AWS Weekly Brief By Laroy Shtotland

← Home

Week 7 · 2 min read

February 9 – February 16, 2026

  • DynamoDB
  • IAM
  • Aurora
  • Neptune
  • S3
  • OpenSearch

AWS extended Resource Control Policies to Amazon DynamoDB, giving organizations centralized tools to block external identities from accessing tables even when IAM permissions might otherwise allow it. Also, AWS Lake Formation expanded cross-account sharing to support unlimited tables with permissions managed centrally across accounts or organizational units. Together, these two enhancements strengthen data perimeter controls, making it easier for security teams to enforce consistent policies without relying on fragmented IAM rules alone.

AWS Backup now supports direct cross-Region copies, sending database snapshots straight to logically air-gapped vaults for Aurora and Neptune. Removing intermediate steps reduces both RPO and costs while adding another layer of protection against ransomware or regional outages.

Amazon S3 Tables now lets developers specify partition and sort orders directly in the CreateTable API, so optimized physical layout applies from the very first write - no costly rewrites later. For example, partitioning a daily clickstream table by date and region immediately cuts query data scans by 90–99%, lowering costs, speeding results, and quietly reducing the blast radius of broad analyst queries.

Amazon OpenSearch Serverless introduced Collection Groups, enabling shared compute units across collections that use different KMS keys. This is a cost-effective option for multi-tenant setups that preserves encryption boundaries.

Amazon ECR gained new CloudWatch metrics for repository counts and images per repository, helping teams detect quota issues or unusual growth before they disrupt container pipelines.

AWS launched M8azn family of general-purpose EC2 instances powered by fifth-generation AMD EPYC processors. With sustained frequencies up to 5 GHz and improved networking and memory bandwidth, these instances deliver noticeable gains for latency-sensitive applications like simulations or high-frequency workloads.

AWS Elastic Beanstalk integrated native support for GitHub Actions, automating package creation, uploads, and environment deployments through secure OIDC authentication. This removes the need for custom scripts or stored credentials that teams often built before, enabling faster, more reliable deployments directly from GitHub repositories while aligning Beanstalk with modern CI/CD practices.

AWS Batch added console tabs and APIs that expose job queue share utilization and fair-share scheduling details. For organizations running large-scale jobs, this visibility helps fine-tune resource allocation and prevent over- or under-utilization across teams.

Finally, Amazon MSK advanced Kafka operations in two ways. Express Brokers now route broker logs to CloudWatch or S3 at no additional cost, improving troubleshooting for cost-conscious streaming workloads. Provisioned clusters gained public APIs and console integration for easier topic creation, updates, and deletion.