# 334: AWS Makes Kubernetes Conversational Duration: 88 minutes Speakers: A, Justin Brodley, Ryan Lucas Date: 2025-12-22 ## Chapters 1. [00:00] Episode 334 recorded for December 9, 2025.We talk weekly about all things aws, GCP and Azure Episode 334 recorded for December 9, 2025. Kubectl. Goodbye. AWS makes Kubernetes conversational. We talk weekly about all things aws, GCP and Azure. 2. [01:31] We did not cover everything over the last weekend because there were hundreds of announcements Who won the Reinvent prediction show? And then we have a bunch of news. We did not going to cover everything today because there was literally hundreds of announcements over the last weekend. If there's something you guys wish we talked about or you have questions about, please ping us. 3. [02:28] AWS announced a feature called Lambda Managed Instance on Saturday Lambda Managed Instance lets you run Lambda on your own EC2 with AWS management. It's about time we have a serverless GPU inference capability. If that had been said during a keynote, but it already been spoiled on Saturday. 4. [03:14] Jonathan Warner says his last AWS keynote will be his last Jonathan: Warner will announce his last keynote and he will retire. Ryan: Ryan predicted that the they will expand the number of models in OR via Bedrock. Warner clarifies that he is not leaving Amazon and still has things to do. 5. [07:15] One was advanced agentic AI capabilities for Security Hub And then my final one was advanced agentic AI capabilities for Security Hub. Matt. unfortunately did not get a model router to route LLM queries different AI models. And he didn't get a new replacement for Cognito. 6. [08:06] Ryan: We tied on cost savings for networking, right rules Jonathan: How many times do they say the word artificial intelligence or AI in the keynotes? Matt Garman said it 77 times in his keynote. I take the win for reinvent with 160 was my guess and I was only off by 23. Overall I'm pretty pleased we were close on cost savings for networking. 7. [11:02] Matt Garmin started out the week with his keynote Matt Garmin started out the week with his keynote. I felt like he was lacking kind of a narrative through line through his presentation. I think his presentation's getting better. The thematic sort of keynote, structure has been missing in all of Garmin's keynote. 8. [13:49] AWS made 25 announcements in 10 minutes on AI and other topics The keynote was a little weird narratively, but I think his presentation skills are getting better. Overall, I would give him a solid B on his keynote. But I want more of the balance. There's plenty of opportunities for AI throughout all the keynotes. 9. [19:05] Any feedback on Swami and his keynote? No, I did not. All right, next one was Swami's keynote Next up was Swami's keynote. Other than he's a little, a little dull. I watch a 2X and I can only get through half of it. It's not that it's bad, it's just the content is rough for Me. If we have someone who's really into ML, maybe he would have enjoyed it more. 10. [20:33] Peter Desantis had a great, you know, infrastructure based talk Peter Desantis had a great, you know, infrastructure based talk. Overall I, I think he's one of the better presenters at Reinvent every year. I've watched five minutes of it and ran out of time. But my plan is to watch it. 11. [21:55] First, Warner's keynote was fantastic. He had the best intro video in years And then finally, Warner's keynote, which he had. He had the best intro video I think he's had in years. The message he delivered in that whole thing was development's just going to change. Great story narrative all the way through it. 12. [24:36] Bedrock now got you service tiers to match your AI workload performance with your cost Bedrock now got you service tiers. There's now a reserved service tier for pre purchase, guaranteed tokens per minute capacity with a 99.5% SLA. New Nova Forge to help you build your own foundational models. 13. [29:23] Moving on to compute with EC2 and Lambda features All right, moving on to compute with EC2 and Lambda features. Lambda got three big features and we'll talk about two of them in more depth here in a second. The final one is AWS AI factories, which is cloud scale AI infrastructure in your own data center. 14. [30:43] AWS Lambda Managed Instances lets you run Lambda functions on EC2 AWS Lambda Managed Instances lets you run Lambda functions on your EC2 instance in your account. While AWS handles all infrastructure management including patching, scaling and the load balancing. Will bridge the gap for customers who need specialized EC2 hardware like Graviton 4 processors. 15. [33:32] Durable functions enable developers to build multi step workflows with automatic state management Durable functions enable developers to build multi step workflows using sequential code with automatic state management. Checkpointing and retries feature uses a checkpoint and replay mechanism where functions can suspend execution for up to one year. Currently available to you only in US East Ohio region with plans for broader expansion coming soon. 16. [38:27] Amazon has added a wait function to its lambda function for serverless applications The new feature allows developers to use step functions or distributed durable functions. The durable function is going to win out more because it's more natural to how engineers think about Async Await. It's going to be easier for developers to take advantage of it. 17. [40:40] ECS Express Mode is a simplified deployment option for containerized applications ECS Express Mode is their new simplified deployment option for containerized applications. Service Auto Consolidates up to 25 Express Mode services behind a single application load balancer. NAT gateways now support regional availability. Cloudfront flat rate pricing, bundle delivery, WAF DDoS protection. 18. [47:16] VPC encryption control now provides centralized visibility and enforcement of encryption in transit You can now enforce encryption and transit within and across VPCs in a given region. VPC encryption control provides centralized visibility and enforcement of encryption in transit. Available to you in 23 regions, which is almost all of them. 19. [49:38] AWS Network Firewall Proxy is a preview of an explicit proxy service AWS Network Firewall Proxy is in preview. It centralizes outbound traffic filtering to prevent data exfiltration and malware injection. Available for free during the preview in US East Ohio region with comprehensive logging into S3 and CloudWatch for audit analysis. 20. [50:58] S3 vectors is now officially general availability S3 vectors is now officially general availability to allow you to have native vector support in S3 with two 2 bit vector indexes and 20 terabyte vector buckets. There's also a new S3 block public access which we'll talk about now. S3 has increased the limit by 10x to 50 terabytes. 21. [54:19] Amazon FSX for NetApp ONTAP supports S3 access points Amazon FSX for NetApp ONTAP now supports S3 access points. Allows enterprise file data to be accessed through S3 APIs while remaining in the FSX file system. Integration bridges traditional NAS storage with cloud native applications. That was the strangest announcement of the conference for me. 22. [55:56] AWS Aurora D SQL gets you cost estimates for various databases AWS is adding four new capabilities to RDS for SQL Server and Oracle focused on cost optimizations and storage flexibility. Aurora D SQL gets you cost estimates. OpenSearch GPU acceleration for 6 to 14x faster vector indexing. SQL Server Developer Edition is now available for free for non production workloads. 23. [57:30] AWS finally got savings plans for databases. I think Matt's been asked for AWS finally got savings plans for databases. Database Savings plan extends AWS existing savings plans models. Offers up to 35% savings on serverless deployments, up to 20% on provisioned instances. This applies to nine database types including Aurora, RDS, DynamoDB. 24. [59:28] You can now enable the SQL Server resource governor natively You can now enable the RDS SQL Server resource governor. If you would like to prevent your multi tenant databases from having one customer with a really noisy neighbor problem, you can now do that. 25. [60:41] Outbound Identity Federation for short lived jots for external service authentication Outbound Identity Federation for short lived jots for external service authentication. This gives you that real time analytics, risk prioritization and trending. I assume that you'll see additional customers and SaaS companies adopting some of that in the future. 26. [61:36] Amazon Guard is adding extended threat detection for Amazon EC2 and Amazon ECS Amazon Guard is adding extended threat detection for Amazon EC2 and Amazon ECS. Service uses AI and ML models to automatically link related suspicious activities. Expanded coverage is available now in all AVIS regions where guardduty. Operates. 27. [63:45] AWS Security Agent automates application security reviews, code scanning and penetration testing AWS Security Agent automates application security reviews, code scanning and penetration testing throughout the development lifecycle. Uses context from source code and specifications to execute smart, sophisticated multi step attack scenarios across 13 risk categories. Currently in preview and free during this period. 28. [66:14] AWS has released IAM Policy Autopilot to help developers generate policies AWS has released IAM Policy Autopilot, a free open source tool that analyzes application code locally to generate baseline IAM policies. The tool works as a model context protocol server that integrates with AI coding systems. It automatically stays up to date with the latest AWS services and IAM permissions. 29. [68:36] Cost Explorer forecasting has been extended from 12 months to 18 months Cost Explorer forecasting has been extended from 12 months to 18 months. Also gives you an explainable AI for that. A single percentage score combining optimization opportunities. Centralized billing across multiple organizations. 30. [69:30] AWS Compute Optimizer now identifies unused NAT Gateways AWS Compute Optimizer now identifies unused NAT Gateways by analyzing 32 days of CloudWatch metrics. Unused NAT gateways of course cost four and a half cents per hour plus data processing charges. Identifying unused instances can save customers over $30 per month per gateway. 31. [71:06] ServiceNow Transform Mainframe, Transform Custom and Transform Windows now available Transform Mainframe, Transform Custom and Transform Windows. Service analyzes dependencies across all three tiers and orchestrates transformations and waves. Aim to accelerate modernization by up to five times compared to manual approaches. Standard AWS resource repricing applies for deployed infrastructure. 32. [73:00] Amazon reversed its July 2024 decision to de emphasize CodeCommun and is returning Amazon has reversed its July 2024 decision to de emphasize CodeCommun and is returning the service to full general availability. Customers who migrate to GitHub, GitLab or Bitvikit can return with assistance from AWS Support teams. It represents an unusual public acknowledgment of a strategic misstep by aws. 33. [77:10] CloudWatch CloudWatch Unified data management helps consolidate multiple log streams together CloudWatch CloudWatch Unified data management which is consolidated op security and compliance logs. CloudWatch deletion protection which prevents accidental log group removal. Service quotas are now have automatic management for auto adjust limits based on usage. supplementary packages for Amazon Linux are now pre built for you for AmazonLinux. 34. [78:24] AMI Ancestry provides automatic lineage tracking for Amazon machine images AMI Ancestry provides automatic lineage tracking for Amazon machine images from creation through all Regional copies back to the root AMI only. Available at no additional costs for all AWS regions including China and GovCloud. DevOps and operations, we've got AWS DevOps agent and preview. 35. [80:58] AWS has restructured its support offerings into three AI enhanced tiers AWS has restructured its support offerings into three AI enhanced tiers. Business support is 71% cheaper than before, enterprise support is 67% cheaper and unified operations is $50,000 a month. I hope this ends up being decent service but I also think support's gone down. 36. [85:29] Amazon made some big announcements in AI and contact center this week And then our final two sections before we wrap up for the night. Marketplace and partners, partner central and console. I think compared to last year, I feel this is a much better. Reinvent. The announcements were better. And that's all for this week in Cloud. ## Transcript [00:00] A: Foreign, Where the forecast is always cloudy. We talk weekly about all things aws, GCP and Azure. [00:14] Justin Brodley: We are your hosts, Justin, Jonathan, Ryan and Matthew. [00:18] A: Episode 334 recorded for December 9, 2025. Kubectl. Goodbye. AWS makes Kubernetes conversational. Which, you know, I'll kind of miss Kubectl, I guess. [00:30] Justin Brodley: Sadly, I won't miss people pronouncing it Kubectl instead of Kubectl like it's supposed to be. [00:37] A: And I'm just doing it to troll, you know. It's been happening. [00:42] Ryan Lucas: There we go again. [00:43] A: Yeah, well, I mean we really just called the show Amazon announces a ton of AI shit. Yeah. @ Reinvent. But that's not what we're gonna call it because we're responsible podcasters here. But yeah, questionable Reinvent happened last week, sorry to say. Happy to say. I don't know. It was good. I watched all the keynotes today on 2x speed, so I'm now fully caught up on the things other than Swami's. I couldn't get through more than half. Sorry Swami. Love you. [01:10] Ryan Lucas: Pieces. I tried 3x on Swamis. That's as far as I got 45 minutes in and I still couldn't do it. [01:16] A: Anymore. But yeah, like it's just so much ML, so much ML. But you know, I was mostly impressed that this is the 14th reinvent because I feel like I've been doing Cloud for a hundred years at this point. So the fact this is only the 14th was sort of shocking to. [01:28] Justin Brodley: Me. This is. [01:29] A: Shocking. But yeah. So let's get