Top 10 AWS re:Invent 2025 Announcements: Lambda Managed Instances, EKS Capabilities & Database Savings Plans
Top 10 AWS re:Invent 2025 Announcements: Lambda Managed Instances, EKS Capabilities & Database Savings Plans
The dust is just starting to settle in Las Vegas after the F1 and of course re:Invent 2025, a week full of announcements where the most hardy people rack up steps counts into the 40k mark, and the hardest choice of the day is which vendor evening event they should attend. Of course, in between all the walking and networking we do get some announcements on existing services, new services and people’s thoughts on the coming year ahead.
I wasn’t able to attend this year so have been watching from a far trying to keep up with the conveyor belt of releases and sessions, and as expected it was a smorgasbord of AI and AI related content but there were some great announcements and I have picked my favourites below.
1 – AWS Lambda Managed Instances
AWS Lambda Managed Instances give you a pool of warm execution environments for your functions. Think of it as AWS Lambda with a steady baseline of ready capacity. AWS keeps those runtimes alive, patched, and healthy so your functions respond fast without cold starts. You set the guardrails as always and AWS will handle the fleet.
What you get is predictable latency, steadier throughput, and fewer surprises under spikes. Because it is serverless there are no servers to manage, just your functions, with capacity there ready as you need it.
Why does this help users, well there is less tail latency for APIs, simpler Amazon VPC networking, and better visibility for tuning and planning.
How does this keep things simple? you define baseline capacity and limits and AWS manages scaling, placement, and maintenance behind the scenes.
Here are some potential use case:
- Latency‑sensitive APIs
- Stream/queue consumers (Amazon Kinesis, Kafka, Amazon Simple Queue Service (Amazon SQS))
- ML inference that needs warm models
- Bursty traffic with SLAs
- VPC‑integrated functions hitting private services
- Scheduled ETL steps needing fast starts
2 – Amazon Elastic Kubernetes Service (Amazon EKS) Capabilities – Managed Kubernetes‑native platform features
AWS launched Amazon Elastic Kubernetes Service (Amazon EKS) Capabilities, a set of fully managed Kubernetes native features for workload orchestration and cloud resource management. The initial capabilities will include Argo CD for GitOps based continuous delivery, AWS Controllers for Kubernetes to manage AWS resources using Kubernetes custom resources, and Kube Resource Orchestrator to compose reusable resource bundles. These capabilities run in EKS service owned accounts with AWS handling scaling, patching, updates, and health. You enable and configure them through the EKS console, CLI, or eksctl and use them with standard Kubernetes tools.
This brings some real benefits to EKS:-
- Reduce operational burden since AWS manages capacity, upgrades, and dependencies for these capabilities.
- Use consistent Kubernetes workflows and GitOps to orchestrate both cluster resources and AWS services.
- Accelerate migrations with ACK adoption features and read only modes that help bring existing resources under management.
- Improve security alignment with AWS Identity and Access Management (IAM) based permissions and optional single sign on integration through AWS IAM Identity Center.
- Build a composable platform by enabling one or multiple capabilities together to fit your environment.
3 – Database Savings Plans – flexible discounts for managed databases
Database Savings Plans is a feature long overdue in AWS and will now benefit heavy users of Amazon Relational Database Service (Amazon RDS). In a similar guise to Compute plans you commit to a consistent amount of database usage measured in dollars per hour over a one-year term, this is the only term on offer currently however this may change in the future depending on customer feedback. The discount automatically applies each hour across eligible services and Regions, and any usage beyond the commitment bills at ondemand rates. Supported services at launch include Amazon Aurora, Amazon RDS, Amazon DynamoDB, Amazon ElastiCache, Amazon DocumentDB, Amazon Neptune, Amazon Keyspaces, Amazon Timestream, and AWS Database Migration Service. Discounts vary by deployment model. Serverless databases offer up to 35 percent savings compared to ondemand rates. Provisioned instances across supported services offer up to 20 percent. DynamoDB and Keyspaces provide savings for both ondemand throughput and provisioned capacity.
Some of the benefits:
- Lower costs for sustained database workloads without locking into a single engine or Region.
- Flexibility to switch engines, change deployment types, and shift usage across regions while keeping the same commitment.
- Predictable spend through hourly commitment with visibility into coverage and utilisation in your existing cost tools.
- Easier purchasing with console recommendations and a Purchase Analyzer to model custom commitments.
