AWS Weekly Roundup: DevOps Agent & Security Agent Go GA, Product Lifecycle Updates, and More

AWS DevOps Agent and Security Agent Reach General Availability

At last year's re:Invent, AWS introduced the concept of "frontier agents"—autonomous systems designed to work across multiple steps to achieve outcomes without constant human intervention. The first two implementations, AWS DevOps Agent and AWS Security Agent, have now graduated from preview to general availability.

AWS DevOps Agent: Autonomous Cloud Operations

The DevOps Agent functions as an always-available teammate for cloud operations. It investigates incidents, reduces time to resolution, and prevents issues before they occur. Early adopters report impressive results:

• United Airlines, Western Governors University, and T-Mobile are already using the agent to accelerate incident response
• Western Governors University saw resolution times drop from hours to minutes
• Preview customers reported up to 75% lower mean time to resolution (MTTR) and 3-5x faster resolution

"The agent operates continuously until the job is done," explains AWS, positioning it as a force multiplier for DevOps teams. The tool works across AWS cloud, multicloud, and on-prem environments, handling the heavy lifting so teams can focus on strategic work.

AWS Security Agent: Continuous Penetration Testing

Security Agent brings continuous, context-aware penetration testing into the development lifecycle. Rather than periodic security audits, this agent operates like a human penetration tester—constantly probing for vulnerabilities.

Early results from customers including LG CNS, HENNGE, and Wayspring show:

• Over 50% faster testing at LG CNS
• ~30% lower costs compared to traditional penetration testing
• Significantly fewer false positives, reducing alert fatigue

The agent's ability to integrate into the development lifecycle means security testing happens continuously rather than as a bottleneck before deployment.

Cross-Environment Compatibility

Both agents are designed to work across AWS cloud, multicloud, and on-prem environments. This flexibility addresses a key challenge for enterprises with hybrid infrastructure, providing consistent automation regardless of where workloads run.

Product Lifecycle Updates: Services in Maintenance and Sunset

AWS also announced significant changes to several services' availability, providing customers with migration guidance to minimize operational disruptions.

Services in Maintenance Mode

Several services will continue receiving support but with reduced development focus:

• AWS App Runner - Container application service
• AWS Audit Manager - Compliance management
• AWS CloudTrail – Lake - Data lake for CloudTrail events
• AWS Glue – Ray jobs - Distributed data processing
• AWS IoT FleetWise - Vehicle data collection
• Amazon ARC – Readiness Check - Disaster recovery validation
• Amazon Comprehend - Topic modeling, event detection, and prompt safety classification
• Amazon Rekognition - Streaming events and batch image content moderation
• Amazon SNS – Message Data Protection - Message encryption

Services Reaching End of Life

Several services will be fully sunset:

• AWS Service Management Connector
• Amazon RDS Custom for Oracle
• Amazon WorkMail
• Amazon WorkSpaces – Thin Client Services

Additionally, Amazon Chime SDK – Proxy Sessions will reach sunset status.

AWS emphasizes that customers will receive specific guidance through service documentation and AWS Support to ensure smooth transitions.

Other Notable Launches

Amazon ECS Managed Daemons

Amazon ECS now offers Managed Daemons for ECS Managed Instances, simplifying the deployment and management of daemon tasks across container clusters.

Sustainability Console

AWS launched a new Sustainability console providing Scope 1–3 reporting in one place, helping organizations track and reduce their carbon footprint across the entire value chain.

Amazon Bedrock AgentCore Evaluations

The AgentCore Evaluations feature for Amazon Bedrock is now generally available, providing standardized testing for AI agents built on the platform.

Automated Codebase Analysis

AWS Transform custom announces general availability of automated codebase analysis, helping teams understand and modernize their applications.

CloudWatch OpenTelemetry Support

Amazon CloudWatch launches OpenTelemetry Container Insights for Amazon EKS (in preview), providing native observability for Kubernetes workloads.

Compute-Optimized Instances

Amazon Lightsail introduces new compute-optimized instance bundles with up to 72 vCPUs, targeting performance-intensive workloads.

CloudFront Security Enhancement

Amazon CloudFront now supports SHA-256 for signed URLs and signed cookies, enhancing security for content delivery.

Additional Updates and Resources

AWS published several technical deep-dives and announcements:

• Architecting for agentic AI development on AWS
• Optimizing data transfer costs with AWS Network Load Balancer
• AWS World Sports Innovation Cup - A competition for sports technology ideas
• 5 Techniques to Stop AI agent hallucinations in production
• 3D interactive globe exploring the global AWS Community

Looking Ahead

The general availability of DevOps and Security Agents marks a significant step toward autonomous cloud operations. By handling routine investigations and continuous security testing, these tools free human experts to focus on complex problems and strategic initiatives.

Meanwhile, the product lifecycle changes reflect AWS's ongoing optimization of its service portfolio, with the company providing clear migration paths to minimize customer disruption.

For organizations evaluating these new capabilities, the key consideration is integration into existing workflows. The agents promise significant efficiency gains, but success will depend on how well they complement human expertise rather than replace it.

[IMAGE:1]

Featured image: AWS Hong Kong User Group event where these announcements were discussed