AWS has introduced automatic application layer (L7) DDoS protection through AWS WAF, enabling faster detection and mitigation of DDoS events. This enhancement allows cloud security administrators to protect applications with reduced operational overhead by automatically applying rules based on traffic anomalies. The feature is available for AWS WAF and AWS Shield Advanced subscribers across most regions, with configurations customizable to specific application needs.

A German insurance broker is modernizing their input management for physical letters, processing around 8,500 pages monthly without APIs. The article details the implementation of end-to-end testing within a CI/CD pipeline using the Cloud Development Kit (CDK), highlighting the importance of testing strategies and infrastructure setup to ensure quality in their event-based architecture.

A comprehensive solution for automating resource tagging across AWS Organizations is presented, utilizing CloudFormation, Lambda functions, and AWS Config to maintain consistent tags across multiple accounts. The implementation streamlines compliance monitoring and resource governance by automating the tagging process and propagating tags from organizational units to child accounts. Key components include cross-account role management and error handling, ensuring effective resource management in production environments.

Envilder is a CLI tool that automates .env and secret management using AWS SSM Parameter Store, streamlining environment setup for development teams. It addresses common issues like outdated secrets, manual onboarding, and security risks by centralizing secrets management, generating consistent .env files, and enhancing CI/CD workflows. Envilder ensures secure, efficient, and idempotent management of environment variables across various environments, making it ideal for DevOps practices.

Automating certificate management is crucial for organizations using AWS Private CA, especially to handle custom validity periods and monitor expiration dates. Utilizing AWS services like EventBridge, Lambda, and SNS, a scalable solution is proposed to generate audit reports that track certificate statuses and notify stakeholders of upcoming expirations. This approach enhances operational security and ensures timely compliance with certificate management needs.

Intrusion Shield for AWS offers an automated cloud firewall that utilizes decades of threat intelligence to block risky network traffic without the need for manual rule management. It analyzes all network traffic in real-time, generates firewall rules, and provides prioritized recommendations for addressing security risks. Available on AWS Marketplace, it simplifies security for lean teams by minimizing alerts and streamlining threat management.

Organizations can automate the disabling of compromised user accounts in AWS Managed Microsoft Active Directory by utilizing Amazon GuardDuty for threat detection. The article outlines a step-by-step process to set up GuardDuty, configure AWS Systems Manager, and use AWS Step Functions to streamline the response to suspicious activities detected in EC2 instances. This automation minimizes human error and enhances security against potential data breaches.

The article discusses the creation of an AI agent designed to automate the triage of AWS GuardDuty alerts using tools and structured outputs. It outlines the technologies used, including PydanticAI and Discord integration, and describes the agent's functionality in assessing alerts, retrieving contextual information, and providing structured responses. The author shares insights from testing the agent with various GuardDuty findings, highlighting its ability to classify alerts accurately based on context.

Amazon SageMaker's lakehouse architecture now automates the optimization of Apache Iceberg tables on Amazon S3, simplifying maintenance through catalog-level configuration. This enhancement allows data lake administrators to enable automated table optimizations, such as compaction and orphan file deletion, across all Iceberg tables with a single setting, improving performance and cost efficiency.

AWS Organizations has introduced a new account state field to provide more granular tracking of account lifecycles, enhancing management capabilities for AWS accounts. This change aims to improve clarity around account readiness and closure processes, transitioning to the new field while phasing out the existing status field by September 2026. Users are encouraged to update their automated workflows to utilize the new account state information.

AWS has launched the Amazon Application Recovery Controller (ARC) Region switch, a managed solution that simplifies the process of orchestrating and automating Region switches for disaster recovery. This service allows users to create recovery plans with various execution blocks, perform proactive validation of resources, and monitor recovery status through a global dashboard. The reception has been positive, with industry experts noting its potential to streamline multi-region disaster recovery efforts.

Dacadoo successfully transformed its API service from a virtual machine to a Kubernetes-based architecture and finally to a fully serverless solution on AWS, achieving a remarkable 78% reduction in cloud costs and significantly lowering operational maintenance efforts. The transition enhanced scalability, availability, and automation, while complying with regulatory requirements for sensitive health data. This journey highlights the benefits of adopting managed services and modern cloud technologies.