4 – RDS for Oracle & SQL Server – performance & cost optimisations
AWS announced new capabilities for Amazon RDS for SQL Server and Amazon RDS for Oracle that improve performance and optimies costs. The release adds SQL Server Developer Edition support on RDS for SQL Server for non-production development and testing with Enterprise features at no license cost. It also introduces M7i and R7i instance support with optimise CPU for RDS for SQL Server, allowing you to reduce vCPU-based licensing costs by configuring vCPU counts while keeping memory and IOPS performance. In addition, both RDS for Oracle and RDS for SQL Server now support up to 256 TiB per database instance by adding up to three additional storage volumes. You can combine io2 and gp3 volumes to balance performance and cost, scale volumes in parallel, and add or remove them without downtime. Multi AZ deployments replicate additional volumes automatically.
Customer benefits
- Lower development and test costs with SQL Server Developer Edition on RDS while retaining Enterprise feature parity and managed operations.
- Reduced SQL Server licensing costs and better workload fit by tuning vCPU counts on M7i and R7i with optimise CPU, with separate billing visibility for licenses and instance costs.
- Greater storage flexibility and scale for Oracle and SQL Server. Add volumes on demand, mix io2 and gp3 for tiered performance, and grow capacity without interruption.
- Faster operations with zero downtime storage changes and parallel scaling for expanding datasets.
5 – AWS AI Factories – dedicated, sovereign‑scale AI infrastructure
AWS announced AI Factories, a dedicated AI infrastructure offering that AWS deploys and manages in your own datacentres. It combines AWS Trainium accelerators, NVIDIA GPUs, low latency networking, high performance storage, and integrated AWS AI services like Amazon Bedrock and Amazon SageMaker. The goal is to accelerate AI buildouts by removing procurement and setup complexity, and to deliver the same advanced AI technologies available in AWS Regions inside a private, isolated environment. AI Factories operate as dedicated environments for a single customer or a trusted community and integrate with the broader set of AWS services while meeting strict data residency and digital sovereignty requirements.
Customer benefits
- Faster time to capability by avoiding multi-year procurement and integration projects.
- Access to leading foundation models through Amazon Bedrock and managed training and deployment through SageMaker without separate model contracts.
- Dedicated, isolated environments that align with data residency, sovereignty, and regulatory requirements.
- AWS operated infrastructure with proven reliability, security, and performance, so teams can focus on AI solutions rather than hardware and tuning.
- Consistent technology stack with the latest accelerators, networking, and storage delivered on premises.
I am on the fence about this launch, while in principle this is just Outposts for an AI era, this will be a tough market for AWS, with the likes of HPE and Dell/EMC having similar offerings, AWS will have to price this attractively to compete.
6 – AWS DevOps Agent (Preview) – autonomous incident response
AWS announced the public preview of the AWS DevOps Agent, an autonomous agent that accelerates incident response and improves reliability by analysing telemetry, deployments, and operational signals across your toolchain. The agent correlates metrics, logs, traces, and recent code changes, proposes probable root causes, and recommends targeted mitigations. It coordinates incident communication in Slack, maintains investigation timelines, and integrates with ticketing tools such as ServiceNow and PagerDuty. You connect it to observability platforms like Amazon CloudWatch, Datadog, Dynatrace, New Relic, and Splunk, and to CI and CD systems like GitHub Actions and GitLab. It builds an application topology to understand components and relationships, and it can run investigations on demand or automatically from alerts. During preview, it is available at no charge in US East N. Virginia, while monitoring applications across Regions and accounts.
Potential benefits
- Faster root cause analysis and lower mean time to resolution through automated correlation of signals across tools.
- Reduced operational load during incidents with automated communications and investigation timelines.
- Actionable mitigation plans during incidents and longer term recommendations that improve observability and resilience.
- Easy integration with existing tools through the console and a bring your own MCP server capability for custom or open source platforms.
- Flexible scoping through Agent Spaces that align to applications, teams, or centralised operations.
At Telefonica Tech UK we will be testing this new Agent and looking at what opportunities we have to integrate this as part of our managed service to increase the service we offer to our customers.
7 – Amazon Route 53 Global Resolver (Preview) – secure anycast DNS
AWS introduced Amazon Route 53 Global Resolver. It is a managed, global DNS resolver for both public internet domains and private domains in Route 53 private hosted zones. Global Resolver uses anycast IPv4 and IPv6 addresses to route queries to the nearest AWS Region and supports standard and encrypted DNS protocols including Do53, DNS over HTTPS, and DNS over TLS. It includes integrated security controls similar to Route 53 Resolver DNS Firewall with managed domain lists, custom lists, and advanced protection for threats like domain generation algorithms and DNS tunnelling. It supports client authentication with CIDR allowlists and token based access for DoH and DoT, DNSSEC validation, EDNS Client Subnet, and centralised logging. AWS is renaming the existing Route 53 Resolver to Route 53 VPC Resolver to clarify its Regional, VPC scoped role. Global Resolver complements VPC Resolver by serving on premises, branch, and remote clients without VPC deployment.
