Amazon Cognito now supports multi-Region replication, allowing user pool data — including credentials, configurations, and federation settings — to be synchronised to a standby Region in near real-time. This improves authentication resilience by enabling traffic failover during a regional outage without forcing users to re-authenticate. The feature is available as a paid add-on across most major AWS Regions.

Architect’s Take: Review your existing Cognito-based authentication architectures for single-Region dependencies and assess whether the Essentials or Plus tier add-on cost is justified by your RTO/RPO requirements. Ensure your incident response runbooks are updated to include Cognito traffic redirection procedures, and validate that federated identity providers (SAML/OIDC) are accessible from the secondary Region before declaring it ready for failover.

Original advisory: Amazon Cognito now supports multi-Region replication

AWS has introduced a new Lambda trigger for Amazon Cognito that allows developers to customise the federated sign-in process when users authenticate via external identity providers such as SAML, OIDC, or social logins. This enables teams to intercept and modify authentication flows at key points, such as attribute mapping or access decisions, without altering core Cognito configuration. The feature improves flexibility for organisations with complex identity federation requirements.

Architect’s Take: Review any existing custom authentication workarounds in your Cognito-integrated applications and assess whether this new trigger can consolidate or replace them — pay particular attention to how federated user attributes are mapped and validated, as improper handling here is a common source of privilege misassignment.

Original advisory: Customize federated sign-in with new Amazon Cognito Lambda trigger

AWS IoT Device Management has enhanced its connectivity status API to include detailed MQTT session data, such as session timeout and expiry values, plus optional socket-level details including IP addresses, ports, and VPC endpoint IDs. Unlike the IoT Core GetConnection API, which only retains data for 30 minutes post-disconnect, this API stores connection history indefinitely. This is useful for security auditing, forensic investigation of disconnect events, and monitoring connection patterns across large IoT fleets.

Architect’s Take: Review and tighten IAM policies controlling access to the new socket-level details (source/destination IPs, ports, VPC endpoint IDs), as this data could aid lateral movement reconnaissance if exposed to over-privileged roles. Use the indefinite data retention capability to feed IoT connectivity logs into your SIEM for anomaly detection and post-incident forensics.

Original advisory: AWS IoT Device Management adds MQTT session data to connectivity status API

AWS IoT Device Management has enhanced its connectivity status API to include detailed MQTT session data, such as session timeout and expiry values, plus optional socket-level details including IP addresses, ports, and VPC endpoint IDs. Unlike the AWS IoT Core GetConnection API, which only retains data for 30 minutes post-disconnect, this API stores connection history indefinitely, improving long-term auditability. Access to sensitive socket-level information is controlled via IAM policies, allowing organisations to limit visibility to authorised teams.

Architect’s Take: Review and tighten IAM policies governing access to the connectivity status API, particularly the socket-level data permissions, to ensure only operations and security teams have visibility into source/destination IPs and VPC endpoint IDs. Additionally, consider integrating the indefinite data retention capability into your IoT incident response and audit workflows to leverage historical disconnect data for forensic investigations.

Original advisory: AWS IoT Device Management adds MQTT session data to connectivity status API

AWS Step Functions now integrates with Amazon Bedrock AgentCore (currently in preview) to allow AI agent reasoning steps — such as document classification and data extraction — to be embedded directly into automated workflows. This enables multiple agents to run in parallel or sequence within a single workflow, with human approval gates and full audit trails via CloudWatch. For security teams, this introduces AI-driven decision-making into business-critical automation pipelines, expanding the attack surface and governance considerations.

Architect’s Take: Review IAM permissions granted to Step Functions execution roles that invoke AgentCore harnesses, ensuring least-privilege access and that per-invocation model/prompt overrides cannot be manipulated by untrusted inputs. Establish logging and alerting on CloudWatch agent turn details from day one, and apply human approval steps before any agent action with write or destructive permissions.

Original advisory: AWS Step Functions adds AgentCore-powered agentic reasoning step

AWS Step Functions now integrates with Amazon Bedrock AgentCore (currently in preview) to allow AI agent reasoning steps within automated workflows. This enables teams to embed LLM-based tasks such as document classification and data extraction directly into orchestrated pipelines, with parallel execution and human approval gates. Audit trails are available via CloudWatch, capturing agent inputs, outputs, and token usage.

