🚀 AWS November 2025: The Biggest Cloud Updates You Need to Know

November 2025 has been one of the strongest months for AWS innovations. From EKS backups to Rust in Lambda and 5 Gbps VPN tunnels, AWS just made cloud operations faster, safer, and simpler. Here’s a crisp breakdown.

---

1. AWS Backup Now Supports Amazon EKS 🛡️

Announcement Date: November 10, 2025

The Challenge

For years, protecting Amazon EKS (Elastic Kubernetes Service) clusters required custom scripts, third-party tools like Velero, or complex backup orchestration. Teams had to maintain separate backup solutions, leading to operational complexity and potential security gaps.

What’s New

AWS Backup now provides a fully-managed, centralized solution for backing up EKS clusters, including both cluster state and persistent application data. This is a game-changer for Kubernetes operations.

Key Features

Comprehensive Protection:

• Backs up EKS cluster state (deployments, services, ConfigMaps, Secrets)
• Protects persistent volumes (Amazon EBS, EFS, and S3)
• Creates composite recovery points grouping all related backups

Enterprise-Grade Capabilities:

• Automated scheduling and retention management
• Immutable backup vaults for ransomware protection
• Cross-Region and cross-account copies for disaster recovery
• Policy-driven automation across multiple clusters

Flexible Recovery:

• Restore entire EKS clusters
• Recover specific namespaces
• Restore individual persistent volumes
• Option to create a new EKS cluster during restore (AWS provisions infrastructure automatically)

Why This Matters

Before this update, customers relied on tools like Velero (unsupported by AWS) or built custom solutions. Now, you get:

• Zero custom scripting – agent-free solution that works natively with AWS
• Compliance-ready – immutable backups meet regulatory requirements
• Disaster recovery simplified – protect against single-region failures
• Upgrade protection – back up before cluster upgrades with confidence

Real-World Use Cases

1. Pre-upgrade safety net: Backup before EKS version upgrades
2. Multi-region DR: Replicate EKS cluster backups across regions
3. Compliance auditing: Maintain immutable backup records
4. Development cloning: Restore production clusters to test environments

Availability: All AWS Regions where both AWS Backup and Amazon EKS are available

---

2. AWS Lambda Adds Production Support for Rust and Java 25 🚀

AWS Lambda Now Supports Rust (Generally Available)

Announcement Date: November 15, 2025

Lambda support for Rust has been promoted from experimental to Generally Available (GA), making it production-ready with full AWS Support and Lambda SLA backing.

Why Rust for Lambda?

• Performance: Near C++ speed with memory efficiency
• Safety: Compile-time memory safety without garbage collection
• Low cold starts: Native compilation results in minimal runtime dependencies
• Small deployment packages: Typical functions are 2-5 MB

Key Advantages:

rust

// Rust Lambda functions are memory-efficient and blazingly fast
use lambda_runtime::{run, service_fn, Error, LambdaEvent};
use serde::{Deserialize, Serialize};

async fn function_handler(event: LambdaEvent<Request>) -> Result<Response, Error> {
    // Your logic here - compiled to native code
    Ok(Response { message: "Hello from production Rust!" })
}

Build and Deploy: Use Cargo Lambda for streamlined development:

bash

cargo lambda build
cargo lambda deploy

When to Use Rust:

• Performance-critical serverless applications
• High-throughput event processing
• IoT data ingestion
• Low-latency APIs
• Cost optimization (faster = cheaper)

AWS Lambda Now Supports Java 25

Announcement Date: November 14, 2025

Lambda adds support for Java 25, based on Amazon Corretto’s latest long-term support release.

New Java 25 Features:

• Primitive types in patterns
• Module import declarations
• Flexible constructor bodies
• Generational Shenandoah garbage collector

Performance Optimizations:

Ahead-of-Time (AOT) Caches:

• Replaces traditional Class Data Sharing (CDS)
• Faster cold starts compared to CDS
• Enabled by default in Java 25 runtime
• Pre-warms JVM initialization

Improved Cold Start Performance:

• Optimized tiered compilation defaults
• Better handling for SnapStart and Provisioned Concurrency
• Log4Shell vulnerability patch removed (performance gain)

Lambda SnapStart Support:

• Pre-warm and snapshot JVM after initialization
• Up to 10x reduction in cold start times
• Perfect for Spring Boot, Micronaut, and Quarkus applications

When to Use Java 25:

• Enterprise applications with existing Java codebases
• Spring Boot microservices transitioning to serverless
• Applications requiring advanced JVM features
• Teams with deep Java expertise

Tooling Support:

• AWS Console, AWS CLI, AWS SAM, AWS CDK
• Powertools for AWS Lambda (Java) fully compatible
• Container image deployments supported

---

3. Amazon S3 Gets IPv6 Support for VPC Endpoints 🌐

Announcement Date: November (Week of Nov 10)

Amazon S3 now supports IPv6 for VPC endpoints, enabling dual-stack connectivity for S3 access from within your VPC.