right into the thing that matters most, which is who won the Reinvent prediction show. And so we're going to cover these and then we have a bunch of news. We did not going to cover everything today because there was literally hundreds of announcements over the last weekend. We cannot possibly cover all of them unless this would be a 17 hour show. Yeah. And I don't know that you guys all make it through an hour long show of us talking. So definitely not going to try for a really, really long show on everything. But if there's something you guys wish we talked about or you have questions about, you know, please ping us@thecloudpod.net you can email Justin or the POD there or you can hop on our Slack channel and just say hey, you didn't talk about this announcement and we will save it for next week and we will answer any, any announcements. Which is also my cheat way of saying well, anything I should have covered that I thought was Interesting that I found later, which is what happens every year. I can now say someone asked me a question about. So there you. [02:23] Justin Brodley: Go. And we'll actually do a research and you know, like be prepared. [02:26] A: For. Yeah, yeah, be prepared. It's good. So Jonathan's not here, but his. He was first up in the draft order for us. And so he. He nailed a Saturday announcement. Like out of the park. Like blew up the Internet when they announced it. And that was that they announced a feature called where is it? Lambda Managed Instance, which lets you run Lambda on your own EC2 with AWS management. And the reason why you would do that is so you can get access to GPUs most likely, which is really what he said was serverless GPU support or an extension in Lambda or a different service. It's about time we have a serverless GPU inference capability. And so if that had been said during a keynote, which it was during DeSantis's, but it already been spoiled on Saturday, he got a point. So he's not here to argue about it. So no point. Jonathan free you. Yeah. Next up, Jonathan had AI agent with goals instructions that can run when they need to periodically or always and perform an action like an agentic platform that runs agents. And they announced both Bedrock Agent Core and Kiro autonomous agents and something also with Q, which I lost interest in when I was trying to read it. But yeah, lots of agent things. So I definitely feel he got a point for this one. So one point to Jonathan and then the final one. Warner will announce his last. It's his last keynote and he will retire. He did retire from keynotes. He did say this. He will no longer do keynotes. That he has decided to step down from keynotes to allow younger voices at AWS to take the stage and become more visible in the organization, which is a nice succession planning move. But he did not say he was retiring. He specifically said that in the thing. So Jonathan gets no points. Although I would give him a half. [04:03] Ryan Lucas: Point. I think we still give him point. I think we give him a point. He nailed that it was going to be his last. [04:10] A: Keynote. Well, we did do research from that. He, you know, that we found that, you know, he had done an interview a few weeks ago. Now Jonathan swears he did not see the interview beforehand where he said alluded to this fact. But you know, I don't know. I. He said retire. And I feel like retire is the key part of that because even doing his last keynote, I don't even know if I would have cared about that as a point. But the hero tire part was the part that I was most intrigued about in his prediction. I don't know. Yeah, I mean, it doesn't matter. You can give him the point. He'll still. [04:39] Justin Brodley: Lose. Yeah. So that's the only part I'm okay. [04:41] Ryan Lucas: With. That's part of the reason I'm fighting for him here. Yeah, I'm cheating. I know the next step. So I felt like we should have a little bit of argument on the podcast. [04:50] A: So. Sure, sure. He's not here to defend himself. [04:54] Justin Brodley: Though. I thought Warner said he was taking a new role as well that was going to have different. [04:58] A: Responsibilities. But he did say as his final keynote and he clarifies that he is not leaving Amazon and still has things to do, indicating he's stepping away from the keynotes to allow young, fresh, new voices to share their stories. But he is. There's nothing about taking on a new role in Amazon. He's continuing his current role as cto. So. Okay, now we've clarified that. No point for Jonathan. No point for. [05:20] Justin Brodley: Ryan. Yeah, I was trying, you know, it's arguing for, for Jonathan. [05:24] A: But. Yeah, yeah. I mean if it's a different role, I could, I would maybe agree with you. But Ryan did quite well this time. New Trainium 3 chips. He also said maybe new Graviton chips and Inferentia because he, he knew how to take, take structure this bet. Right. And so he not only did get Trainium, he also got a new Graviton chip. The training three Ultra servers were announced in Garmin's keynote and then in Desantis keynote they announced the new Graviton chips and they brought a really nice shiny rack for Ryan in Garmin's presentation to show you what a train 3 ultra server rack looked like. And it was very pretty and very clean cable management. So a plus on the cable. [05:59] Justin Brodley: Management. I love. [05:59] A: It. Love a good cable management. Ryan then predicted that the they will expand the number of models in OR via Bedrock. And they announced that they had doubled the number of models and announced Gemma, Minimax, M2, Nvidia, Nemotron, Mistral Large and Mistral 3. I feel that's a firm vote to Ryan. I mean technically those doubling the models happened way before Reinvent. But hey, Gemma is a big one and Mistral, those are two very large big models that people care about. So I think there's definitely a point. You then said you hoped for a refresh to Amazon organizations, which you did. [06:33] Ryan Lucas: Not. [06:33] A: No. And there's even a section where you could have got it, which is. We'll talk about that in a second. But you. I thought it might happen. Still for you, the last 10 minutes of the presentation, I was like, it could, it could happen. My point, my score here. I got a new Nova model and Sonic with multimodal. I got a Light, a Pro, a Sonic and a new model called Omni for Multimodal. So I was very happy about that. On Garmin's keynote, I said they would announce a partnership with OpenAI, likely on stage. They did not have OpenAI on stage, nor did they have a partnership, but they did say that Amazon and OpenAI are running on top of the brand new EC2 Ultra servers that Ryan predicted earlier. It'd technically be a half point, but I'm not giving it to myself, but yeah, so I don't need it. So there you go. And then my final one was advanced agentic AI capabilities for Security Hub. Basically we automate the SOC teams and they announced as part of the general availability of Security Hub, new AWS security agent, which is exactly what I was looking for. So that is a solid point for me. Matt. Matt had a. [07:32] Ryan Lucas: Rough. I don't want to talk about. [07:33] A: It. Matt denied. I don't want to talk about it. Matt. Matt. Matt unfortunately did not get a model router to route LLM queries different AI models. He did not get a well architected framework expansion, although it was mentioned in many keynotes. Well architected frameworks. And he did not get a new replacement for Cognito. So which I. I was actually in a different conversation with AI the other day and I said, I don't want to use Cognito. It's a piece of crap. And it like, it challenged me like, why do you think it's a piece of crap? Explain it to me. And I was like, oh God. So even AI is trying to pitch me into. [08:04] Justin Brodley: Cognito. [08:05] A: But. So that takes us to our tiebreaker because both Ryan and I are tied at two points each maybe technically Jonathan's tied at two points as well, debating how you want to see that. And so the tiebreaker was. How many times do they say the word artificial intelligence or AI in the keynotes? Matt Garman said it 77 times in his keynote. He definitely beat everyone else, I thought, which I was shocked about because I thought Swami would take him. That was not the case. DeSantis's keynote had 31, Swami had 41 and Werner had 31, for a total of 183 and on prices, right rules. That means I take the win for reinvent with 160 was my guess and I was only off by 23. That's not. [08:46] Justin Brodley: Bad. Yeah, no, I. [08:47] Ryan Lucas: Definitely. No challenge. We should have done. [08:50] A: Agent. I mean Agent would be. Maybe that's what we needed next year. I will, I will notice next year is Agent. Yes, I will definitely note that for next year. I think Agent would be a good one as well. So. Because I do feel like we've. We've kind of put AI and artificial intelligence to death at this point. So we did get some honorable mentions as well. Marketplace for AI AI work. There was definitely a marketplace for that for like agents you could basically download or select and add into your bedrock. There was a Q developer with autonomous agents. There was a next generation silicone discussion for combined TPU competitor IE GPU Graviton Learning. So they basically said that things are optimizing for in trainium and that they are. You know, they basically alluded to they are working on some things there. So that's great. So I will pat myself on the back for winning this one again you guys show us. But it was impressive, impressive feat. You know we were a three way tie. I think it's the first time we've ever done that. Well on. [09:48] Justin Brodley: Predictions. No. [09:49] A: Definitely. I think we all should be winners. Yeah. And I will, I would win. Except for Matt who lost and also lost Azure, which was. [09:57] Ryan Lucas: Sad. Yeah, I won Google last. [09:59] Justin Brodley: Year. You did win, which is. [10:01] A: Funny. Yeah, you did, which is funny. So in the cloud you don't work in every day, you have better visibility on than the cloud that you used to work in all the time and the one you work on every. [10:11] Justin Brodley: Day. Yeah, I will say a lot of these things are easier to get right just because they're a little bit behind ever, you know, the other cloud platforms in terms of AI. And so you just, you can kind of stick to what everyone else has already announced a little bit and then or just pick the gaps in their current. [10:27] A: Services. So. [10:28] Justin Brodley: It'S. I do feel like it's a little bit easier these days when they're all releasing kind of the same sort of, you know, ecosystems around. [10:37] A: Agentic. I mean they all want, they want to all want foundational models, they all want agents, they all want agent orchestration. So yeah, it was probably one of the easier ones to do if you've been paying any attention to the market whatsoever in the last six months. But overall I'm pretty pleased we. [10:53] Ryan Lucas: Were close on cost savings for networking. It was just wrong service. It was cost Savings for. [10:59] A: Databases. Yeah. Which is huge. So. All right, well, let's talk about the keynotes. Himself. So Matt Garmin started out the week with his keynote. You know, he, I, I struggle with his keynotes because I feel like he's, I want to really like him and I just for some reason don't like him. Cause I think he was in sales and I think it just exudes out of him that he's a former sales guy. I mean he's also a former engineer. So like I should like him more than I do. But you know, it was. He. I felt like he was lacking kind of a narrative through line through his presentation. Like it just sort of was kind of like in the meandered around. It was unfoundational. And then it had a customer out for 10 minutes and then, you know, I lost the thread of where we were at and then he came back around. I don't know. What did you guys think of. [11:39] Ryan Lucas: Matt? I think his presentation's getting better. I think even just like his vocal patterns I feel like are, you know, used to be a lot worse and they're getting, you know, there's more ups and downs, there's more intonation in it. Where before I felt like it was a little bit more flatlined when he was presenting versus like, if you ever see like interview with him, he's a lot better when he's not just straight presenting. It feels like, yeah, he's definitely. [12:04] A: Better one on one in like podcasts, listen to him on or interviews. He's definitely better at those in my. [12:09] Ryan Lucas: Opinion. And I think he's. That skill set is slowly moving into his keynote. So I will say it was one of his better ones. But the marketing team, I agree. I felt like I got lost in where we were going. I really liked the last kind of funness of the last 10 minutes, which I know we're going to get to later on. But like the first hour and fifteen minutes just felt like I was lost on a suits and ladders board. [12:35] Justin Brodley: Almost. This is funny because I wouldn't really think about that as like something that Andy Jassy brought. I would think that the thematic sort of keynote, sort of structure I would think would be marketing or you know, like a lot of different players in that. But it has been missing in all of Garmin's keynote. So it is sort of interesting there. But I wonder how these actually. [12:59] A: Go. It was interesting because, you know, so Matt has alluded to it. So it basically, you know, he's, he was on stage for Two hours. Ish somewhere two hours and change. And it was long and you know, but then the last 15 minutes he basically says, you know, we know you care about non AI things 2. And I was like, wow, that's. You are my survey comments. Yeah, exactly. And so he says, I'm going to do 25 exciting new announcements in 10 minutes with a counter. And I, I basically had to get through all of these. And he got through 25 items very quickly. And I'm like, okay, you're so close. Like, I like, hey, the 10 minute, the way he structured that was great. So it was like, it was quick, it was, you know, fast. Like he actually added a little detail. It wasn't just like, oh, here's a new instance and then move on. It was like he told you a little bit about it. Like, so it was enough to like wet your