This June I got the amazing opportunity to attend AWS re:Inforce, a yearly cloud security conference taking place in Philadelphia. As a recipient of the AWS All Builders Welcome Grant, I attended this event at zero cost, with all travel, accommodation and conference pass costs covered by AWS. If you are in your first 5 years of your career and are passionate about cloud, I highly encourage you to apply to this grant offered for either re:Inforce or re:Invent. Apart from learning about the latest innovations in the cloud, you will also have the opportunity to meet like-minded individuals from all over the world, share experiences and learn from each other.

Before attending the conference, my cloud security knowledge was limited to the concepts I use in my daily DevOps tasks: implementing least privilege, avoiding hardcoded secrets, using secret injection tools, implementing SCPs, and responding to GuardDuty findings. As security is an area I’m keen to develop, re:Inforce was a valuable opportunity to learn from others’ career paths and their transitions into cloud security.

In the rest of this post I will summarize the key announcements made during the conference, the main hot topics of interest for security enthusiasts and some impressions about Philadelphia.

Unsurprisingly, GenAI was a dominant theme. This focus is warranted, given the rapid growth of GenAI applications in recent years, which have introduced new security challenges and amplified the capabilities of bot attacks. Interestingly, beyond features designed to defend against GenAI-powered attacks, there was a strong emphasis on boosting developer productivity. AWS actively promoted Q developer, their GenAI assistant, and Bedrock, their service for integrating various foundational models into GenAI applications. Another area of interest was the integration of MCP (Multi Context Protocol) servers into developer workflows. In a nutshell, MCP is a protocol that standardises how applications provide context to LLMs. The 3 main primitives advertised by MCP are:

  1. Tools - the discrete actions or functions that the AI agent can call. The server advertises the tool input/output schema, name and description.
  2. Resources - read only data items that the server can provide and the client can retrieve on demand.
  3. Prompts - predefined templates that can accept dynamic arguments, include context from resources and guide workflows. Did not have the chance to experiment much with MCP servers, however will try the ones that were suggested at most of the talks: AWS MCP servers, Github MCP server and Terraform MCP server.

The conference featured numerous service enhancements, but some were for services I don’t use regularly. Here are the highlights from services I’m less familiar with:

  1. Active threat defense on AWS Network Firewall: Network Firewall now offers a managed rule group that uses automated, intelligence-driven security measures to protect against active threats targeting AWS workloads. This active threat defense leverages AWS’s global infrastructure visibility and threat intelligence, including the Amazon MadPot system, which continuously tracks malicious infrastructure like malware hosting URLs, botnet command and control servers, and crypto mining pools.
  2. Unified dashboard for AWS Security Hub: after AWS Security Hub is enabled, it automatically aggregates and correlates findings from enabled security services like Amazon GuardDuty, Amazon Inspector, Amazon Macie, and AWS Security Hub CSPM. By viewing these correlated findings in the Security Hub console, you can gain a more comprehensive understanding of your security posture.
  3. AWS Shield network security detector: it simplifies the identification of configuration issues that could lead to threats like SQL injections and DDoS attacks, and provides recommended remediations. The feature analyzes your network resources, connections, and configurations, comparing them against AWS best practices to generate a network topology that highlights areas needing improved protection.

The following services received updates that I found particularly interesting:

  1. Exportable public certificates from AWS ACM: You can now export ACM certificates, including the private key, for use with workloads running on EC2, containers, or even your own data centers. This new capability simplifies certificate management in hybrid and multi-cloud environments, allowing you to leverage ACM’s automated renewal features for consistent security and uptime.

  2. EKS clusters Extended Threat Detection coverage in GuardDuty: Amazon GuardDuty now offers Extended Threat Detection for EKS clusters, introducing a new critical severity finding type. This feature automatically correlates security signals from various sources – EKS audit logs, runtime behavior, malware execution, and AWS API activity – to uncover sophisticated attack patterns that might otherwise be missed. For those managing numerous EKS workloads, this is a valuable addition, and I plan to enable both EKS Protection and Runtime Monitoring for comprehensive coverage (EKS Protection monitors control plane activities through audit logs and Runtime Monitoring observes behaviors within containers).

