Today AWS Identity and Access Management (IAM) announced comprehensive multi-factor authentication (MFA) requirements for root users across all account types, with the expansion to member accounts. The new MFA enforcement marks a significant milestone in our ongoing commitment of secure by design principles, setting a high bar for our customers' default security posture and building upon our previous security enhancements. Our security journey began with requiring MFA for AWS Organizations management account root users in May 2024, followed by expanding MFA requirements to standalone account root users in June 2024, and introducing centralized root access management for AWS Organizations in November 2024.

IAM helps you securely manage identities and control access to AWS services and resources. MFA is a security best practice in IAM that requires a second authentication factor in addition to the user name and password sign-in credentials. MFA is available at no additional cost and prevents over 99% of password-related attacks. You can use a range of supported IAM MFA methods, including FIDO-certified security keys to harden access to your AWS accounts. AWS supports FIDO2 passkeys for a user-friendly MFA implementation and allows customers to register up to 8 MFA devices per root and IAM user. For AWS Organizations customers, we recommend centralizing access account management through the management account and removing root user credentials from member accounts, which represents an even stronger security posture.

To learn more:

2025-06-17

Introducing AWS Security Hub for risk prioritization and response at scale (Preview)

AWS announces an enhanced AWS Security Hub to prioritize your critical security issues and help respond at scale to reduce security risks, improve your team’s productivity, and protect your cloud environment. It detects critical issues by correlating and enriching security signals, for example, from threat detection and vulnerability management. This enables you to quickly surface and prioritize active risks in your cloud environment. The unified solution provides more comprehensive visibility into your security posture while reducing the complexity of manually piecing together information from multiple security tools.

Security Hub transforms correlated security signals into actionable insights through intuitive visualizations and contextual analytics, helping you identify critical patterns and trends and centralize security operations in your environment. For example, it detects and correlates scenarios where publicly exposed resources with highly exploitable vulnerabilities have access to storage with sensitive data. These insights provide enhanced risk context so you can make more informed decisions and take immediate action on security issues. Enhanced capabilities include exposure findings, security-focused asset inventory, attack path visualization, and automated response workflows with ticketing system integration. This centralized management enables streamlined remediation at scale while helping you minimize potential operational disruptions.

For more information about AWS Regions where Security Hub is available, see the AWS Region table. You can enable Security Hub for individual accounts or across your entire AWS Organization with centralized deployment and management. The service integrates with existing AWS security capabilities including Amazon GuardDuty, Amazon Inspector, AWS Security Hub CSPM, and Amazon Macie, providing more comprehensive security posture without additional operational overhead.

To learn more about the enhanced Security Hub and join the Preview, visit the AWS Security Hub console or the AWS Security Hub product page.

2025-06-17

Amazon GuardDuty Extended Threat Detection now supports Amazon EKS

Today, AWS announces further enhancements to Amazon GuardDuty Extended Threat Detection. This capability now includes coverage for multi-stage attacks targeting Amazon Elastic Kubernetes Service (EKS) clusters in your AWS environment. GuardDuty correlates multiple security signals across Amazon EKS audit logs, runtime behavior of processes, malware execution, and AWS API activity to detect sophisticated attack patterns that might otherwise go unnoticed. These new attack sequence findings cover multiple resources and data sources over an extensive time period, allowing you to spend less time on first-level analysis and more time responding to critical severity threats, thereby minimizing business impact.

GuardDuty Extended Threat Detection uses artificial intelligence and machine learning algorithms trained at AWS scale to automatically correlate security signals to detect critical threats. For example, it can identify an anomalous deployment of a privileged container followed by persistence attempts, crypto mining, and reverse shell creation, representing these related events as a single, critical-severity finding. You can then take action based on a new attack sequence finding type of critical severity. Each finding includes an incident summary, detailed events timeline, mapping to MITRE ATT&CK® tactics and techniques, and remediation recommendations.

This capability is automatically enabled for all GuardDuty customers at no additional cost in all Regions where GuardDuty is available. To detect attack sequences involving Amazon EKS clusters, you must enable GuardDuty EKS Protection, and GuardDuty recommends to also enable GuardDuty Runtime Monitoring for EKS for a more comprehensive security coverage. Take action on findings directly from the GuardDuty console or via integrations with AWS Security Hub and Amazon EventBridge.

To get started, visit the Amazon GuardDuty product page or try GuardDuty free for 30 days on the AWS Free Tier.

2025-06-18

AWS Payment Cryptography is now available in AWS Asia Pacific (Mumbai) and Asia Pacific (Osaka)

AWS Payment Cryptography has expanded its regional presence in Asia Pacific with availability in two new regions - Asia Pacific (Mumbai) and Asia Pacific (Osaka). This expansion enables customers with latency-sensitive payment applications to build, deploy or migrate into additional AWS Regions without depending on cross-region support. For customers processing payment workloads in Asia Pacific (Tokyo), the new Osaka region offers an additional option for multi-region high availability.

AWS Payment Cryptography is a fully managed service that simplifies payment-specific cryptographic operations and key management for cloud-hosted payment applications. The service scales elastically with your business needs and is assessed as compliant with PCI PIN Security requirements, eliminating the need to maintain dedicated payment HSM instances. Organizations performing payment functions - including acquirers, payment facilitators, networks, switches, processors, and banks can now position their payment cryptographic operations closer to their cloud applications while reducing dependencies on auxiliary data centers or colocation facilities with dedicated payment HSMs.

AWS Payment Cryptography is available in the following AWS Regions: US East (Ohio, N. Virginia), US West (Oregon), Europe (Ireland, Frankfurt) and Asia Pacific (Singapore, Tokyo, Osaka, Mumbai).

To learn more about the service, see the AWS Payment Cryptography user guide, and visit the AWS Payment Cryptography page for pricing details and availability in additional regions.

2025-06-17

AWS WAF reduces web application security configuration steps and provides expert-level protection

Today, AWS announces general availability of the AWS WAF simplified console experience that reduces web application security configuration steps by up to 80% and provides expert-level protection to help you optimize application security. AWS WAF helps protect web applications and APIs against common web exploits and bots that could affect availability, compromise security, or consume excessive resources. Security teams can now implement comprehensive protection for applications within minutes through pre-configured protection packs that incorporate AWS security expertise and are continuously updated to address emerging threats. These templates provide extensive security coverage including protection against common web vulnerabilities, malicious bot traffic, application layer DDoS events, and API-specific threats, all customized to your application type.

With the new console experience, select the application type, such as E-commerce platforms or transaction processing applications, to automatically apply expert-curated protection rules optimized for the specific use case. The unified dashboard provides consolidated security metrics, threat detection, and rule performance data, enabling security teams to quickly identify and respond to potential threats while maintaining full security control. Key security controls, including rate limiting, geographic restrictions, and IP reputation filtering, can be customized through an intuitive single-page interface that reduces configuration time.

The new AWS WAF console experience is available in all AWS Regions, including the AWS GovCloud (US) Regions and the China Regions.

To learn more about the new AWS WAF console experience, see the following resources: