AWS
Table of Contents
Jump to a section
AWS dropped a wave of pre:Invent launches.
This overview ranks them by real-world impact.
What changes your design, risk, and cost the most across many workloads.
1. CloudFront Flat-Rate Pricing Plans (No Overages)
Why it matters:
You know that nightmare scenario where your side project hits HackerNews and you wake up to a $10k CloudFront bill?
Flat-rate pricing plans fix this. You pay a fixed monthly price, and that's it. No surprises, even if you get DDoS'd or go viral.
Key Points:
- Fixed monthly price per distribution (Free, Pro, Business, Premium)
- No overage charges, even during spikes or DDoS
- Blocked and DDoS traffic don't count against your allowance
- Data transfer from AWS origins to CloudFront remains free
Impact: Huge if you're shipping anything public-facing where traffic is unpredictable. Finally sleep well knowing your AWS bill won't explode overnight.
2. S3 Attribute-Based Access Control (ABAC) for General Purpose Buckets
Why it matters:
Managing S3 permissions is painful when you have dozens (or hundreds) of buckets. You end up with giant IAM policies listing every single bucket ARN.
ABAC for S3 lets you use tags instead.
Tag your buckets with env:prod or project:acme, then write one policy that references tags, not ARNs.
Key Points:
- IAM and bucket policies can reference tags instead of explicit bucket ARNs
- Same tags work for cost allocation
- No extra S3 charge
Impact: Way less mutated policies and way fewer "why can't I access this bucket?" tickets. Especially useful if you're running multi-account or multi-tenant setups.
3. Lambda Tenant Isolation Mode for Multi-Tenant SaaS
Why it matters:
Building multi-tenant SaaS on Lambda was always sketchy. You either create one function per tenant (expensive from operations side, messy) or risk leaking data between tenants via shared memory.
Tenant isolation mode fixes this.
Lambda now isolates tenants for you—separate /tmp, separate caches, no shared state.
Key Points:
- Each tenant ID gets its own execution environment within a single function
- No sharing of
/tmp, caches, or globals across tenants - Enforced by Lambda, not your code
Impact: Build proper multi-tenant serverless apps without one-function-per-tenant madness. Handles the cross-tenant data leakage concerns that auditors always ask about.
4. API Gateway Response Streaming
Why it matters:
API Gateway had a 10 MB response limit and couldn't stream. That's a problem if you're building chat APIs or anything that generates large responses.
Response streaming changes that. You can now stream responses progressively and handle payloads over 10 MB.
Key Points:
- Stream responses from Lambda or HTTP backends
- Supports responses beyond 10 MB and up to 15-minute operations
- Works for HTTP proxy, Lambda proxy, and private integrations
Impact: Huge for AI/chat APIs or anything interactive. You don't have to ditch API Gateway and build custom streaming infrastructure anymore.
5. Direct Private Integration: API Gateway → ALB (No NLB Required)
Why it matters:
Before this, connecting API Gateway to a private ALB required an NLB in the middle. That's an extra $20/month plus traffic costs for something that should be simple.
Direct ALB integration removes that middleman. API Gateway talks directly to your private ALB via VPC Link v2.
Key Points:
- API Gateway REST APIs integrate directly with private ALBs via VPC link v2
- No intermediate Network Load Balancer needed
- Can use ALB L7 features (routing, auth) for internal services
Impact: Saves you $20+/month per integration and removes unnecessary complexity. Nice win if you have multiple internal services behind API Gateway.
6. API Gateway Developer Portal Capabilities
Why it matters:
You've built 20 APIs across different teams. Now new developers ask "where's the docs?" and you point them to a Confluence page that's six months out of date.
API Gateway Portals auto-generates a developer portal. It discovers your APIs, maintains docs, and updates automatically when APIs change.
Key Points:
- Automatically discovers REST APIs across accounts
- Documentation auto-updates as APIs evolve
- Custom branding, access controls, and compliance enforcement
- CloudWatch RUM integration for usage analytics
Impact: No more stale API docs. New devs can find and test your APIs immediately instead of asking around on Slack. You can drop third-party portal tools too.
7. Lambda SQS Event Source Mapping: Provisioned Mode
Why it matters:
The default Lambda SQS polling is slow to scale and maxes out at low concurrency. If you're processing high-volume queues, you hit limits fast.
Provisioned mode gives you dedicated pollers with configurable min/max. 3× faster scaling, 16× more concurrency, up to 2 GB/s throughput.
Key Points:
- Dedicated event pollers with configurable min/max
- 3× faster scaling
- Up to 20,000 concurrent Lambda executions (16× previous capacity)
- Up to 2 GB/s aggregate throughput
Impact: Big deal if you're processing lots of events from SQS. You can actually control throughput now and protect downstream systems from getting hammered.
8. DynamoDB GSIs with Multi-Attribute Composite Keys
Why it matters:
DynamoDB GSIs have always required you to manually concatenate multiple attributes into a single key string.
So you end up with stuff like userId#timestamp everywhere, which is error-prone and ugly.
