<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Ai | The AWS Blog</title><link>https://theawsblog.com/tags/ai/</link><description>Articles, tutorials and insights from the AWS community.</description><generator>Hugo</generator><language>en</language><managingEditor>@theawsblog (The AWS Blog)</managingEditor><webMaster>@theawsblog</webMaster><lastBuildDate>Tue, 30 Jun 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://theawsblog.com/tags/ai/index.xml" rel="self" type="application/rss+xml"/><item><title>Bedrock managed entitlements make model access a platform control</title><link>https://theawsblog.com/news/emiliano-montesdeoca/bedrock-managed-entitlements/</link><pubDate>Tue, 30 Jun 2026 00:00:00 +0000</pubDate><author>Emiliano Montesdeoca</author><guid>https://theawsblog.com/news/emiliano-montesdeoca/bedrock-managed-entitlements/</guid><description>Amazon Bedrock managed entitlements let organizations subscribe to marketplace models centrally and distribute access across accounts without broad AWS Marketplace permissions.</description><content:encoded>&lt;p&gt;AI model access becomes messy as soon as an organization moves beyond one account and one team. Some models are available directly. Others require AWS Marketplace subscriptions. Workload accounts need access, but broad Marketplace permissions are rarely what security teams want.&lt;/p&gt;
&lt;p&gt;The AWS Machine Learning Blog post on &lt;a href="https://aws.amazon.com/blogs/machine-learning/simplify-multi-account-access-to-amazon-bedrock-models-with-managed-entitlements/"&gt;managed entitlements for Amazon Bedrock models&lt;/a&gt; is important because it turns model access into a platform-governance problem instead of an account-by-account chore.&lt;/p&gt;
&lt;h2 id="what-changed"&gt;What changed&lt;/h2&gt;
&lt;p&gt;Managed entitlements let a central account subscribe to supported third-party Bedrock models distributed through AWS Marketplace and share access with member accounts using AWS License Manager. Workload accounts can use the model access without needing direct AWS Marketplace subscription permissions.&lt;/p&gt;
&lt;p&gt;This is especially useful for models such as Anthropic, Cohere, AI21 Labs, or Stability AI when they are distributed through Marketplace and used across many accounts.&lt;/p&gt;
&lt;h2 id="why-builders-should-care"&gt;Why builders should care&lt;/h2&gt;
&lt;p&gt;A healthy multi-account AI platform needs two things at the same time:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;teams can access approved models quickly,&lt;/li&gt;
&lt;li&gt;the organization can govern subscriptions, pricing, visibility, and permissions centrally.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Without a central entitlement pattern, every workload account becomes a small procurement and governance island. That slows adoption and creates inconsistency. With managed entitlements, a platform team can subscribe once, distribute access intentionally, and keep workload accounts away from broad Marketplace permissions.&lt;/p&gt;
&lt;p&gt;This also helps with private offers. If pricing and terms are negotiated centrally, model access should follow that central agreement rather than being recreated account by account.&lt;/p&gt;
&lt;h2 id="the-trade-offs"&gt;The trade-offs&lt;/h2&gt;
&lt;p&gt;Managed entitlements are not needed for every Bedrock model. Amazon models and some partner models may already be available without Marketplace subscription overhead. Single-account teams may not need this complexity.&lt;/p&gt;
&lt;p&gt;For larger organizations, the main design work is governance:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Who approves model subscriptions?&lt;/li&gt;
&lt;li&gt;Which accounts receive grants?&lt;/li&gt;
&lt;li&gt;How are Regions handled?&lt;/li&gt;
&lt;li&gt;How are private offers tracked?&lt;/li&gt;
&lt;li&gt;How is model use monitored against budget and policy?&lt;/li&gt;
&lt;li&gt;What is the offboarding process when a model is no longer approved?&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Access distribution is only one layer. Teams still need IAM permissions, guardrails, logging, evaluation, and cost controls around actual model invocation.&lt;/p&gt;
&lt;h2 id="what-to-do-next"&gt;What to do next&lt;/h2&gt;
&lt;p&gt;Inventory current Bedrock model usage by account. Identify which models require Marketplace subscriptions and which accounts have Marketplace permissions only because they needed model access.&lt;/p&gt;
&lt;p&gt;Then pilot managed entitlements with one approved third-party model and a small set of workload accounts. Validate the subscription flow, grant distribution, regional behavior, billing visibility, and access removal.&lt;/p&gt;
&lt;p&gt;The practical takeaway is that AI platforms need the same governance maturity as any other shared platform capability. Managed entitlements give AWS organizations a cleaner control point for model access.&lt;/p&gt;</content:encoded></item><item><title>Lambda durable functions fit the messy middle of agent workflows</title><link>https://theawsblog.com/news/emiliano-montesdeoca/lambda-durable-functions-agent-workflows/</link><pubDate>Mon, 29 Jun 2026 00:00:00 +0000</pubDate><author>Emiliano Montesdeoca</author><guid>https://theawsblog.com/news/emiliano-montesdeoca/lambda-durable-functions-agent-workflows/</guid><description>AWS Lambda durable functions give multi-agent and human-in-the-loop workflows checkpointing, replay, callbacks, and polling without forcing every team to assemble custom orchestration infrastructure.</description><content:encoded>&lt;p&gt;Agent workflows are rarely a neat chain of fast API calls. They wait for humans, retry model calls, poll external systems, compensate for failed steps, and burn money when the same expensive operation runs twice.&lt;/p&gt;
&lt;p&gt;The AWS Compute Blog post on &lt;a href="https://aws.amazon.com/blogs/compute/building-fault-tolerant-multi-agent-ai-workflows-with-aws-lambda-durable-functions/"&gt;building fault-tolerant multi-agent AI workflows with AWS Lambda durable functions&lt;/a&gt; is useful because it focuses on that messy middle. The healthcare prior authorization example is domain-specific, but the orchestration problem is common.&lt;/p&gt;
&lt;h2 id="what-changed"&gt;What changed&lt;/h2&gt;
&lt;p&gt;Lambda durable functions extend the Lambda programming model with checkpoint and replay operations. The source article highlights patterns such as:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;code&gt;context.step()&lt;/code&gt; for checkpointed work,&lt;/li&gt;
&lt;li&gt;callback waits for human review or external completion signals,&lt;/li&gt;
&lt;li&gt;condition waits for polling long-running systems,&lt;/li&gt;
&lt;li&gt;replay behavior that skips completed durable operations,&lt;/li&gt;
&lt;li&gt;execution metrics and status events for operational visibility.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;That means a long-running workflow can pause without paying compute charges during the wait, then resume from the right point when a callback arrives or a condition changes.&lt;/p&gt;
&lt;h2 id="why-it-matters-for-ai-systems"&gt;Why it matters for AI systems&lt;/h2&gt;
&lt;p&gt;Multi-agent workflows are expensive and non-deterministic. If an extraction agent, reasoning agent, or synthesis agent has already completed, you usually do not want a transient failure later in the flow to rerun everything from the start.&lt;/p&gt;
&lt;p&gt;Durable checkpointing directly addresses that. It also makes human-in-the-loop patterns less awkward. A review step can suspend for hours or days without holding a running process open or building separate queue-and-database plumbing for every workflow.&lt;/p&gt;
&lt;p&gt;This is not only an AI feature. It is orchestration for any process where work is valuable, waits are long, and retries must be controlled.&lt;/p&gt;
&lt;h2 id="the-architectural-trade-off"&gt;The architectural trade-off&lt;/h2&gt;
&lt;p&gt;The biggest benefit is also the thing to design carefully: workflow logic lives in code.&lt;/p&gt;
&lt;p&gt;That can be cleaner than stitching together many small infrastructure pieces, but it requires discipline. Builders need deterministic step boundaries, idempotent external calls, clear timeout behavior, and replay-aware logging. If a step charges a credit card, submits a claim, sends an email, or updates a ticket, retries must reuse idempotency keys.&lt;/p&gt;
