At its re:Inforce 2025 conference in Philadelphia, Amazon Web Services announced a series of major security upgrades across its cloud platform. The updates aim to simplify threat detection, reduce risk, and tighten access controls for customers. The biggest news was the full enforcement of multi-factor authentication (MFA) for all root and management accounts, a significant milestone for the cloud provider. The new tools and policies signal a clear push towards making robust security the default standard.
MFA Enforcement Becomes a Reality for All Root Accounts
The most talked-about announcement was AWS hitting its goal of 100% MFA enforcement for all root and management-level accounts. During her keynote, AWS CISO Amy Herzog emphasized the importance of this step, calling MFA the single most effective security practice for protecting accounts.
This move is the culmination of a years-long effort by AWS to increase MFA adoption among its users. The company has gradually shifted from recommending MFA to requiring it.
To make this transition smoother, AWS also introduced support for FIDO2 passkeys. This provides a user-friendly and phishing-resistant way for customers to secure their accounts, moving beyond traditional one-time passcodes. For years, security experts have advocated for mandatory MFA, and AWS has now made it a non-negotiable layer of defense.
IAM Access Analyzer Gets an Intelligence Boost
Identity and Access Management (IAM) is often a source of security vulnerabilities due to overly permissive policies. To address this, AWS has upgraded its IAM Access Analyzer with a new feature called internal access findings.
This tool now looks beyond external threats to identify internal risks. It automatically analyzes CloudTrail logs and IAM policies to flag permissions that could be exploited from within an organization. This helps security teams find and fix over-permissioning without having to manually review countless policies. Hart Rossman, an AWS VP, described the logic as having “a mathematician in your pocket.”
The enhanced analyzer provides a centralized dashboard to monitor all access, making it easier for companies to see if their critical resources are exposed internally.
Security Hub and GuardDuty Add Smarter Threat Detection
Most companies are overwhelmed with security alerts from various tools. AWS is upgrading Security Hub and GuardDuty to help them focus on the alerts that truly matter. A new preview of Security Hub introduces features that correlate signals from different sources to prioritize real threats.
The key additions to Security Hub are broken down into three summary views:
| Feature | Function | Impact |
|---|---|---|
| Exposure Summary | Highlights security weaknesses | Faster identification of threats |
| Security Summary | Correlates vulnerabilities and policy gaps | Holistic understanding of security posture |
| Resource Summary | Inventory of assets and linked security issues | Clear visualization of risks per resource |
At the same time, GuardDuty has been expanded to better protect container workloads. It now monitors EKS audit logs and runtime activity to detect multi-stage attacks inside Kubernetes clusters. This helps catch suspicious activities like lateral movement and privilege escalation that might otherwise go unnoticed.
The Bigger Picture: AWS is Automating Cloud Security
Taken together, the announcements from re:Inforce 2025 show a clear strategy from AWS: automate more, guess less, and fix faster. None of these updates are entirely new concepts, but they represent a significant effort to tighten the default security posture for all customers.
The new features are designed to reduce the manual work required from security teams, cut down on false positives, and give them a clearer view of their environment.
While security in the cloud remains a shared responsibility, AWS is clearly stepping up to take on more of the burden. By building smarter, more automated security controls directly into its services, the company is making it easier for customers to stay protected.
