A

This is episode 746 of the AWS podcast, released on November 17, 2025.

B

Hello, everyone and welcome back to the AWS Podcast. Simon here with you. Great to have you back, joined of course by my co host, Gillian Ford. G', day, Gillian. How you doing?

A

Amazing, Simon. And I can't believe we're less than a month away from Re Invent.

B

It is coming. It is coming. Which means we're, I guess, deep in the concept of pre inventive, which is all the amazing things that get announced before Re Invent happens. So it's going to be a busy few weeks, which is fun.

A

Oh, yeah.

B

And of course, we will be doing our Re Invent coverage all the way through. So we'll be both recording each and every day of Re Invent to give you all the scoop of what's going on and what's happening there. And of course you get to watch the Re Invent presentations online afterwards as well. But we try and keep you up to date and I think, Jillian, we'll do some deep dives early next year into some of the big announcements too, once we get our heads around it.

A

Yeah, I'm definitely really excited for it.

B

Should be cool. So let's talk about some things that really leapt out at us in terms of what's new. There's lots of new stuff. I think We've got about 70 new things today. But one thing that really leapt out is a new regional planning tool in the Builder Center. Now this lets you discover and compare aws services, features, APIs, cloud formation, resources across AWS regions. I know a lot of my customers have wanted this because it means you can now see through this really cool interface. You know, region A, region B, what does that have? What does this have? When will it have those things? So it shows you a forward looking roadmap as well to get you some idea about when things might be there or when they may not be there. This really helps you make informed decisions about your global deployments and, you know, avoiding delays because you're waiting for a service that isn't there at the time, et cetera. So it's, it's, I think it's a great way to surface this information, Gillian.

A

I think so too. And I think what's super cool that also was included as part of this announcement was the integration with the AWS Knowledge Model Context Protocol. So how you'd want to use that is, let's say you want to be able to look up information about regional capabilities, like in an LLM format. Because I mean, let's face it, that's everyone's favorite.

B

That's how we do it.

A

Anything. He's amazed. Yeah, so you can get real time insights into region service availability and look, get suggestions for alternative solutions. So really cool.

B

It's very, very cool. And speaking of cool, the MCP proxy for AWS has also been released and this is I think a really interesting way of accessing. I mean, help us unpack when you'd use this, Gillian.

A

Yeah, you know, it's really interesting. So let's say you want to connect MCP servers on AWS and a lot of people associate that with OAuth, but AWS of course, which is all of our friends here, they associate AWS and their love for iam. And I think what's cool is that you can now connect these MCP servers on AWS using those I using IAM.

B

Authentication and that SIGV4 signing and all that sort of just takes care of it for you, which is kind of cool.

A

It is, yeah. Anything else that stands out to you?

B

I think it's just showing how this space is moving really quickly and people are looking for different ways to connect whilst being secure as well. And so being able to leverage existing security capability becomes really important. So I think that's going to be interesting to see how that continues to evolve. And it's on GitHub as well. So it's under the Apache 2.0 licensing as well. So folks should check that out as much as you can.

A

Yeah, that's a good comp, that's a good caller. It's that the AWS GitHub repo is where you'll find it.

B

Yeah, exactly. Let's talk updates. So Analytics AWS Clean Rooms has launched advanced configurations to optimize your SQL performance. So it lets you customize your spark properties and compute sizes for your SQL queries at runtime, which means you can do things better. AWS Glue Schema Registry has added support for C. So this is in addition to Java support as well. So if you like to manage your schema registry, you can use different languages. Amazon Kinesis Data Streams has launched an on demand advantaged mode now so this is an interesting concept. This means that customers can warm on demand streams to handle instant throughput increases up to 10 gig or 10 million events per second. So you don't have to actually over provision, it just gets up and running quickly. Now Amazon Kinesis Data Streams is a serverless streaming data service that makes it easy to capture, process and store data streams at any scale. I like this on Demand advantage mode. This is really interesting and they've been busy because Amazon Kinesis Data Streams also now supports record sizes up to 10 meg which is a tenfold increase to the previous 1 meg limit. This is a big big deal. So this means you can publish larger intermittent data payloads as you need to. It is also accompanied by a 2x increase in the maximum put records request size from 5 meg to 10 meg. So in the back of my mind is also the fact that all those answers I had for my SAE certification questions around the performance of these streams is now out of date. Doesn't work that way anymore. And also Amazon OpenSearch serverless now supports FIPS compliant endpoints for data plane APIs in various regions that are relevant for that let's talk a bit about application integration. The AWS end User Messaging SMS has launched Carrier Lookup so you can now look up carrier information related to a phone number, including the country, the number type, the dialing code and the mobile network and carrier codes. So this really helps you with deliverability. So it means you're checking the number before you send the message, which means it goes to the right place. AWS Step Functions has announced a new metrics dashboard. This gives you visibility into your workflow operations at both the account and the state machine level as well. So you can now view your usage and billing metrics in one place and you can get a different view depending on what you want to look at from an account perspective or just a particular state machine level as well. If you're not using Step Functions, it could make your life a lot easier.