&lt;p&gt;You also need to decide when Step Functions is still a better fit. If the team benefits from visual state machines, service integrations, explicit workflow definitions, or non-developer operators inspecting the flow, Step Functions remains strong. Durable functions are attractive when the orchestration is code-heavy, developer-owned, and benefits from staying close to the Lambda handler.&lt;/p&gt;
&lt;h2 id="what-builders-should-do-next"&gt;What builders should do next&lt;/h2&gt;
&lt;p&gt;Do not start by converting every workflow. Start with one painful process that has three properties:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;expensive completed steps that should not repeat,&lt;/li&gt;
&lt;li&gt;long waits for humans or external systems,&lt;/li&gt;
&lt;li&gt;retry behavior that is currently implemented with custom glue.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;Then design the durable function around failure cases first. What happens if an agent times out? If the human rejects the result? If the external API accepts a submission but the response is lost? If the workflow exceeds the business deadline?&lt;/p&gt;
&lt;p&gt;The source example uses prior authorization, but the pattern applies to code review agents, document processing, procurement approvals, incident remediation, and migration assessment pipelines.&lt;/p&gt;
&lt;p&gt;The practical takeaway: durable functions are not just about making Lambda run longer. They are about making long-running workflows resumable, observable, and cheaper to wait on.&lt;/p&gt;</content:encoded></item><item><title>Running pgvector on Aurora is a production operations decision</title><link>https://theawsblog.com/news/emiliano-montesdeoca/aurora-postgresql-pgvector-production/</link><pubDate>Thu, 25 Jun 2026 00:00:00 +0000</pubDate><author>Emiliano Montesdeoca</author><guid>https://theawsblog.com/news/emiliano-montesdeoca/aurora-postgresql-pgvector-production/</guid><description>AWS guidance on pgvector in Amazon Aurora PostgreSQL highlights that vector search is not only a model feature; it needs indexing, memory, partitioning, and observability discipline.</description><content:encoded>&lt;p&gt;It is easy to prototype vector search. It is harder to operate it after users, documents, embeddings, and retrieval patterns start changing every day.&lt;/p&gt;
&lt;p&gt;The AWS Database Blog post on &lt;a href="https://aws.amazon.com/blogs/database/running-pgvector-in-production-on-amazon-aurora-postgresql/"&gt;running pgvector in production on Amazon Aurora PostgreSQL&lt;/a&gt; is useful because it moves the conversation away from &amp;ldquo;can I store embeddings?&amp;rdquo; and toward &amp;ldquo;can I keep this retrieval system healthy?&amp;rdquo;&lt;/p&gt;
&lt;h2 id="what-changed"&gt;What changed&lt;/h2&gt;
&lt;p&gt;The source article covers operational practices for pgvector workloads on Aurora PostgreSQL: choosing index types and distance functions, managing HNSW behavior, using quantization and partitioning, sizing memory, and monitoring the signals that show when the vector store is drifting out of shape.&lt;/p&gt;
&lt;p&gt;That is the right level of discussion for production RAG systems. The database is not just a place to put vectors. It is part of the user-facing latency, relevance, and cost profile.&lt;/p&gt;
&lt;h2 id="why-builders-should-care"&gt;Why builders should care&lt;/h2&gt;
&lt;p&gt;Aurora PostgreSQL with pgvector is attractive because many teams already understand PostgreSQL. They can keep relational data, metadata filters, access patterns, and embeddings close together. That reduces architecture sprawl for early and mid-sized AI applications.&lt;/p&gt;
&lt;p&gt;But familiarity can hide risk. Vector indexes have different maintenance behavior than normal B-tree indexes. Embedding dimensions affect memory. Update and delete patterns can degrade index quality. Query filters can change recall and latency. The database may need to serve both transactional and retrieval traffic.&lt;/p&gt;