  3. Amazon Inspector code security capabilities: A significant addition to Amazon Inspector is its new code security capabilities. By integrating with source code managers like GitHub and GitLab, Inspector can now identify and prioritize security vulnerabilities and misconfigurations in your application source code, dependencies, and infrastructure as code (IaC). This eliminates the need to invest in and integrate a separate SAST solution (e.g., SonarQube, Snyk) if you’re already using AWS.

  4. AWS IAM Access Analyzer enhanced ability: IAM Access Analyzer now provides enhanced visibility into internal access to your critical Amazon S3, DynamoDB, and RDS resources by automatically evaluating all relevant policies and surfacing a unified dashboard of findings, enabling security teams to quickly identify and remediate unintended access or set up automated notifications for development teams.

The keynote’s central message was that AWS aims to transform cloud security from a productivity bottleneck into an innovation driver. They highlighted four key pillars for achieving secure cloud environments at scale while maintaining agility: identity and access management, data and network security, monitoring and incident response, and continuous migration, modernization, and patching. All new feature announcements were framed within these four pillars to reinforce this message.

With three days packed with talks, re:Inforce offered plenty to explore. I made time for two hands-on workshops: one focused on auditing KMS key policies and rotating compromised keys, and the other on configuring WAF rules to defend against GenAI bot attacks. I found that the instructor’s approach significantly impacted the learning experience. One workshop provided excellent context and guidance, allowing for a deep understanding of the problem and the AWS service used. The other, however, felt more like a self-guided exercise with limited instructor interaction. Regardless, both workshops were a welcome departure from the typical lecture format.

I attended several lectures however the quality of the presentations varied considerably. Only 3 talks really caught my interest:

  1. Zero trust in Amazon EKS - The talk emphasized assigning each pod a unique identity using IAM Roles for Service Accounts and securing service-to-service communication with mutual TLS. This approach ensures that workloads can authenticate and authorize each other without relying on network location. It also highlighted how AWS-native tools allow fine-grained access control to other AWS resources and services. Observability and logging are built in to monitor behavior and detect anomalies. The session encouraged incremental adoption, starting with workload identity and expanding to enforce secure communication, access policies, and continuous auditing.
  2. Amazon GuardDuty Extended Threat Detection: Identify multi-stage attacks - this talk demonstrated how AWS is now automatically identifying complex, multi-stage attacks in your cloud environment, especially across containerized workloads and Kubernetes (EKS) clusters. The service intelligently stitches together weak indicators from Kubernetes audit logs, runtime container activity, malware execution, and API logs—into a single critical “attack sequence” alert. This correlation surfaces the full progression of an attack: initial exploit, privilege escalation, persistence, and potential data exfiltration. Each alert provides a clear timeline, mapped to MITRE ATT&CK tactics, lists affected resources and actors and includes remediation advice.
  3. Understand who in your organization can access your AWS resources - showcased how IAM Access Analyzer’s new internal access findings help security teams gain a clear view of who can reach critical AWS resources like S3 buckets, DynamoDB tables, and RDS instances. The talk emphasized that Access Analyzer uses automated policy analysis (reasoning across IAM policies, resource policies, SCPs, and RCPs) to surface both direct and indirect access pathways, regardless of whether those permissions have been exercised. Through a unified dashboard, teams can quickly identify over‑privileged entities and address potential risks. Live demos illustrated how the tool highlights access paths, maps them to principals, and provides guided remediation steps.

A key part of the ABW grant was the opportunity to connect with experienced AWS professionals and learn from each other. I especially appreciated the speed networking and mentoring event, where we received practical advice on navigating a career in security, managing high-pressure situations and building resilience. The fireside chat, featuring two senior AWS leaders, also provided valuable insights into the current security landscape and the skills needed for future success.

re:Inforce was a truly rewarding experience, offering a perfect blend of learning, networking, and exploration in a new city, Philadelphia. While the weather was mostly cloudy, hot, and humid, I did manage to catch some sunshine on my final day. I also had the chance to see the iconic Rocky stairs and enjoy a memorable evening cruise on the Delaware River, thanks to AWS. I’m already looking forward to applying as an alumnus next year, hoping to recreate these wonderful memories.