Customer benefits
- Unified DNS resolution for public and private domains without split DNS forwarding and custom cross Region failover.
- Lower latency and higher reliability for distributed clients through anycast routing to the nearest Region.
- Strong security posture with built in filtering, encrypted DNS, client authentication, DNSSEC validation, and centralized logging.
- Simpler hybrid operations by removing the need for per Region Route 53 Resolver endpoints and separate security stacks.
- Flexible client grouping using DNS views with different filtering rules and private zone associations.
8 – AWS Security Hub – GA with near real‑time analytics & risk prioritisation
AWS announced general availability of the new AWS Security Hub experience with near real time analytics and risk prioritisation. Security Hub now unifies security operations across services such as Amazon GuardDuty, Amazon Inspector, AWS Security Hub CSPM, and Amazon Macie, correlating signals and turning them into exposure findings with context and remediation guidance. The Summary dashboard adds up to one year of historical trends for threats, exposures, resources, and service coverage, with customisable widgets and cross Region aggregation. Near real time exposure calculation updates as findings arrive, and the Exposure page organises issues by severity and affected resources, including a potential attack path view. Integrations expand to Jira and ServiceNow for ticketing, OCSF format for partner tools, and Amazon EventBridge rules for automated response. Pricing is streamlined and includes a cost estimator, and GA features are available across Regions where services are offered.
Customer benefits
- Faster detection and prioritisation with near real time correlation across multiple security services.
- Clear visibility with one year of historical trends, unified dashboards, and cross Region aggregation.
- Actionable context with exposure grouping, potential attack paths, and prioritised remediation steps.
- Integrated workflows using Jira or ServiceNow and automated response through EventBridge and Lambda or AWS Systems Manager.
- Consistent data exchange through OCSF for broad partner interoperability.
9 – IAM Policy Autopilot – open-source MCP server for IAM policy generation
AWS introduced IAM Policy Autopilot, an open source Model Context Protocol server that analyses your application code and helps AI coding assistants generate identity based IAM policies. It runs locally at no cost and integrates with tools like Kiro, Claude Code, Cursor, and Cline. The server maps SDK calls to IAM actions using deterministic code analysis and the AWS service authorisation reference, so it produces valid, functional policies that you can review and then scope down for least privilege. It supports Python, TypeScript, and Go, and works as both an MCP server and a standalone CLI.
Potential benefits
- Faster starts for new workloads by auto generating functional IAM policies from real code rather than guesswork.
- Fewer Access Denied loops by using AWS aware analysis that maps SDK usage to required actions.
- Smoother workflows with AI assistants that can request policies, analyse denials, and suggest targeted fixes.
- Easy integration into IaC. Copy policies into AWS CloudFormation, AWS Cloud Development Kit, or Terraform and refine with AWS IAM Access Analyzer.
- Local, open source, and free, which makes adoption simple for teams and secure for enterprise environments.
I really like this release it has the potential to really help drive developer experience and keep IAM policies tight and controlled, however where IAM is concerned I feel I must urge people to ensure that they have generated policies fully checked by someone who really understands IAM JSON policy to ensure that you have no accidental gapping holes in your security. Use with Caution…
10 – AWS Transform for full‑stack Windows modernisation
AWS announced full stack Windows modernisation capabilities in AWS Transform. The service coordinates modernisation across application, UI, database, and deployment layers, and links code repositories and SQL Server databases to plan wave based transformations. It ports .NET Framework applications to cross platform .NET, modernises ASP.NET Web Forms UI to Blazor, converts SQL Server schemas and stored procedures to Aurora PostgreSQL, refactors dependent .NET code, and can deploy to Amazon Elastic Compute Cloud (Amazon EC2) Linux or Amazon Elastic Container Service (Amazon ECS) for testing with CloudFormation templates and configurations for production. The goal is to remove tedious multi-tier migrations by orchestrating changes end to end with reports, validation, and real time progress.
Great benefits
- Faster modernisation with coordinated waves across application, database, and UI code, often five times faster than manual approaches.
- Lower licensing and operational costs by moving applications to Linux and migrating SQL Server to Aurora PostgreSQL.
- Consistent outcomes with conversion reports, editable plans, and next steps guidance that reduce rework and uncertainty.
- Developer friendly experience with Visual Studio integration, real time progress, and support for porting to .NET 10 and .NET Standard.
Transform has been gaining some traction in the AWS space recently, and new features are becoming available at an increasing rate. The trick here is getting increased adoption and trust in these tools, we will certainly be looking deeper at AWS Transform as a whole in the coming months.
So, there you have it my 10 picks from the announcements I have seen over the last week, they may not be the most exhilarating of picks, but they are ones I can see having the most impact on my day to day.