A

Next we've got Artificial Intelligence. Amazon Bedrock announces the availability of four new image editing tools to stability AI Image services. These are Outpaint, Fast Upscale, Conservative Upscale and Creative Upscale. These are tools that are going to give creators precise control over their workflows, enabling them to transform concepts into finished products efficiently. The expanded suite now offers enhanced flexibility for professional creative projects. It's got some other categories for image editing so like removing background, erasing objects, search and replace. Just like really useful different tools. If you're someone that's going to be doing any creative AI work.

B

All these amazing tools and my lack of creative flair means I still can't draw anything good. But if you could, this would be really useful.

A

AWS Marketplace now offers flexible pricing models, simplified authentication and streamlined deployment for AI agents and tools. Amazon Bedrock Agent Core Browser now reduces CAPTCHAs with web bot Auth which is in preview. Amazon Bedrock Agent Core Runtime now supports direct code deployment, so developers can now choose between direct code zip file upload for rapid prototyping, or they can leverage advanced container based options for complex use cases. Amazon SageMaker launches custom tags for Project Resources we're excited to announce the general availability of Amazon Nova Multimodal Embeddings, a state of the art embedding model for agentic, rag and semantic search. It is the first unified embedding model that supports text, documents, images, video and audio through a single model to enable cross modal retrieval with leading accuracy. That is really cool.

B

That's very cool. And it's inputs of up to 8,000 tokens and video audio segments of up to 30 seconds as well. So this is really cool.

A

Yeah, good call out 12 Labs Marengo Embed 3.0 is now available on Amazon Bedrock for advanced video understanding. We're excited to announce the general availability of Web Grounding. This is a new built in tool for Nova models. Customers can use web Grounding today with Nova Premier using the Amazon Bedrock Tool Use API. So support for additional models is coming soon. And Web Grounding is a built in tool that can be used to retrieve and incorporate publicly available information with citations as context for responses. This is really great, especially if you're someone that has a rag use case. This is definitely something to look into to be able to add that real time information and be able to look at the exact citation of where that ll them provide the response. We've got a few updates too, to be exact. In business applications, Amazon Connect now lets you configure aliases for email addresses so customers see trusted identities when sending or receiving messages, helping maintain a consistent brand experience and simplify email management. Amazon Connect now supports scheduling of individual agents, giving you more flexibility in scheduling your workforce.