whistle. Which is, which is why I've stole it aimlessly. Now for the next part of our show where we're going to basically do the same thing for all the reinvents because we can't cover them all, but we at least have a little bit of a highlight of each of them. So in that 25, or sorry, the 25 announcements of 10 minutes, he announced the X8 instance. The instance I'm now nicknaming the Elon instance because it sounds like his son's name. The C8A instance. The C8I and E instance. The M8AZN instance, the M3 and M4MAX max instances. The lambda durable functions 50 terabyte S3 objects. S3 batch ops were 10x faster. Intelligent tiering for S3 tables. Automatic application for S3 tables. S3 access points for FSX, NetApp, S3 vectors, GPU index for Amazon OpenSearch, Amazon EMR serverless with no storage provisioning. Guardduty to ECS and EC2. Security hub is now generally available. Unified Data Store and CloudWatch increases storage for SQL and Oracle RDS optimizes CPUs for RDS for SQL Server and SQL Server development support and database savings plans all within 10 minutes, which that could have been a whole keynote and I would have been ecstatic. Yeah, right. So I like, I mean, two hours on the AI stuff and then 10 minutes on this. I, I like. Okay, I appreciate you did it. I'd like a little more balance still. You know, maybe we, maybe we could do an hour and a half of AI and then 30 minutes of this. Or maybe maybe we could do it 50, 50. And because the reality of it too is Then you have Swami come out and he talks a lot of AI and ML. You have Peter come out. He also talks a bit of AI, but more about the CPU and the training. And he talks about, like, AI, some of the AI, Nova Forge, which lets you basically help create, you know, foundational models. So there's a. There's plenty of opportunities for AI throughout all the keynotes. And so I don't necessarily know that he needs to do all the announcements, but, like, it sort of reminded me a little bit of the year that Andy Jassy did the song thing where the songs reminded him of different features. And it was kind of a nice narrative through line that Andy did on that. So a, for the 10 minutes overall, his presentation was a little weird narratively, but I, I agree with you. I think his presentation skills are getting better. So overall, I would give him a solid B on his keynote. [15:52] Ryan Lucas: You. Yeah. On the balance stuff, I'm not sure, like, look, feel we talk about, you know, this is called the cloud pod, but 50% we talked about, probably 70% of what we talk about is. [16:03] A: Really AI at this point, only because it's all they. [16:06] Ryan Lucas: Announce. Right. Not disagreeing with you about the fact, but, you know, it's just where the market. [16:14] A: Is. It's clearly what the investors want to hear, is clearly what customers are asking them about. They are definitely, you know, dealing with the customer side of it. And I, I just, you know, it's not what I fell in love with AWS about. And so I want more of the balance. I. And I hear you that you had, like, I would have, I would have been disappointed they didn't have a Nova too. I would've been disappointed if they didn't do agents because everyone else is doing it. And so it would be like you're lacking. All your competitors are doing. So I, you know, but nothing they announced any of those things was like, amazingly better. You know, it was like, so, like it didn't have to spend a lot of time in some of those. [16:50] Ryan Lucas: Areas. But I would say they spent 25. This 10 minutes, they announced 25 announcements. So, like, okay, a little bit of rapid fire here. I get it. It was fun. But in 100 and math at late at night, 110 minutes, let's say, of the rest of it, he announced 10, maybe 15 things. You know, granted, there's the customer stories, how they're doing stuff, he touches upon features. But, like, it felt like they just dragged on things on the early part where, you know, which was interesting. And they always do the customers things which I'm not in love with sitting there watching and I'm not gonna lie, fast forward through half of them. But on the flip side, it just felt like it needed a little bit more balance. So like, I still remember when they announced like Time Series database or whatnot. Like it was like a five minute segment about the build up to this and how they presented it, not 20 minutes to build up to a feature release. And that's where I feel like it's, it's still missing for. [17:51] A: Me. Makes sense. I mean, I, I, I'm going to agree to disagree, but I get. [17:58] Ryan Lucas: With a lot more infrastructure stuff still, like, that's where we all came from, that's what we like about. [18:03] A: It. But yes, I mean, even if you were like, look, okay, you know, Garmin and Swan are going to do nothing but AI and the stuff that's cool, then just make Peter do all the infrastructure stuff, that's fine too. I'm okay with that. Which also I will point out that we started with Matt this year because they kicked Peter. They kicked Peter off a Monday Night Live, moved him to Thursday morning a Warner slot, then moved Warner to an afternoon slot, which I assume that was because Desantis was tired of missing Monday Night Football. So I'm not really sure how that happened. But you know, I, it was nice to see him a different time zone too. But he did mention he couldn't serve beer, you know, at a morning keynote, which is. [18:36] Ryan Lucas: Disappointing. So it's fair, I assume they also did it as to kind of like segue Warner out a little. [18:43] A: Bit. Well, and also I think it, I think what, at least what my historical knowledge has been is pretty much after Thursday's keynote, people kind of started bailing out. And so by moving Warner into an afternoon keynote slot before reinvent, maybe people would stick around longer. But again, I, I don't know if I would have changed my calculation on that, but I could see people doing it. All right, next one was Swami's keynote. Any feedback on Swami and his keynote? No, I did not. Other than he's a little, a little dull. I watch a 2X and I can only get through half of it. Not because he's not a good speaker. He's a good speaker, he does a good job, he had a good narrative to it, but I just don't care about what he's presenting about in any way, shape or form. And I just can't do. [19:25] Justin Brodley: It. I, I haven't watched one of his in years because I, I tried to Struggle for, you know, and I felt like I wasn't getting it and it felt like the content and you know, there's a lot of, you know, specific ML terms and stuff that if you're not in that heavy data science space. [19:40] A: Aren'T. But it's one of those like if we were at the house drinking like we used to do when we were at Re Invent and we just watched the keynotes from the house with beer, or we could like mercilessly mock it as it went through, like we probably watch it and enjoy it, that'd be fine. Or if we were doing the live streaming where we live streamed over the keynotes, like we did that one year. Maybe that'll be fun and we would enjoy. [19:59] Justin Brodley: That. But yeah, just watching it by myself and no thank. [20:02] Ryan Lucas: You. Yeah, I tried 3X today and I still couldn't get through her. Like you said, it's not that it's bad, it's just the content is rough for. [20:11] A: Me. Yeah. And if we, I mean, if, if we have someone who's really into ML, if Jonathan was maybe here, maybe he would have enjoyed it more. I don't know. But you know, it's definitely a possibility. So. All right, we'll move around. So I, I give him a solid B. Like again, it's not, it's not him, it's not the presentation, it's me. I, and I acknowledge it's not you, it's me. Yeah, yeah, it's not you, it's me. Peter Desantis had a great, you know, infrastructure based talk. He didn't do, you know, the history of computing kind of thing he done in the past, but it was a little bit more, he picked up a little bit of the Werner things. He kind of blended with his own style. I, overall I enjoyed it quite a bit. He talked about Graviton, the new Graviton chips. You know, he did his normal dog and pony about nitro and why nitro so important. And you know, again, it was a little bit of history, a little bit of cool technology, a few announcements sprinkled in there, or not really announcements. They were already announced earlier in the week. But you know, mentions on stage about some of those things, which was nice. And overall I, I, I think he's one of the better presenters at Reinvent every year at this point. I, I'd say solid A for Peter and his, the folks he had on. [21:12] Justin Brodley: Stage. Yeah, his presentations are always my favorite. It has been for a long time. And it might just be because it is the, like, I Said it is the part of AWS that I fell in love with. You know, that. That deep infrastructure and. And sort of hosting at that scale. [21:27] Ryan Lucas: But I don't. [21:30] Justin Brodley: Know. This presentation's pretty good, too. They're. [21:31] Ryan Lucas: Fun. I'll admit. I've watched five minutes of it and ran out of time. [21:36] A: Today. Oh. [21:37] Ryan Lucas: Good. It was a. I had a lot of random personal stuff this weekend that just didn't lead to watching these, so I missed that one. But my plan is to watch it. So ask me next week and I'll. Now I put myself on the spot. So I actually have to watch. [21:49] A: It. Yeah, you have to not do it. Damn. [21:52] Ryan Lucas: It. That was. [21:52] A: Bad. And then finally, Warner's keynote, which he had. He had the best intro video I think he's had in years. He basically had a, you know, started out with, like, looking at a newspaper says AI is killing the development. And he goes, really? And then he goes into a, you know, beta time machine he's built and goes back to the 60s, you know, 70s maybe. Basically goes through all these times when people were like, no sequel is going to kill this. And, you know, Cobalt's going to kill the punch. [22:18] Justin Brodley: Card. And. [22:18] A: Like. And he's like, you know, basically the message he delivered in that whole thing was development's just going to change. Just like it's changed multiple times before from, you know, all these different things. I did, like the. The sh. The subtle shade at blockchain, that was my. [22:33] Ryan Lucas: Favorite. [22:33] A: Yeah. Yeah. He basically had a Marty McFly type character in the. In the thing. And he was, you know, teaching, like, I'll teach you all the things you need to know. And, like, one of them was like, blockchain, and I was like, no, you can skip that. [22:44] Ryan Lucas: One. Yeah, it was good. It was like a nice, subtle, just like, jab right in the middle of it. It was. [22:52] A: Great. Yeah. Little. Little dig. And then right out of it. It was good. But, yeah. So overall then, you know, he went into, you know, basically talking about, you know, this is the time of the Renaissance developer, being able to focus on things and being able to orchestrate across multiple agents. And now you have so much more power and capability, but, you know, you're still in control, basically was the message. And, you know, again, fantastic Warner keynote. I always enjoy them. They're case study and how to do a good technical keynote, in my opinion. Yeah. And fantastic story narrative all the way through it. A a as. [23:23] Ryan Lucas: Well. So I really like his keynotes. I always have. And even, you know, I sent it to my day Job, you know, was like, guys, I understand we're not on aws, but, you know, you guys should listen to this. There's things of it you probably won't get, but the underlying pieces of it still should resonate. Like it's. I like the way you talked about it. I like, you know, the five principles he touched on and you know, how he always presents it in the story. I think he is always one of the best speakers, at least for. [23:52] Justin Brodley: Me, and I always like it when he makes me feel smart because I've been sort of saying the same thing about development and how it's not going to get rid of development and it's just going to be like the introduction of another tool that you use for development that makes you faster, more efficient, which is super cool. So smart. I smart like. [24:10] A: Warner, I let that. [24:14] Ryan Lucas: Go. I will say I think he lost. [24:15] A: Weight. Oh, there it was, the parade of Ozempic if I ever saw one. You know, Warner's definitely lost weight. Peter Desantis is like half of Peter Desantis. It's definitely. They bought a healthcare company, if you didn't know. And that's. That's having good impact on them. All right, well, that, that's the keynotes. Let's jump into the bajillions of announcements that came out of it. We'll start out with aiml because that's what they announced the most of, of course. So Bedrock now got you service tiers. You have priority standard and flex to match your AI workload performance with your cost. There's now a reserved service tier for pre purchase, guaranteed tokens per minute capacity with a 99.5% SLA. I mean, if not four nines, I don't know if I can use it. [25:03] Ryan Lucas: Right. I thought this was interesting where it's like you can reserve it and we're still not can guarantee that you'll get it. Like, I understand it's three. Was it three five? Three nines and a five. Like it's still really. [25:14] A: High. No, it's just 995. It's not even three nines, it's two. [25:17] Ryan Lucas: Nines. Oh, sorry, two nines and five. But like, it doesn't sound great if I'm, like, if I know I'm in churn or I'm building my entire product on this and you know, pre purchase the guarantee, but you're not really guaranteed. It just felt weird to. [25:32] Justin Brodley: Me. They could have called it premium. [25:34] A: Which is ultra old premium. Yeah. [25:38] Ryan Lucas: Yeah. They just charge you more. [25:40] A: For. Yeah, the new Bedrock Agent Core, which is policy controls, evaluations of a second memory for AI agents and controlling your AI agent fleet. You know, Skynet's never been closer. Yeah. Through Agent Corp. Bedrock Reinforcement fine tuning with RLVR and RLIF for model customizations, which I don't know either of those are, other than I know they are involved in training and grounding Amazon Nova 2 and all the Nova 2 families. There's