What AWS Has For Us This Time
Amazon Corretto 26 is now generally available - "Making Final Mean Final" is my favorite Java feature name since "Optional isn't optional." Corretto 26 ships HTTP/3 support and faster startup times, which is great because your Lambda cold starts needed all the help they could get. Supported through October 2026, so mark your calendar for the next upgrade treadmill.
Amazon SimpleDB now supports exporting domain data to Amazon S3 - SimpleDB is still alive?! This is less "exciting new feature" and more "here's a body bag to help you move the corpse to S3." They're literally building you a prettier exit door. The export tool is free, which is the least AWS can do for the seven people still running SimpleDB in production.
AWS CDK Mixins is now generally available - CDK finally gets mixins, solving the eternal "L1 vs L2" construct dilemma that's haunted infrastructure teams like a DevOps ghost. The `.with()` syntax is elegant, which makes me suspicious. Compliance teams can now enforce policies without rebuilding everything, meaning they'll find exciting new ways to block your Friday deploys instead.
AWS Lambda Managed Instances now supports Rust - Lambda Managed Instances is already "what if Lambda was just EC2 with extra steps," and now it supports Rust. So you can write memory-safe code on a service whose identity crisis is anything but safe. At least the Rust evangelists finally have a reason to mention Rust in your next architecture meeting. Again. Not that they apparently needed one.
Amazon CloudWatch Logs now supports log ingestion using HTTP-based protocol - Four endpoints, four different JSON flavors, and API keys that expire on schedules ranging from "next Tuesday" to "hopefully before the audit." CloudWatch finally accepting logs over plain HTTP feels like AWS admitting the SDK isn't always the answer, which is the kind of personal growth I can respect. Only four regions at launch, naturally.
AWS Lambda now supports Availability Zone metadata - Serverless was supposed to mean "stop thinking about infrastructure," and now Lambda lets you know which Availability Zone you're in. Because nothing says "I don't manage servers" like writing AZ-aware routing logic to dodge cross-AZ data transfer charges.
Expanding the BOX Program to Business Consulting and Advisory Partners - "Business Outcomes Xcelerator" - because apparently AWS ran out of normal words and had to swap a letter to make the acronym work. It's invite-only consulting partner funding dressed up in enough buzzwords to make a McKinsey deck blush. Bain and BCG are launch partners, so at least someone's billing hourly here.
Twenty years of Amazon S3 and building what’s next - Happy 20th birthday to the service that quietly became the backbone of the internet and the largest line item on your AWS bill. S3's prices dropped 85% since launch, which sounds impressive until you realize your storage volume grew 10,000%. Congrats, you're spending more than ever.
Synchronizing a Backup on-premises Db2 Server with Amazon RDS for Db2 - Nothing screams "we trust the cloud" quite like a 3,000-word guide on keeping an emergency on-prem Db2 server synchronized with RDS, just in case. It's the database equivalent of wearing a parachute to a trampoline park. At least someone's still running Db2, which is its own kind of bravery.
AWS and NVIDIA deepen strategic collaboration to accelerate AI from pilot to production - Over a million NVIDIA GPUs headed to AWS. That's a lot of silicon to power AI workloads that companies swear are going to production any day now. "Deepened strategic collaboration" is corporate for "we're spending ungodly amounts of money and need a press release to justify it to shareholders."
Migrate from Amazon Nova 1 to Amazon Nova 2 on Amazon Bedrock - Upgrading from Nova 1 Pro or Premier? AWS recommends migrating to... Nova 2 Lite. That's right, the "downgrade" is actually an upgrade that's 7x cheaper and 5x faster. Nothing inspires confidence in your original model selection like being told the budget option now beats it.
Essential security controls to prevent unauthorized account removal in AWS Organizations - Nothing sings "shared responsibility model" quite like publishing a blog post explaining how attackers can yank compromised accounts right out of your Organization, nuking all your governance controls. The fix? SCPs you should've had from day one, a "Transition OU," and the quiet prayer that your break-glass procedures actually work.
Demystifying Amazon VPC peering charges - Ah, "transparency;" in this case a blog post explaining how to find charges that were previously hidden inside a different line item. They didn't lower the price, they just moved the shell. Your finance team now gets to play detective with Cost Explorer instead of, you know, getting a straightforward bill.
AWS and Others Invest $12.5M to Defend the Open Source Ecosystem from AI Threats - Twelve and a half million dollars split across five of the wealthiest tech companies on Earth to fix a problem their own AI models created. That's roughly what each of them spends on catering in a quarter. Still, open source maintainers drowning in AI-generated bug slop need the help, so I'll save the snark. Mostly.
Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls - Catching ransomware gangs exploiting zero-days 36 days before public disclosure is impressive threat intel work. Of course, the real punchline is that the attackers got caught because they misconfigured their own infrastructure server. Turns out nobody patches properly - not even the criminals.
20 years of Amazon S3: A storage professional’s journey to AWS Hero - Twenty years of S3, and this hero's journey started by looking at S3 pricing in 2010 and immediately noping back to tape drives. Honestly, that's the most relatable AWS origin story I've ever read. We all came back eventually. Stockholm syndrome is a hell of a retention policy.
CVE-2026-4270 - AWS API MCP File Access Restriction Bypass - Christ, four CVEs this week? The wheels are coming off the AWS security apparatus it seems. Letting AI assistants manage your AWS infrastructure while "maintaining proper security controls" hits different when those controls have a path traversal bypass exposing arbitrary local files. No workarounds either, just "please upgrade." If you're running the MCP Server between 0.2.14 and 1.3.9, today's a great day to stop doing that.
CVE-2026-4269 - Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit - A remote code execution bug in a toolkit that wasn't checking S3 bucket ownership. Version v0.1.13 of a product that hasn't hit v1.0 yet. Nothing inspires confidence in your AI agent infrastructure like "we forgot to verify who owned the bucket we were pulling code from." But remember, AWS isn't so desperately behind in AI that they're tripping over themselves to ship, overriding security diligence in the process.
Arbitrary code execution via crafted project files in Kiro IDE - An "agentic" IDE that executes arbitrary code when you open a project directory is honestly just working as advertised. The suggested workaround of "don't open untrusted projects" is chef's kiss for a tool designed to autonomously write code.
CVE-2026-4428: Issues with AWS-LC - CRL Distribution Point Scope Check Logic Error - A logic error in AWS's own crypto library meant revoked certificates could waltz right past revocation checks. Affected versions span nearly 50 releases. The workaround is basically "don't use the feature that checks if certificates are revoked," which is like fixing a smoke detector by removing the batteries. Patch immediately.
| 
