AWS Updates - 2026-03-02
AWS What's New
AWS Config now supports 30 new resource types
- Link: https://aws.amazon.com/about-aws/whats-new/2026/03/aws-config-new-resource-types/
- Published: 2026-03-02
AWS Config now supports 30 additional AWS resource types across key services including Amazon Bedrock AgentCore and Amazon Cognito. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources.
With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators.
You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available:
Resource Types:
| AWS::AppSync::DataSource | AWS::Deadline::LicenseEndpoint |
| AWS::Batch::ConsumableResource | AWS::Deadline::QueueEnvironment |
| AWS::Bedrock::DataSource | AWS::Detective::OrganizationAdmin |
| AWS::BedrockAgentCore::Gateway | AWS::GameLift::ContainerFleet |
| AWS::BedrockAgentCore::Memory | AWS::GameLift::ContainerGroupDefinition |
| AWS::Cognito::IdentityPoolRoleAttachment | AWS::GameLift::GameServerGroup |
| AWS::Cognito::LogDeliveryConfiguration | AWS::GameLift::Location |
| AWS::Cognito::UserPoolUICustomizationAttachment | AWS::IoT::TopicRule |
| AWS::Connect::RoutingProfile | AWS::Omics::ReferenceStore |
| AWS::DataBrew::Dataset | AWS::PCAConnectorAD::Template |
| AWS::DataBrew::Job | AWS::PCAConnectorSCEP::Challenge |
| AWS::DataBrew::Project | AWS::ResourceExplorer2::View |
| AWS::DataBrew::Recipe | AWS::ResourceGroups::Group |
| AWS::DataBrew::Ruleset | AWS::Scheduler::ScheduleGroup |
| AWS::DataBrew::Schedule | AWS::VerifiedPermissions::IdentitySource |
AWS Batch now supports configurable scale down delay
- Link: https://aws.amazon.com/about-aws/whats-new/2026/03/aws-batch-configurable-scale-down-delay/
- Published: 2026-03-02
AWS Batch now allows you to configure a scale down delay for managed compute environments, helping reduce job processing delays for intermittent and periodic workloads. With the new minScaleDownDelayMinutes parameter, you can specify how long AWS Batch keeps instances running after their jobs complete (from 20 minutes to 1 week), preventing unnecessary instance terminations and relaunches that can delay subsequent job processing.
You can configure the scale down delay when creating or updating a compute environment via the AWS Batch API (CreateComputeEnvironment or UpdateComputeEnvironment) or the AWS Batch Management Console. The delay is applied at the instance level, based on when each instance last completed a job.
Scale down delay is supported today in all AWS Regions where AWS Batch is available. For more information, see the AWS Batch API Guide.
OpenSearch OR2 and OM2 instances in AWS GovCloud (US-East, US-West) Regions
- Link: https://aws.amazon.com/about-aws/whats-new/2026/03/amazon-opensearch-or2-om2-us-gov-region/
- Published: 2026-03-02
Amazon OpenSearch Service, expands availability of OR2 and OM2, OpenSearch Optimized Instance family to 12 additional regions. The OR2 instance delivers up to 26% higher indexing throughput compared to previous OR1 instances and 70% over R7g instances. The OM2 instance delivers up to 15% higher indexing throughput compared to OR1 instances and 66% over M7g instances in internal benchmarks
The OpenSearch Optimized instances, leveraging best-in-class cloud technologies like Amazon S3, to provide high durability, and improved price-performance for higher indexing throughput better for indexing heavy workload. Each OpenSearch Optimized instance is provisioned with compute, local instance storage for caching, and remote Amazon S3-based managed storage. OR2 and OM2 offers pay-as-you-go pricing and reserved instances, with a simple hourly rate for the instance, local instance storage, as well as the managed storage provisioned. OR2 instances come in sizes ‘medium’ through ‘16xlarge’, and offer compute, memory, and storage flexibility. OM2 instances come in sizes ‘large’ through ‘16xlarge’ Please refer to the Amazon OpenSearch Service pricing page for pricing details.
OR2 and OM2 instance family is now available on Amazon OpenSearch Service across 2 additional regions: AWS GovCloud (US-East, US-West).
AWS News Blog
AWS Weekly Roundup: OpenAI partnership, AWS Elemental Inference, Strands Labs, and more (March 2, 2026)
- Link: https://aws.amazon.com/blogs/aws/aws-weekly-roundup-openai-partnership-aws-elemental-inference-strands-labs-and-more-march-2-2026/
- Published: 2026-03-02
This past week, I’ve been deep in the trenches helping customers transform their businesses through AI-DLC (AI-Driven Lifecycle) workshops. Throughout 2026, I’ve had the privilege of facilitating these sessions for numerous customers, guiding them through a structured framework that helps organizations identify, prioritize, and implement AI use cases that deliver measurable business value. AI-DLC is […]
AWS Security Blog
Understanding IAM for Managed AWS MCP Servers
- Link: https://aws.amazon.com/blogs/security/understanding-iam-for-managed-aws-mcp-servers/
- Published: 2026-03-02
As AI agents become part of your development workflows on Amazon Web Services (AWS), you want them to work with your existing AWS Identity and Access Management (IAM) permissions, not force you to build a separate permissions model. At the same time, you need the flexibility to apply different governance controls when an AI agent […]
AWS Security Bulletins
Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
- Link: https://aws.amazon.com/security/security-bulletins/rss/2026-005-aws/
- Published: 2026-03-02
Bulletin ID: 2026-005-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2026/03/02 14:30 PM PST
Description:
AWS-LC is an open-source, general-purpose cryptographic library. We identified three distinct issues:
- CVE-2026-3336: PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.
- CVE-2026-3337: Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis.
- CVE-2026-3338: PKCS7_verify Signature Validation bypass in AWS-LC
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.
Impacted versions:
- PKCS7_verify Certificate Chain Validation Bypass in AWS-LC >= v1.41.0, < v1.69.0
- PKCS7_verify Certificate Chain Validation Bypass in aws-lc-sys >= v0.24.0, < v0.38.0
- Timing Side-Channel in AES-CCM Tag Verification in AWS-LC >= v1.21.0, < v1.69.0
- Timing Side-Channel in AES-CCM Tag Verification in AWS-LC >= AWS-LC-FIPS-3.0.0, < AWS-LC-FIPS-3.2.0
- Timing Side-Channel in AES-CCM Tag Verification in aws-lc-sys >= v0.14.0, < v0.38.0
- Timing Side-Channel in AES-CCM Tag Verification in aws-lc-sys-fips >= v0.13.0, < v0.13.12
- PKCS7_verify Signature Validation bypass in AWS-LC >= v1.41.0, < v1.69.0
- PKCS7_verify Signature Validation bypass in aws-lc-sys >= v0.24.0, < v0.38.0
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.