A blog post by Amy Herzog, VP and CISO at AWS summarizing the keynote:
https://aws.amazon.com/blogs/security/how-aws-is-simplifying-security-at-scale-four-keys-to-faster-innovation-from-aws-reinforce-2025/
AWS IAM Access Analyzer - Internal access findings
AWS Identity and Access Management (IAM) Access Analyzer now identifies who within your AWS organization has access to your Amazon S3, Amazon DynamoDB, or Amazon Relational Database Service (RDS) resources. It uses automated reasoning to evaluate all identity policies, resource policies, service control policies (SCPs), and resource control policies (RCPs) to surface all IAM users and roles that have access to your selected critical resources.
For more details:
- https://aws.amazon.com/about-aws/whats-new/2025/06/iam-access-analyzer-aws-organization-access-resources/
- https://aws.amazon.com/blogs/aws/verify-internal-access-to-critical-aws-resources-with-new-iam-access-analyzer-capabilities/
- https://aws.amazon.com/blogs/apn/aws-partners-enhance-cloud-security-with-new-iam-access-analyzer-internal-access-findings/
AWS IAM now enforces MFA for root users across all account types
AWS Identity and Access Management (IAM) announced comprehensive multi-factor authentication (MFA) requirements for root users across all account types, with the expansion to member accounts.
For more details:
- https://aws.amazon.com/about-aws/whats-new/2025/06/aws-iam-mfa-root-users-across-all-account-types/
- https://docs.aws.amazon.com/IAM/latest/UserGuide/enable-mfa-for-root.html
AWS Certificate Manager exportable public certificates
AWS Certificate Manager (ACM) announces exportable public certificates that you can use on any workload that requires a public TLS certificate, whether within AWS or outside. With this release, you can issue public certificates that you can export and access the certificate’s private key to securely terminate TLS traffic on any compute workload. This includes EC2 instances, containers, or on-premises hosts.
For more details:
- https://aws.amazon.com/about-aws/whats-new/2025/06/aws-certificate-manager-public-certificates-use-anywhere/
- https://aws.amazon.com/blogs/aws/aws-certificate-manager-introduces-exportable-public-ssl-tls-certificates-to-use-anywhere/
- https://docs.aws.amazon.com/acm/latest/userguide/acm-exportable-certificates.html
AWS Shield network security director (preview)
AWS Shield announces the preview of network security director, a new capability that provides visibility into the AWS resources in your network, identifies missing or misconfigured network security services, and recommends remediation steps. As threats continue to evolve, AWS Shield has expanded its capabilities beyond DDoS protection to help you easily identify resources requiring network and application protection and correctly secure them.
For more details:
- https://aws.amazon.com/about-aws/whats-new/2025/06/aws-shield-network-security-director-preview/
- https://aws.amazon.com/blogs/aws/new-aws-shield-feature-discovers-network-security-issues-before-they-can-be-exploited-preview/
AWS WAF - Simplified console experience
AWS announces general availability of the AWS WAF simplified console experience that reduces web application security configuration steps by up to 80% and provides expert-level protection to help you optimize application security. AWS WAF helps protect web applications and APIs against common web exploits and bots that could affect availability, compromise security, or consume excessive resources. Security teams can now implement comprehensive protection for applications within minutes through pre-configured protection packs that incorporate AWS security expertise and are continuously updated to address emerging threats. These templates provide extensive security coverage including protection against common web vulnerabilities, malicious bot traffic, application layer DDoS events, and API-specific threats, all customized to your application type.
For more details:
- https://aws.amazon.com/about-aws/whats-new/2025/06/aws-waf-web-application-security-configuration-steps-expert-level-protection/
- https://aws.amazon.com/blogs/security/introducing-the-new-console-experience-for-aws-waf/
Amazon CloudFront - Simplified onboarding
Amazon CloudFront introduces a new console experience that simplifies the delivery of secure, high-performance applications to users on the internet. Setting up a content delivery network (CDN) traditionally required deep expertise in CDN configurations, domain management, and security best practices. The new CloudFront console experience streamlines this entire process with a unified approach to content delivery and security. The new experience automatically provisions and manages DNS records with Amazon Route 53 and TLS certificates with AWS Certificate Manager (ACM). Users can now create a secure, optimized distribution in as little as 30 seconds, regardless of their CDN expertise level.