B

Let's talk about Compute AWS Elastic Beanstalk has added support for Corretto 25 so this allows you to leverage the newest Java 25 features while also getting the benefit of Amazon Linux 2023's enhanced security and performance capabilities. And we've also included Tomcat 11 in that update as well. So really it's your reminder to keep your things up to date. Or I may even say patch your stuff. Not having patch stuff is a great way to get popped, and you don't want to get popped, so patch your stuff is really important. AWS Serverless MCP Server now supports tools for AWS Lambda Events source mappings, so these new tools combine the power of AI assistance with Lambda ESM expertise to streamline how developers set up optimize and troubleshoot their event driven serverless applications built on Lambda. This is very interesting. These new tools translate high level throughput latency and reliability requirements into specific ESM configurations. They generate your complete AWS serverless application model or SAM template with optimized settings, validate the network topology for VPC and diagnose common issues. So this could really help you move quicker. So I'm liking this one Amazon ECS announces non root container support for managed EBS volumes so with this launch ECS automatically configures the EBS volumes file system permissions to allow non root users to read and write data securely whilst preserving root level ownership of the volume. So this simplifies security first container deployments by removing the need for any manual permission management or custom entry point scripts. Amazon ECS now supports built in linear and canary deployments so this gives you more flexibility when you're deploying containerized applications. These complement the existing built in blue green deployments which is a more of a traffic shifting perspective. With linear deployments you can gradually shift traffic from your current service revisions to the new revision in equal percentage increments over a specified period of time. So for example, you could say, you know, 10% every so often. The other option you have is the canary approach with bake time. So with canary deployments you route a small percentage of production traffic to your new service revision whilst the majority is on the current version and then you set a canary bake time you're not cooking any birds to monitor the new revision's performance after which all the remaining traffic gets moved across. So these are different strategies that suit different approaches, but you now have flexibility. And speaking of flexibility, Amazon ECS has also enhanced observability with envoy access logs which gives you even deeper observability into request level traffic patterns and service interactions so you're getting lots more per request telemetry for end to end tracing, debugging and compliance. We have some new instance types. This is a general availability of the new memory optimized EC2 R8A instance. These feature 5th generation AMD EPYC processors. These were the turing processors with 4.5 GHz and up to 30% higher performance and 19% better price performance compared to R7A instances. These also give you 45% more memory bandwidth as well compared to the R7A. So this is really good if you've got latency sensitive workloads. We've also seen up to 60% faster performance for Groovy JVM so even better throughput requests. So again, the right EC2 instance will always change because things move on and you can take advantage of those. We're also happy to announce larger instances for Amazon LightSail. You can now get three new larger instance bundles with up to 64 VCPUs and 256 gig of memory. Deadline Cloud has enhanced support with latest 6th, 7th and 8th generation EC2 instances. So if you've not come across Deadline Cloud, it's a fully managed service that lets you run visual compute workloads in the cloud without having to manage infrastructure. Now you have access to more C, M and R series instances to do that with. Let's talk about EC2 auto scaling. Our old friend EC2 auto scaling announces warm pool support for auto scaling groups that have mixed instances policies. So with warm pools you can improve the elasticity of your applications by creating a pool of pre initialized EC2 instances that are ready to quickly serve application traffic. And by combining warm pools with instance type flexibilities, you can scale it to its maximum anytime because you've got access to lots of different instance types. So again, scaling should never be a problem for you if you're building correctly. We're happy to introduce the Capacity Reservation Topology API for AI, ML and HPC instance types. This allows customers to efficiently manage their capacity, schedule jobs and rank nodes for different workload types. So this API gives customers a unique per account hierarchical view of the relative location of their capacity reservations. So if you're running distributed parallel workloads and you're managing thousands of instances across tens to hundreds of capacity reservations, this lets you describe the topology and understand the proximity of the capacity without needing to launch an instance. This means for things that need to be tightly coupled, you can manage it far more effectively. So if you're doing anything at scale like this, this is a really really useful capability. And starting now, split cost allocation data for Amazon EKS is available. You can import up to 50 Kubernetes custom labels per pod as cost allocation tags and then you can send that off to be paid for appropriately.

A

Next up is Database Amazon Aurora D SQL now supports FIPS i43 compliant endpoints. Amazon CloudWatch Database Insights expands Anomaly Detection and on demand Analysis Database Insights is a monitoring and diagnostic solution that helps database administrators and application developers optimize database performance by providing comprehensive visibility into database metrics, query performance and resource patterns. Resource utilization patterns to be specific. Amazon DocumentDB with MongoDB compatibility announces upgraded query planner that can run queries up to 10x faster.

B

That's incredible 10x I know, that's with the pause of admission.

A

Amazon Dynamodb Accelerator now supports AWS PrivateLink. Amazon Elasticache now supports dual stack IPv4 and IPv6 service endpoints.

B

Does that mean it's the year of IPv6?

A

That's right, Simon. And speaking of IPv6, Amazon RDS extends IPv6 support for publicly accessible databases.

B

A year of IPv6.

A

It doesn't get.

B

The year is nearly done. I mean, I will point out it's November when we're recording it, so the year is nearly over, so folks are going, oh my goodness, enough with the ipv. But in all seriousness, it is amazing to watch this happen globally and this was kind of promised many years ago and it's finally here.

A

Yep, that's right. Amazon RDS for Oracle is now available with R7i memory optimized instances offering up to 64 to 1 memory to VCPU ratio. Microsoft SQL Server Developer Edition is now available through the AWS Launch Wizard.

B

Let's talk developer tools quickly. AWS Advanced NET Data Provider Driver is now generally available for Amazon RDS and PostgreSQL and MySQL compatible databases. This reduces your blue green switchover and database failover time, which means you can get running again very, very quickly. This builds upon a bunch of other native libraries, so check it out if you're wanting to have high availability implementations.

