.
Amazon CloudFront announces ten new Edge locations in North America, Europe, and Asia
Details: Amazon CloudFront announces ten new Edge locations, adding to our global presence. Eight of the new Edge locations are in North America: Houston, Texas (our first location in this city), Chicago, Illinois, Newark, New Jersey, Los Angeles, California, and Ashburn, Virginia. We also added an Edge location in Berlin, Germany, as well as one in Tokyo, Japan.
With this launch, CloudFront will increase its request processing capacity by up to 40%, on average, in the North American cities.
These new Edge locations add to CloudFront’s existing global presence and enhance delivery, performance, and scale for our customers. A full list of CloudFront’s global locations is available on the CloudFront Features webpage.
AWS Certificate Manager Now SOC & PCI Eligible
AWS Certificate Manager is now PCI DSS compliant ; ISO 9001 , 27001 , 27017 , 27018 certified; SOC 1,2 and 3 compliant; and has been added to the AWS Services In Scope listings.