AWS Weekly Brief By Laroy Shtotland

← Home

Week 8 · 2 min read

February 16 – February 23, 2026

  • Kubernetes
  • Aurora
  • Grafana
  • KMS
  • ACM
  • EC2

Amazon EC2 brings nested virtualization to virtualized instances! This is a major unlock: teams can now run full hypervisors, nested Kubernetes clusters, virtual desktop infrastructure, or isolated CI/CD runners directly inside EC2 VMs. No more provisioning dedicated bare-metal capacity just to test or develop virtualization stacks. Security boundaries remain intact while experimentation and multi-tenant isolation become far easier and faster.

Amazon Aurora now enforces server-side encryption at rest by default for all new database clusters, using AWS-owned keys with no performance or cost overhead. Existing clusters stay unchanged and can continue using customer-managed or AWS-managed KMS keys. This raises the security baseline automatically, reducing risk of unencrypted data in new deployments.

Amazon Managed Grafana adds support for AWS KMS customer managed keys to encrypt workspace data. Customers gain full control over encryption keys, strengthening compliance postures where self-managed key rotation and auditing are required. Previously limited to AWS-owned keys, this upgrade addresses strict regulatory needs in observability environments.

AWS Certificate Manager reduces the default validity period for new and renewed public certificates to 198 days to align with CA/Browser Forum guidelines effective March 15, 2026. No customer action is needed. Existing longer certificates remain valid until renewal, when ACM auto-issues the shorter duration. Pricing for exportable certificates also drops, making secure TLS more cost-effective.

EC2 compute and memory-optimized families continue their regional expansion. C8a instances (AMD EPYC-based) are now available in Europe (Frankfurt) and Europe (Ireland), offering strong price-performance for CPU-bound workloads. R8i and R8i-flex instances launch in Europe (Ireland), delivering higher memory bandwidth together with flexible sizing to better match variable memory demands.

Amazon OpenSearch Service extends Graviton4 support to include c8g, m8g, and r8g instance families. These Arm-powered instances typically deliver 20–30% better price-performance for search, observability, and log analytics compared with equivalent x86 SKUs in the same workload patterns.

Amazon Bedrock expands reinforcement fine-tuning to open-weight models like qwen.qwen3-32b and openai.gpt-oss-20b via OpenAI-compatible APIs. Developers can now refine models using feedback-driven techniques with minimal labeled data, enabling higher accuracy for tasks like code generation or reasoning while keeping costs low and data secure in AWS.