We’re at peak AWS re:Invent — which means attendees are right in the middle of a schedule of more than 2,000 technical sessions, with generative AI featured in some 600 of them. It might seem impossible to keep abreast of what’s happening, but we’ve highlighted five themes and trawled through our recent articles to pair the best with some of the sessions that caught our eye:
The re:Invent schedule is heavy on cloud operations and AI-driven operations sessions, so this piece provides a practical checklist for what robust observability should look like in real AWS environments — logs, metrics, traces, SLOs, and how to keep things debuggable as your architecture gets more distributed.
Attendees learn how to build and maintain resilient infrastructure using AWS native services, such as CloudWatch, Systems Manager, CloudTrail, and AI-assisted diagnostics.
COP412 – Observability: The open source way (Workshop)
Dec 3 | 3:30–5:30 PM PST | Venetian
This session provides practical, hands-on experience with Prometheus, OpenSearch, Grafana, and OpenTelemetry on AWS.
With EKS and containers featuring prominently on the re:Invent agenda, this article is a great companion: It breaks down which Kubernetes metrics actually matter (for capacity, performance, and reliability) instead of just throwing more dashboards at you. Think of it as a sanity check for all the EKS tuning ideas circulating during the week.
AWS RE:INVENT SESSIONS TO ATTEND
COP418 – Monitor the quality and accuracy of your generative AI workloads (Code Talk)
Dec 4 | 2:00–3:00 PM PST | Wynn
In this live coding session, attendees will build agentic applications using Bedrock AgentCore app running on Amazon EKS, instrumented via ADOT, and observed with CloudWatch’s gen-AI dashboards.
This session explores capabilities in CloudWatch dashboards and alarms, so you can design appropriate visibility and actions for your workloads.
CNS417 – Networking and observability strategies for Kubernetes” (Breakout)
Containers/EKS track: Various times available
This breakout session will cover comprehensive approaches to observing and securing multi-tenant environments, as well as gaining deep visibility into distributed workloads at scale.
You will have noticed that many of the serverless/containers and DevOps sessions highlight platform engineering as the way to scale delivery. This article focuses on the key metrics to monitor to establish whether your internal platform is working: developer experience, adoption and usage, reliability and performance, and business value — the same themes you’ll hear in platform and IDP talks at re:Invent. If you’re exploring AWS-native options like Proton to templatize your services/platforms, check out AWS Proton: What It Is, How It Works & What’s Next for background.
AWS RE:INVENT SESSIONS TO ATTEND
COP350 – Building and validating cloud controls with generative AI (Breakout)
Dec 3 | 4:00–5:00 PM PST | Caesars Forum
In this technical session, attendees will learn about gen-AI-assisted authoring and validation of controls through Config, Control Tower, and CloudTrail. You’ll find this one great for “are our platform guardrails working?” metrics.
COP411 – Intelligent automation for managing cloud governance and compliance (Builders)
Dec 4 | 11:30 AM–12:30 PM PST | Mandalay Bay
This session focuses on creating automated workflows, wiring Config, Security Hub, and Audit Manager to provide context-aware insights for efficient policy enforcement and risk management. This is a good one for platform teams that own governance.
CNS301-R/R1 – Accelerate platform engineering on Amazon EKS (Workshop)
The security track this year is big on securing and leveraging AI and building a stronger security culture. IaC scanning is one of the simplest ways to shift security left for AWS environments, and this article walks through the tools and approaches you can plug into your pipelines so misconfigurations never reach production. For more Terraform-heavy setups, How to Manage Dependencies Between Terraform Resources and Nested For_Each in Terraform: Dynamic Blocks & Flattening show how to structure complex configs cleanly so your scans actually stay maintainable. And if you’re experimenting beyond Terraform, this OpenTofu CLI cheat sheet is a handy reference.
AWS RE:INVENT SESSIONS TO ATTEND
COP406 – Build and automate policy as code (Builders)
Dec 3 | 10:00–11:00 AM PST | MGM
This session covers exactly what Terraform/OpenTofu scanning readers care about: PaC pipelines, pre-commit checks, and custom org-level rules.
COP310 – Automating compliance and auditing at scale (Workshop)
Dec 3 | 9:00–11:00 AM PST | Mandalay Bay
Attendees will get hands-on training in using Config, Systems Manager, Audit Manager, and CloudTrail Lake to build automated infrastructure compliance controls.
COP352 – From Reactive to Proactive: Infrastructure governance by design (Code talk)
Dec 4 | 3:30–4:30 PM PST | MGM
This code talk focuses on best practices for using CloudFormation Hooks and CloudFormation Guard to block non-compliant infrastructure before it’s created.
Re:Invent keynotes love to hammer home the importance of repeatable, well-architected, secure cloud operations — which is basically the opposite of ClickOps. This article explains why ClickOps anti-pattern is risky at scale and points you back toward GitOps-enabled infrastructure as code as a far superior alternative.
AWS RE:INVENT SESSIONS TO ATTEND
COP409 – Building Sovereign Cloud Environments (Code talk)
Dec 3 | 2:30–3:30 PM PST | Wynn
Attendees will learn how Control Tower and Landing Zone Accelerator centrally support key sovereignty requirements, including country-specific compliance frameworks, regional service selection, automated controls for data movement, and cross-border transfers.
COP349 – Balancing agility and compliance feat. The Japan Digital Agency (Breakout)
Dec 3 | 4:00–5:00 PM PST | MGM
This session covers how the Japanese government successfully implemented a centralized governance model for cloud adoption, using Cloud Governance services like Control Tower, Config, and Security Hub.
COP346 – Governance that Enables Innovation at Scale feat. Eli Lilly (Breakout)
Dec 3 | 3:30–5:30 PM PST | Venetian
This session focuses on how the U.S. pharmaceutical company Eli Lilly modernized their governance structure by migrating to Control Tower and integrating Account Factory for Terraform to automate provisioning, increase agility, enhance security posture, and innovate quickly.
Launching December 10, 2025 — The Bald Truth
“Infrastructure rarely breaks because of bad tools, it breaks because of untested assumptions. Subscribe to learn my hard-won lessons from scaling systems at Facebook and Google, the highs and lows of co-founding OpenTofu and Spacelift, and everything in between.”
Marcin Wyszynski, Co-founder @ Spacelift & OpenTofu
You can now assign the Space Admin role to users for non-root spaces, so that non-root Space Admins can view all roles, users, API keys, IdP group mappings (read-only), and manage role bindings within their assigned administered spaces.
Spacelift now supports a variety of plugins that can be used to perform actions such as sending notifications, managing resources, or integrating with external systems. A template gallery is available with several great tools.
Previously, you could set a stack as Administrative in order to manage resources in other stacks, but only in Spaces on the same branch. Stack Roles enable stacks that can manage resources across any spaces, even when not in the same branch.
