Version 3.380.3

• Aws\Route53Resolver - Adds supports for DNS64 on inbound endpoints and IPv6 forwarding through the internet gateway (IGW) on outbound endpoints, making it easier to manage hybrid DNS across IPv4 and IPv6 networks.
• Aws\BedrockAgentCoreControl - Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy).
• Aws\EC2 - DescribeInstanceTypes now accepts an IncludeUnsupportedInRegion parameter. When set, the response also lists instance types that are not available in the current Region. Each instance type includes a SupportedInRegion field indicating its regional availability.
• Aws\BedrockAgentCore - Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy).
• Aws\GuardDuty - This is a documentation update
• Aws\Invoicing - Updated ListInvoiceSummaries API to add new ReceiverRole filter in Request and Response
• Aws\BCMDataExports - With this release, customers can configure their data exports to generate additional integration artifacts for Athena and Redshift.

Version 3.380.2

• Aws\imagebuilder - The ImportDiskImage API now enforces a maximum character limit of 128 characters on the image name field.
• Aws\MWAA - Amazon MWAA now supports a PublicAndPrivate webserver access mode. The Airflow web server is accessible over both public and private endpoints, enabling workers in VPCs without internet access to reach the Task API privately while retaining public access to the Airflow UI.
• Aws\S3 - Validate outpost access point resource name
• Aws\BedrockAgentCoreControl - Adds support for bring-your-own file system in AgentCore Runtime. Developers can mount Amazon S3 Files and Amazon EFS access points directly into agent sessions using filesystemConfigurations.
• Aws\LexModelsV2 - Amazon Lex V2 introduces audio filler support for speech-to-speech bots. Configure melody or typing sounds that play during backend processing to reduce perceived latency and maintain a natural conversational experience for callers.
• Aws\Glue - Adds support for a CustomLogGroupPrefix parameter in StartDataQualityRulesetEvaluationRun to specify custom CloudWatch log group paths, and a RulesetName filter in ListDataQualityRulesetEvaluationRuns to filter evaluation runs by ruleset name.
• Aws\SageMaker - Amazon SageMaker HyperPod now returns ImageVersionStatus in DescribeCluster, DescribeClusterNode, and ListClusterNodes responses, indicating whether cluster instances are running the latest available image version.
• Aws\SecurityHub - Release GenerateRecommendedPolicyV2 and GetRecommendedPolicyV2 APIs. This supports generating and retrieving policy recommendations to remediate unused permissions findings that are now being supported on Security Hub.

Version 3.380.1

• Aws\CleanRoomsML - Increase max configurable output limits in the Clean Rooms ML configured model algorithm association resource.
• Aws\Route53Domains - This release adds the TLDInMaintenance exception.
• Aws\SageMaker - Adds support for ml.p5.4xlarge instance type for SageMaker Studio JupyterLab and CodeEditor apps for IAD (us-east-1), NRT (ap-northeast-1), BOM (ap-south-1), CGK (ap-southeast-3), GRU (sa-east-1), PDX (us-west-2), CMH (us-east-2).
• Aws\OpenSearchService - Amazon OpenSearch Service now supports VPC egress, enabling outbound traffic from your OpenSearch domain to route privately through your VPC instead of the public internet.
• Aws\MedicalImaging - Add support for DICOM Json Metadata Override features in startDICOMImportJob API
• Aws\MarketplaceAgreement - With this release, Agreements API provides a programmatic way to generate quotes, accept offers, track charges and entitlements, manage renewals and cancellations, and streamline operations entirely through APIs without navigating to the AWS Marketplace website or AWS Management Console.
• Aws\MediaTailor - Added support for Monetization Functions. Monetization Functions let you enrich ad requests with external data and transform session parameters using JSONata expressions, without deploying custom infrastructure.
• Aws\CloudFront - Adds support for tagging CloudFront Functions and KeyValueStores resources.