Why This Matters

• IPv6 compliance: Meet modern networking requirements
• Private connectivity: Access S3 via PrivateLink without internet gateway
• Future-proof infrastructure: Prepare for IPv6-only environments
• Cost optimization: Reduce data transfer costs through VPC endpoints

Use Cases

1. Regulated industries: Private S3 access without public internet
2. IoT deployments: IPv6-native device architectures
3. Hybrid cloud: Consistent networking across environments
4. Security-first designs: Eliminate public internet exposure

---

4. Amazon S3 Tables Integrate with CloudWatch Metrics 📊

Announcement Date: November (Week of Nov 10)

S3 Tables, AWS’s new analytical table storage, now integrates with Amazon CloudWatch for comprehensive monitoring.

Key Metrics Available

• Table-level metrics: Request counts, latency, errors
• Storage metrics: Object count, total size
• Access patterns: Read/write operations
• Performance monitoring: Query execution times

Benefits

• Proactive monitoring: Set alarms for anomalies
• Cost tracking: Monitor usage with tags
• Performance optimization: Identify bottlenecks
• Operational insights: Understand access patterns

Tag Support: S3 Tables now support tags for:

• Attribute-based access control (ABAC)
• Cost allocation and tracking
• Automated policy management
• Simplified governance at scale

---

5. SageMaker Catalog Direct S3 Read/Write Support 🤖

Amazon SageMaker Catalog can now read from and write directly to S3, simplifying machine learning workflows.

What Changed

Previously, data movement between SageMaker and S3 required intermediate steps or additional configuration. Now:

• Direct data access: Read training data from S3 buckets
• Seamless model storage: Write models directly to S3
• Reduced latency: Eliminate data transfer overhead
• Simplified pipelines: Fewer steps in ML workflows

ML Workflow Benefits

1. Faster experimentation: Quick access to datasets
2. Cost reduction: No intermediate storage
3. Better integration: Native S3 compatibility
4. Scalability: Handle massive datasets efficiently

---

6. AWS Site-to-Site VPN Now Offers 5 Gbps Bandwidth Tunnels ⚡

Announcement Date: November 12, 2025

AWS Site-to-Site VPN now supports 5 Gbps bandwidth per tunnel – a 4x improvement from the previous 1.25 Gbps limit.

The Game Changer

Before: Customers needed Equal-Cost Multi-Path (ECMP) routing across multiple tunnels to achieve higher bandwidth, adding complexity and potential inconsistency.

After: Configure a single tunnel with 5 Gbps bandwidth, simplifying operations and ensuring consistent performance.

Key Features

• Standard vs Large Configuration:
  • Standard: 1.25 Gbps (existing default)
  • Large: 5 Gbps (new option)
• High Availability: Two tunnels per VPN connection
• Encryption: Full IPSec tunnel encryption maintained
• Transit Gateway Support: Works with both Transit Gateway and Cloud WAN

Primary Use Cases

1. Data Center Connectivity

• High-bandwidth hybrid applications
• Big data migrations
• Disaster recovery architectures
• Encrypted traffic between AWS and on-premises

2. Direct Connect Backup/Overlay

• Backup for 10 Gbps Direct Connect circuits
• Overlay solution for enhanced security
• Fail-over protection for critical connectivity

3. Hybrid Cloud Workloads

• Real-time data replication
• Video streaming and media processing
• Large-scale database synchronization

Migration Path

Upgrading from Standard (1.25 Gbps) to Large (5 Gbps):

1. Create new VPN connection with Large bandwidth
2. Test connectivity and throughput
3. Update routing to direct traffic through new connection
4. Remove old VPN connection

Requirements:

• Customer Gateway (firewall/VPN appliance) must support 5 Gbps
• Internet connection must support higher throughput
• Applies to both tunnels in a VPN connection

Regional Availability: All AWS commercial and GovCloud regions except Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Zurich), Canada West (Calgary), and Middle East (UAE)

---

7. AWS Transform Automates Landing Zone Accelerator Networking 🏗️

AWS Transform now automates Landing Zone Accelerator (LZA) networking configuration, dramatically reducing the time and complexity of setting up enterprise-grade AWS environments.

What It Automates

• VPC Creation: Multi-region, multi-account VPC deployment
• Transit Gateway Configuration: Centralized routing setup
• Security Group Management: Consistent security policies
• Network ACLs: Automated rule deployment
• Route Table Configuration: Complex routing automation

Why This Matters

Setting up Landing Zone Accelerator networking manually could take weeks and required deep AWS networking expertise. AWS Transform reduces this to hours with automated, best-practice configurations.

