Held June 16–18 in Philadelphia, AWS re:Inforce 2025 unveiled a suite of new security tools and enhancements aimed at simplifying cloud security, strengthening threat detection, and enabling resilient, compliant architectures. Here’s a deep dive.
1. Stronger Identity & Access Controls
- IAM Access Analyzer – Internal Access Findings
AWS unveiled a powerful upgrade: automated reasoning to identify who — internal or external — can access critical resources (S3, DynamoDB, RDS), with daily monitoring and unified dashboard insights. A major win for least‑privilege governance reinforce.awsevents.com+13aws.amazon.com+13siliconangle.com+13. - Root Account MFA Enforcement
MFA is now mandatory for all root users across every AWS account type, closing over 99% of password-based attack vectors. Support spans FIDO2 passkeys and up to eight MFA devices per account en.wikipedia.org+2aws.amazon.com+2pluralsight.com+2.
2. Enhanced Threat Detection & Incident Response
- AWS GuardDuty Extended Threat Detection (XTD) for EKS
GuardDuty’s XTD now includes Amazon EKS coverage, correlating Kubernetes audit logs, runtime behavior, API calls, and malware signals to surface multi‑stage attack patterns reinforce.awsevents.com+11aws.amazon.com+11medium.com+11. - AWS Security Hub – Risk-Prioritization Preview
The revamped Security Hub now contextualizes, correlates, and scores alerts across AWS services and third‑party tools, helping customers reduce alert noise by up to 60% and focus on high-priority threats aws.amazon.com+2medium.com+2aws.amazon.com+2. - Shield Network Security Posture Management (Preview)
New guardrails highlight misconfigurations in VPCs and network paths, surface issues like SQL‑injection and DDoS points, and pair findings with Amazon Q–driven conversational guidance aws.amazon.com+12aws.amazon.com+12siliconangle.com+12. - GenAI in Security Ops
AWS showcased generative AI‑powered capabilities to accelerate threat triage, log summarization, and incident response workflows—cutting investigation time from hours to minutes siliconangle.com+8thecuberesearch.com+8reinforce.awsevents.com+8.
3. Data & Network Security with Simplified Usability
- Certificate Manager – Exportable Public Certs
You can now export ACM-issued public SSL/TLS certificates (with private keys) for use outside AWS—ideal for hybrid or multi-cloud TLS needs thecuberesearch.com+3aws.amazon.com+3pluralsight.com+3. - AWS WAF & CloudFront Console Overhaul
WAF’s new interface supports expert-constructed protection packs, reducing rule configuration by up to 80%. CloudFront’s onboarding now integrates TLS, DNS, and WAF workflows for seamless setup pluralsight.com+3aws.amazon.com+3aws.amazon.com+3.
4. Infrastructure & Backup Resilience
- Network Firewall – Amazon Threat Intelligence
AWS Network Firewall now consumes global threat intel (“MadPot”), including malware‑hosting URLs and botnet C2 domains, enabling proactive blocking of IOCs pluralsight.com+13aws.amazon.com+13medium.com+13. - AWS Backup – Multi-Party Approval
Air‑gapped backup vaults now require multi-party approval, enabling recovery even during account compromise—critical for secure disaster recovery planning aws.amazon.com+1siliconangle.com+1.
5. Developer-Centric Security Innovation
- Amazon Inspector – Code Security GA
Code scanning is now generally available, integrating with GitHub and GitLab to detect vulnerabilities in source code and IaC during CI/CD pipelines, with results surfaced in Inspector and dev tools medium.com+1siliconangle.com+1. - Amazon Q Developer IDE – MCP Extension
The Amazon Q Developer plugin now supports Model Context Protocol integrations, enabling richer, context-aware workflows in IDEs like VS Code and JetBrains, and across the CLI en.wikipedia.org+2aws.amazon.com+2aws.amazon.com+2.
6. Partner Ecosystem & MSSP Expansion
- AWS MSSP Competency – New Specializations
AWS has expanded its MSSP competency with new focus areas: infrastructure, workloads, applications, data protection, IAM, incident response, and cyber recovery—enabling partners to deliver end-to-end managed security services thecuberesearch.com+2aws.amazon.com+2medium.com+2.
In Summary
AWS re:Inforce 2025 marked a decisive push toward simplifying cloud-native security while empowering organizations with scalable, intelligent automation:
| Pillar | Highlight |
|---|---|
| Identity & Access | IAM internal findings, root MFA enforcement |
| Threat Detection | GuardDuty XTD in EKS, AI-driven triage, proactive Shield |
| Data & Network | Exportable certs, simplified WAF/CloudFront usability |
| Infrastructure Resilience | Threat intel Firewall, multi-party backup safety |
| Dev-Security | Inspector code scanning, Q IDE enhancements |
| Managed Security | Expanded MSSP competencies |
Security and innovation are no longer at odds — as AWS CISO Amy Herzog emphasized, a secure cloud foundation enables faster innovation and resilience. AWS’s new tooling brings organizations closer to that vision.
Keep Moving Forward
For security professionals and developers:
- Attend these sessions (watch on demand):
- Gen AI & detection integration (SEC304, TDR301)
- Data‑protection architecture for Bedrock Agents (SEC431)
- OWASP Top 10 for LLM threats (APS231)
siliconangle.com+12aws.amazon.com+12aws.amazon.com+12thecuberesearch.com+7medium.com+7siliconangle.com+7aws.amazon.com+1pluralsight.com+1thecuberesearch.com+7pluralsight.com+7aws.amazon.com+7thecuberesearch.comaboutamazon.com+3aws.amazon.com+3aws.amazon.com+3
- Experiment today:
- Enable MFA for root accounts.
- Try GuardDuty XTD on EKS workloads.
- Export ACM certs to fortify hybrid TLS stacks.
- Plan ahead:
- Incorporate multi-party approval vaults into your backup and recovery process.
- Evaluate MSSP partners with relevant new competencies.
AWS re:Inforce 2025 reinforces a central message: Cloud-scale security can be simple, automated, and developer-friendly—if built upon the right foundation. Security teams that adopt these capabilities now will be best positioned to protect their cloud-native innovations as they evolve.