AWS Weekly Brief By Laroy Shtotland

← Home

Week 11 · 2 min read

March 9 – March 16, 2026

  • IAM
  • quantum
  • EKS
  • SCEP
  • PrivateLink
  • S3

IAM Roles Anywhere now supports post-quantum digital certificates for certificate-based authentication in hybrid environments. This gives organizations a proactive layer of defense against future quantum computing threats to today’s encryption standards, with minimal changes to existing role configurations.

AWS Backup now adds logically air-gapped vault support for Amazon EKS. Customers can isolate EKS backups in vaults that remain logically separated from production access paths, adding an extra layer of ransomware resilience for containerized workloads. Even in compromised scenarios, recovery processes remain protected.

AWS Private CA Connector for SCEP now supports AWS PrivateLink. That means SCEP certificate enrollment traffic can remain private within the VPC, reducing exposure and helping security teams meet strict network and compliance requirements. It also enables device management to scale securely without internet dependency.

Amazon S3 introduces account-regional namespaces for general purpose buckets. Buckets now use account- and Region-specific namespaces to reduce naming conflicts, streamline governance, and lower misconfiguration risk in global deployments. Multi-Region applications also gain clearer separation and better auditability.

OpenSearch adds two enhancements. First, cross-account data access to OpenSearch domains, enabling direct data exploration across AWS accounts without exporting data or manually managing complex permissions. Second, OpenSearch now supports in-place volume increases for all volume sizes, allowing teams to expand storage on existing domains across every size tier without migrations or cluster recreation.

AWS Elastic Beanstalk has launched a Deployments tab with in-progress deployment logs. The new console view shows live logs and status for ongoing deployments, helping development teams troubleshoot faster during releases and improving visibility into deployment health.

AWS Glue zero-ETL integrations with Amazon DynamoDB now support advanced filtering, partitioning, and transformation options out of the box. This gives data engineers more flexibility to build real-time analytics pipelines while reducing operational overhead and better aligning data flows with business requirements.

AWS Landing Zone Accelerator now includes an MCP Server for AI-assisted configuration management. This can help reduce errors in policy and network setup while accelerating configuration and compliance tasks across secure multi-account environments.

AWS Lambda Managed Instances now supports Rust for high-performance workloads. While Rust was already available on AWS Lambda, this update extends that support to the Managed Instances model, giving teams more flexibility to use Rust’s safety and efficiency in performance-sensitive serverless applications at scale.