AWS Podcast #740: EC2 Instance Attestation, S3 Conditional Deletes, and More!
Release Date: October 6, 2025
Hosts: Simon Elisha & Jillian Ford
Episode Overview
This episode features a jam-packed roundup of over 70 fresh AWS updates across security, storage, analytics, AI, compute, developer tools, databases, IoT, and more. Simon and Jillian dive deep into standout launches such as EC2 Instance Attestation, S3 Conditional Deletes, and the latest in analytics, AI model support, and cloud management improvements. The tone stays upbeat, inquisitive, and often personal, as the hosts share both the technical implications and their own favorite announcements.
Key Discussion Points & Insights
1. Security: EC2 Instance Attestation
[00:23]
- What’s New: AWS announces general availability of EC2 Instance Attestation for validating that only trusted software runs on EC2 instances (including those with AI chips/GPUs).
- How It Works: Uses the Nitro Trusted Platform Module and attestable AMIs, letting users cryptographically verify the configuration of EC2 instances against reference measurements.
- Integration: Works with KMS and is available in all AWS commercial/GovCloud regions at no additional cost.
- Why It Matters: Dramatically improves auditability and security assurance.
Notable Quote:
"It's about proving...one thing to say security, but it's the other thing to prove to an auditor or to an inspector, to yourself, to say, hey, am I confident that this is the thing I think it is."
— Simon ([01:50])
2. Storage: S3 Conditional Deletes
[02:13]
- What’s New: S3 now supports conditional deletes using ETags to prevent accidental deletion in high-concurrency, multi-writer scenarios.
- Safety Feature: Deletes only succeed if the ETag matches, helping assure users they're deleting exactly the intended object version.
- Policy Support: Enables 'If-Match' condition key enforcement in S3 bucket policies.
- No Additional Cost and live in all regions.
- Who Benefits: Those managing collaborative or automated workloads with frequent updates or deletes. Notable Quote:
"I know that would give someone like me just a lot more safety and security. Be able to sleep at night."
— Jillian ([02:19])
3. Analytics Updates
[03:22]
- Clean Rooms & ID Mapping: Incrementally synchronize datasets in privacy-preserving collaborations.
- OpenSearch Service: Now supports OpenSearch 3.1 with better search, performance, and vector application development tools, including Lucene 10, cross-account ingestion, storage optimizations (derived source), disk-optimized vectors, and AI-powered forecasting.
- Star Tree Index: Accelerates high cardinality/multidimensional aggregations for sub-second analytics, optimized for append-only data.
- Redshift MDDL: Multi-Dimensional Data Layouts automatically sort data by query filter usage for up to 10x faster performance with repetitive filter workloads.
4. Application Integration & Observability
[07:17]
- EventBridge: Event bus rule filter patterns & input transformers now support KMS customer-managed keys for improved security and compliance.
- X-Ray: Adaptive sampling for smarter error detection and efficient trace data collection.
- Step Functions: More data sources and observability metrics, plus IPv6 dual stack support. Quote:
"Step Functions is definitely one of the most underrated—I'm a huge fan...if you have a workflow, there's a good chance it's a good use case."
— Jillian ([07:37])
5. Artificial Intelligence
[09:22]
- Amazon Bedrock:
- Stability AI Image Services: Nine tools for professional image editing (background removal, in-paint, recolor, etc.)
- Meta Llama 3.3 Custom Models: Now available on-demand, plus Deepseek 3.1 and 4Qin3 models.
- Wider Model Access: OpenAI Open Weight models available in more regions.
- Bedrock Agent: Runtime, browser, and code interpreter now support VPC, PrivateLink, CloudFormation, and tagging.
- Amazon Lex: GenAI enhanced language support (eight new languages) and improved confirmation/currency slots in 10 languages.
- AWS Neuron SDK: v2.26.0 introduces support for PyTorch 2.8, JAX 0.6.2, better inference on Trainium 2 (incl. image models like Flux1Dev and Llama variants).
- Nova ACT Extension: Unified, AI-based agent development in popular IDEs; “all in one place in the IDE.”
- Amazon Q Developer CLI: Now supports remote MCP servers, improving resource management and security integrations for dev workflows. Notable Quote:
"It's almost become the operating system...I sit there and do stuff there. And then when the team adds new stuff, I'm like, oh, it now does this, now it does that."
— Simon ([14:45])
- SageMaker Hyperpod: Auto-scale with Carpenter and improved health monitoring (Slurm agent support).
6. Business Applications
[15:58]
- Amazon Connect Flow Designer: Analytics mode added—visualize metrics throughout customer interactions, spot where errors or drop-offs occur.
- Custom Attributes & Contact Lens: Richer analytics, sensitive data redaction in seven more languages, better search/filter for agents and cases.
7. Compute Launches
[17:51]
- Compute Optimizer: Now supports 99 more EC2 instance types—growing insights for right-sizing.
- New Instances: R8gn (Graviton4) and R8gb (disk-optimized)—big jumps in network and EBS bandwidth.