A

One quick update in end user Computing Amazon Workspaces announces USB redirection support for DCV Workspaces now we've got a few updates in gaming Amazon Gamelift Servers adds telemetry metrics to all server SDKs and game engine plugins. Amazon Gamelift Streams adds AWS health notifications for aging resources let's talk the Internet.

B

Of Things AWS IT Greengrass version 2.16 introduces system log forwarder and TPM 2.0 capabilities, so this allows you to manage security far better than ever before. And we're also announcing an AI Agent Context pack for AWS IoT Greengrass developers. The context package includes ready to use instructions, examples and templates, which means you can leverage generative AI tools and agents for faster software creation, testing, and deployment. It's available open Source on a GitHub repository under the Creative Commons Attribution ShareLike 4.0 license. So it just means you can get up and running fast.

A

Let's talk about management and governance. Aws config launches 42 managed rules so you're probably wondering, well, what are some of these rules? They span a lot of different areas such as security costs, durability operations. So you can now search and discover and enable these additional rules all through AWS config. And then you can govern more use cases for your AWS environment. So some examples is you can evaluate your tagging strategies across EKS Fargate profiles or you can assess your security posture across Amazon Cognito Identity pools. So there's of course a full list that you can be able to check out. But I mean it's just great that there's just so many different use cases. Lambda function descriptions wow, there's really a lot and more from config. AWS config now supports 49 new resource types. AWS Resource Explorer supports 47 additional resource types. AWS Service Reference Information now supports SDK Operation to Action mapping. This will help you answer questions such as I want to call a specific AWS service operation, which IAM permissions do I need? Oh my gosh. I think every single person on the planet who is listening to podcast has gone through this problem.

B

That's the question. That's the question.

A

Yes, you can automate the retrieval of service reference information, eliminating manual effort and ensuring your policies align with the latest service updates. Wow, that is a big one that you don't have these policies at break Amazon CloudWatch agent adds support for NVME Local Volume Performance Statistics. These metrics give you insights into behavior and performance characteristics of your NVME local storage. The CloudWatch agent can now be configured to collect and send detailed NVMe metrics to CloudWatch, providing deeper visibility into storage performance. Amazon CloudWatch application signals MCP Server for application performance monitoring now integrates CloudWatch Synthetics Canary monitoring directly into its audit framework, enabling automated AI powered debugging for synthetic monitoring failures. Wow, AI powered debugging. I mean, did I just hear that?

B

So you write the code with AI, it debugs it with AI, deploys it with AI, it's AI all the way down.

A

Yeah, I mean, DevOps teams and developers can now use natural language questions like why is my checkout canary failing? And then when you have these compatible AI assistants, you're now able to utilize the new AI powered debug debugged capabilities and quickly distinguish between Canary infrastructure issues and actual service problems. Amazon Managed Service for Prometheus adds anomaly detection.

B

Let's talk about networking and content delivery. Amazon cloudfront announces cross account support for VPC Origins this is an interesting one. So customers can now access VPC Origins that reside in different AWS accounts from their CloudFront distributions. Ooh, fascinating. With VPC Origins, customers can have their ALB, NLB and EC2 instances in a private subnet that is accessible only through their CloudFront distributions. With the support for cross account VPC Origins, you can now leverage the security benefits of VPC Origins whilst maintaining your existing multi account architecture. This is very, very handy. Amazon Cloudfront adds guess what? IPv6 support for anycast static IPs because it is the year of IPv6, Amazon DynamoDB streams have expanded private link support to FIPS endpoints and Amazon Route 53 resolver now also supports Adobe's Private Link and Amazon VPC IPAM automates prefix list updates. So this automates your prefix list updates with the prefix list resolver. This means as a network administrator you can now automatically update your prefix list based on your business logic in your iPam, which means you can improve your operational posture and it means you have far less overhead and Amazon VPC Lattice now supports custom domain names for resource configuration. Amazon VPC Lattice now supports custom domain names for resource configuration. So this enables layer four access to resources like databases, clusters, domain names across VPCs and accounts. With this feature you can use resource configurations for cluster based and TLS based resources.

A

All right, we've got security identity and compliance, aws, KMS now supports Edwards Curve digital signature algorithm. And if you're like me that did not understand what that actually is, I actually had to go to Amazon Nova, so Nova.Amazon.com to look up what this was. I literally had to put in the prompt explain this in easy to understand terms.

B

And what does it say?

