AWS Weekly Brief By Laroy Shtotland

← Home

Week 3 · 2 min read

January 12 – January 19, 2026

  • SageMaker
  • ECS
  • Aumovio
  • BSI
  • S3
  • EC2

AWS Config expanded support for 21 additional resource types, including GuardDuty MalwareProtectionPlan and SecretsManager ResourcePolicy. This materially improves compliance visibility across services like EC2, SageMaker, and S3 Tables, and surfaces assets that often slip through the cracks, such as IoT ThingGroups or CleanRoomsML TrainingDatasets. For security and platform teams, this is a reminder to revisit Config rules and remediation workflows. The value here is not the number of new resources, but the ability to catch blind spots earlier in environments that are becoming increasingly AI- and data-heavy.

AWS Client VPN introduced a simplified Quickstart flow, reducing endpoint setup to three required inputs: IPv4 CIDR, server certificate ARN, and subnet selection. This removes a lot of unnecessary friction for teams that just want to get secure access in place quickly for development or testing. Certificate-based auth remains intact, which is good, but enterprises should still validate how this fits with their broader identity and access strategy to avoid “quick” setups turning into long-term liabilities.

Amazon ECS now supports tmpfs mounts for Fargate and managed instances, enabling in-memory file systems that disappear when a task ends. This is particularly useful for transient secrets, caches, or performance-sensitive workloads where persistence is a liability rather than a feature. From a security perspective, it’s a simple but meaningful step toward reducing residual data exposure in multi-tenant and regulated environments.

AWS expanded its collaboration with Aumovio to support autonomous vehicle development and commercial deployment. AWS is being used to back edge compute, large-scale validation workloads, and safety-critical ML data pipelines that ingest and replay massive sensor datasets. This reinforces AWS’s role as a core platform for closed-loop AV development, where simulation, training, and real-world telemetry all meet. It also raises the bar for how teams think about data governance, ML lifecycle management, and safety assurance at scale.

Finally, Germany’s Federal Office for Information Security ( BSI) launched a national cybersecurity portal hosted on Amazon Web Services. This is a clear trust decision: Germany’s lead cybersecurity authority is operating a national platform on AWS, reflecting confidence in its security controls and operational maturity. This contrasts with abstract sovereignty narratives in EU-level policy circles, disconnected from operational risk. Germany’s approach is more grounded - risk is managed through architecture, oversight, and enforceable controls, not blanket exclusion. For security leaders, it’s a reminder that cloud-native systems can meet sovereign requirements for data residency, auditability, and incident reporting when they are designed and operated properly.