- EC2 Improvements: Detailed NVMe stats, forced cancellation of auto-scaling refreshes, and expanded allowed AMI parameters for compliant governance.
- Network Burst: Unlimited duration on certain large EC2 instances.
- Elastic VMware Service: Layer 2 network stretching over the internet.
- Research & Engineering Studio: Fractional GPUs, easier AMI management, broader region support.
- Outposts Racks: Second-gen now in 52 more countries.
- Parallel Computing Service: EC2 capacity blocks for machine learning.
8. Databases
[22:01]
- RDS:
- MySQL 9.4 preview, MySQL 5.7 extended support
- PostgreSQL 18 in preview
- DB2 now offers reserved instances
- Cross-Region & Cross-Account Snapshot Copy simplifies backup workflows for disaster recovery.
9. Developer Tools
[22:54]
- Amazon Corretto 25: GA for this production-ready OpenJDK distribution, long-term support across platforms.
10. End User Computing
[23:32]
- AppStream 2.0: Local file redirection for multi-session fleets, support for G6 GPU instances with fractional sizing.
- Messaging: CloudFormation support for SMS.
11. IoT
[23:59]
- AWS Sitewise MCP Server: Open source for streamlined industrial data modeling with conversational interfaces.
12. Management and Governance
[24:39]
- Budgets: Custom time periods for easier cost monitoring.
- CloudWatch: Resource tag support, and cross-account/region log centralization (targeted retention/filtering for cost control).
- Billing Management: Share billing views across organizations/accounts.
- License Manager/Organizations: Simplified Microsoft license management, granular account states, full IAM policy language for service control (SCPs).
13. Security, Identity, and Compliance
[27:48]
- IAM Identity Center: Workforce identity data can now be encrypted with customer-managed KMS keys.
- AWS Network Firewall: Enhanced monitoring, app-layer controls—more robust and user-friendly security policies.
14. Storage
[28:19]
- Fault Injection Service: Inject latency in EBS volumes for chaos engineering/testing.
- EBS GP3 Volumes: Maximum size now 64TB (up from 16TB), doubled throughput, quintupled IOPS.
- S3 Batch Operations: Manage buckets/prefixes in bulk via console; preview S3 tables schema and rows directly.
- Storage Gateway: Dual-stack (IPv6/IPv4) support. Notable Quote:
"I used to work in storage hardware and I can tell you to get that upgrade happening yourself would be a lot of work. There is no work here."
— Simon ([29:33])
Memorable Moments & Quotes
- "It's about proving...am I confident that this is the thing I think it is?" — Simon on EC2 Instance Attestation ([01:50])
- "I know that would give someone like me just a lot more safety security. Be able to sleep at night." — Jillian on S3 Conditional Deletes ([02:19])
- "Step Functions is definitely one of the most underrated—I'm a huge fan...if you have a workflow, there's a good chance it's a good use case." — Jillian ([07:37])
- "It's almost become the operating system...I sit there and do stuff there." — Simon on Q Developer CLI ([14:45])
- Cartoon Reference Fun: "Slurm comes from...Futurama...they're drinking slurm and someone thought that'd be a good name for clustering system." — Simon ([15:45])
Timestamps of Notable Segments
- EC2 Instance Attestation: [00:23]–[02:13]
- S3 Conditional Deletes: [02:13]–[03:07]
- Analytics/Databases Updates: [03:22]–[07:17]
- Application Integration/Observability: [07:17]–[09:14]
- AI/Bedrock/Lex/Neuron/Nova/Q CLI: [09:22]–[14:21]
- SageMaker Hyperpod & Slurm: [14:55]–[15:28]
- Business Apps/Amazon Connect: [15:58]–[17:51]
- Compute: [17:51]–[22:01]
- Databases: [22:01]–[22:54]
- Developer Tools: [22:54]–[23:32]
- End User Computing: [23:32]–[23:59]
- IoT: [23:59]–[24:30]
- Management & Governance: [24:39]–[27:48]
- Security/Compliance: [27:48]–[28:19]
- Storage: [28:19]–[30:48]
- Host Favorite Picks: [30:48]–[31:34]
Host Favorites
- Simon: EC2 Instance Attestation (“super complicated, difficult things get done for me and I don't have to pay for them” ([30:54]))
- Jillian: Remote MCP server support in Q CLI (“totally for selfish reasons” ([31:11]))
In Summary
Episode #740 showcases a vast array of AWS launches and enhancements, from foundational security (EC2 Attestation), reliability (S3 Conditional Deletes), and analytics speed-ups (OpenSearch Star Tree Index, Redshift MDDL) to new AI models and dev workflow boosts. The hosts highlight how many of these quality-of-life improvements enable developers and IT teams to work faster, safer, and with more confidence—all with the signature mix of practicality and wit. If you’re building in AWS or managing infrastructure, this episode delivers a must-have cheat sheet for the very latest capabilities.
Contact:
- Jillian Ford: LinkedIn — “Jillian Floord”
- Feedback: awspodcast.com
Closing Note:
"Until next time, keep on building." — Simon ([31:38])