a new Nova Forge to help you build your own foundational models where they actually bring. You know, one of the things he talked about in Nova Forge was, you know, you don't have all the data you need to be able to successfully build a model of scale. And so with Nova Forge they help you basically do that. They provide, provide a bunch of data that you help to use to build the model. They help do the navigation of building the model for you and you kind of get out of the box, simpler model building. If you're trying to build foundational models, which you should not be. So if you need to. It's nice to have that. Thanks. Anthropic Applauded. Everyone else is like, no, no, we don't do foundational models. Too expensive. So there you. [26:36] Ryan Lucas: Go. I thought it was interesting also. Where was it? It was in the Nova Forge where they were talking about like you integrate your data in at multiple points so it doesn't forget about it in the long term. And having that kind of building in it at multiple points so that it retains that information and becomes very much embedded with your logic versus anything else I thought was kind of interesting. Maybe that's just general knowledge inside of the foundational model and RAG. [27:03] A: Thing. I think it is. That's how most of the models are now fine tuning with user feedback is they're doing basically that. But you know, the thing they're giving is they're giving you early training checkpoints rather than the fully, you know, rather than fully trained model addressing, you know, the forgetting problem in general and then service blending the customer data set with the Nova curated training data across pre training, mid training and post training to dump do that. So yeah, it's, you know, this is one of the challenges you have even when you're using RAG or you're using grounding is that, you know, the model has all this other data in it. And so it doesn't necessarily have to use your data that came from the RAG to respond. It thinks there's a better path. And so it is a challenge. So it's definitely a solution to. [27:39] Justin Brodley: That. Well, I agree with you that no one should be building their own foundational models unless it's really truly like built on a data set that's unique. I do think that everyone should go through the exercise of building a model to understand how AI. [27:51] A: Works. Oh that. I mean. [27:54] Justin Brodley: I. It's kind. [27:54] A: Of. Well, I don't think you should build a LLM. I do think you should build a slm. And so. So small language models that are very finely tuned to certain things is basically the same process but in a slightly different way and you start with a foundational model to get there. I think that is a very valuable process and I think as a limbs make a lot of sense for a lot of use cases because you're typically trying to do something very particular with your AI. Yeah. So new 18 new open weight models which gave Ryan the point earlier. Amazon Q developer cost management for natural language queries for AWS spending analysis so your finops people can now get an AI buddy, which is always helpful. SageMaker serverless customization for automated infrastructure for fine tuning. Sage SageMaker hyperpod for checkpointless and elastic training capabilities. The AWS Clean Room ML gets privacy enhancing synthetic dataset generations and then agent core evaluations allow you to continuously inspect agent quality based on real world behavior. Make sure your AI hasn't gone. [28:47] Ryan Lucas: Skynet. The last one was interesting because they're like about where it processes it. So they were saying how it processes it before it touches your data which is interesting and you know, I was worried and I still am. They say it doesn't really affect because it's in line how long. They say it's like 30 milliseconds or 300 milliseconds. I'll remember the number. But you know that if that is to evaluate multiple times you could add latency but they say it's not going to affect it. So be curious in the real world once that gets, you know, more usage, how that will actually move on and affect. [29:21] A: Things. Yeah. All right, moving on to compute with EC2 and Lambda features. We got EC2 P6B300 Nvidia Blackwell Ultra GPU based instances. We got the X8AEDZ which I call the Elon Musk instance which is an AMD EPYC 5 GHz memory optimized for EDA and databases. We got the new C8A instance which is the AMD Epyc Turin with 30% higher compute performance. We got the new EC2 M9G which has the new Graviton 5 powered instances with 25% better performance than Graviton 4. You can get a Graviton 5 processor with 192 cores and a 5x larger cache. And this is one of the things Peter talked about in his keynote was the balance between the L1, L2 and L3 cache and the trade offs they make. But in this particular case the Graviton 5, they feel like they made a really good balance and they had some really good customer testimonials on some of that as well. Lambda got three big features and we'll talk about two of them in more depth here in a second. So I'll skip those two, but Lambda Tenant Isolation mode is the first one which is built in multi tenant separation and then the final one in the section AWS AI factories, which is cloud scale AI infrastructure in your own data center available to you. So then the two Lambda stories, let me go find them real quick. We're going to bounce around the document here which is always fun. All right, Introducing AWS Lambda Managed Instances lets you run Lambda functions on your EC2 instance in your account while AWS handles all infrastructure management including patching, scaling and the load balancing. This will bridge the gap for customers who need specialized EC2 hardware like Graviton 4 processors or want to apply existing EC2 reserved instances and compute savings plans to steady state lambda workloads that giving up serverless development benefits. The multi concurrency feature allows each execution environment to process multiple requests simultaneously rather than one at a time, which reduces compute consumption and eliminates cold starts. Through pre provisioned environments, capacitors can absorb traffic spikes up to 50% without scaling, and AWS automatically provisions additional instances within 10 seconds when needed, though extreme surges may trigger 429 throttle responses. Pricing includes three components. The standard Lambda request charge at $0.20 per million invocations, standard EC2 instance charges where your existing pricing agreements apply, and a 15% compute management fee calculated on EC2 on demand pricing. Unlike traditional Lanwa, you are not charged heavily for execution duration per request and the multi concurrency model helps optimize your total compute time available to you in U.S. east, North Virginia, U.S. east Ohio, U.S. west, Oregon, Asia Pacific, Tokyo and Europe Ireland regions Support for Node, Java Net and Python sadly, no Ruby so I will not be running Ruby on my Manage. [31:58] Justin Brodley: Instance. I'm sorry for the no Ruby. No, I'm. [32:03] Ryan Lucas: Not. No. [32:04] A: No. You. You're sorry. You're sort of sad about it. I know. It's. [32:09] Ryan Lucas: Okay. I feel like we should have seen this coming given that they just released the EC2 management or sorry, ECS manage instance a couple months. [32:17] A: Ago. Yeah, I'm sure this is built on some of. [32:19] Ryan Lucas: That. Yeah, that was kind of the first step. This will be the next one. Now I'm trying to figure out like what's next after this that I should have seen. [32:26] Justin Brodley: Coming. Well, Jonathan, he. [32:28] A: Thought. Yeah, yeah he did. He just saw it for GPU reasons. Interesting that their use case that they described in the article was more about you getting access to Graviton 4 and then the use case around. Well, I already have a bunch of instances and savings plans and now you're telling me to go to Lambda, I lose all that. Well this, that's actually a great transition area area for customers who are on legacy EC2 based infrastructure who want to move to serverless now you can reuse your spe. So there's a lot of benefits to it potentially for certain customer types in addition to some of the benefits for long turning. [32:58] Ryan Lucas: Transactions. You still get savings plans. We're still on Lambda. [33:02] A: Too. Yeah. You have that available? Yeah. [33:04] Ryan Lucas: Yeah. It just was a much lower percentage. [33:07] Justin Brodley: Yep. Oh, and. [33:10] A: Then. Well, one of the complaints too in high volume Lambda shops is the cost gets can get pretty astronomical and it's like super high volume. Like most, most enterprise applications will ever have that volume problem. But in really large shops that it has been a complaint that they, you know you can rack up a lot of costs moving data between the different parts of the Lambda function. So this also helps you with some of the savings there. So there's that benefit. All right. The next one for Lambda was they're building you can now build multi step applications and AI workflows with AWS Lambda. Durable functions Durable functions enable developers to build multi step workflows using sequential code with automatic state management. Checkpointing and retries feature uses a checkpoint and replay mechanism where functions can suspend execution for up to one year without incurring compute charges during wait periods, making it suitable for long running processes like payment workflows, AI agent orchestration or approval processes requiring human interventions. The invitation uses an open source SDK available for Node JS and Python that provides primitives like Context step for automatic retries and checkpointing. Context wait for suspending execution and context create callback for handling external events when failure has occurred. Land automatically resumes from the last checkpoint and replays the event handler while skipping already completed operations, eliminating the need for custom some state management infrastructure. This version's Lambda is a direct alternative to AWS sub functions for certain workload patterns, particularly where developers prefer writing sequential code and their Lambda Functions Rather than defining state machines in JSON, the feature completes, competes with Azure Durable Functions and provides built in idempotency, eventbrite integration for monitoring and the ability to use lambda versions to ensure consistent replay behavior during long running executions. Currently available to you only in US East Ohio region with plans for broader expansion coming soon. Pricing follows standard lambda compute charges, but eliminates costs during wait periods which could provide substantial savings for workflows of long idle times. So I mean are we now officially saying serverless is dead? Now we can write true durable state functions? [35:00] Justin Brodley: Yeah. Is it. Is it still serverless if it's. Yeah, just sort of, I guess still running on compute somewhere and it's not yours and so that's really. [35:10] A: Tough. Yeah, it's a fun. I mean I, I can't wait to troubleshoot the lambda function that, you know, ran 11 months ago and now I can't seem to get my transaction to close properly because it's been waiting all this time. Sort of interesting use. [35:24] Ryan Lucas: Case. Yeah, I'm curious how it handles. Like I've rolled out 16 new versions since then. Blob storage drop off the original. [35:33] A: I changed my JSON schema and the payload and now what are you going to do now, bitch? [35:36] Ryan Lucas: Like I don't understand how to make that work. Also, if your payment takes a year, I have other. [35:44] A: Problems. Like I mean I don't think payment processing is. That is the use case for that, but I mean it is crazy. [35:51] Justin Brodley: That it's up to a year because that's just seems like a really long. [35:54] Ryan Lucas: Window. Isn't that what step functions is like up to a. [35:58] A: Year? Wait, I mean I've never, I've never built a step function that had a year. I had that use case of a year either. So maybe I should. Don't. [36:05] Justin Brodley: Know, it just kind. [36:09] Ryan Lucas: Of. It is interesting step function max. [36:10] Justin Brodley: Title because it is like you know, thinking about, you know, maintaining state and step functions like. And it's. It's not something that I really do within Python in general just because it's expensive. So the Durable functions is kind of an interesting. Like it. I feel like it would be a really neat solution to a problem I don't have. So I don't understand it. I want to like. [36:36] A: It. When I built Bolt, one of the problems is I originally was going to go serverless for it and one of the things I was struggling with was well, I basically need to do an async call to Claude to do the summarization and so then, you know, you got into like the complexities dealing with the wait timeout and all that. And so I fundamentally, I kind of said, well, this is just going to be easier to do in container. And I bailed out of the serverless side. But like, with this, I could see how, you know, having this basic multi step workflow capability and the durable function, I could do what I was trying to do much easier with a durable function than I would be able to do with a typical serverless function. So I, I could see that use case. And so again, like if you're calling third party services and you have, you know, payment processing is one they use, but like CLAUDE or any AI model is another example of that. So this solves kind of one of those use cases, which is probably the reason why I don't see a lot of people doing Lambda for AI workloads. That's a very good point. And I wonder if this opens. [37:34] Justin Brodley: Up that story a bit more and it would make sense. Right. Why the timing of the announcement as. [37:39] Ryan Lucas: Well. So in your example, and this is where I guess I. My head's just not wrapping around it properly, you're making you, you know, take a story, you send it over to claude, it does. [37:51] A: Something. [37:52] Ryan Lucas: Yeah. Before with Step, if we're in your container, it just, you know, waits and runs and sits there and waits. [37:59] A: For a response and it gets response back. Yeah. And you could