Cloud security used to be an afterthought. Now, it’s the default.
At AWS re:Inforce 2025, held in Philadelphia, AWS showed that it’s not just building a secure cloud, but it’s embedding security into every layer, by design.
Instead of making customers figure out how to “secure the cloud,” AWS is increasingly doing that work for them – baking protections into identity access, development workflows, threat detection, and even hybrid infrastructure.
Below, we’ve unpacked the major announcements, and how Cloud Elemental can help you get the most out of them.
Identity Is the New Perimeter
One of the standout updates this year: AWS IAM (Identity and Access Management) now automatically helps you spot where your access policies might be too broad — even inside your own organisation.
This is thanks to a new IAM Access Analyzer feature that lets you see exactly which internal users, roles or services can access critical resources (like S3 buckets, databases, or server snapshots). It uses a technique called automated reasoning, a kind of smart logic engine, to map out permissions and highlight unintended access.
You also don’t need to set it up – it’s built in and available natively. (AWS News)
Plus, AWS now enforces Multi-Factor Authentication (MFA) for all root users! This is a long-requested update that protects the highest-privilege accounts from credential-based attacks.
Code Security That Meets Developers Where They Are
This year’s announcements also focused heavily on “shift-left” security, meaning you secure code before it ever goes live.
Amazon Inspector now allows developers to scan their source code directly in GitHub or GitLab for:
Bugs or logic flaws (SAST)
Vulnerable open-source dependencies (SCA)
Infrastructure configuration mistakes (IaC)
Even better? These scans surface the findings inside pull requests, and offer AI-generated remediation suggestions — so fixes can happen early, fast, and in the tools developers already use. (Futurum)
Threat Detection Gets a Major Upgrade
Amazon GuardDuty (AWS’s threat detection service) now supports Amazon EKS (Elastic Kubernetes Service). That means it can monitor your containerised workloads (like microservices running in Kubernetes) for signs of attack by analysing log activity, runtime behaviour, and suspicious access patterns. (AWS News)
Alongside this, AWS Security Hub has been redesigned to:
Prioritise and group risks into categories (like Exposure, Vulnerability, or Sensitive Data)
Visualise attack paths
Suggest next-best actions to fix issues
What’s powerful here is not just detection – it’s clarity. You don’t just get an alert; you get context, severity, and a recommended response.
Hybrid & Edge-Ready Encryption
If you run workloads across cloud & on-prem, you know how hard it can be to manage encryption consistently. AWS has responded by making exportable TLS/SSL certificates available via AWS Certificate Manager (ACM).
Now you can:
Use globally trusted public certificates across any environment
Centralise certificate management from AWS, even for systems that run outside AWS
This is especially useful for companies running AI inference at the edge, or those with hybrid IT setups for latency or regulatory reasons.
Real-Time Threat Intelligence from MadPot
One of the most forward-thinking updates this year is Active Threat Defence – a new capability in AWS Network Firewall that automatically blocks malicious network traffic before it can harm your workloads.
It works by leveraging MadPot, AWS’s internal global threat intelligence system, which continuously tracks malicious infrastructure across the internet (think: malware delivery servers, botnet controllers, crypto mining pools, etc.).
This intelligence feeds into a managed rule group, which you can now enable in your AWS firewall policy. (AWS News)
Once configured, it will:
Automatically block traffic to known bad actors (IPs, URLs, domains)
Continuously update as new threats emerge
Reduce the need for third-party feeds or manual rule creation
Integrate findings with GuardDuty for unified visibility

What this means for you
All of these new capabilities are now part of the AWS platform itself – but that doesn’t mean every customer gets full value out of them by default. That’s where we come in!
At Cloud Elemental, we:
Align AWS’s native security features with your specific risk profile and compliance needs
Set up scalable controls for identity, access, and threat response
Automate your cloud environment to ensure consistency, coverage, and recovery
And, via our partnership with Elastio, help you build air-gapped, recoverable systems for ransomware protection and disaster readiness
Let’s talk about how these AWS re:Inforce updates can enhance your cloud strategy – whether you’re migrating, modernising, or strengthening your disaster recovery posture.
Click the button below to get in touch with us via the AWS Marketplace, or enter your details into our contact form.
For more on how Cloud Elemental can help assess and improve your cloud security, read our AWS Well-Architected Security blog here.