&lt;p&gt;If you treat pgvector like a small column type, production will teach you otherwise.&lt;/p&gt;
&lt;h2 id="the-trade-offs"&gt;The trade-offs&lt;/h2&gt;
&lt;p&gt;The main decision is managed abstraction versus self-managed control.&lt;/p&gt;
&lt;p&gt;Aurora PostgreSQL with pgvector gives control over schema, SQL, transactions, and tuning. That is valuable when retrieval is tightly coupled to application data. Amazon Bedrock Knowledge Bases or other managed retrieval systems reduce operational burden, which can be better when the team does not need direct database-level control.&lt;/p&gt;
&lt;p&gt;There is no universal winner. Choose pgvector on Aurora when PostgreSQL integration is a real product advantage. Choose a more managed path when the team mostly wants ingestion, embedding, retrieval, and scaling handled for them.&lt;/p&gt;
&lt;h2 id="what-to-do-next"&gt;What to do next&lt;/h2&gt;
&lt;p&gt;Before putting pgvector-backed retrieval into production, define operational checks:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;index type and distance metric per use case,&lt;/li&gt;
&lt;li&gt;expected vector count and growth rate,&lt;/li&gt;
&lt;li&gt;memory needed to keep hot indexes healthy,&lt;/li&gt;
&lt;li&gt;update and deletion behavior,&lt;/li&gt;
&lt;li&gt;query latency percentiles under realistic filters,&lt;/li&gt;
&lt;li&gt;recall evaluation for representative prompts,&lt;/li&gt;
&lt;li&gt;vacuum and maintenance expectations,&lt;/li&gt;
&lt;li&gt;fallback behavior when retrieval fails or gets slow.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Also separate prototype metrics from production metrics. A demo with 10,000 documents says little about a system with millions of vectors, concurrent users, and evolving embeddings.&lt;/p&gt;
&lt;p&gt;The practical takeaway is simple: pgvector on Aurora can be a strong architecture choice, but only if the team is ready to operate vector search as a database workload, not as a model configuration checkbox.&lt;/p&gt;</content:encoded></item><item><title>Lambda MicroVMs make isolated sandboxes a serverless design choice</title><link>https://theawsblog.com/news/emiliano-montesdeoca/lambda-microvms-isolated-sandboxes/</link><pubDate>Mon, 22 Jun 2026 00:00:00 +0000</pubDate><author>Emiliano Montesdeoca</author><guid>https://theawsblog.com/news/emiliano-montesdeoca/lambda-microvms-isolated-sandboxes/</guid><description>AWS Lambda MicroVMs give builders a new option for running user-generated and AI-generated code with VM-level isolation, fast resume, and controlled lifecycle state.</description><content:encoded>&lt;p&gt;AWS Lambda MicroVMs are interesting because they do not try to replace normal Lambda functions. They fill a different gap: workloads where the unit of isolation is not an event, but a user session, coding environment, agent run, scanner job, or other stateful sandbox.&lt;/p&gt;
&lt;p&gt;The &lt;a href="https://aws.amazon.com/blogs/aws/run-isolated-sandboxes-with-full-lifecycle-control-aws-lambda-introduces-microvms/"&gt;AWS announcement&lt;/a&gt; frames this around isolated sandboxes with full lifecycle control. That is the right framing. The practical value is not only that Firecracker provides VM-level isolation. It is that AWS is exposing a managed way to create, pause, resume, and retire those environments without asking every product team to become a virtualization platform team.&lt;/p&gt;
&lt;h2 id="what-changed"&gt;What changed&lt;/h2&gt;
&lt;p&gt;Lambda MicroVMs add a serverless compute primitive inside the Lambda family for running code in isolated, stateful execution environments. The source article describes several important properties:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;each session can run in its own Firecracker-backed MicroVM,&lt;/li&gt;
&lt;li&gt;environments can launch and resume from pre-initialized snapshots,&lt;/li&gt;
&lt;li&gt;memory, disk, and running process state can survive during the session,&lt;/li&gt;
&lt;li&gt;idle environments can be suspended by policy,&lt;/li&gt;
