AWS roundup: CloudFront mTLS, Bedrock prompt optimization, EC2 M3 Ultra Mac, and more
AWS introduced CloudFront mTLS updates, new Bedrock prompt optimization tools, GA for EC2 M3 Ultra Mac instances, SageMaker tuning for Qwen3.6, and broader AWS Transform agent access.
AWS shipped a broad set of updates spanning edge security, generative AI tooling, developer infrastructure, and modernization workflows. Here’s a concise look at the announcements from May 14, 2026.
CloudFront adds two viewer mTLS capabilities
Passthrough mode for viewer mutual TLS
Amazon CloudFront now supports passthrough mode for viewer mutual TLS (mTLS). In this mode, CloudFront forwards client certificates to the origin for validation instead of performing certificate verification itself.
This is aimed at customers that already have mTLS validation logic running at the origin and want to keep that infrastructure in place without moving certificate validation to the edge or configuring trust stores in CloudFront.
AWS notes that CloudFront viewer mTLS already supports required mode and optional mode, which offload client certificate authentication to CloudFront using trust stores. Passthrough mode adds a third option for teams that want to preserve existing origin-side validation workflows.
OCSP revocation support for viewer mTLS
CloudFront also now supports Online Certificate Status Protocol (OCSP) revocation checking for viewer mTLS. With this capability, CloudFront can validate whether a client certificate has been revoked in real time during connection establishment.
According to AWS, this helps customers verify that client certificates have not been revoked before accepting connections, which is especially relevant for regulated industries and zero-trust architectures.
Previously, customers could implement revocation checks using CloudFront Functions and KeyValueStore with static revocation lists. With OCSP, CloudFront instead queries the responder URL embedded in the client certificate at connection time.
Together, these two launches give CloudFront customers more flexibility: keep validation at the origin with passthrough mode, or strengthen edge-side verification with real-time OCSP checks.
Amazon Bedrock introduces advanced prompt optimization
Amazon Bedrock introduced Advanced Prompt Optimization, a tool designed to help customers improve prompts for their current model or migrate prompts to new models faster with built-in evaluation feedback loops.
AWS says customers often spend days to weeks optimizing prompts and evaluating responses when moving to a new model or trying to improve performance on an existing one. The new tool is positioned to reduce that effort by combining optimization and evaluation in one workflow.
Key capabilities called out by AWS include:
- Optimize prompts for any model on Bedrock
- Compare original and optimized prompts
- Evaluate results across up to 5 models simultaneously
- Use the workflow for either model migration or current-model improvement
For teams concerned about regressions during migration, AWS frames the tool as a way to quickly change prompts and test outcomes before rolling updates into production workflows.
EC2 M3 Ultra Mac instances reach general availability
AWS announced general availability for Amazon EC2 M3 Ultra Mac instances, powered by the latest Mac Studio hardware. These are positioned as next-generation EC2 Mac instances for Apple developers running demanding build and test workloads on AWS.
AWS highlights these instances for building and testing apps targeting Apple platforms including iOS, macOS, iPadOS, tvOS, watchOS, visionOS, and Safari.
Specs and platform details shared by AWS include:
- Built on Apple M3 Ultra Mac Studio computers
- 28-core CPU
- 60-core GPU
- 32-core Neural Engine
- 256GB unified memory
- Powered by the AWS Nitro System
- Up to 10 Gbps network bandwidth
- 8 Gbps Amazon EBS storage bandwidth
The launch expands the EC2 Mac portfolio for developers looking to move high-performance Apple build and test pipelines into AWS-managed infrastructure.
SageMaker AI adds serverless customization for Qwen3.6
Amazon SageMaker AI now supports serverless model customization for the Qwen3.6 27B parameter model using supervised fine-tuning (SFT) and reinforcement fine-tuning (RFT).
AWS describes Qwen3.6 as a popular open-weight model family from Alibaba Cloud. Prior to this update, customers could deploy the Qwen3.6 base model on SageMaker AI; with this launch, they can also adapt it to specific domains and workflows.
AWS emphasizes that model customization allows organizations to tailor foundation models with proprietary data so outputs better reflect domain knowledge, terminology, and quality standards, rather than building models from scratch.
AWS Transform expands into more developer tools
AWS announced that AWS Transform agents are now available through Kiro, agent plugins, and the AWS Transform MCP server, making them accessible from tools including Kiro, Claude, Cursor, and Codex.
AWS says this gives developers more flexibility to use AWS Transform capabilities from their preferred development environment, whether they are working interactively in an agentic IDE, using the web console, or integrating programmatically via MCP.
The company also highlighted support for transformation work across areas such as Windows, VMware, and mainframe modernization.
Agent builder toolkit with Kiro power
Separately, AWS announced general availability of the agent builder toolkit Kiro power for AWS Transform. This toolkit is intended for AWS Partners and customers that want to build customized transformation agents tailored to specific modernization needs.
According to AWS, the toolkit supports the lifecycle for transformation agents, including building agents with Kiro power, sharing them with teams or partner networks, and registering them with AWS Transform.
This fits into AWS’s broader push toward composability in transformation and modernization workflows.
What stands out across these launches
Viewed together, these announcements show AWS pushing on several fronts at once:
- Security flexibility at the edge with new CloudFront mTLS options
- Operational tooling for generative AI through Bedrock prompt optimization and SageMaker fine-tuning support
- Developer infrastructure expansion with GA of EC2 M3 Ultra Mac instances
- AI-assisted modernization through broader AWS Transform integrations and customization tools
Rather than a single platform story, this set of updates reflects AWS deepening capabilities across the edge, model lifecycle, developer experience, and modernization pipelines.
References & Credits
- Amazon CloudFront announces Passthrough Mode for mutual TLS (Viewer)
- Amazon CloudFront announces support for OCSP Revocation for Mutual TLS (Viewer)
- Amazon Bedrock introduces new advanced prompt optimization and migration tool
- Amazon Bedrock Introduces Advanced Prompt Optimization and Migration Tool
- Announcing general availability of Amazon EC2 M3 Ultra Mac instances
- SageMaker AI now supports serverless model customization for Qwen3.6
- AWS Transform agents now available in Kiro, Claude, Cursor, and Codex
- AWS Transform introduces the agent builder toolkit Kiro power for building customized transformation agents