For more details:
- https://aws.amazon.com/about-aws/whats-new/2025/06/amazon-cloudfront-streamlines-cdn-setup-smart-defaults-automation/
- https://aws.amazon.com/blogs/aws/amazon-cloudfront-simplifies-web-application-delivery-and-security-with-new-user-friendly-interface/
AWS Network Firewall - Active threat defense
AWS Network Firewall with active threat defense provides automated, intelligence-driven protection against dynamic, ongoing threat activities observed across AWS infrastructure. Once enabled, you can configure the managed rule group in your firewall policy to automatically block suspicious traffic, such as command-and-control (C2) communication, embedded URLs, and malicious domains. The feature provides protection by continuously updating rules based on current threat activity. AWS Network Firewall offers improved visibility for active threat defense rule group, allowing you to see indicator groups, types and threat names you're protected against. If you are also an Amazon GuardDuty customer, related threat intelligence findings are marked with the threat list name “Amazon Active Threat Defense” going forward. These active threats can be automatically blocked by using the active threat defense managed rule group on AWS Network Firewall.
For more details:
- https://aws.amazon.com/about-aws/whats-new/2025/06/aws-network-firewall-active-threat-defense/
- https://aws.amazon.com/blogs/security/improve-your-security-posture-using-amazon-threat-intelligence-on-aws-network-firewall/
- https://docs.aws.amazon.com/network-firewall/latest/developerguide/aws-managed-rule-groups-atd.html
Amazon GuardDuty Extended Threat Detection (XTD)
AWS announces further enhancements to Amazon GuardDuty Extended Threat Detection. This capability now includes coverage for multi-stage attacks targeting Amazon Elastic Kubernetes Service (EKS) clusters in your AWS environment. GuardDuty correlates multiple security signals across Amazon EKS audit logs, runtime behavior of processes, malware execution, and AWS API activity to detect sophisticated attack patterns that might otherwise go unnoticed. These new attack sequence findings cover multiple resources and data sources over an extensive time period, allowing you to spend less time on first-level analysis and more time responding to critical severity threats, thereby minimizing business impact.
For more details:
- https://aws.amazon.com/about-aws/whats-new/2025/06/amazon-guardduty-threat-detection-eks/
- https://aws.amazon.com/blogs/aws/amazon-guardduty-expands-extended-threat-detection-coverage-to-amazon-eks-clusters/
AWS Security Hub for risk prioritization and response at scale (Preview)
AWS announces an enhanced AWS Security Hub to prioritize your critical security issues and help respond at scale to reduce security risks, improve your team’s productivity, and protect your cloud environment. It detects critical issues by correlating and enriching security signals, for example, from threat detection and vulnerability management. This enables you to quickly surface and prioritize active risks in your cloud environment. The unified solution provides more comprehensive visibility into your security posture while reducing the complexity of manually piecing together information from multiple security tools.
For more details:
- https://aws.amazon.com/about-aws/whats-new/2025/06/aws-security-hub-risk-prioritization-response-scale/
- https://aws.amazon.com/blogs/aws/unify-your-security-with-the-new-aws-security-hub-for-risk-prioritization-and-response-at-scale-preview/
AWS MSSP Specialization
Introducing the updated AWS MSSP Competency (previously AWS Level 1 MSSP Competency) for partners with turn-key security solutions that transform how organizations approach cloud security. The update includes new categories to validate Partners' security expertise in specific domains including Infrastructure Security, Workload Security, Application Security, Data Protection, Identity & Access Management, Incident Response, and Cyber Recovery. These categories validate service partners' capabilities to deliver comprehensive security outcomes leveraging native AWS services and best-of-breed security tools.
For more details:
- https://aws.amazon.com/about-aws/whats-new/2025/06/reimagined-aws-mssp-competency/
- https://aws.amazon.com/blogs/apn/updates-to-the-aws-mssp-competency-deliver-turnkey-security-solutions-for-customers/
Amazon Inspector code security capabilities
Amazon Web Services (AWS) announces the general availability of Amazon Inspector code security capabilities, helping you secure your applications before they reach production. This new feature, with native integration to GitHub and GitLab, helps you rapidly identify and prioritize security vulnerabilities and misconfigurations across your application source-code, dependencies, and infrastructure as code (IaC). You can evaluate source-code as builders push or pull code changes in repositories, within CI/CD pipelines, or through scheduled scans. Findings from these scans are surfaced both in the Amazon Inspector console for an aggregated view across the organization and within the source code management platform as fast feedback for the developers.
For more details:
- https://aws.amazon.com/about-aws/whats-new/2025/06/amazon-inspector-code-security-shift-security-development/
- https://aws.amazon.com/blogs/security/shifting-vulnerability-detection-left-with-amazon-inspector-code-security-capabilities/
The entire keynote video can be found at https://www.youtube.com/watch?v=3Qj7rypkzGg
About the author
Eyal Estrin is a cloud and information security architect, an AWS Community Builder, and the author of the books Cloud Security Handbook and Security for Cloud Native Applications, with more than 25 years in the IT industry.
You can connect with him on social media (https://linktr.ee/eyalestrin).
Opinions are his own and not the views of his employer.
Top comments (0)