--- title: "The Week AWS Remembered GovCloud Exists" id: "15383" type: "newsletter" slug: "the-week-aws-remembered-govcloud-exists" published_at: "2026-06-01T13:30:00+00:00" modified_at: "2026-06-01T13:30:00+00:00" url: "https://www.lastweekinaws.com/newsletter/the-week-aws-remembered-govcloud-exists/" markdown_url: "https://www.lastweekinaws.com/newsletter/the-week-aws-remembered-govcloud-exists.md" excerpt: "This week's issue is sponsored by my Stelf Startup: a reference check service for candidates. Remember, \"you weren't unemployed, you were in Stelf Mode.\" This is, of course, another one of my Shitposting.ai projects." --- About the Author Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure. Sign up for the Newsletter Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark. "*" indicates required fields ## [Good Morning](https://x.com/QuinnyPig/status/2059830692411060264) ! This week’s issue is sponsored by my [Stelf Startup](https://stelfstartup.com) : a reference check service for candidates. Remember, “you weren’t unemployed, you were in Stelf Mode.” This is, of course, another one of my [Shitposting.ai](http://Shitposting.ai) projects. ## Things I Found on the Internet Marc Bowes continues the DSQL internals series, and [this deep-dive on the Adjudicator](https://marc-bowes.com/dsql-adjudicator.html) explains how the component decides whether your transaction gets to commit. Optimistic concurrency, journal pipelining, and failure handling, all explained clearly enough that you’ll actually understand why decoupling reads and writes is harder than it sounds. Tarus Balog on getting fired from AWS, and why it’s a relief. [His reflections on four years](https://www.adventuresinoss.com/aws-four-years/) cover the “fungible employee” mindset, the desperate GenAI pivot, and what happens when “good enough” replaces customer obsession. A thoughtful read from someone who tried to make AWS a better open source citizen. Wrote up my O11yCon closing keynote: [the three pillars of observability were built for human eyeballs](https://www.lastweekinaws.com/blog/reading-observability-tools-thats-a-robots-job/) , and the primary reader of your telemetry increasingly isn’t human. Which means a lot of dashboards you’re proud of are about to be read by something that can’t see them. AWS rebuilt their data center networking around random graph theory, and [the story of how they got there](https://www.aboutamazon.com/stories/aws-random-graph-theory-data-center-network-design?&utm_term=36) is the rare corporate engineering post that actually explains the math. Worth a read if you’ve ever wondered why your packets find their way home so reliably. ## What AWS Has For Us This Time [AWS Organizations emits CloudTrail events for account membership changes](https://aws.amazon.com/about-aws/whats-new/2026/05/aws-organizations-cloudtrail/) Only took until 2026 to log when accounts join or leave your org. Previously, accounts could vanish from your Organization and the only evidence was a confused Slack message three weeks later. Security teams everywhere are torn between celebrating and asking what, exactly, we’ve been doing this whole time. [Monitor AWS Budgets directly in Billing and Cost Management Dashboards with new Budgets widget](https://aws.amazon.com/about-aws/whats-new/2026/05/monitor-aws-budgets-using-dashboards) Watching your budget explode in the same window as your Cost Explorer reports. Progress! Previously, you had to click to a different page to confirm you’d blown past your spending limits weeks ago. Now it’s all in one convenient location, like a financial crime scene with better lighting. [Introducing the next generation of Amazon OpenSearch Serverless for building your agentic AI applications](https://aws.amazon.com/blogs/aws/introducing-the-next-generation-of-amazon-opensearch-serverless-for-building-your-agentic-ai-applications/) Scale-to-zero has arrived for OpenSearch Serverless, which raises the obvious question: what exactly was the previous “Serverless” doing when idle? Charging you, mostly. The 60% savings claim is benchmarked against peak-provisioned clusters, which is like saying my couch is cheaper than a Lamborghini. Technically true, deeply unhelpful, but at least AWS has finally stopped shrieking that “Serverless has never meant scaling to zero” until confronted with the wayback machine’s copy of their own marketing pages saying that it did. [Customer First Callback in Amazon Connect Customer: Priority Preservation, Voicemail Detection, and Zero Reserved Agent Capacity](https://aws.amazon.com/blogs/contact-center/customer-first-callback-in-amazon-connect-priority-preservation-voicemail-detection-and-zero-reserved-agent-capacity/) – Three features bundled into one announcement with a name longer than most service SLAs. Voicemail detection in 2026 feels less like innovation and more like AWS finally admitting their contact center was burning agent-hours connecting to answering machines. The real win? “Zero Reserved Agent Capacity” doubles as a description of AWS Support. [Optimize costs in Amazon Aurora](https://aws.amazon.com/blogs/database/optimize-costs-in-amazon-aurora/) A 3,000-word blog post on how to spend less money with Aurora, helpfully published by the company that profits when you spend more. The advice is fine: right-size, use Serverless, buy Reserved Instances or Database Savings Plans, okay, great, but reading AWS lecture you about thrift is like getting nutrition tips from Cinnabon. [How AWS DevOps Agent uses multi-agent reasoning