&lt;li&gt;applications get a dedicated endpoint and short-lived request authentication.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;That combination matters for applications that cannot fit cleanly into stateless request-response functions. A code interpreter, browser automation sandbox, vulnerability scanner, AI coding assistant, data notebook, or game scripting environment often needs process state and filesystem state between interactions.&lt;/p&gt;
&lt;h2 id="why-builders-should-care"&gt;Why builders should care&lt;/h2&gt;
&lt;p&gt;The old decision tree was uncomfortable. Virtual machines gave strong isolation but slow startup and more operations. Containers started quickly but shared a kernel, which raises the bar for safely running untrusted code. Lambda functions were operationally simple but not designed for long-running interactive state.&lt;/p&gt;
&lt;p&gt;Lambda MicroVMs create a new middle path. For builders, the design conversation becomes more precise:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Use Lambda functions for event handlers and short stateless tasks.&lt;/li&gt;
&lt;li&gt;Use containers when you need packaging flexibility and can manage isolation risk.&lt;/li&gt;
&lt;li&gt;Use Lambda MicroVMs when each tenant, user, or agent run needs a dedicated stateful sandbox.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;This is especially relevant for AI systems. As more applications let agents write code, execute tools, inspect repositories, or process customer files, isolation becomes part of the product boundary. A prompt injection bug should not become a cross-tenant file access bug.&lt;/p&gt;
&lt;h2 id="the-trade-offs-are-still-real"&gt;The trade-offs are still real&lt;/h2&gt;
&lt;p&gt;MicroVMs reduce a lot of infrastructure work, but they do not remove architecture responsibility.&lt;/p&gt;
&lt;p&gt;First, lifecycle policy becomes a cost control. If idle sessions stay warm too long, the bill can drift. If they suspend too aggressively, users feel resume latency. Teams should treat idle duration as a product setting, not a default copied from a sample.&lt;/p&gt;
&lt;p&gt;Second, snapshot-based startup changes how applications initialize. Code that generates unique state, opens long-lived external connections, or assumes initialization happens once per user action needs careful review.&lt;/p&gt;
&lt;p&gt;Third, stateful sandboxes need cleanup rules. Temporary files, credentials, downloaded packages, generated artifacts, and logs can accumulate. Builders should define what survives during a session, what is exported, and what is destroyed.&lt;/p&gt;
&lt;p&gt;Finally, security does not stop at VM boundaries. The execution role, outbound network policy, source artifact pipeline, token handling, and tenant mapping are still part of the isolation story.&lt;/p&gt;
&lt;h2 id="what-to-do-next"&gt;What to do next&lt;/h2&gt;
&lt;p&gt;I would start with workloads where the current workaround is obviously expensive: per-user EC2 sandboxes, over-hardened container runners, or Lambda workflows full of awkward &lt;code&gt;/tmp&lt;/code&gt; and rehydration logic.&lt;/p&gt;
&lt;p&gt;For a proof of concept, validate four things before celebrating:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Cold launch and resume behavior&lt;/strong&gt; with your real image size and dependencies.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Idle cost profile&lt;/strong&gt; for normal user behavior, not a synthetic benchmark.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Tenant boundary tests&lt;/strong&gt; for filesystem, process, network, and IAM access.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Failure cleanup&lt;/strong&gt; when a session crashes, times out, or is abandoned.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;Lambda MicroVMs are not just another Lambda feature. They are AWS acknowledging that the next wave of serverless workloads includes interactive, stateful, sometimes untrusted execution. That is a useful primitive, as long as teams treat it as an isolation architecture rather than a shortcut around security design.&lt;/p&gt;</content:encoded></item></channel></rss>