Version 3.380.0

• Aws\Retries - Adds an opt-in new retry behavior. Set AWS_NEW_RETRIES_2026=true to enable the new path. When the env var is unset (the default), retry behavior is unchanged from previous releases. With the flag enabled, the SDK switches the default retry mode from 'legacy' to 'standard', adopts a throttling-aware token-bucket retry quota (cost 14 for non-throttling, 5 for throttling), reduces the non-throttling base backoff to 50ms, checks max-attempts before quota, honors the x-amz-retry-after header, sleeps without retrying on long-polling operations (SQS, SFN, SWF) when the quota is exhausted, and lets custom deciders supplement (rather than replace) built-in retryability checks. DynamoDB defaults to 4 attempts with a 25ms base; STS treats IDPCommunicationError as transient; S3's existing custom decider keeps its socket carve-out. The flag is intended as an opt-in for early adopters and will become the default in a future release.
• Aws\GeoRoutes - Added support for TravelTimeExceedsDriverWorkHours, ViolatedBlockedRoad, and ViolatedVehicleRestriction notice codes to the CalculateRoutes API response.
• Aws\MediaLive - Updates the type of the MediaLiveRouterOutputConnectionMap.
• Aws\BedrockAgentCoreControl - Amazon Bedrock AgentCore gateways now support MCP Sessions and response streaming from MCP targets. Session timeouts can be set between 15 minutes and 8 hours, and response streaming enables forwarding stream events sent by MCP targets to gateway users.
• Aws\EC2 - This feature allows customers to change the tunnel bandwidth on existing VPN connections using the ModifyVpnConnectionOptions API
• Aws\CloudWatchLogs - Adding an additional optional deliverySourceConfiguration field to PutDeliverySource API. This enables customers to pass service-specific configurations through IngestionHub such as tracing enablement or sampling rates that will be propagated to the source resource.
• Aws\SecurityAgent - AWS Security Agent is adding a new target domain verification method for private VPC penetration testing. Additionally, the target domain resource will now have a verification status reason field to surface additional details about domain verification
• Aws\LexModelBuildingService - Lex V1 is deprecated, use Lex V2 instead
• Aws\VPCLattice - Amazon VPC Lattice now supports privately resolvable DNS resources

Version 3.379.11

• Aws\ - Use WeakReference in PresignUrlMiddleware and EndpointDiscoveryMiddleware to prevent circular reference memory leaks.
• Aws\QConnect - Added reasoning details, statusDescription, and timeToFirstTokenMs fields to the ListSpans response in Amazon Q in Connect to provide visibility into model thinking, error diagnostics, and inference latency metrics.
• Aws\CloudWatchLogs - Adds support for filtering log groups by tags in the ListLogGroups API via the new logGroupTags parameter.
• Aws\EntityResolution - Add support for transitive matching in AWS Entity Resolution rule-based matching workflows. When enabled, records that match through different rules are grouped together into the same match group, allowing related records to be connected across rule levels.
• Aws\CloudWatch - This release adds tag support for CloudWatch Dashboards. The PutDashboard API now accepts a Tags parameter, allowing you to tag dashboards at creation time. Additionally, the TagResource, UntagResource, and ListTagsForResource APIs now support dashboard ARNs as resources.
• Aws\QuickSight - Add IdentityProviderCACertificatesBundleS3Uri for private CA certs with OAuth datasources. 256-char limit for FontFamily in themes. ControlTitleFormatText on all 13 filters. ControlTitleFontConfiguration. ContextRegion for cross-region identity context. Story,scenario in CreateCustomCapability API.
• Aws\AppStream - Amazon WorkSpaces Applications now enables AI agents to securely operate desktop applications. Administrators configure stacks to provide agents access to WorkSpaces. Agents can click, type, and take screenshots. Agents authenticate with AWS IAM credentials with activity logged in AWS CloudTrail.
• Aws\IAM - Added guidance for CreateOpenIDConnectProvider to include multiple thumbprints when OIDC discovery and JWKS endpoints use different hosts or certificates
• Aws\IoT - AWS IoT HTTP rule actions now support cross-topic batching, combining messages from different MQTT topics into single HTTP requests.

Version 3.379.10

• Aws\BedrockAgentCore - AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records.
• Aws\EKS - Vended logs update param for capability vended logs feature
• Aws\ObservabilityAdmin - Observability Admin enablement launch for AWS Kafka, Bedrock Agent Core Workload Identity and OTel metric enablement.
• Aws\Kafka - Adds support for ZookeeperAccess field to control the Client-Zookeeper connectivity.
• Aws\DataZone - Adds support for asynchronous notebook runs
• Aws\PaymentCryptography - Adds support for resource-based policies on AWS Payment Cryptography keys, enabling cross-account key sharing. Also adds Multi-Party Approval (MPA) team association APIs for protecting sensitive import root public key operations.
• Aws\SSOAdmin - Add InstanceArn and IdentityStoreArn in the response of CreateApplication API and IdentityStoreArn in the response of DescribeApplication API
• Aws\SageMaker - Add InstancePools support to Endpoint for flexible provisioning across a prioritized list of instance types. Add Specifications support to InferenceComponent for per-instance-type model configurations.
• Aws\Route53GlobalResolver - Adds support for regions in the UpdateGlobalResolver input.
• Aws\BedrockAgentCoreControl - AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records.

