AWS Weekly Brief By Laroy Shtotland

← Home

Week 9 · 2 min read

February 23 – March 2, 2026

  • EC2
  • CloudWatch
  • ECS
  • Cognito
  • S3
  • EBS

AWS announces pricing for VPC Encryption Controls. The feature transitions from free preview to paid starting March 1, 2026. It applies a fixed hourly rate per non-empty VPC with monitor or enforce mode enabled. Teams enforcing encryption in transit within and across VPCs now account for this governance control in budgeting, strengthening compliance postures without per-traffic charges.

EC2 Image Builder enhances lifecycle policies with wildcard support and simplified IAM permissions. Policies can now target image resources using patterns like arn:aws:imagebuilder:::image/-golden-. IAM actions streamline with fewer managed policies required. Image management scales more efficiently across accounts while maintaining least-privilege access.

Amazon CloudWatch logs centralization rules now support customizable destination log group structure. Rules define dynamic naming patterns for forwarded logs based on source attributes. Centralized logging becomes more organized without custom Lambda processors.

Amazon ECS Managed Instances now integrates with Amazon EC2 Capacity Reservations. Reservations apply directly to managed instance fleets for cost optimization. Workloads achieve predictable savings on compute capacity. This lowers operational expenses for long-running container services without manual instance management.

Amazon Cognito enhances client secret management with secret rotation and custom secrets support. App clients adopt a two-secret rotation model for seamless credential updates. Custom secrets from external managers integrate natively. This reduces exposure windows during rotations and aligns with zero-trust principles for identity federation.

AWS Security Agent adds support for penetration tests on shared VPCs across AWS accounts. Agent facilitates controlled testing in multi-account shared network architectures. Security validation extends to cross-account environments without reconfiguration. This strengthens assurance for collaborative or SaaS-like VPC sharing models.

Amazon S3 now provides AWS source region information in server access logs. Logs include the originating AWS Region for requests. Auditing and troubleshooting gain precise context on cross-region traffic origins. Compliance reporting benefits from clearer data provenance tracking.

AWS WAF announces AI activity dashboard for visibility into AI bot and agent traffic. The dashboard surfaces patterns from generative AI interactions targeting applications. Teams monitor and mitigate unwanted AI scraping or abuse more effectively. This addresses emerging threats from autonomous agents in production environments.

AWS Compute Optimizer now applies AWS-generated tags to EBS snapshots created during automation. Optimization actions tag snapshots consistently for ownership and lifecycle tracking. Cost governance improves through automated tagging without additional scripting. This prevents orphaned resources in rightsizing workflows.