Cloud Digest — January 2026

Terraform 2.0: Three Breaking Changes to Know

HashiCorp shipped Terraform 2.0 with three breaking changes affecting most production setups: pre-0.12 state files are no longer supported, count and for_each no longer accept null values, and provider constraints now require explicit minimum versions. Run terraform validate across all modules before upgrading. The terraform state replace-provider command handles most migration scenarios automatically.

Azure Container Apps: 12 New Regions, Better Free Tier

Microsoft expanded Container Apps GA to 12 additional regions including Southeast Asia and Brazil South. More notable: consumption billing now includes 180,000 vCPU-seconds/month free — making it competitive with AWS Fargate for low-traffic services with variable load patterns.

The NAT Gateway Cost Problem

An infrastructure team published a detailed breakdown showing their NAT Gateway bill at $4,200/month — exceeding their entire EC2 spend. The fix: route S3 and DynamoDB traffic through free VPC Gateway Endpoints, and use VPC Interface Endpoints for other AWS services. Result: 71% reduction in NAT costs with zero application changes. We've seen the same pattern across multiple client environments this quarter.

EKS Pod Identity Goes GA

AWS EKS Pod Identity graduated to GA. It's a simpler alternative to IRSA for associating IAM permissions with Kubernetes service accounts — no OIDC provider configuration required, and the setup is considerably less error-prone. Worth migrating new workloads to immediately; existing IRSA setups can stay as-is.

Paper Worth Reading

Google published "Borg: The Next Generation," examining how cluster management has evolved internally after 10 more years of Kubernetes influence. If you're making architectural decisions about workload scheduling at scale, this is required reading.