AWS Weekly Brief By Laroy Shtotland

← Home

Week 17 · 2 min read

April 20 – April 27, 2026

  • EKS
  • Kubernetes
  • S3
  • Lambda
  • CloudWatch
  • CloudWatch Logs

AWS Managed Microsoft AD now operates at Windows functional level 2016. The service also adds support for Kerberos Encryption audit event logs. These enhancements deliver better compatibility with modern Windows workloads and improved auditing capabilities for identity-related security events.

Amazon EKS enhances cluster governance with new IAM condition keys and introduces the Hybrid Nodes gateway for hybrid Kubernetes networking. Administrators can define policies based on specific cluster conditions like node types or namespaces. It strengthens security posture by enabling least-privilege access at a granular level for Kubernetes environments. Teams operating production clusters now enforce conditions that were previously difficult to implement at scale and avoid complex custom configurations that often introduce security gaps. EKS Hybrid Nodes gateway for hybrid Kubernetes networking streamlines simplified networking without compromising on governance or performance avoiding complex custom configurations that often introduce security gaps.

AWS Secrets Manager extends its managed external secrets integration to MongoDB Atlas and Confluent Cloud. Security teams can now manage credentials for these platforms directly within AWS without custom code or third-party tools. This reduces the attack surface by centralizing secret rotation and access controls. The integration proves particularly valuable for organizations running modern data platforms.

Amazon S3 now supports five additional checksum algorithms. This expands options for data integrity checks across storage operations. For high-compliance workloads it provides stronger verification mechanisms to prevent tampering or corruption during transfers. Security teams gain more flexibility in meeting regulatory requirements for data validation.

Lambda functions can now mount S3 buckets as file systems with S3 Files. Application code can interact with S3 data using standard file system APIs. This eliminates the need for custom data fetching logic and can lower latency for file-based processing tasks. The feature delivers clear performance benefits for applications handling large volumes of files.

CloudWatch pipelines now supports configuration of processors via AI. Operators can leverage artificial intelligence to automatically suggest and apply optimal processing configurations. This accelerates log pipeline setup while maintaining operational efficiency. It reduces manual configuration time for complex log processing pipelines.

CloudWatch Logs Insights introduces JOIN and sub-query commands. Query authors can now correlate data across multiple log groups with more advanced syntax. This unlocks deeper insights into distributed systems and troubleshooting scenarios for analysts. The new commands make advanced analytics accessible without exporting data to external tools.