Update of Feb-26: New features for AWS Enterprises

This entry is the first in Update Of The Month — a series where I share what I’ve found interesting across my day-to-day operations in the Cloud. With features and projects being released increasingly faster, this short-form content style helps me recap what matters and share it with you. The focus is Cloud, though that may evolve as the series grows.

This month’s updates are AWS-focused, and may be relevant to Operations and Security teams,

Self-servicing AWS Health for Organizations for platform teams, github.com/aws-samples/sample-AWSHealthCompass, this new solution supports tag-based event redirection towards resource owners where the org is specifically using Jira as ITSM. Few concerns of how the solution handles notification de-duplications, however it’s in early stages.

Your AWS Certificates Just Got Shorter, Starting today, AWS Certificate Manager (ACM) public certificates now have a maximum validity of 198 days (down from 395 days), aligning with the CA/Browser Forum mandate effective March 15, 2026. Existing certificates require no action and will renew or expire as usual, but will receive 198-day validity on next renewal (now 45 days before expiry instead of 60). Exportable certificate pricing has been reduced to reflect the shorter period. What you should check: migrate any email-validated certificates to DNS validation, automate self-managed certificate rotation (especially for non-AWS appliances), review your acm-certificate-expiration-check Config rule thresholds, and audit IaC templates for cert validity assumptions — this applies to anything terminating TLS (CloudFront, ALB, API Gateway, Elastic Beanstalk). The bigger picture: this is step one of Ballot SC-081v3, which mandates a phased reduction ending at 47-day certificates by 2029 — organizations not investing in automation now will face significant operational pain. The security rationale mentioned: shorter lifetimes shrink the exposure window from compromised keys (47 days vs 13 months), especially given that certificate revocation is unreliable in practice as browsers often soft-fail on CRL/OCSP checks. On a side note, I’ve also found the preparation for Post-Quantum Cryptography against Harvest Now Decrypt Later attacks a good read, the time to act is before the deadline, not after. Details: https://aws.amazon.com/about-aws/whats-new/2026/02/aws-certificate-manager-updates-default/

EC2 Capacity Manager now includes Spot interruption metrics — You can now see Spot interruption trends directly in EC2 Capacity Manager instead of guessing or deploying custom solutions (previously required maintaining separate dashboards like spot-interruption-insights, spot-interruption-dashboard, or spot-placement-score-tracker. Three new metrics are available: Spot Usage Total Count (distinct instances/vCPUs over a period), Spot Total Interruptions (instances interrupted), and Spot Interruption Rate (percentage interrupted) — these can be compared across regions and availability zones to identify patterns and optimize diversification. Why we think this matters: these metrics turn EC2 Spot from opportunistic cost savings into a first-class capacity strategy — platform teams can now quantify interruption risk by instance type, region, and time of day to make data-driven decisions: avoiding cascading disruptions by not over-concentrating on heavily interrupted instance types, identifying capacity scarcity windows where On-Demand mixed-in makes sense, and scheduling in-flight-work-sensitive workloads (e.g., EMR Spark/training jobs) during low-interruption hours to minimize checkpoint recovery overhead. Availability note: Capacity Manager is available in Singapore region (not Thailand), and can be enabled at the Org or single-account level. Details: https://aws.amazon.com/about-aws/whats-new/2026/01/ec2-capacity-manager-spot-interruption-metrics/

That’s it for this month’s update. If you found this useful, follow via RSS to catch the next one. Opinions shared here are my own — if you see things differently or have something to add, I’d love to hear it. Cheers!