Version 3.379.9

• Aws\Deadline - Adds support for rtx-pro-server-6000 GPU accelerator for service-managed fleets.
• Aws\ECR - Removes support for registry policy V1
• Aws\BedrockAgentCore - Adds batch evaluation for running evaluators against multiple agent sessions with server-side orchestration, AI-powered recommendations for optimizing system prompts and tool descriptions, and AB testing with controlled traffic splitting and statistical significance reporting
• Aws\BedrockAgentCoreControl - Adds configuration bundles for versioned, immutable agent configuration snapshots with branch-based lineage
• Aws\MediaPackageV2 - This feature adds configuration for specifying SCTE marker handling and allow greater control over generated manifest and segment URIs
• Aws\CloudFront - Amazon CloudFront now supports cache tag. Tag objects via response headers and invalidate all matching objects in a single request, replacing manual URL tracking and broad wildcards.
• Aws\Transfer - This launch will increase the limits for customers to list the contents from the remote directories from 10k to 200k.
• Aws\GameLift - Amazon GameLift Servers adds a new DescribeContainerGroupPortMappings API for container fleets, making it easy to discover which connection ports map to your container ports without needing to remotely access the compute.
• Aws\Account - Adds AccountState in the response for the GetAccountInformation API. Each state represents a specific phase in the account lifecycle. Use this information to manage account access, automate workflows, or trigger actions based on account state changes.
• Aws\WorkSpacesWeb - Allow admins to configure IPv6 ranges on IP Access Settings.

Version 3.379.8

• Aws\OpenSearchService - Amazon OpenSearch Service now supports JWKS URL configuration for JWT authentication
• Aws\mgn - Added network modernization support, enabling customers to edit, resize, merge, and split VPCs and subnets during migration while retaining functional, non-conflicting IP addresses.
• Aws\Omics - Enable Public Internet or VPC configuration to BatchRun
• Aws\CloudWatchLogs - Adds support for selecting all logs sources and types in a single association.
• Aws\GameLiftStreams - Adds Proton 10.0-4 to the list of runtime environment options available when creating an Amazon GameLift Streams application
• Aws\ApplicationSignals - Application Signals now supports creating composite Service Level Objectives on Service Operations. Users can now create service SLO on multiple operations.
• Aws\WorkSpaces - Added support for Protocol as modified resource and added update failure as modification state
• Aws\IVS - Adds tags parameter to the CreateAdConfiguration operation
• Aws\KMS - KMS GetKeyLastUsage API provides information on the last successful cryptographic operation performed on KMS keys. This new API provides KMS customers with the last timestamp, CloudTrail eventId, and the cryptographic operation that was performed on the key.
• Aws\Glue - Addition of AdditionalAuditContext to GetPartition, GetPartitions, GetTableVersion, and GetTableVersions
• Aws\BillingConductor - Add support for Passthrough pricing plan
• Aws\SageMaker - Updated API documentation for endpoint MetricsConfig. Added details on supported metric publish frequencies and clarified how EnableEnhancedMetrics controls utilization and invocation metric behavior.

Version 3.379.7

• Aws\ConnectHealth - Corrected CreateWebAppConfiguration documentation. Adding slash as an allowed character for the Ambient documentation agent to allow pronoun specifications.
• Aws\Connect - Amazon Connect is expanding attachment capabilities to give customers greater flexibility and control. Currently limited to predefined file types, the new feature will allow contact center administrators to customize which file extensions and sizes are supported across chat, email, tasks, and cases.
• Aws\BedrockAgentCoreControl - Added support for configuring identity providers and inbound authorizers within a private VPC for AWS Bedrock AgentCore, enabling secure network connection without public internet access
• Aws\Transfer - AWS Transfer Family now support configurable IP address types for Web Apps of type VPC, enabling customers to select IPv4-only or dual-stack (IPv4 and IPv6) configurations based on their network requirements.
• Aws\CloudWatchLogs - Adding nextToken and maxItems to the GetQueryResults API.
• Aws\Evs - EVS now supports i7i.metal-24xl EC2 bare metal instance type, delivering high random IOPS performance with real-time latency, ideal for IO intensive and latency-sensitive workloads such as transactional databases, real-time analytics, and AI ML pre-processing.

Version 3.379.6

• Aws\OpenSearchService - Amazon OpenSearch UI applications now support cross-Region domain association, enabling you to connect OpenSearch Dashboards in one AWS Region to OpenSearch domains in other Regions within the same partition for centralized data visualization.
• Aws\IoTManagedIntegrations - Adds "Status" field to provisioning profile operation response types, giving users visibility into the readiness of a provisioning profile to be used for device provisioning.
• Aws\DataZone - Releasing For LakehouseProperties attributes in the Connections API's
• Aws\PCS - This release adds support for Slurm 25.11 with expedited requeue enabled by default for jobs failing due to node issues, configurable requeue delay, health checks at node startup only, and unauthenticated HTTP endpoints disabled by default for improved security.