AWS Config now supports two new managed rules to detect overly permissive Amazon S3 bucket policies. Previously, you had to manually examine the policies tied to each of your S3 buckets to ensure proper access configurations are in place. Now, you can use Config rules to automatically check your S3 buckets for unrestricted public read or write access. With these new rules, you can check Access Control Lists (ACLs) and policies attached to your S3 buckets, flag non-compliant resources, and receive Amazon Simple Notification Service (Amazon SNS) notifications when your bucket permissions change.

Amazon Elastic File System (EFS) now allows you to encrypt your data at rest using keys managed through AWS Key Management Service (KMS). Encryption and decryption are handled seamlessly, so you don’t have to modify your applications to access your data.

Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.

Amazon Athena is now integrated with the AWS Glue Data Catalog. The AWS Glue Data Catalog provides a central metadata repository for all of your data assets regardless of where they are located. It integrates with Amazon S3, Amazon RDS, Amazon Redshift and Amazon Redshift Spectrum, Amazon Athena, Amazon EMR, and any Apache Hive Metastore compatible application. If you already use Amazon Athena, we recommend that you upgrade from using Athena’s internal Data Catalog to AWS Glue Data Catalog. Click here to learn more about the upgrade .

Amazon Lex is now integrated with AWS CloudTrail, a service that enables you to log, continuously monitor, and retain events related to API calls across your AWS infrastructure, to provide a history of API calls for your account. Amazon Lex API calls are captured from the Amazon Lex console or from your API operations using the SDKs directly. Your Amazon Lex API calls are delivered to an Amazon S3 bucket with your other AWS service records. Using the information collected by AWS CloudTrail, you can track requests made to Amazon Lex including the origination of the request, such as source IP address, the date and time the request was made, and the parameters requested.

Announcing the new AWS CloudHSM. The new CloudHSM offers you cost effective hardware key management at cloud scale for sensitive and regulated workloads. You can now generate and use encryption keys using FIPS 140-2 Level 3 validated hardware security modules (HSMs) on the AWS Cloud. CloudHSM integrates with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG). It is also standards-compliant and enables you to export all of your keys to most other commercially-available HSMs. CloudHSM is a fully-managed service that automates time-consuming administrative tasks for you, such as hardware provisioning, software patching, high-availability, and backups. With CloudHSM, you can add and remove HSM capacity on-demand, with no up-front costs.

You can now use the AWS Glue Data Catalog with Apache Spark and Apache Hive on Amazon EMR. The AWS Glue Data Catalog is a managed metadata repository that is integrated with Amazon EMR, Amazon Athena, Amazon Redshift Spectrum, and AWS Glue ETL jobs. Additionally, it provides automatic schema discovery and schema version history. You can choose to use the AWS Glue Data Catalog to store external table metadata for Hive and Spark instead of utilizing an on-cluster or self-managed Hive Metastore. This allows you to more easily store metadata for your external tables on Amazon S3 outside of your cluster.

You can now use the AWS Glue Data Catalog as the metadata repository for Amazon Redshift Spectrum. The AWS Glue Data Catalog provides a central metadata repository for all of your data assets regardless of where they are located.  

Amazon Virtual Cloud (VPC) now provides customers an opportunity to recover EIPs that they might have released accidentally. The released EIPs are available for recovery as long as they are not assigned to a different customer. The sooner customers try to recover their EIPs, the better are the chances of recovering them. Customers can recover their EIPs via CLI by using the allocate-address command and specifying the IP address using the –address parameter.  

The AWS Tools for Microsoft Visual Studio Team Services (VSTS) is an extension for Microsoft VSTS and on-premises Microsoft Team Foundation Server (TFS) that makes it easy to deploy .NET applications to AWS. If you already use Microsoft VSTS or TFS, the AWS Tools for VSTS makes it easy to deploy your code to AWS without changing how you run your project, organize your builds, and track your work.