do, you could do the same thing in Lambda. But then the, the problem was that, you know, it could be. It's unpredictable how long the lamb the CLAUDE model is going to take to respond back to your requests. And so you would end up either having to create a secondary event, a secondary function that would basically take the return or response. But then because you're not the calling response, like it comes with all kinds of state problems I was running into. So I just, it just like it could have been done. It just was more effort than I wanted to put into. [38:26] Ryan Lucas: Bolt. So I guess with this, so with this new feature, that's where I'm trying to wrap my head around what triggers it to start again. Is that the response back from CLAUDE in this example? Okay. So the response back would then trigger to re. Wake. [38:40] A: Up. Yeah. You would basically put a wait event into the code. Basically say, I'm going to do that wait type that they called out earlier and then basically now I'm waiting for CLAUDE to return and now it returns. I can resume based on where that wait occurred. [38:54] Ryan Lucas: At. I mean it could really save you even anything else. It could save you some decent money. [38:58] A: Too. Yeah, because what we did before is you basically ran the lambda function until a cloud returned. And even though, you know, you could have been. It could have been quiet because you know, clause gonna take, you know, two or three seconds and then it could have kicked up another one. But yeah. [39:12] Justin Brodley: Yeah. And either did, you know, either dealt with the timeout of 15 minutes or you did. [39:16] Ryan Lucas: Handoff. Yeah, yeah. Something else that takes it back and you know, I've done else with an interim function that kind of takes. It listens and then puts a message back on another queue to. Yeah, to kind of process that. [39:30] A: Following you can get away from a lot of. You know, one of the things you see a lot in the lambda patterns is you'll see like a lot of heavy usage of queues for that exact reason because you're. And so, you know, the expense of going a message on a queue and then picking it back up is kind of silly in some cases if it's just, you know, you need to do a wait but it doesn't. It's not a super long wait. So that I can see the use cases again. I. This is where Stuff functions was really helpful and where you could use Stuff Functions quite a bit. So now the question is going to be next time I think about a serverless app, am I going to do step functions or am I going to use this distributed durable function? Yeah, it's the second. The durable function is going to win out more because it's more. The other advantage to it is it's more natural to how engineers think about Async Await anyways in their process. So it's going to be easier for developers to take advantage of it, I think as. [40:13] Ryan Lucas: Well. Yeah, I mean so step functions has a limit of up to one year under the hood if you use the standard workflow. So I'm wondering if this is somehow built on that or they've re engineered to make it, you know, be the AWS way of how many different ways to do the same. [40:28] A: Thing. I'm going to say it's Amazon's built a bunch of ways to do the same thing and this is probably. Yeah, this is probably a new primitive that becomes something bigger. [40:35] Ryan Lucas: Later. So yeah, that's where I think that's. [40:38] Justin Brodley: Going. [40:38] A: Yeah. All right, let's move on to containers. We've got EKS capabilities of Managed Argo, cd, Ack, KRO and all in AWS owned infrastructure which was a bit of a challenge. Before you get EKs MCP servers you can talk natural language. Kubernetes like Please run my pod, you piece of crap. Kubernetes EKS Container Network observability with service map flow tables and performance metrics and EKs and ECs now has an Amazon Q troubleshooting capability to let the AI help you figure out why your container won't start, which has been me many a time. And then finally, ECS Express Mode, a simplified deployment with automatic ALB domains and HTTPs. ECS Express Mode is their new simplified deployment option for containerized applications that automatically provisions infrastructure including Load Balancer, Domain and HBCUs endpoint with just a container image. This targets developers who want production ready container orchestration without manually configuring, networking, scaling and routing components. Service Auto Consolidates up to 25 Express Mode services behind a single application load balancer using intelligent rule based routing which reduce your integer costs while maintaining your service isolation. So yeah, this is basically giving you a lot more platforming capabilities to run a container on top of ECS without you having to think quite so. [41:50] Justin Brodley: Hard. I think this is what I've always wanted Beanstalk and Lightsail to be, is this service. And so like this for me feels like the best of both worlds in a sense of like I still get all of my infrastructure bits and I get all the knobs and, and I'm building on the same way without all the abstraction and just like sort of, you know, sending off my application into the machine. But this is sort of taking that sort of low level, like gluing it all together and sort of automating that away, which is. [42:23] Ryan Lucas: Great. I would agree with everything, but I really thought that this is what I wanted App Runner to be because App Runner was the container version. Like to me Beanstalk is really Java Net, whatever. I know they have the container capability but like to me that was always like an add on thing they did. App Runner I always thought was supposed to be the replacement of Beanstalk because it was a container, you know, native. Like that was all that it did. So that's where I thought that this like App Runner was like an ECS Fargate container in the hood and they've done the load balancer and everything else to it. This I feel like is kind of that next step of really like you said, what I want it to be. Manage Load Balancer, manage the endpoint, set up the ACM cert, all those little things that I've done in Terraform a million times. It just manages for. [43:14] A: You. Makes sense. I mean it's a big. I would do more research on this one too because I feel like it's super cool and I kind of agree with you. It's kind of the light sale version of ecs. So yeah I'm intrigued. I don't know how you like specify some of the things like the domain for the container but like I again I had to do some more research on it but it does sound cool. In your networking and content delivery area they give you cloudfront flat rate pricing, a bundle delivery, WAF DDoS protection, all for zero to a thousand dollars a month tiers. Basically it's a way to make your cloudfront prices more predictable which is always great and includes quite a bit of out of the box capabilities. The VPN concentrator gets you now 25 to 100 low bandwidth sites connectable via a single transit gateway attachment, which is a nice upgrade because before you're limited at I think 20 of them before Oracle so you had a lot of transit gateways. Now you can up to 100 connections to that transit gateway. Route 53 Accelerated Recovery now guarantees a 60 minute RTO for DNS during regional outages and Route 53 Global Resolver in preview is new Anycast DNS for remote distributed clients Then they gave us NAT gateways now support regional availability. This automatic scales across all Availability zones in a VPC based on workload presence only the need to manually create and manage separate NAT gateways per az. Thank you. This simplifies network architecture by removing the requirement for public subnets to host NAT gateways and automatically update route tables as workloads expand or the feature addresses a common operational pain point where customers previously had to provision NAT gateways. In each AZ they have workloads manually managing route tables and dealing with the complexity of multi az deployments. Regional NATs maintain high ability, reducing management overhead and potential configuration errors. Customers can use either Amazon provided IP addresses or bring their own IP address with regional NAT gateway providing flexibility for organizations with specific IP address requirements. The change could impact your NAT gateway costs since the service now automatically provisions capacity across multiple AZs based on workload presence. But AWS has not published specific pricing details for these quite yet. But assuming you can turn off a bunch of AZ NAT gateways, it can save you some. [45:21] Justin Brodley: Money. Yeah, I mean this is pretty cool. Just I remember having to Write like production vs dev Amazon sort of bootstrap account, you know stuff that to address many of these shortcomings right for networking and building the ppc. So this is definitely toil that you no longer have to sort of orchestrate at that level because you can now Just have sort of a one, one configuration that scales to what you. [45:47] Ryan Lucas: Need. Yeah, my only negative part of this is I mean it costs the same. I was looking at the pricing page and it literally is just if you have still set your production up or your dev up with three zones, it's just going to add three zones to it which means you're paying the same thing as if you set it up. So there still is benefit of doing the. I'm gonna call it single AZ NAT gateway versus the regional gateway because like for dev I always just do one NAT gateway and even like the AWS VPC terraform module that they released has a flag in there for one NAT gateway because they cost so freaking much. So. But this is great I think for like a per. For production where you don't want to think about it. Yeah, I wish it was cheaper. [46:36] A: But. Yeah, yeah, I mean I always wish it would be cheaper but that's never the. [46:40] Ryan Lucas: Way. Well, I wish they would have done like okay, if you use this and you use three, they charge you for two and they do some magic on the back end like for load balancing and scaling up and down each zone but I assume for availability they want. [46:52] A: It. It'd be nice to know also like if I, if I have an auto scaling group let's say that you know typically it's set at one node but then during the day it's boost up to three and needs outbound connectivity. Like as it autos goes up and down is the NAT gateways and the other AZ is going to go up and down as well because that would be nice savings potential and maybe that's of future attraction that we just don't have yet. But definitely interesting. This one must have been wanted to be talked about by Ryan because it's security. You can now enforce encryption and transit within and across VPCs in a given region. VPC encryption control now provides centralized visibility and enforcement of encryption in transit for all traffic within and across VPCs in a region. Addressing compliance requirements for HIPAA, PCI, DSS and FedRamp without managing complex PKI infrastructure. Future operates in two modes. Monitor mode, which adds encryption status fields to VPC full logs to identify plaintext traffic on force mode. Blocks unencrypted traffic and ensures all new resources use encryption. Compliant Nitro hardware. AWS automatically migrates network load balancers, application load balancers and fargate tasks to nitro hardware transparently during monitor mode. Customers must may upgrade older EC2 instances, RDS databases and latch class clusters and other services to Modern Nitro based instance types encryption uses AES256GCM at the hardware level through the Nitro system with no performance impact and VPC full log show encryption status values from 0 for plaintext to 3 for both TLS and Nitro encryption available to you in 23 regions, which is almost all of them. So definitely available to you, most likely in the region that you're using. [48:23] Justin Brodley: Today. And if you've ever had to, you know, do any kind of like compliance evidence, like that's the reason why this exists and this is why I love it so much. It's just because it's the song and dance that you have to do to sort of illustrate your use of encryption across your environment is just sort of painful. And you know, I love that they're they're adding sort of enriching the data set for for flow logs and adding it all in there. So it just makes it really easy to provide that to an external auditor and have it be part of your controls. And it's I love. [49:00] Ryan Lucas: It. Didn't Azure or GCP just release this or did I read this wallet like in the last week and re remember it? I swear, either I just read about it as part of preparing for the podcast last week or one of the other cloud providers, they did something similar to this, I think. I'm thinking no, I just read it last. [49:28] A: Week. I mean, I do. I mean I think Google has it available, has had it for a while, so maybe Azure did it, because you probably see that more often, but Google has this capability as well. All right, and our final networking item is one for Peter, who's not here, but it hasn't here for a while, but AWS Network Firewall Proxy is in preview. This of course is a preview of an explicit proxy service that centralizes outbound traffic filtering to prevent data exfiltration and malware injection. The service protects against domain and SNI spoofing while offering granular HTTP header filtering and TLS inspection capabilities. Proxy deployment requires just a few clicks to configure an explicit mode where applications route traffic through the proxy for inspection before reaching external destinations. Organizations can whitelist trusted domains and IP addresses while blocking unwanted responses from external servers, addressing common security gaps in your application level control. Available for free during the preview in US East Ohio region with comprehensive logging into S3 and CloudWatch for audit analysis and this positions AWS compete more directly with third party product solutions from Zscaler and Palo Alto Networks and the service fills a gap in AWS's native security tooling that we've been asking for since the podcast began. It's funny because this was one of Peter's prediction requests. Every time, multiple times prediction. He was