Architect’s Take: Review IAM permissions granted to Step Functions execution roles that invoke AgentCore harnesses — ensure least-privilege policies are applied, particularly around model invocation and tool access. Treat human approval steps as a mandatory control for any agentic action with write or destructive scope, and validate that CloudWatch audit logging is enabled before promoting any AgentCore-integrated workflow to production.

Original advisory: AWS Step Functions adds AgentCore-powered agentic reasoning step

Amazon ECS Managed Instances now supports AWS Trainium and Inferentia AI accelerator instance types, allowing teams to run ML training and inference workloads without managing the underlying EC2 infrastructure. A single task per instance is automatically allocated all accelerator resources via a NEURON_CORE configuration in the task definition. This is a feature release rather than a security event, though it expands the attack surface for ECS-based AI workloads.

Architect’s Take: Review IAM task roles and ECS task definitions for any new Trainium or Inferentia capacity providers to ensure least-privilege access; single-task-per-instance placement reduces noisy-neighbour risk but means a compromised container has full access to all Neuron cores, so container isolation and image provenance controls are critical.

Original advisory: Amazon ECS Managed Instances now supports AWS Trainium and AWS Inferentia

Modern enterprise identity and access management (IAM) is increasingly fragmented across applications, machine identities, and decentralised teams, creating blind spots known as ‘Identity Dark Matter’ — activity that falls outside centralised IAM controls. Identity Visibility and Intelligence Platforms (IVIP) are emerging as a way to consolidate this visibility and reduce the exploitable attack surface. This matters because unmanaged identities are a primary vector for privilege abuse and lateral movement in cloud environments.

Architect’s Take: Audit your current IAM coverage gaps by mapping all human, machine, and federated identities across your cloud estate — then evaluate IVIP tooling to surface shadow identities and unmanaged service accounts that your existing IAM tooling cannot see.

Original advisory: Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

AWS Deadline Cloud now supports persistent EBS volumes for Service-Managed Fleet workers, preserving software environments and assets across worker lifecycle events. Previously, workers used only ephemeral storage, meaning software had to be reinstalled on every recycle. This change reduces startup times and improves job throughput for compute-intensive rendering and simulation workloads.

Architect’s Take: Review IAM policies and EBS volume access controls to ensure persistent volumes cannot be accessed by unintended workers or principals across lifecycle boundaries. Consider enabling EBS encryption at rest for all SMF persistent volumes and validate that TTL policies are configured to minimise unnecessary data retention in line with your data classification requirements.

Original advisory: AWS Deadline Cloud now supports persistent storage for Service Managed Fleets

Amazon SageMaker Studio’s quick setup time has been reduced from over two minutes to under twenty seconds. New Studio environments now automatically receive a managed IAM policy granting serverless model customisation permissions, including fine-tuning, evaluation, and deployment to SageMaker or Bedrock endpoints. This reduces friction for ML practitioners but introduces pre-configured IAM permissions that security teams should review.

Architect’s Take: Review the scope of the automatically attached AmazonSageMakerModelCustomizationCoreAccess managed policy against your least-privilege baselines — auto-provisioned IAM policies with deployment permissions to Bedrock and SageMaker endpoints may exceed what individual users or teams require. Consider whether your landing zone or Service Control Policies should restrict or audit automatic policy attachment in SageMaker Studio environments.

Original advisory: Amazon SageMaker Studio now sets up in seconds with model customization ready from the start

AWS has published guidance on securing multi-tenant AI agent deployments using Amazon Bedrock AgentCore resource-based policies. SaaS providers can use these controls to isolate tenants, enforce VPC-only traffic for regulated workloads, and manage cross-account access — all from a shared infrastructure. This matters because poorly isolated multi-tenant AI systems can expose one customer’s data or capabilities to another.

Architect’s Take: If you are building or reviewing a multi-tenant SaaS platform on Bedrock AgentCore, implement resource-based policies now to enforce tenant isolation boundaries — pay particular attention to cross-account trust conditions and VPC endpoint restrictions to meet regulatory obligations such as UK GDPR and financial sector requirements.

Original advisory: Secure multi-tenant AI agents with Amazon Bedrock AgentCore resource-based policies