Week 7 - Feb 10-16, 2026
Amazon Aurora enables encryption at rest by default for all new clusters. AWS Backup adds PrivateLink for SAP HANA workloads. Elastic Beanstalk ships Windows Server security patches.
Highlights
Amazon Aurora: Default Encryption at Rest for All New Clusters
All new Amazon Aurora DB clusters created on or after February 18 are encrypted by default using AWS-owned keys. Fully managed, transparent, with no cost or performance impact. Existing unencrypted clusters are unaffected. This closes a common misconfiguration gap - new Aurora clusters can no longer be accidentally created without encryption.
AWS Backup PrivateLink for SAP HANA on EC2
AWS Backup now supports PrivateLink for SAP HANA workloads on EC2, enabling end-to-end private connectivity for backup traffic. Critical for regulated industries (financial services, healthcare, government) that cannot allow backup data to traverse the public internet.
Key Takeaway
Aurora encryption at rest by default is another step in AWS's security-by-default strategy. Like S3 encryption (2023) and EBS encryption (2024), this eliminates an entire class of misconfiguration. If you have existing unencrypted Aurora clusters, now is the time to plan migration.
Need Custom Security Briefings?
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.