like, I want this thing. And we're like, yeah, it's not going to. [50:41] Ryan Lucas: Happen. Peter quit as a. [50:42] A: Service. [50:42] Ryan Lucas: Yeah, yeah, I did. Quickly. Look, about the other one. Microsoft Azure just released it. [50:51] Justin Brodley: Recently. [50:52] Ryan Lucas: Okay. Roughly the same feature set. I think it was like. [50:55] A: October. That's good. All right. Moving on to storage and FSX. So S3 vectors is now officially general availability to allow you to have native vector support in S3 with two 2 bit vector indexes and 20 terabyte vector buckets. S3 tables replication intelligent tiering to automatically replicate your table to other regions as well as move to lower cost storage if you are not using the data as quickly as you thought. S3 storage lens is being enhanced with performance metrics. Billions of prefixes, S3 table export and S3 encryption controls are now enforceable at the bucket level. There's also a new S3 block public access which we'll talk about now. Block public. So AWS organizations will now let you enforce s3 block public access heading across all accounts organization from a single policy configuration, limiting the need to manage public access controls individually. Per account policies can be applied at the root, the OU level or to specific accounts, with new member accounts automatically inheriting the setting. This addresses a common security challenge where organizations struggle to maintain consistent S3 public access controls across multiple accounts. And we were very glad when they added it to begin with. But yeah, the per account is a killer. So nice to have it now at the OU level. [52:07] Ryan Lucas: Basically. Yeah. This is one of those easy compliance controls that you just had to check the box on every single time to prove that you didn't do this. So it's a nice quality of life. [52:19] Justin Brodley: Improvement. Yeah, I mean and I hope that, you know, because there's always exceptions, right? You want, you want these, these specific buckets to be public. So I hope that management of that is sort of built in. But I do think that this is a good, good thing to have for sure. Because I do, you know, I do remember like compiling trusted advisor results across, you know, hundreds of AWS accounts to illustrate this is turned. [52:41] A: On. Yeah, yeah. They also now I remember which presentation this was maybe in Peter's or maybe it was Swami. But basically they're talking about, you know, one of the things S3 is, it's had a five terabyte limit for a long time and so they to enable more use Cases including high resolution video seismic data file, larger AI training data sets. They've now increased the limit by 10x to 50 terabytes. Which is awesome if you have those use cases and you use it for those use cases. But it's really bad for all those developers out there who don't think this hard and now are going to create you 50 terabyte objects in your bucket. So I appreciate it in one side and on the other side. I'm sort of apprehensive about this. [53:26] Justin Brodley: One. I had that thought when I read this. You know what? I've never run into a five terabyte object limit. Just never. I've never once said, oh man, if only this was more. And so that's. [53:38] Ryan Lucas: Crazy. Five terabyte. Your five terabyte object, sorry, your 50 terabyte object, just that one object you make is $110 a month. [53:47] A: Roughly. It's a steal of a. [53:49] Ryan Lucas: Deal. Yeah, I mean for a price point, it's not bad for 50 terabytes. But why is my object not downloading to my container? It keeps crashing. Well, you tried to download a 50 terabyte object to your 5 gig temp folder. What could possibly go. [54:06] Justin Brodley: Wrong? And like I get like, you know, multi part upload and you know, being able to so have multiple streams for downloads and. But I'm sure there's a good use case for this. I'm just not sure what it. [54:17] A: Is. And then in probably the weirdest announcement of the conference for me, Amazon FSX for NetApp ONTAP now supports S3 access points, allowing enterprise file data to be accessed through S3 APIs while remaining in the FSX file system. This enables your organization to use their existing NetApp file data with AWS AI ML services like Amazon Bedrock, SageMaker and QuickSuite without data migration or changing file manager practices. And the integration bridges traditional NAS storage with cloud native applications by creating S3 endpoints attached to the F6 volume. And I read this and I'm just like, why? Like I get that you don't want to move your data, but you want to use it more for AI. So like that's the use case. But like, like, so expensive. Like you're, you're thinking that the NetApp ONTAP is going to handle all of the access through the API endpoint. Like you're, you're putting a lot of faith in NetApp, in my opinion, to scale for your use. [55:18] Ryan Lucas: Case. This was also announced. Wasn't this on, on the keynote too? Like this was announced pretty heavily live too, which I was surprised. [55:27] A: By. Yeah, it was. They were definitely very big about it. It's clear that NetApp was probably saying, hey, we sponsored you. You better mention us on main stage. [55:36] Justin Brodley: Somewhere. What I love is that ONTAP is almost certainly sharding data chunks into S3 as part of its like. [55:44] A: Intelligence. So it's like, you know, it's just a circular. It's a C. You know, all the way down. All the way down. Yeah. That was the strangest announcement I think of the conference for me. All right, databases Aurora D SQL gets you cost estimates. Now you can do statement level, DPU usage and query plans. Which is nice because if you ever read the documentation how D SQL works and try to figure out how to then figure out the cost of it, you was like, I don't understand. I don't have a PhD that I need for this postgres Aurora Dynamic data masking to basically use the PG column mask extension. So you want to make the mask data OpenSearch 3.3 with the Gentic search and semantic highlighter improvements was launched and OpenSearch GPU acceleration for 6 to 14x faster vector indexing all available to you. And then we got a bunch of RDS SQL enhancements. So let me go jump to those. First up, I love trying to jump through articles this way before. We don't do it this way normally for a. [56:42] Justin Brodley: Reason. Next time we should, we'll do. We'll add in. [56:45] A: Anchors. Yeah, you know, mistakes were made. Yes. AWS is adding four new capabilities to RDS for SQL Server and Oracle focused on cost optimizations and storage flexibility. SQL Server Developer Edition is now available for free for non production workloads with full Enterprise Edition features and new M7I and R7I instances are up to 55% better. Cost reduction with separate licensing, billing and CPU optimization to reduce VCPU based licensing cost while maintaining memory and IOPS performance. So basically you can turn off all those CPUs you don't actually want to use because you need the memory which will save you a bunch of money in licensing costs, which is a big win in general. So that's a. That's a great one for. [57:25] Justin Brodley: Sure. I mean I wish it wasn't needed, but it's definitely something that's very much. [57:29] A: Used. And then the other one is of course our favorite. We finally got savings plans for databases. [57:37] Ryan Lucas: Woohoo. [57:38] Justin Brodley: Woohoo. I feel like this is Matt's version of the SQUID proxy for Peter. I think Matt's been asked for. [57:43] A: This. I mean there's not a bunch of us ranting about this need for a while. Where did that one. [57:48] Ryan Lucas: Go. [57:50] A: Again? Anchors. Okay. Database Savings plan extends AWS existing savings plans models to manage database services offering up to 35% savings on serverless deployments, up to 20% on provisioned instances when customers commit to a consistent hourly spend over a one year term. This applies to nine database types including Aurora, RDS, DynamoDB, Elasticache, DocumentDB, Neptune, KeySpaces, Timestream and DMS. The key flexibility advantage is that commitments remain valid even when customers change database engines, switch between provisioned and serverless deployments, or shift usage across AWS regions during migrations or modernization efforts. So yeah, this is quite nice and quite broad. So they definitely heard all of the community saying please bring us database savings. [58:31] Ryan Lucas: Plans. I mean for RDS itself it's not that big of a deal, but for DynamoDB and all the other SQL databases that it supports, like that's where I feel like the real win is here that like you can get that. [58:44] A: Savings. Well, I mean you could get. [58:45] Ryan Lucas: RI. You're not. [58:46] A: Changing. I mean the RDs, you got RIs, but with savings plans now I can move, you can change, I can move from MySQL to Aurora without losing my discount or wasting money. So that's the value part of it that I think in savings plan piece. But yeah, so you're running dyno, a piece is bigger and our eyes. [59:03] Justin Brodley: Were bound to our RDS instance. [59:05] A: Type. Right? That was always. [59:06] Ryan Lucas: The. Yeah, right. Which is why you didn't get it when you moved to Aurora or if you moved over from like you know, R5s to R, you know. But that to me was less of an ordeal because enough times if you said hey, we're just changing this support, can you help us? Like we're moving to a new tier, they would really work with you on. [59:26] A: That. Agreed. And then the last one from databases that I want to mention here, because it's one that blocked me from using things at many times, is that you can now enable the RDS SQL Server resource governor. So if you would like to prevent your multi tenant databases from having one customer with a really noisy neighbor problem, you can now do that because you can enable the SQL Server resource governor natively, which is. [59:49] Ryan Lucas: Fantastic. Oh, that's kind of like Elastic pools on Azure. I didn't realize. [59:57] Justin Brodley: That. Take your word for. [59:58] Ryan Lucas: It. So elastic pools, essentially you give 10 databases, I mean it's down one more level. You give 10 databases, 15 cores and you say Each one can use no more than six at a time. So you're essentially over provisioning and putting the governor in there to limit it. So it's essentially they're going to be their way to kind of get that same type of. [60:18] Justin Brodley: Feature. So it's intentionally creating noisy. [60:20] Ryan Lucas: Neighbors. Got it. I mean it's no different than the old school VM where over provisioning your your on prem cluster. You know, you're like I have, you know, 500 gigs of memory. I'm allocating 750 knowing that not everyone's going to log in at, you know nothing's going to happen all at the same time until it does and then you swear a lot One of. [60:41] A: The two all right, moving on to security Identity. Ryan's Hair part Security Hub is general available. We talked about this. This gives you that real time analytics, risk prioritization and trending. You now have Secrets Manager external secrets to manage the rotation for Salesforce, Snowflake and Big ID. I assume that you'll see additional customers and SaaS companies adopting some of that in the future. I am Outbound Identity Federation for short lived jots for external service authentication. So think service of service but going to an external service you need a JWT token. You can now do that through federation the AWS login CLI command which eliminates long term access keys with OAuth2 which that's been long in the wait WAF webbot auth which is cryptographic center verification for legitimate AI agents so you can make sure those AI scanning your website are legit and then Agent Core Identity to help you solve all of your agent identity challenges. And then we've got three that we're going to talk about. Guard duty extended where is it? Again we should have the links Amazon Guard is adding extended threat detection for Amazon EC2 and Amazon ECS. This basically now correlates security signals across EC2 instance groups and ECS clusters to identify multi stage attacks. Join existing capabilities for IAM, S3 and EKS. The service uses AI and ML models to automatically link related suspicious activities like initial access, persistence attempts and unusual data access to single critical severity findings across instead of scattered alerts. Feature analyzes runtime activity of VPC flow logs, DNS queries, cloudtrail events and malware detection to build attack sequences across resources that share auto scaling groups, launch templates, AMIS and IM instance profiles and each sequence finding includes an incident summary timeline and MITRE ATTCK mapping. Extended Threat detection works with GuardDuty's foundational plan of enabling runtime monitoring for EC2 and ECS provides deeper process and network telemetry that improves detection accuracy accuracy. Expanded coverage is available now in all AVIS regions where guardduty. [62:37] Justin Brodley: Operates. So if you're in security, you've had the conversation billions of times like oh you know, how is this one change my security group setting or this going to really, you know, how is this really going to be a big deal? What this will do is literally lay out the the whole like sort of kill chain in a graphical form in a way that is very easy to communicate how all these things sort of end up into potential breach. And it's really easy to communicate and really gets people thinking about the defensive depth that's needed to protect things with all those layers. And I really love features like this. Google's had this for quite a while and I it's one of my favorite features. It really does illustrate it very clearly. I feel like I learned things from it. That's. [63:27] A: Great. I mean I'm definitely glad to see Guardduty extended to EC2. I mean ECS was a nice ad and then they said EC2 and I was like okay, now we're talking. Because it's on EKS for a while, which is nice but easy to now means it covers all kinds of applications, not just containerized ones, which is super powerful. The one I got a point on AWS Security Agent is a new AI powered tool that automates application security