What's New with AWS

AWS announces an official source for AWS API Model definition files and service model packages, providing developers with access to API definitions for all AWS services. We now publish daily updates of these API models to an open-source GitHub repository in Smithy format and also publish these packages to Maven Central.

AWS public service models enable developers to take advantage of the same service model definitions that AWS uses for live services. These API models can be pulled into integrated development environments using the new packages available in Maven and can be used for developer tools use cases like mock testing or evolving MCP server needs. By utilizing open source Smithy code generators, you can also generate purpose-built AWS SDKs.

The AWS service API models can be found on GitHub and Maven. Learn more in our AWS News blog post.
 

Today, AWS announces that AWS Control Tower supports seven new compliance frameworks in Control Catalog. Control Catalog is the central place in AWS for searching and enabling managed controls.In addition to existing frameworks, controls are now mapped to CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023.

To get started, navigate to the Control Catalog in AWS Control Tower and search for a framework like PCI-DSS-v4.0 to view related controls. This feature helps you meet your compliance requirements faster and with higher confidence. For programmatic access, utilize the new ListControlMappings API to search controls by frameworks, and take advantage of the updated ListControls and GetControl APIs, which now support GovernedResources, to understand the resource types governed by each control. We've also introduced a new classification system to help you better comprehend and manage controls. In addition to the new frameworks, controls in Control Catalog are now mapped to a domain (e.g., "Data Protection"), an objective (e.g., "Data Encryption"), and a common control (e.g., "Encrypt data at rest"). This clearer structure simplifies the process of understanding, searching, and deploying the controls you need. If you're using AWS Config, now you'll see the same comprehensive mapping of Config rules to compliance frameworks, domains, objectives, and common controls that you find in AWS Control Tower, ensuring a unified experience across your AWS environment.

You can use Control Catalog with new mappings in all AWS Regions where AWS Control Tower is available, including AWS GovCloud (US). To learn more, visit AWS Control Tower User Guide.

AWS Key Management Service (KMS) now supports the FIPS 203 Module-Lattice Digital Signature Standard (MLDSA), a quantum-resistant digital signature algorithm designed to help organizations address emerging quantum computing threats. This post-quantum signature algorithm is one of the selected algorithms standardized by NIST to protect sensitive information well into the foreseeable future, including after the advent of cryptographically relevant quantum computers. ML-DSA is particularly valuable for manufacturers and developers who need to protect firmware and application code signing where cryptographic signatures cannot be easily updated after deployment and for organizations that require signatures on digital content to remain valid for several years.

The ML-DSA keys integrate with the existing KMS CreateKey and Sign APIs, enabling customers to preserve their established automation processes, IAM and KMS key policies, auditing capabilities, and tagging workflows. AWS KMS support for ML-DSA introduces three new key specs (ML_DSA_44, ML_DSA_65, and ML_DSA_87) that work with the post-quantum SigningAlgorithm ML_DSA_SHAKE_256, with support for both raw signatures and the pre-hashed variant (External Mu).

This new feature is generally available and you can use ML-DSA in the following AWS Regions: US West (N. California), and Europe (Milan) with the remaining commercial AWS Regions to follow in the coming days. To learn more, see the AWS Security Blog for how to create post-quantum signatures using AWS KMS and ML-DSA, and see the ML-DSA signing topic in the AWS KMS Developer Guide.

Amazon Virtual Private Cloud IP Address Manager (Amazon VPC IPAM) that makes it easier for you to plan, track, and monitor IP addresses for your AWS workloads, is now available in Asia Pacific (Taipei) Region.

Amazon VPC IPAM allows you to easily organize your IP addresses based on your routing and security needs, and set simple business rules to govern IP address assignments. Using VPC IPAM, you can automate IP address assignment to Amazon VPCs and VPC Subnets, eliminating the need to use spreadsheet-based or homegrown IP address planning applications, which can be hard to maintain and time-consuming.

With this expansion, Amazon VPC IPAM is available in all AWS Regions, including China (Beijing, operated by Sinnet), and China (Ningxia, operated by NWCD), and the AWS GovCloud (US) Regions.

To learn more about IPAM, view the IPAM documentation. For details on pricing, refer to the IPAM tab on the Amazon VPC Pricing Page.

Amazon Connect Outbound Campaigns now offers new instance-level communication total limit control to give you greater flexibility in configuring how often you want to engage with your customers across multiple campaigns. It also provides the ability to opt out of limit controls for critical campaigns. These new capabilities enable more efficient and targeted customer engagement strategies.

The new instance-level total limit setting allows businesses to manage overall outbound communication limits across all campaigns while ensuring compliance with regulations such as the U.S. Telephone Consumer Protection Act (TCPA). This feature provides a centralized approach to managing communication frequency, helping businesses avoid over-contacting customers and potentially improving customer satisfaction. The ability to opt out of these limits for specific campaigns enables critical communications, such as fraud alerts or support during inclement weather, to reach customers when needed most, enhancing overall outbound communication effectiveness.

The feature is available in US East (N. Virginia), US West (Oregon), Africa (Cape Town), Asia Pacific (Sydney), Canada (Central), Europe (Frankfurt) and Europe (London) AWS regions. To learn more about Amazon Connect Outbound Campaigns, please visit the outbound campaigns webpage.

MCP support is available within the Visual Studio Code and JetBrains IDE plugins, and Amazon Q Developer CLI. To get started, visit the Amazon Q Developer documentation or read the blog to learn more.

Following the announcement of the price reduction for Amazon EC2 NVIDIA GPU-accelerated instances, we are announcing up to 45% price reduction for Amazon SageMaker AI instances to enable more cost-efficient generative AI model development.

The price reduction for SageMaker AI instances includes P4 (P4d and P4de) and P5 (P5, P5e and P5en) instance types. This price reduction to On-Demand and Savings Plan pricing applies to all Regions where these instances are available. The pricing reduction applies to On-Demand purchases beginning June 9 and to Savings Plan purchases effective after June 16.

We also reduced the price on flexible training plans to help customers run cost-effective model training on Amazon SageMaker HyperPod. The price reduction for training plans is applicable to P5, P5e, P5en, and trn1 instance types in all non-US Regions.

These pricing updates reflect the AWS commitment to making GPU computing more accessible while passing cost savings directly to customers. Learn more about the new pricing on the SageMaker AI pricing page.

Today, Amazon Verified Permissions announces price reduction for single authorization requests by up to 97% to $5 per million API requests. This price reduction makes it substantially cost-effective for customers to implement fine-grained authorization across all their applications, enabling authorization checks for every user action.

Amazon Verified Permissions is a scalable, fully managed authorization service that uses Cedar, an open-source policy language for access control. By decoupling permissions from application logic, Amazon Verified Permissions allows you to centrally manage authorization policies while improving your applications' security posture and development efficiency.

The price reduction applies to all AWS Regions where Amazon Verified Permissions is available starting June 12, 2025, at midnight UTC, and is enabled for all customers without any further action. The reduction applies to requests made to the isAuthorized and isAuthorizedWithToken APIs. The pricing for batch authorization requests and policy management operations remains unchanged. For more information about Amazon Verified Permissions pricing, visit the Verified Permissions pricing page or AWS Pricing calculator.