Benefits

1. Accelerated onboarding: Deploy enterprise AWS environments faster
2. Consistency: Ensure standard configurations across accounts
3. Reduced errors: Eliminate manual configuration mistakes
4. Compliance: Built-in best practices and security controls

---

8. RDS Blue/Green Deployments Support Aurora Global Database 🌍

Announcement Date: November 14, 2025

Amazon RDS Blue/Green deployments now support Aurora Global Database, enabling zero-downtime database upgrades across multiple regions.

The Revolution

Before this update, upgrading a Global Database (spanning multiple regions) required complex coordination, custom scripts, and significant downtime risk. Now, it’s fully managed.

How It Works

Blue Environment (Production):

• Primary region with read-write cluster
• Secondary regions with read-only clusters
• Global Database spanning all regions

Green Environment (Staging):

• Complete replica of blue environment
• All regions mirrored
• Stays synchronized with production
• Test upgrades, schema changes, parameter modifications

Blue/Green Switchover:

1. Validate green environment thoroughly
2. Initiate switchover from primary region
3. AWS automatically:
   • Syncs green with blue
   • Drops existing connections (temporarily)
   • Renames clusters, instances, and endpoints
   • Routes traffic to new production (former green)
4. Total downtime: Under 1 minute
5. Data loss: Zero

What You Can Do

• Major version upgrades: PostgreSQL 12 → 17, MySQL 5.7 → 8.0
• Minor version upgrades: Stay current with security patches
• OS updates: Operating system patching
• Parameter modifications: Test configuration changes
• Schema changes: Validate DDL in staging
• Instance type changes: Test performance with different instance classes

Key Benefits

• No application changes: Endpoints remain the same
• Disaster recovery: Blue/Green across regions enhances DR strategy
• Risk reduction: Validate in staging before production
• Fast rollback: Keep old blue environment for safety net
• Minimal downtime: Sub-minute switchover

Availability

• Engines: Aurora MySQL-Compatible and Aurora PostgreSQL-Compatible
• Versions: All versions supporting Global Database
• Regions: All commercial AWS Regions and GovCloud (US)

Real-World Scenario

Upgrading Aurora PostgreSQL Global Database:

bash

# Create blue/green deployment
aws rds create-blue-green-deployment \
  --blue-green-deployment-name global-db-upgrade \
  --source arn:aws:rds:us-east-1:123456789012:globalcluster:my-global-cluster \
  --target-engine-version 17.5 \
  --region us-east-1

# After testing, perform switchover
aws rds switchover-blue-green-deployment \
  --blue-green-deployment-identifier bgd-abc123 \
  --switchover-timeout 300

Guardrails:

• Timeout if switchover exceeds maximum tolerable downtime
• Detects replication errors
• Validates cluster health before promotion

---

Additional Notable Updates from the Document 📋

Amazon DynamoDB Accelerator (DAX) PrivateLink Support

Date: November 12, 2025

• Securely access DAX management APIs via private IP addresses
• Cluster operations (CreateCluster, DeleteCluster) stay private
• No public regional endpoint required

CloudWatch Composite Alarms Threshold-Based Alerting

Date: November 11, 2025

• Trigger notifications when specific subsets of resources need attention
• Alert only when a certain number of resources are impacted
• Focus on meaningful incidents, reduce alarm fatigue

Route 53 Resolver PrivateLink Support (China Regions)

Date: November 10, 2025

• Private connectivity for Route 53 Resolver in AWS China
• Manage DNS without public internet
• Covers Resolver endpoints, DNS Firewall, Query Logging

Amazon ECS Built-in Linear and Canary Deployments

Date: November 2, 2025

• New deployment strategies for containerized applications
• Complements existing blue/green deployments
• Choose traffic shifting approach based on risk profile

Step Functions Metrics Dashboard

Date: October 31, 2025

• New dashboard for workflow observability
• Account and state-machine level metrics
• Usage, billing, and performance visibility

Amazon VPC IPAM Automates Prefix List Updates

Date: October 31, 2025

• Prefix List Resolver (PLR) automates prefix list management
• Sync prefix lists with IPAM business rules
• Reduces manual overhead and errors

Amazon ElastiCache Dual-Stack Support

Date: October 31, 2025

• IPv4 and IPv6 service endpoints
• Interface VPC endpoints via PrivateLink support dual-stack
• Easier IPv6 compliance and migration

Amazon RDS IPv6 for Publicly Accessible Databases

Date: October 31, 2025

• Extends IPv6 support to publicly accessible databases
• Dual-stack connectivity for RDS and Aurora

Amazon Kinesis Data Streams 10x Larger Records

Date: October 31, 2025

• Record size increased from 1 MiB to 10 MiB
• PutRecords request size: 5 MiB → 10 MiB
• Better support for IoT, CDC, and AI-generated payloads