reviews, code scanning and penetration testing throughout the development lifecycle. Unlike traditional SAST and DAS tools that lack context, this agent understands application design, code and organizational security requirements to provide continuous validation from design to deployment services. Currently in preview and free during this period. Available in US east one federation testing capabilities address a critical bottleneck where 81% of organizations knowingly deploy vulnerable code to meet deadlines. Because traditional pen testing takes weeks to schedule, AWS Security Agent runs on demand tests in hours instead of days, using context from source code and specifications to execute smart, sophisticated multi step attack scenarios across 13 risk categories, including OAuth's top 10 vulnerabilities. Smugweg reports completing assessments in hours rather than days at a fraction of the manual testing cost. The Service integrates with GitHub or automated pull request scanning and enforces custom organizational security requirements beyond standard vulnerability detection. And for example, it can flag policy violations like incorrect log retention periods or missing customer managed encryption keys that function Security tooling would miss design review capabilities and analyzed architectural documents before code is written. Checking compliance against AWS managed requirements or custom organizational Policies and system can categorize findings as compliant, non compliant, insufficient data or not applicable, which I mean walkthrough framework is one that always needs a non applicable. So nice to see security agents now does that as. [65:09] Justin Brodley: Well. I mean, this is neat. I can't wait to play with this. This is. This sounds like, you know, a dream, you know, having something that runs in your environment and sort of like virtual red teaming that does all of the. [65:19] Ryan Lucas: Things. Well, the fact that it runs, you know, it definitely came out, you know, it's definitely competing with Azure, released the same thing during their conference, but they. The piece I like about this is the pen test piece because it now lives, you know, in your source code, which you probably already have an SCA or S or static code analysis tool, you know, and it lives also after it's live. So if you're running any sort of pen test, you know, automated pen test, but it's running this, which feels like it's going to be more in depth than a das. Maybe I'm wrong, but feels like it's going to be that next level. Because to me a pen test isn't just a DAS scan. A pen test includes, you know, trying different things, iterations, you know, a little bit more detailed of it. And since it's in the entire lifecycle of it, hopefully it gains more knowledge and kind of can give you that, you know, internal threat detector too. Internal threat actor too. [66:14] A: Yeah. And then AWS has announced a feature that I think we talked about trying to build at one point, definitely. They've released IAM Policy Autopilot, a free open source tool that analyzes application code locally to generate baseline IAM policies, reducing the manual effort of writing permissions and troubleshooting access issues. The tool works as a model context protocol server that integrates with AI coding systems like Curo, Claude Code and Cursor. The tool currently supports Python, TypeScript and Go applications, and automatically stays up to date with the latest AWS services and IAM permissions. Addressing a common pain point where developers struggle to keep policies current with AWS's rapid service expansion, IAM policy iPilot runs entirely on your local machine and is available at no cost through the GitHub repository@GitHub.com awslab iam policyautopilot so thank you, Amazon, for developing the thing I wanted to. [67:03] Justin Brodley: Build. Yeah, I've tried to build this a lot of times and built like kind of crappier versions of it that weren't, you know, that were just doing like regex and search strings and trying to compare like sort of the SDK functions to permission sets. And this is great because I, this is the biggest challenge and I hope every cloud develops their own version of this because it's, it's, it's a challenge on every, every single crowd. Write an application and you have to go through this iterative process. You either over permission it from the get go or you, you know, it takes you several revisions of generating that policy until you get it right and then you still probably miss something. That's an edge case permission that it needed only in this one one state later on. So this is. [67:48] Ryan Lucas: Great. It was already, there's been third parties, there was like IAM or something where you essentially made it go through a proxy. There's been a few pretty good stabs at it where it would essentially but it never was always up to date with the latest. So if this is going to be part of their release process where it stays up to date, that will be golden for. [68:10] A: Sure. I mean I definitely, I didn't like those solutions. I had to go through a proxy just because it's a man in the middle attack now and you have to scale it and can it scale properly. So this is much better that it's cloud. [68:22] Justin Brodley: Native. So much happier and it's more exposed to, directly to you know, the development rather than sort of having this like middleware sort of component that has to be set up or either supported as part of a developer platform or however you want to do. [68:35] A: It. For our FinOps friends, we've got some stuff this week as well. Cost Explorer forecasting has expand been extended from 12 months to 18 months which you know is just nice. And they also give you an explainable AI for that. So it tells you why it thinks this is your forecast for 18 months. So it can not only tell you the forecast but also tell you why. So when your CFO is mad at the forecast, you can say that's what the AI says. Yeah, here's the. [68:58] Justin Brodley: Reasons. Don't argue with. [68:59] A: AI. Cost efficient. Yeah, don't, don't. He's smarter than me. Cost efficiency metric. A single percentage score combining optimization opportunities, which, you know, a lot of FinOps teams are looking for a KPI or metric that they can use. So that's pretty nice. AWS data exports in the Focus 1.2 format and then billing transfer to allow centralized billing across multiple organizations. So if you have a reason, you know, a big multinational company that needs to have different organizations, you now still have centralized billing across multiple organizations. Which was a limitation before. And then the next one we're going to talk about is the Compute Optimizer for NAT gateways. I don't know what this is. Optimizer I can't spell. AWS is launching cost efficiency metric and cost optimization. Wait, that's the right one. Too many, too many stories. There we are. Okay. AWS Compute Optimizer now identifies unused NAT Gateways by analyzing 32 days of CloudWatch metrics, including active connections and packet traffic, helping customers eliminate costs from idle resources Service cross references route Table associates to avoid flagging critical backup NAT gateways as Unused NAT gateways of course cost four and a half cents per hour plus data processing charges, so identifying unused instances that can save customers over $30 per month per gateway before factoring in data transfer costs. Feature extends compute optimizers, idle resource detection beyond EC2 instances and EBS volumes to network infrastructure addressing a common cost optimization blind spot available in all AWS regions for Compute Optimizer operates except AWS GovCloud, US and China. [70:27] Ryan Lucas: Regions. Just a nice cost saving because the amount of NAT gateways I've seen not used is. [70:33] A: Astronomical. In my career, that's not a problem I've had. I'm sure it is a thing. I just. I've never had it. But I guess this is why the other NAT gateway feature makes sense, because you had a server in the zone and now that server doesn't exist. You know you're paying for a gateway you don't need for developer tools and modernization. We've got a couple of things here. Step Functions Local testing so you can do Test State API with mocking support API Gateway Developer portals or Native API Discovery and Documentation portals, which we asked for many, many moons ago. So that's pretty nice. And then there are several updates to the transform family, including Transform Mainframe, Transform Custom and Transform Windows, which we'll talk about right now. So the three transforms so there's first the custom to basically look at any of your custom code and help you address your scenarios like Python 3.8 or 3.13 lambda migrations and all things like that. And then the mainframe of course helps you migrate from your legacy COLA applications. But the one that I thought was interesting was the Windows one which will let you handle full stack Windows modernization, including. Net framework to cross platform, net SQL server to Aurora PostgreSQL migration with stored procedure conversion and ASP net web form to Blazor UI updates. The service analyzes dependencies across all three tiers and orchestrates transformations and waves, aiming to accelerate modernization by up to five times compared to manual approaches. The service automatically converts SQL Server schemas to PostgreSQL compatible structure, migrates all data using AWS DMS and refactors dependent application code to work with the new database it deploys, transform applications to EC2, Linux or ECS for testing, and generates cloudformation templates for production deployment, handling the entire stack in a coordinated way. New capabilities in AWS transformer. NET include support for reporting to.NET 10 and. NET standard, a real time transformation progress with estimated completion times, and editable transformation reports and ServiceNow converts those ASP net web form projects to server side blazor components and generates the Next step markdown files for remaining manual tasks currently available to you in US East North Virginia with no additional charges for the transformation service itself. The standard AWS resource repricing applies for deployed infrastructure, so that's a if you are stuck in a Legacy.net shop, that's a good one right there. You guys are. [72:44] Ryan Lucas: Wowed. I can tell speechless about. [72:47] Justin Brodley: It. Speechless, yeah, I just talked about similar type of solutions for so long that and still just can't beat developer teams to use. [72:58] A: Them. Well before reinvent in the pre invent phase, something happened in Amazon Land that has never happened before. Lots of things never happened in Amazon. A year and a half ago we talked about the fact that they've never deprecated a service. Now they deprecated a bunch of services and one of those services they deprecated was CodeCommunMit. And at the time we sort of said that's interesting. There's lots of use cases where code still makes sense. And apparently customers were outraged. And so Amazon has reversed its July 2024 decision to de emphasize CodeCommun and is returning the service to full general availability, immediately reopening new customer signups after customer feedback revealed the service's IAM integration, BPC endpoint support and CloudTrail logging are critical for regulated industries and teams wanting AWS native development infrastructure. The reversal comes with a concrete investment roadmap including Git LFS support arriving in Q1 2026 to handle large binary files with without bloating repositories and regional expansion starting in Q3 2026 with EU South 2 and CA West 1 regions joining the existing 29 region footprint. Current customers who stay with Codecommit will see AWS work through accumulated feature requests and support tickets. Those who migrate to GitHub, GitLab or Bitvikit can return with assistance from AWS Support teams, though AWS acknowledges those platforms remain valid choices. Pricing remains unchanged from existing structure available on the CodeCommun pricing page, with service maintaining the 99.9% uptime SLA, making this primarily a strategic reversal rather than a technical or pricing update. Now it represents an unusual public acknowledgment of a strategic misstep by aws, with a company directly apologizing to customers who invested resources in migrating away from. [74:30] Justin Brodley: Codecommit. Crazy. [74:32] Ryan Lucas: Town. I mean, I hope all customers had some sort of plan, but knowing that I've seen many companies say, oh my God, we got this nerd six months ago, we'll deal with it in six months. And now it's five months, five weeks, four weeks and or three weeks and six days, oh my God, this thing's gonna expire tomorrow. There's probably a large swath of customers that still are. [74:54] Justin Brodley: There. Migrating from your full repository is challenging and like the announcement listed several use cases that I hadn't even thought about and how difficult it would be like if you've got your entire like sort of compliance development environment controls built around iam, like be a big challenge to move that, you. [75:15] A: Know. Well, even, even we talked about, I think when they deprecated it there's, there's certain services that are directly integrated to CodeCommand for getting configuration. And so, you know, there was a bit of question in my mind on how some of those services are going to Update to support GitHub and I assume they'd already had done that. But again, I'm not using those services right now, so I don't know. But there's also, you know, ability to do cicdu operations from inside of your Amazon, you know, portfolio and estate like you mentioned for regulated but just other compliance requirements sometimes required those things as well. So I mean, I don't, I don't recommend using Kokomit as your only git required, you know, git service. But it's definitely an option if you need to do something that, you know, you, maybe you commit on a GitHub and then you have a replication process that replicates, you know, certain releases to your code commit for deployment reasons. There's lots of benefits to doing something like this that may make sense to your organization. So I'm