to find root causes](https://aws.amazon.com/blogs/devops/how-aws-devops-agent-uses-multi-agent-reasoning-to-find-root-causes/) Multiple AI agents arguing about why your Lambda is broken, which is exactly how my last on-call rotation went, except the agents bill by the token. Confirmation bias is a problem, sure, but I suspect “agents hallucinating root causes with confidence” is about to become a fun new incident category. [Claude Opus 4.8 is now available on AWS](https://aws.amazon.com/blogs/machine-learning/claude-opus-4-8-is-now-available-on-aws/) – Opus 4.8, because 4.7 was apparently insufficient and 5.0 would imply we’ve reached some kind of destination. The model can now “hold a plan across stages,” which is more than I can say for most AWS roadmaps. Your Bedrock bill is about to develop ambitions of its own. [Best Practices for TCP Connection Management on EC2](https://aws.amazon.com/blogs/networking-and-content-delivery/best-practices-for-tcp-connection-management-on-ec2/) Last summer’s fun surprise! Your idle TCP timeout went from 5 days to 350 seconds on Nitro V6, and your database connection pool discovered this in production at 3 AM. The fix was keepalives you should’ve had anyway, but nobody reads release notes until pagers start screaming. “Why we made this change” is a great blog post that’s about eighteen months too late. [Introducing US-based, US citizen, 24/7 technical support for AWS GovCloud (US) customers: Your mission never sleeps, neither do we](https://aws.amazon.com/blogs/publicsector/introducing-us-based-us-citizen-24-7-technical-support-for-aws-govcloud-us-customers-your-mission-never-sleeps-neither-do-we/) I would have confidently stated this was the case as recently as yesterday. I would have been wrong. Buried in paragraph three: “Previously, AWS GovCloud (US) technical support cases might be assigned to support engineers outside the US.” Cool, cool, cool. So the compliance boundary that customers assumed existed for the past decade-plus was actually more of a vibe. Glad we cleared that up with a celebratory blog post. [Well-architected best practices for software supply chain security](https://aws.amazon.com/blogs/security/well-architected-best-practices-for-software-supply-chain-security/) Nothing brings out the security best practices documentation quite like a string of npm supply chain attacks with names that sound like Dune fan fiction. The advice works: stop hardcoding IAM keys in your CI/CD, for god’s sake! But it’s telling that we needed Shai-Hulud to remind everyone that long-lived credentials are a loaded gun. [Automate Amazon EBS gp2 to gp3 migration at scale with AWS Step Functions and AWS Lambda](https://aws.amazon.com/blogs/storage/automate-ebs-gp2-to-gp3-migration-at-scale-with-aws-step-functions-and-aws-lambda/) gp3 has been cheaper and faster than gp2 since 2020, and AWS is just now publishing the migration automation. Six years of overpaying, but sure, let’s celebrate the 20% savings you could’ve had during the last presidential administration. Bonus points for needing 10 Lambda functions to change a volume type. [CVE-2026-9255 – Tool Execution Without Authorization via Piped Stdin in Kiro CLI](https://aws.amazon.com/security/security-bulletins/rss/2026-035-aws/) – Turns out piping untrusted content into your AI coding assistant lets attackers approve their own shell commands. Who could have predicted that an “interactive” prompt accepting stdin as confirmation might end poorly? Patch to 1.28.0, or enjoy the novel experience of your CLI cheerfully running whatever it’s told to. [CVE-2026-9291 – Insecure Deserialization in Amazon Braket SDK Job Results Processing](https://aws.amazon.com/security/security-bulletins/rss/2026-036-aws/) – Quantum computing has finally achieved something previously thought impossible: a classical pickle deserialization vulnerability. The SDK trusts a JSON field to decide whether to call `pickle.loads()`, which is approximately the security equivalent of asking the burglar whether they’re a burglar. Upgrade to 1.117.0, and maybe reconsider who has S3 write access. … and that’s what happened ***Last Week in AWS.*** ## You might also like [More Newsletter Issues](https://www.lastweekinaws.com/newsletter/) Issue No.472 ### [M3 Ultra Macs, Claude Platform, and 619 New APIs Walk Into a Bar](https://www.lastweekinaws.com/newsletter/m3-ultra-macs-claude-platform-and-619-new-apis-walk-into-a-bar/) [Read More about M3 Ultra Macs, Claude Platform, and 619 New APIs Walk Into a Bar](https://www.lastweekinaws.com/newsletter/m3-ultra-macs-claude-platform-and-619-new-apis-walk-into-a-bar/) Issue No.471 ### [AI-Native Foundations and the CVEs That Love Them](https://www.lastweekinaws.com/newsletter/ai-native-foundations-and-the-cves-that-love-them/) [Read More about AI-Native Foundations and the CVEs That Love Them](https://www.lastweekinaws.com/newsletter/ai-native-foundations-and-the-cves-that-love-them/) Issue No.470 ### [Bedrock Bags OpenAI, Q Developer Bags Groceries](https://www.lastweekinaws.com/newsletter/bedrock-bags-openai-q-developer-bags-groceries/) [Read More about Bedrock Bags OpenAI, Q Developer Bags Groceries](https://www.lastweekinaws.com/newsletter/bedrock-bags-openai-q-developer-bags-groceries/) Issue No.469 ### [The Week AWS Discovered JOIN Statements](https://www.lastweekinaws.com/newsletter/the-week-aws-discovered-join-statements/) [Read More about The Week AWS Discovered JOIN Statements](https://www.lastweekinaws.com/newsletter/the-week-aws-discovered-join-statements/)