ACM ACME support turns certificate automation into a governance problem

AWS Certificate Manager now supports ACME for public certificates, giving teams a standard automation path while keeping domain control, audit, and policy centralized.

aws acm tls security operations

Bedrock managed entitlements make model access a platform control

Amazon Bedrock managed entitlements let organizations subscribe to marketplace models centrally and distribute access across accounts without broad AWS Marketplace permissions.

aws bedrock ai governance platform-engineering

CloudFormation Express mode is about feedback loops, not just faster deploys

AWS CloudFormation Express mode shortens infrastructure iteration by completing after configuration is applied, but builders need clear guardrails for when stabilization still matters.

aws cloudformation iac devops developer-experience

CloudFormation pre-deployment validation makes IaC failures cheaper

AWS CloudFormation and CDK pre-deployment validation now runs on stack operations, helping builders catch quota, Config, and ECR issues before failed deployments waste time.

aws cloudformation cdk devops iac

Replicating S3 bucket configuration needs workflow discipline

AWS shows how Step Functions can replicate S3 bucket configuration across Regions, but builders should decide where automation ends and infrastructure as code should remain the source of truth.

aws s3 step-functions disaster-recovery operations

Faster S3 access log queries make storage security more usable

AWS shows how CloudWatch and S3 Tables can make S3 access logs easier to query, which helps builders turn storage audit data into operational and security signals.

aws s3 cloudwatch security observability

Lambda durable functions fit the messy middle of agent workflows

AWS Lambda durable functions give multi-agent and human-in-the-loop workflows checkpointing, replay, callbacks, and polling without forcing every team to assemble custom orchestration infrastructure.

aws lambda serverless ai reliability

Redshift multi-warehouse improvements reduce the analytics freshness trade-off

Amazon Redshift multi-warehouse enhancements improve materialized views, remote DDL, and concurrency scaling so analytics teams can separate ingestion and consumption more cleanly.

aws redshift analytics data-engineering scalability

Secure ML environments need productivity and exfiltration controls together

An AWS architecture using SageMaker AI, VPC endpoints, DNS controls, and WorkSpaces Secure Browser shows how ML teams can protect sensitive data without returning to expensive air-gapped workflows.

aws sagemaker machine-learning security data-protection

S3 Storage Lens groups make storage cost conversations less generic

Amazon S3 Storage Lens groups help teams inspect storage by workload-specific criteria, making cost, lifecycle, and data hygiene work more actionable.

aws s3 cost-optimization storage operations

Running pgvector on Aurora is a production operations decision

AWS guidance on pgvector in Amazon Aurora PostgreSQL highlights that vector search is not only a model feature; it needs indexing, memory, partitioning, and observability discipline.

aws aurora postgresql pgvector ai

AWS Transform makes migration assessments more conversational, but data quality still wins

AWS Transform assessments use agentic AI to turn migration planning into an interactive business-case workflow, but builders still need inventory discipline and assumption control.

aws migration modernization aws-transform cloud-strategy

OpenSearch Serverless next generation changes the economics of tenant isolation

Amazon OpenSearch Serverless next-generation architecture makes collection-per-tenant search more practical with scale-to-zero compute and regional endpoint routing.

aws opensearch search serverless multitenancy

Restricting AWS Console access by network is a useful perimeter, not a complete identity strategy

AWS sign-in resource-based policies and resource control policies can restrict Management Console access to expected networks, adding a practical layer to data perimeter designs.

aws security iam organizations data-perimeter

S3 Files makes Lambda file workflows simpler, but not automatically better

Amazon S3 Files lets Lambda functions work with S3-backed file paths instead of download-process-upload code, which can simplify workloads if teams understand consistency, throughput, and VPC implications.

aws lambda s3 serverless modernization

EKS Auto Mode improvements show why managed Kubernetes is becoming operational engineering

Recent EKS Auto Mode runtime, compute, storage, and networking improvements reduce Kubernetes operational friction, but teams still need workload-level SLOs and migration discipline.

aws eks kubernetes containers operations

EKS control plane egress through your VPC closes a real private-cluster gap

Amazon EKS customer-routed control plane egress lets Kubernetes API server traffic use customer VPC routing, security controls, and private endpoints for webhooks and OIDC dependencies.

aws eks kubernetes networking security

Lambda MicroVMs make isolated sandboxes a serverless design choice

AWS Lambda MicroVMs give builders a new option for running user-generated and AI-generated code with VM-level isolation, fast resume, and controlled lifecycle state.

aws lambda serverless security architecture

Lambda runtime upgrades need campaigns, not reminders

AWS Transform custom can help teams upgrade Lambda runtimes at scale, but the durable improvement is treating runtime changes as governed modernization campaigns.

aws lambda modernization developer-tools operations

Before downsizing EC2, simulate the EBS burst budget

AWS shows how to simulate EBS burst credits before downsizing EC2 instances, a practical cost-optimization step that avoids turning compute savings into storage throttling.

aws ec2 ebs cost-optimization performance