New Aurora clusters get encryption at rest with zero opt-in, closing a gap that has caused too many "we forgot to enable encryption" audit findings. AWS Backup adds PrivateLink for SAP HANA workloads. Elastic Beanstalk patches a Windows Server vulnerability.
$ tail -f /var/log/aws-security.logAll new Amazon Aurora DB clusters created on or after February 18 are encrypted by default using AWS-owned keys. Fully managed, transparent, with no cost or performance impact. Existing unencrypted clusters are unaffected. This closes a common misconfiguration gap - new Aurora clusters can no longer be accidentally created without encryption.
AWS Backup now supports PrivateLink for SAP HANA workloads on EC2, enabling end-to-end private connectivity for backup traffic. Critical for regulated industries (financial services, healthcare, government) that cannot allow backup data to traverse the public internet.
$ cat WEEKLY_SUMMARY.mdAurora encryption at rest by default is another step in AWS's security-by-default strategy. Like S3 encryption (2023) and EBS encryption (2024), this eliminates an entire class of misconfiguration. If you have existing unencrypted Aurora clusters, now is the time to plan migration.
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.