A

You are also it says this is a method for creating digital signatures using elliptic curves. And then there it goes into way more. But I was like okay, I think that's the probably the extent that I will understand this.

B

That's as much math as we can do.

A

It really is. So with this new capability you can create an elliptic curve asymmetric KMS key or data key pairs to sign and verify Edwards Curve digital signature algorithms. Wow, that's really just like all that I have to say about that.

B

So I think one of the other things that is relative to this is it allows you to have small key and signature sizes. So it's useful for IoT blockchain type stuff. So it's a particular use case, but sounds like people need it. So there it is.

A

It sounds like people do need it. So it's a great feature that's out there. Speaking of other things that are great, Amazon Cognito removes machine to machine app client price dimension. So starting today we are removing the machine to machine app client pricing dimension, which is going to make it more cost effective for customers to build and scale their machine to machine applications. There's nothing like a good cost optimization hack that doesn't require you to do any work.

B

We love it. We love it. You still get charged based on the number of successful end to end token requests per month. But previously you were also charged for each M2M app client registered regardless of the amount. Now you don't have that anymore, so only successful token request is what you charge for, which I think is nice.

A

Yeah, really nice. And you don't have to do anything if you're ready using Amazon Cognito.

B

That's my favorite thing, not having to do that.

A

That's right. Amazon Cognito User Pools now supports Private connectivity with AWS PrivateLink we're excited to announce the Amazon OCSF ready specialization that recognizes AWS partners who have technically validated their software solutions to integrate with OCSF compatible Amazon services with proven customer success in the production environments. You're probably wondering what does this OCSF mean? It stands for the Open Cybersecurity Schema Framework, which is an open source initiative that simplifies how security data is normalized and shared across your security tools.

B

And let's finish up today with storage. Lots of updates in the storage space. AWS Backup adds single action database snapshot copy across AWS regions and accounts so you can do this in a single action. This feature supports Amazon RDS, Amazon Aurora, Amazon Neptune and Amazon DocumentDB snapshots so you don't have to do sequential steps, you just do it in one go versus a two step. AWS backup also now supports AWS KMS Customer managed keys with logical air gapped vaults, so this gives you additional encryption options beyond just the existing AWS owned keys, so this is useful in compliance situations. Amazon EBS introduces additional Performance Monitoring Message Amazon EBS introduces additional performance monitoring metrics for EBS Volume so two new metrics, Volume Average IOPS and Volume Average Throughput. So this is useful to get even more insight into any bottlenecks you might be experiencing. These are available at a default one minute frequency at no additional charge and are supported by all EBS volumes attached to an EC2 Nitro instance in all commercial AWS regions and also the GovCloud regions and the China regions. Amazon FSX now integrates with AWS Secrets Manager for enhanced management of active directory credentials. Amazon S3 adds conditional write functionality to copy operations. This is a good one. So with conditional copy you can now verify if the object exists or has been modified in your destination S3 bucket before copying it. So this helps you coordinate when you've got lots of writes to the same object and you want to avoid concurrent writers from unintentionally overriding the object. Amazon S3 now supports tags on S3 tables. This is always very useful for attribute based access control and cost allocation. And finally, mountpoint for Amazon S3 and mountpoint for Amazon S3 CSI drivers both add monitoring capability. So now you can use observability tools like Amazon cloudwatch, Prometheus and Grafana. And Mountpoint will now emit near real time metrics such as request count or request latency using the Open Telemetry protocol. There was a lot today, Jillian.

A

There really was.

B

I feel like we really are in the pre invent season and it's a wonderful season to be in.

A

And I like that there's a lot of different types of launches. Like, I mean now this is a recency bias because you were just saying it. But that AWS backup, that's a single action. I mean, I think every person that uses AWS backup has probably had that same thought of like, oh man, like I've only. What's an easier way of having these backups, like across regions?

B

It's just, it's just the little things, isn't it? It's like that or a 10 times faster query capability or you know, five times the amount of throughput or you know, it's. It's those things that often I think we forget to talk about in terms of, you know, folks who use the cloud effectively, etc. With their stakeholders to say, hey, did you know everything keeps getting better even when we're not doing anything about it. And that's I think, one of the wonderful things.

A

That's a really good point and I think an amazing way to end the show today.

B

Jillian, how do folks reach out to you if they want to?

A

Jillian Ford on LinkedIn.

B

And if you're old school, AWS podcast at Amazon. Com is also the place to do it. And until next time, keep on building.