About this episode
Welcome to episode 334 of The Cloud Pod, where the forecast is always cloudy! This week, we’re bringing you a jam-packed recap of re:Invent! We’ve got all the news, from keynotes to announcements. Whether you were there live or catching up on all the news, Justin, Matt, and Ryan are here to break it all down. Let’s get started! Titles we almost went with this week EKS Gets Chatty: Natural Language Replaces Command Line Nightmares Harvest Now, Decrypt Later: Why Your RSA Keys Need a Quantum Makeover Before 2026 NAT So Fast: AWS Helps You Find Gateways Doing Absolutely Nothing AWS Finally Admits You Have Too Many Log Buckets AWS Finally Lets You Log In Like a Normal Human Lambda Gets a Memory: Checkpoint Your Way to Multi-Step Workflows Step Functions at Home: Lambda Durable Functions Let You Write Workflows in Actual Code No More Bucket List: S3 Public Access Gets Organization-Wide Lockdown AWS Hits Ctrl-Z on CodeCommit Deprecation AWS Puts a Cap on CloudFront: Unlimited Traffic, Limited Anxiety AWS Tells SQL Server to Take a Thread Off: Optimize CPU Cuts Costs by 55% Amazon Bedrock Gets a Bouncer: AgentCore Identity Checks IDs at the Door AI Brings on the Developer Renaissance Follow Up 01:27 re:Invent Matt Garman- 14th Reinvent, which is weird, since we’ve been doing cloud stuff for 87 years… Warner – Open Mind for a different View and nothing else matters T-shirt. 02:59 re:Invent predictions Jonathan Serverless GPU support (extension in Lambda or a different service), it’s about time we have a serverless GPU/Inference capability. It is talked about in the keynote with DeSantis. AI Agent with a goal/instructions that can run when they need to, periodically, or always, and perform an action (Agentic Platform that runs agents) – Garman – Bedrock AgentCore and Kiro Autonomous Agent Werner will announce this is his last keynote and he will retire He retired from re:Invent Presentations Ryan New Tranium 3 chips, Inferentia, and Graviton chips Garman – announced Tranium 3 Ultraservers. They brought the Rack Ryan Expand the number of models in or via bedrock Doubled the number of models and announced Gemma, Minimax M2, Nvidia Nemotron, Mistral Large, and Mistral 3 Refresh to AWS Organizations Justin New Nova Model & Sonic with Multi-modal Garman Nova 2 – Lite, Pro, and Sonic (the lack of Sonic the Hedgehog/Sega reference is a shame) Nova 2 Omni Announce a partnership with OpenAI (likely on stage) Not announced as new, but said they’re running on AWS and that EC2 Ultraservers are in use. Advanced Agentic AI Capabilities for Security Hub (Automate the SOC teams) Garman – Advanced Agentic AI Capabilities for Security Hub – with NEW AWS Security Agent Matt A model router to route LLM queries to different AI models Well-architected framework expansion End user Authentication that doesn’t suck (not current Cognito) Tie Breaker – How many times will they say AI or Artificial Intelligence Matt: 200 Justin: 160 Ryan: 99 Jonathan: 1 Matt Garman’s Keynote: 77 DeSantis’ Keynote: 31 Swami: 44 Werner: 31 Total: 183 This means Justin wins this year! 10:05 Honorable Mentions: Mathematical Proof that one of Amazon’s Models has output that can be verifiable with math Marketplace for AI Work New Device to go along with the Nova Models Cost Savings for Networking FinOps AI recommender for Model Usage Savings Plans for AI/Bedrock Models S3 Vectors with integration bedrock FinOps Kubernetes Service Q Developer with Autonomous Agents Next Generation Silicone for a combined TPU competitor, ie GPU/Graviton/Learning Bedrock Model Marketplace with Revenue Share for fine-tuned models (Ryan) Sustainability Dashboard Aurora/DSQL is an AI feature AWS 11:59 re:Invent keynote Recap Matt – started the weekend strong, although we struggled with his keynotes. (Sounds like he could use a good copywriter to help with his speeches.) Swami – Solid B from us, but that’s because we’re not super interested in his topics. Sorry. Peter – we enjoyed this one more. Cool tech, lots of mentions, and one of the better presenters. A for him. Werner – Great Intro Video. Welcome to the Renaissance Coder 15:00 A Quick Recap Look. We know you care about non-AI things (and so do we), so we’re going to do 25 exciting new announcements in 10 minutes. x8, elon instance, c8a, c8ine instances, m8azn, m3 and m4 max macs, lambda durable functions, 50tb s3 object, s3 batch ops 10x faster, intelligent tiering for s3 tables, automatic replication for s3 tables, s3 access points for FSX netapp, S3 Vectors, GPU Index for Amazon Opensearch, Amazon EMR Serverless with no storage provisioning, Guardduty to ECS & Ec2, Security Hub is GA, Unified data store in cloudwatch, Increases STorage for SQL and Oracle RDS, Optimize CPus for RDS for SQL server, SQL Server Development support, Database Savings Plans. 2 hours on AI…when we would have been really happy with all of THIS as the keynote. 