Multi-attribute composite keys let you use up to 4 attributes natively. No more string concatenation.
Key Points:
- GSI partition key: up to 4 attributes
- GSI sort key: up to 4 attributes
- No more manual string concatenation for composite access patterns
Impact: Cleaner data modeling, fewer bugs from bad concatenation. Really nice if you have complex query patterns.
9. Route 53 Accelerated Recovery for Public DNS Management
Why it matters:
If us-east-1 goes down and you can't update your DNS records, you're stuck. You can't failover to another region, you just wait.
Route 53 Accelerated Recovery targets a 60-minute RTO for DNS management during us-east-1 outages. Key APIs stay up so you can actually execute your failover plan.
Key Points:
- 60-minute RTO for managing public hosted zones during us-east-1 disruptions
- Key APIs stay available (
ChangeResourceRecordSets,ListHostedZones) - No code changes needed
Impact: Critical if you run anything mission-critical. You can actually fail over instead of just watching your app be down.
10. ALB JWT Verification for M2M / S2S Traffic
Why it matters:
Every microservice needs to validate JWTs, so you copy-paste the same token validation logic everywhere. Then you find a bug and have to update 15 services.
ALB JWT verification handles validation at the load balancer. Signature, expiry, claims—all checked before the request hits your service.
Key Points:
- ALB validates JWTs (signature, expiry, claims) in request headers
- Supports OAuth 2.0 flows like Client Credentials
Impact: Stop duplicating auth logic across services. One place to update, fewer bugs.
11. Lambda IPv6 Networking (Dual-Stack VPCs & Egress-Only)
Why it matters:
NAT Gateways cost $32/month each, plus data transfer fees. If you have Lambda functions in a VPC that need internet access, you're paying for NAT.
Lambda IPv6 support lets you use egress-only internet gateways instead. No NAT needed, lower costs.
Key Points:
- Lambda functions in VPCs can use IPv6 and egress-only internet gateways
- Can replace NAT gateways for outbound internet access
Impact: Save $30+/month per NAT Gateway. Adds up fast if you have multiple VPCs or availability zones.
12. Step Functions TestState API for Local Workflow Testing
Why it matters:
Testing Step Functions workflows was always painful. You deploy, wait, check logs, fix something, deploy again.
TestState API lets you test workflows locally. Mock AWS service calls, validate contracts, integrate with Jest or pytest.
Key Points:
- Local testing of full workflows, including Map and Parallel states
- Mock AWS service integrations with contract validation
Impact: Way faster development cycle. Catch bugs before you deploy instead of finding them in production.
13. Lambda Async Payloads up to 1 MB
Why it matters:
The 256 KB limit for async Lambda events meant you'd often store payloads in S3 and pass pointers around. Extra latency, extra complexity.
1 MB async payloads give you 4× more room. Note: billing adds 1 request per extra 64 KB beyond 256 KB.
Key Points:
- Up to 1 MB per async event
- Billing adds 1 request per extra 64 KB beyond 256 KB ⚠️
Impact: Nice if you're passing around large events (ML features, telemetry batches). You can skip the S3 indirection pattern for medium-sized payloads.
14. Lambda Node.js 24 Runtime
Why it matters:
Node.js 20 support ends in 2026. You'll need to migrate eventually.
Node.js 24 runtime is the latest LTS, supported until 2028. Async/await only, no more callback-style handlers.
Key Points:
- Latest LTS Node, supported until 2028
- Async/await only (no callback handlers)
Impact: Plan your migration path now. You've got time, but Node.js 20 is definitely gone soon.
15. Lambda Rust GA
Why it matters:
Rust gives you C-like performance with memory safety. Good for compute-heavy Lambda functions where cold start and execution time matter.
Rust is now GA with full SLA and support.
Key Points:
- Fully supported with SLA and AWS Support
- Available in all Regions
Impact: Great if you're already writing Rust. Otherwise, it's an option for when you need serious performance optimization.
AWS Lambda on One Page (No Fluff)
Skip the 300-page docs. Our Lambda cheat sheet covers everything from cold starts to concurrency limits - the stuff we actually use daily.
HD quality, print-friendly. Stick it next to your desk.
Summary: What to Focus on First
If you're short on time, check out:
- CloudFront flat-rate plans – no more surprise bills from traffic spikes
- S3 ABAC – manage bucket permissions with tags instead of giant policy files
- Lambda tenant isolation – build multi-tenant SaaS without one-function-per-tenant
- API Gateway streaming – stream responses, handle >10 MB payloads
- API Gateway Portals – auto-generated, always-current API docs
- Lambda IPv6 – ditch NAT Gateways, save $30+/month
The rest are solid improvements if they match your use case, like better DynamoDB modeling, local Step Functions testing, ALB auth, and faster SQS processing.
AWS Lambda on One Page (No Fluff)
Skip the 300-page docs. Our Lambda cheat sheet covers everything from cold starts to concurrency limits - the stuff we actually use daily.
HD quality, print-friendly. Stick it next to your desk.