kind of glad to see this one get reversed. I'm not sad about any of the other ones that got deprecated. [76:08] Justin Brodley: Previously. No, can't say that him. [76:12] A: Either. But I mean it does show that, you know, they are listening to customers which is nice because I started questioning if all of the leadership principles still applied at some point. But you know, hey, customers were demanding it and they did it. So a plus the only one. [76:25] Ryan Lucas: I'm still surprised is Cloud 9. Well, I never used it like it never was a production. It was always good for like the am. Like it was good for Amazon coming out or teaching you something. And so it was a good way to kind of like set up a thing to run everything locally. Like so to me that wasn't like a production or developer tool, but more of like how to sell to other customers to more things to. [76:51] A: Customers. I mean there's probably a path where you see it get replaced by like Curo Web or something like that where you use an AI to do coding exercises on the web. You know, like that's what you see cloud code and others where they've got a web interface for those. So I suspect you'll see it kind of get rebirthed, but just in an AI. [77:07] Ryan Lucas: Product. Yeah, it makes. [77:09] A: Sense. Which would make sense. So all right, I'll really am monitoring. We're almost through this guys. CloudWatch CloudWatch Unified data management which is consolidated op security and compliance logs. Yay. CloudWatch deletion protection which prevents accidental log group removal. And then the CloudWatch Network Flow Monitor Container Networking AL for EKS. The Unified Data management is actually really nice because it does pull together multiple different log streams together which was kind of a challenge if you needed, you know, to have different log streams, different regions, you can pull them together with this feature. Couple other benefits to it as well. So that one of those three is the most exciting to me. The accidental log group removal is not my problem because I never know which ones I should delete or not delete. So I just leave them forever because they don't cost you anything if they don't take any data ingestion. That's pretty funny. Governance and management Control Tower controls are dedicated so you can now use managed controls without full landing zones. Which was one of the big complaints we had about Control Tower when it first came out was that this is great, it has amazing things but I don't want to implement their landing zone because I already have one. So now you can use some of their controls without the landing zone. Service quotas are now have automatic management for auto adjust limits based on usage. And then supplementary packages for Amazon Linux are now pre built for you for Amazon Linux. And then our final chatting 1. Here is our AMI Ancestry story. AMI Ancestry provides automatic lineage tracking for Amazon machine images from creation through all Regional copies back to the root AMI only. The need for manual tagging and custom record keeping systems addresses a long standing operational challenge where teams had to build their own tracking messages to understand AMI Providence across multi region deployments. The feature solves a critical security and compliance workflow by enabling teams to quickly identify all downstream AMIs when vulnerabilities are discovered in a parent image. And organizations can now trace which production workloads might be affected by a compromised based image without maintaining separate documentation systems or relying on naming conventions that break down at scale. Available at no additional costs for all AWS regions including China and GovCloud, AI ancestry is accessible through AWS console, CLI and the SDK. So yeah, this is a good. [79:14] Justin Brodley: One. [79:15] A: Definitely. Glad this one is finally. [79:17] Ryan Lucas: Here. I've built three different ways to do this in my career. Four if you count my current day job on Azure. You know, you always want to start and then know where it came from. So there's a vulnerability, you know where to start patching and go up from there. And it's always easy to say you start all the way at the beginning, but if you have multiple teams that have to, you know that you build something, then multiple teams build off that, then teams build off that, it's always hard to track. So knowing and being able to track all that is a godsend versus DynamoDB hackery that I've done in my. [79:50] Justin Brodley: Life. DynamoDB hackery S3 hackery like, oh, so many, so many bad ways to manage AMIs and try to, you know, deprecate older ones without breaking someone. Yeah, this is. [80:04] Ryan Lucas: Fantastic. Tags on the next image, they then get lost when you copy them or share them. And then how you deal with sharing them once you share them, which I don't know if this will do, is how you share between other regions. Like it's just bad across the. [80:20] Justin Brodley: Board. I forgot about the tags. And then the. [80:23] Ryan Lucas: Tag. Yeah, made that mistake. That's the first what everyone does and everyone runs into it at one point where you're like, oh, I've copied it. Oh crap, I lost my tags. Yeah, that's a good one. Scar. [80:39] A: Tissue. Scar tissue for sure. DevOps and operations, we've got AWS DevOps agent and preview, which gives you autonomous instant investigation and root cause analysis, which I don't know why it's called the DevOps agent, because that's doesn't make any. [80:51] Justin Brodley: Sense. It's an SRE. [80:52] Ryan Lucas: Thing. Come. [80:54] A: On. Amazon doesn't know what SRE is either. That's a problem then. Apparently our Amazon Support plans are getting restructured, so they're restructuring it and lowering the price, but also maybe lowering the quality, maybe, I don't know. AWS has restructured its support offerings into three AI enhanced tiers with business support at 29amonth which is 71% cheaper than before, enterprise support at $5,000 a month, which is a 67% reduction and unified operations at $50,000 a month. The new plan shifts from reactive troubleshooting to proactive issue prevention using AI powered monitoring and contextual recommendations that maintain account history across support interactions. Response times have improved significantly across all tiers of business support plus offering 30 minute critical case response twice as fast as the previous business Tier. Enterprise supported 15 minutes and Unified Operations delivering five minute response times. I mean response is just I got your. [81:45] Justin Brodley: Ticket. Yeah, like yeah, you have an agentic AI generator response like this isn't. [81:50] A: Good. All plans now include AI agents that provide contacts to support engineers before human handoff eliminate the need for customers repeat information. Enterprise Support now includes AWS Security Incident Response at no additional cost, providing automated security, event monitoring and investigation capabilities. And the tier also offers access to interactive workshops and hands on programs for continuous technical development. Beyond traditional case based support, Unified Operations provides the most comprehensive support with dedicated team including a tam, a domain Engineer and a senior billing specialist, plus on demand migration and security experts as A tier includes 24, seven monitoring, systematic application reviews, operational readiness validation and support for business critical events. The full context of your customer environment. Existing customers on Developer Business Classic and Enterprise On Air plans can continue their current support through 1-1-2027 with the option to migrate through the AWS Manager console. The new plans are available in all commercial AWS regions with tiered pricing that reduces marginal costs at higher usage. [82:43] Justin Brodley: Levels. I hope this ends up being decent service but like in my head I'm like yeah, they're lowering the cost because they're, they're just getting rid of all their support staff and putting on. [82:54] A: Laying off all those. [82:55] Ryan Lucas: People. But I also think support's gone down. [82:59] A: Dramatically. Has. [83:00] Ryan Lucas: It? Like back in the day I remember being yeah like I remember I would wait to open support tickets till after 4 o' clock Pacific time because you would get the Australia team, which was amazing and this was like what, 10, 12 years ago. And like their support was always so much better than when you opened up in us. So I always learned I either opened support tickets really early in the day to Ireland or I would wait till the Australia group came on. But I feel like since then it's just I've opened support and they're like, they give you the most basic generic answer. And I'm like, are you dumb or are you just not even listening to what I've said? Or do you just assume that I have. I'm a moron. I have no idea what I'm talking. [83:42] A: About. The last one giving you a. [83:44] Ryan Lucas: Full detailed story of. [83:46] A: Everything. Yeah, I know, but I do like the idea that it's going to give them AI generated summaries of the case because I have ran into the thing where I had to repeat my issue to multiple support people. That's super annoying. So that, that alone might be helpful. But I don't know, I was telling someone earlier about how good Amazon support was back in the day, you know, and you had a TAM and everything. And like the amount of abuse those people took. Because of course, you know, engineers blame the cloud every time something goes. [84:11] Justin Brodley: Wrong. Every. [84:11] Ryan Lucas: Time. [84:12] A: Yeah. And so, you know, they, we allowed all of them to open support cases directly to aws. And so the only thing we policed on them was like, please don't open high priority cases if they're not really a high priority. And so I would watch tickets go through and like the dumbest questions being asked or like, hey, we think Amazon blah, blah, blah is broken because of this error. And like, and you know, you see the support person patiently respond back to them with like, no, your code is doing this, which is incorrect. You know, this is even good async operations that you're doing here. Like, you know, in the kindest, most polite way possible, not calling them an idiot, but basically implying like, no, it's not us, it's you. Yeah, and so it, you know, some of that stuff though, could definitely been on my AI. So I, I do suspect that there is some benefit and it's nice that they're not just adding this and saying everyone's going to get this and you're going to pay the same price. This to improve our margins. We're like, no, we, we're going to try to help it make it better and we'll give you a slightly lower price and hopefully provide better support. Net net. We'll see how it works. I'm curious, real time feedback from customers out in the wild how good or bad this is if they opt for it. I know for my, my personal business support, $29 a month is a way better price. So I'm Bapa's moving to business support. [85:20] Ryan Lucas: Folks. Business support. [85:23] A: Plus. Yes, business support plus. [85:25] Ryan Lucas: Correct. They had to rebrand it. [85:27] A: Here. Yeah, they did. And then our final two sections before we wrap up for the night. Marketplace and partners, partner central and console. So if you're buying your Amazon services through a partner, you can now see the partner experience and the customer experience together. I assume segmented in some way, which is nice. Multi product solutions, you can have bundle offerings from multiple vendors in a solution. So, you know, a private marketplace offering that includes SAP and other vendors in that bundle, you can now do that. And then CrowdStrike Falcon is now integrated to provide automated SIM setup wizard experience through the marketplace. So now you get a much better onboarding experience for CrowdStrike Falcon, which was interesting. They called that one out specifically. And then if you're in the connectivity and contact center area, Amazon kind of got way more announcements. Just this. I just like, it was such a long list that I just said these are the two I care about. One is Predictive Insights, which is AI powered recommendations for your support cases. Then Amazon Connect MCP support, which is a standardized tools for AI agents. And again, considering that Amazon support probably uses Amazon Connect, this all makes. [86:29] Justin Brodley: Sense. Oh yeah, no, this is definitely that. [86:31] Ryan Lucas: Tool. [86:31] Justin Brodley: Yeah. Amazon Connect has been their support tool for a long time. Before it was a product we could. [86:37] A: Get. Yeah, yeah. So that's reinvent. That was a. [86:41] Justin Brodley: Lot. That's a. [86:42] A: Lot. Yeah, it was good. I think compared to last year, I feel this is a much better. [86:46] Justin Brodley: Reinvent. The announcements are. [86:48] A: Better. The announcements were better. I think the things they, they focused on, I think they got the memo that, you know, AI is cool and we know you need to do it, but you can mix it up a little bit. Yeah. So I appreciate. [87:00] Justin Brodley: That. We just want to mix it up a little bit. [87:02] A: More. I'd like to see what Nova 2 actually can do and see if, you know, like they were showing it beating, you know, Claude and OpenAI and benchmarks. And I was like, sure it is. I don't, I don't know if I believe that. So I'm curious to see kind of as real as real worlds are actually using some of these features, what they think and how they go from there. So anyways, I'm glad we got through this. We'll see you all next week here at the Cloud. [87:27] Justin Brodley: Bot. Bye. [87:28] Ryan Lucas: Everybody. Bye. [87:29] A: Everyone. [87:30] Justin Brodley: Bye. And that's all for this week in Cloud. We'd like to thank our sponsor. [87:37] A: Archera. Be sure to click the link. [87:38] Justin Brodley: In our show notes to learn more about their services. While you're at it, head over to our website@thecloudpod.net where you can subscribe to our newsletter, join our Slack community, send us your feedback and ask any questions you might. [87:50] A: Have. Thanks for listening and we'll catch you on the next.