26:08 AI/ML & Amazon Bedrock Bedrock Service Tiers (Priority/Standard/Flex) – Match AI workload performance with cost Bedrock Reserved Service Tier – Pre-purchase guaranteed tokens-per-minute capacity with 99.5% SLA Bedrock AgentCore – Policy controls, evaluations, episodic memory for AI agents Bedrock Reinforcement Fine-tuning – RLVR and RLAIF for model customization Amazon Nova 2 Lite – Fast, cost-effective reasoning model with configurable thinking Nova Forge – Build your own foundational models 18 New Open Weight Models – Mistral Large 3, Ministral 3 variants, others Amazon Q Developer Cost Management – Natural language queries for AWS spending analysis SageMaker Serverless Customization – Automated infrastructure for fine-tuning SageMaker HyperPod – Checkpointless and elastic training capabilities AWS Clean Rooms ML – Privacy-enhancing synthetic dataset generation AgentCore Evaluations – Continuously inspect agent quality based on real-world behavior 29:09 Ryan – “I do agree with you that no one should be building their own foundational models unless it’s really, truly built on a data set that’s unique, but I do think that everyone should go through the exercise of building a model to understand how AI works.” 30:58 Compute (EC2 & Lambda) EC2 P6-B300 Instances – NVIDIA Blackwell Ultra GPUs, 6.4Tbps networking EC2 X8aedz Instances – AMD EPYC 5GHz, memory-optimized for EDA/databases X Æ A-Xii Musk EC2 C8a Instances – AMD EPYC Turin, 30% higher compute performance EC2 M9g Instances – Graviton5 powered, 25% better than Graviton4 Graviton5 Processor – 192 cores, 5x larger cache Lambda Tenant Isolation Mode – Built-in multi-tenant separation Lambda Managed Instances – Run Lambda on your EC2 with AWS management Lambda Durable Functions – Multi-step workflows with automatic state management AWS AI Factories – Cloud-scale AI infrastructure in customer data centers| 33:46 Matt – “I feel like we should have seen this coming, given that they just released the ECS management system a couple of months ago, and it feels like the next step.” 42:24 Containers (EKS & ECS) EKS Capabilities – Managed Argo CD, ACK, KRO in AWS-owned infrastructure EKS MCP Server – Natural language Kubernetes management (preview) EKS Container Network Observability – Service maps, flow tables, performance metrics EKS/ECS Amazon Q Troubleshooting – AI-powered console diagnostics ECS Express Mode – Simplified deployment with automatic ALB, domains, HTTPS 43:36 Ryan – “I think this is what I’ve always wanted Beanstalk and Lightsail to be, is this service. This, for me, feels like the best of both worlds.” 45:34 Networking & Content Delivery CloudFront Flat-Rate Pricing – Bundled delivery, WAF, DDoS protection ($0-$1K/month tiers) VPN Concentrator – 25-100 low-bandwidth sites via a single Transit Gateway attachment Route 53 Accelerated Recovery – 60-minute RTO for DNS during regional outages Route 53 Global Resolver (preview) – Anycast DNS for remote/distributed clients NAT Gateway Regional Availability – Auto-scale across AZs, simplified management VPC Encryption Controls – Enforce encryption in transit within/across VPCs Network Firewall Proxy (preview) – Explicit proxy for outbound traffic filtering 50:29 Ryan – “If you’ve ever had to do any kind of compliance evidence, that’s the reason why this exists and that’s why I love it so much. The song and dance that you have to do to illustrate your use of encryption across your environment is painful.” 53:14 Storage (S3 & FSx) S3 Vectors GA – Native vector support, 2B vectors/index, 20T vectors/bucket S3 Tables Replication & Intelligent-Tiering – Cross-region/account Iceberg replication S3 Storage Lens Enhancements – Performance metrics, billions of prefixes, S3 Tables export S3 Encryption Controls – Bucket-level encryption type enforcement S3 Block Public Access – Organization-level enforcement S3 50TB Object Size – 10x increase from previous 5TB limit FSx for NetApp ONTAP S3 Access Points – Access file data via S3 API 54:38 Matt – “This is just a nice quality of life improvement.” 58:24 Databases Aurora DSQL Cost Estimates – Statement-level DPU usage in query plans Aurora PostgreSQL Dynamic Data Masking – pg_columnmask extension OpenSearch 3.3 – Agentic search, semantic highlighter improvements OpenSearch GPU Acceleration – 6-14x faster vector indexing RDS SQL Server/Oracle Optimizations – Free Developer Edition, 256 TiB storage, CPU optimization RDS SQL Server Resource Governor – Workload resource control Database Savings Plans – Up to 35% savings across 9 database services 1:01:01 Justin – “This is quite nice, and quite broad, so they definitely heard all of the community saying please bring us database savings plans.” 