---

Strategic Implications for Cloud Architects 🎯

1. Serverless Evolution

The production-ready support for Rust in Lambda signals AWS’s commitment to performance-optimized serverless computing. Organizations can now:

• Build performance-critical functions without cold start penalties
• Reduce Lambda costs through efficient resource utilization
• Adopt memory-safe languages for security-sensitive workloads

2. Kubernetes Enterprise Adoption

Native EKS backup support removes a major barrier to enterprise Kubernetes adoption:

• Simplified compliance and governance
• Reduced operational complexity
• Enhanced disaster recovery capabilities
• No vendor lock-in for backup solutions

3. Network Modernization

The combination of 5 Gbps VPN tunnels and IPv6 support enables:

• High-bandwidth hybrid cloud architectures
• Future-proof networking strategies
• Reduced reliance on Direct Connect for backup scenarios
• Cost-effective high-throughput connectivity

4. Database Agility

Aurora Global Database blue/green deployments transform database operations:

• Zero-downtime global upgrades
• Risk-free testing in production-identical environments
• Enhanced disaster recovery through multi-region staging
• Accelerated adoption of new database features

---

Best Practices and Recommendations 💡

For EKS Users

1. Implement AWS Backup immediately for production clusters
2. Set up cross-region replication for disaster recovery
3. Create pre-upgrade backups as a standard practice
4. Test restore procedures regularly in non-production environments

For Lambda Developers

1. Evaluate Rust for performance-critical functions
2. Migrate to Java 25 to leverage AOT caches
3. Benchmark cold start times before and after migration
4. Consider Rust for new projects requiring low latency

For Network Architects

1. Plan migration to 5 Gbps VPN tunnels for bandwidth-intensive workloads
2. Implement IPv6 for future-proof networking
3. Test VPN performance before production cutover
4. Document ECMP removal when upgrading to Large tunnels

For Database Teams

1. Adopt blue/green deployments for all database updates
2. Test Global Database failover with blue/green staging
3. Standardize on blue/green for major version upgrades
4. Create runbooks for blue/green switchover procedures

---

Looking Ahead: What This Means for 2025 and Beyond 🔮

These updates reflect several key trends in cloud computing:

1. Operational Simplification

AWS is reducing complexity through managed services:

• Native EKS backups eliminate third-party tools
• Blue/green deployments automate complex upgrade procedures
• Landing Zone Accelerator networking removes manual configuration

2. Performance Optimization

Every update prioritizes performance:

• Rust for sub-millisecond Lambda functions
• Java 25 AOT caches for faster cold starts
• 5 Gbps VPN for high-throughput workloads
• Direct S3 access for SageMaker reducing latency

3. Enterprise Readiness

AWS is addressing enterprise requirements:

• Immutable EKS backups for compliance
• Global Database blue/green for mission-critical systems
• PrivateLink everywhere for security
• IPv6 support for modern networking standards

4. Multi-Region Resilience

Global architectures are becoming easier:

• Cross-region EKS backups
• Global Database blue/green deployments
• Transit Gateway with 5 Gbps VPN
• CloudWatch global metrics

---

Conclusion: The Cloud Gets Faster, Safer, and Simpler 🚀

November 2025 represents a watershed moment for AWS. These updates collectively address the three pillars of modern cloud architecture:

1. Performance: Rust Lambda, Java 25 AOT caches, 5 Gbps VPN, 10 MiB Kinesis records
2. Security: Native EKS backups, PrivateLink everywhere, immutable vaults
3. Simplicity: Blue/green for Global Databases, automated Landing Zone networking, CloudWatch integration

For cloud engineers, DevOps teams, and data professionals, these updates mean:

• Less time managing infrastructure (automation)
• More time building features (productivity)
• Greater confidence in production (safety)
• Lower operational costs (efficiency)

The message is clear: AWS is committed to making enterprise-grade cloud computing accessible, performant, and secure. Whether you’re running containerized workloads on EKS, building serverless applications with Lambda, or managing global databases across regions, November 2025’s updates provide the tools to build better, faster, and more reliably.

---

Getting Started Resources 📚

AWS Backup for EKS:

• AWS Backup EKS Documentation
• Blog: Secure EKS clusters with AWS Backup

Lambda Rust and Java 25:

• Building Lambda functions with Rust
• AWS Lambda now supports Java 25

Site-to-Site VPN 5 Gbps:

• AWS Site-to-Site VPN Documentation
• Blog: Introducing 5 Gbps Tunnels

RDS Blue/Green for Global Database:

• Aurora Blue/Green Deployments Overview
• Blog: Fully Managed Blue/Green for Aurora Global Database

---

Stay updated: Follow the BuzzCorner page for the latest announcements, and subscribe to AWS service-specific blogs for deep dives into each update.

What updates are you most excited about? How will these changes impact your cloud architecture? Share your thoughts and experiences in the comments below!