EC2 M9g/M9gd (Graviton5) instances: up to 25% compute uplift vs Graviton4

AWS just moved three operational levers at once: higher-density ARM compute (M9g/M9gd on Graviton5), a much more evaluation-friendly Bedrock console with OpenAI frontier models available on its inference engine, and 
F the bit platform engineers should not sleep on 
F Cognito multi-Region replication with customer-managed KMS support. The last one alone materially changes how you design global authentication and failover.

The auth failover problem nobody planned for

Cognito multi-Region replication is the sort of product move that quietly obsoletes a lot of bespoke engineering. AWS will now automatically replicate user data, credentials, and user-pool configuration to a secondary Region and let you use customer-managed KMS keys for encryption. For teams who've been building their own user-sync layers (Lambda jobs, cross-region databases, home-grown event streams) this removes an entire class of brittle code: no more rolling your own password-hash sync, SRP edge cases, or ad-hoc staging of refresh tokens during failover.

Thats the right call from AWS  identity is a platform-level concern and should be durable and auditable out of the box. But it also changes the operational shape of failure scenarios. A few practical notes that matter in 2026:

• Replication is not magic: expect eventual consistency windows and authentication-edge latencies during active cross-Region failovers. Design route failover and session management accordingly.
• KMS is regional; using customer-managed keys means you need a multi-Region KMS strategy. AWS supports multi-Region KMS keys, but you should plan key replication, key-policy coordination, and rotation in your DR runbooks.
• Federated IdPs, SAML/OIDC mappings, and custom attributes still require careful testing. Cognito automates replication of the pool configuration and user records, but complex IdP flows will expose integration brittleness during failover.

If you run global apps and still have a custom user-sync pipeline, migrate. If youve been betting on clever DNS failover to save logins, this should change your mind.

Graviton5: ARM fleets get a real shove

M9g and M9gd are AWS's first broad general-purpose M-class instances on Graviton5, with the usual gd suffix indicating local NVMe. AWS reports up to 25% compute gain vs Graviton4 across general-purpose workloads. Thats significant but predictable: another silicon generation, better IPC and power efficiency.

The implication is simple: ARM-first fleets get cheaper and denser. For mixed workloads, re-run your perf tests  some integer-heavy or legacy-optimized binaries may not see the full uplift. The real headache remains ecosystem friction: Windows workloads generally remain off-limits on ARM, some commercial binaries still lag, and observability agents can behave differently on ARM at scale. But for Linux-based microservices, this makes the ARM migration story materially more compelling.

Bedrock goes opinionated about model evaluation

Amazon Bedrocks console refresh  side-by-side model comparisons, project-scoped workflows, and project-aware runnable docs  is an overdue quality-of-life win for platform teams evaluating models. The bigger signal: AWS is pushing Bedrock from a model-hosting service toward a lightweight model-evaluation and governance layer. Bedrock's catalog focuses on foundation models from partners (Anthropic, Cohere, AI21) and Amazons own Titan family; enterprises can compare latency, cost, and policy controls in one place.

This is useful, and its the right product direction. The one caveat: enterprises should still baseline for latency and throughput; routing third-party or partner models through Bedrock will produce different tail latencies than calling a provider's API directly, so keep direct API benchmarks for latency-sensitive paths.

Resilience Hub nudges  AI that diagnoses failure modes

AWS Resilience Hubs next generation adds dependency discovery and generative-AI-powered failure mode analysis. This is a decent developer ergonomics play: programmatic discovery plus AI-generated failure scenarios can surface gaps quickly. But take the AI output as hypotheses, not truth: a generated failure mode is only as useful as the observability data and the teams that validate it.

What to do next (real, not fuzzy advice)

• If you run global user-facing apps, drop bespoke user-sync pipelines on the roadmap and prioritize adopting Cognito multi-Region.
• Re-benchmark hot services on M9g/M9gd; for many workloads youll see cost-per-op advantages that justify migration work.
• Use Bedrocks project workflows to formalize model evals, but keep direct API benchmarks for latency-sensitive paths.

AWS shipped hardware, identity resilience, and better model-eval UX in one sweep. The hardware and console changes are evolutionary; Cognitos managed multi-Region replication is disruptive. Teams who built their own identity replication are about to feel technical regret  and teams that standardize on the managed path will have a simpler, safer global-auth plane. The real test: will AWS make KMS key orchestration seamless enough that using CMKs doesnt reintroduce complexity? If they do, expect far fewer custom replication hacks in the wild by year's end.

Sources

• AWS News Blog – recent posts (Graviton5, Bedrock console, OpenAI models on Bedrock, Cognito multi‑Region, Resilience Hub)
• What’s New at AWS – master feed for recent launches
• AWS re:Invent 2025 recap – background on Graviton5 positioning and broader AI platform direction