1:03:33 Security & Identity Security Hub GA – Near real-time analytics, risk prioritization, Trends feature Secrets Manager External Secrets – Managed rotation for Salesforce, Snowflake, BigID IAM Outbound Identity Federation – Short-lived JWTs for external service authentication AWS login CLI Command – Eliminate long-term access keys with OAuth 2.0 WAF Web Bot Auth – Cryptographic signature verification for legitimate AI agents Agentcore Identity GuardDuty Extended Threat Detection – EC2/ECS multistage attack correlation AWS Security Agent (preview) – AI-powered security reviews, code scanning, pen testing IAM Policy Autopilot – Open source MCP server for generating IAM policies from code. 1:08:18 Matt – “…it’s definitely competing with Azure releasing the same thing during their conference. The piece I like about this is the pen test piece because it now lives in your source code, which you probably already have in SCA or a static code analysis tool.” 1:11:46 Cost Management & FinOps Cost Explorer 18-Month Forecasting – Extended from 12 months to 18 months, explainable with AI (in preview). Cost Efficiency Metric – Single percentage score combining optimization opportunities. AWS Data Exports FOCUS 1.2 – Standardized multi-cloud billing format Billing Transfer – Centralized billing across multiple Organizations Compute Optimizer NAT Gateway Recommendations – Identify unused NAT Gateways 1:14:09 Developer Tools & Modernization Step Functions Local Testing – TestState API with mocking support AWS Transform Custom – AI-powered code modernization (Java, Node.js, Python) AWS Transform Mainframe – COBOL to microservices with automated testing API Gateway Developer Portals – Native API discovery and documentation CodeCommit Restored to GA – Git LFS (Q1 2026), regional expansion (Q3 2026) AWS Transform Windows – Full-stack .NET/SQL Server modernization CloudWatch Unified Data Management – Consolidated ops/security/compliance logs CloudWatch Deletion Protection – Prevent accidental log group removal. CloudWatch Network Flow Monitor – Container network observability for EKS 1:18:09 Matt – “I mean, I hope all customers have some sort of plan, knowing that I’ve seen many companies say ‘we got this notice six months ago, we’ll deal with it in six months’ and now it’s three weeks and six days, and it expires tomorrow…there’s probably a lot of customers still there.” 1:20:58 Observability & Monitoring CloudWatch Unified Data Management – Consolidated ops/security/compliance logs CloudWatch Deletion Protection – Prevent accidental log group removal CloudWatch Network Flow Monitor – Container network observability for EKS 1:21:39 Governance & Management Control Tower Controls Dedicated – Use managed controls without a full landing zone. Service Quotas Automatic Management – Auto-adjust limits based on usage Supplementary Packages for Amazon Linux – Pre-built EPEL9 packages AMI Ancestry – Automatic lineage tracking for AMIs 1:23:05 Matt – “I’ve built three different ways to do this in my career. You always want to know where it came from, so if there’s a vulnerability, you know where to start patching and go up from there…but if you have multiple teams, it’s hard to track. So knowing I can track it is a godsend.” 1:25:35 DevOps & Operations AWS DevOps Agent (preview) – Autonomous incident investigation and root cause analysis AWS Support Plan Restructure – Business Support+ ($29/mo), Enterprise ($5K/mo), Unified Ops ($50K/mo) 1:26:41 Ryan – “I hope this ends up being decent service, but in my head I’m thinking they’re lowering the cost because they’re getting rid of all their support staff.” 1:29:29 Marketplace & Partner Partner Central in Console – Unified customer/partner experience Multi-Product Solutions – Bundled offerings from multiple vendors CrowdStrike Falcon Integration – Automated SIEM setup wizard 1:30:15 Connectivity & Contact Center Amazon Connect Predictive Insights (preview) – AI-powered recommendations Amazon Connect MCP Support – Standardized tools for AI agents Noteable Announcments We Didn’t Cover in the Show: AWS announces flat-rate pricing plans for website delivery and security Accelerate workflow development with enhanced local testing in AWS Step Functions Streamlined multi-tenant application development with tenant isolation mode in AWS Lambda AWS Control Tower introduces a Controls Dedicated experience Monitor network performance and traffic across your EKS clusters with Container Network Observability New AWS Billing Transfer for centrally managing AWS billing and costs across multiple organizations AWS Cost Explorer now provides 18-month forecasting and explainable AI-powered forecasts Announcing enhanced cost management capabilities in Amazon Q Developer Simplify access to external services using AWS IAM Outbound Identity Federation Introducing AWS Glue 5.1 Tech predictions for 2026 and beyond | All Things Distributed Introducing multi-product solutions in AWS Marketplace Closing And that is the week in the cloud! Visit our website, the home of the Cloud Pod, where you can join our newsletter, Slack team, send feedback, or ask questions at theCloudPod.net or tweet at us with the hashtag #theCloudPod