December 22 – December 29, 2025

IAM Policy Autopilot emerged as an open-source tool that analyzes application code to generate baseline IAM policies automatically. By using a deterministic model rather than generative guesswork, it provides developers and AI coding assistants with safer starting points for least-privilege access, reducing over-permissioning risks in fast-moving delivery pipelines.

Amazon Cognito identity pools now support AWS PrivateLink, enabling private, VPC-only connectivity when exchanging federated identities for temporary AWS credentials. This removes the need for public internet paths in auth flows and materially improves isolation for regulated or zero-trust architectures.

Amazon SES finally gained VPC endpoints for its API operations, allowing private access to email sending and configuration management without internet gateways. Paired with new Amazon Q capabilities that analyze SES sending patterns and resource configurations, this points to tighter coupling between network isolation and operational diagnostics for messaging workloads.

Spatial Data Management on AWS launched as a centralized service for ingesting, enriching, and governing multimodal spatial data at scale. With secure storage, automated metadata handling, and application interoperability, it addresses long-standing governance challenges around 3D, geospatial, and temporal data, especially for industries operating close to the physical world.

These updates show AWS continuing to push security and isolation primitives closer to developer workflows and managed services, reducing reliance on custom glue while raising default architectural baselines.