re:Invent 2025 recap - Chris Farris

This will be the first re:Invent I’ve missed since 2015 (we don’t talk about 2020 - never happened - FAKE NEWS), but I’ve relocated to Portugal and, for various reasons, had to ~~miss~~ skip it this year. Normally, I do a pre:Invent post on Thanksgiving morning as a prep for what I want to ask about, but this year it’s a summary of both pre:Invent and re:Invent.

pre:Invent also started late this year. We really didn’t start to see any interesting announcements till mid-November. In previous years, I’ve seen pre:Invent start in early October. The number of keynote announcements was pretty disappointing, too; a few things were thrown in as a “shot clock” at the end of a GenAI-laden keynote.

I’m shocked that laying off tens of thousands of people and replacing them with GenAI has slowed innovation.

Once again, I’ve categorized the announcements into a handful of categories focused on the ones that matter most for security practitioners and cloud governance folks:

Security Features

AWS Security Agent (Preview): AI agent for proactive app security (02-Dec-2025)
This one has the potential to be revolutionary, but will probably be an okay-ish service that works if you don’t want the hassle of a vendor procurement process. It uses GenAI (blech) to perform security reviews and automated Pen Tests of your apps. I need to spend some time with this and my vulnerable-by-design meme factory.

IAM & Access Management

AWS IAM identity federation for external services with JWTs (19-Nov-2025)
AWS finally breaks down and admits there are other cloud providers. This will be incredibly useful for leveraging IAM to access other providers without long-lived tokens. Yay! This will also be a key method for multi-partition authentication when the European Sovereign Cloud launches.
Console credentials for AWS CLI/SDK authentication (19-Nov-2025)
I don’t know about this one. It’s a new aws login command in the CLI that uses your root or IAM User console session for the CLI. I guess it’s better than long-lived credentials, but this is for the hobbyist. Enterprises should be using Identity Center.
IAM Policy Autopilot: generate IAM policies from code (30-Nov-2025)
The first of many MCP servers in this post. This one will help craft least privilege IAM Policies. Hopefully, it doesn’t hallucinate actions like vpc:AuthorizedSecurityGroupIngress.
Streamline integration with partner products using IAM delegation (19-Nov-2025)
A new way to allow third parties to have temporary access to deploy into your AWS account(s).
AWS STS IPv6 support (21-Nov-2025)
I was experimenting with IPv6 Egress Only Gateways and was shocked by AWS’s lack of IPv6 service support. IPv6 RFCs were written at the start of my career, and I expect I will retire before it’s widely supported.
AWS SourceVpcArn condition key for region control (19-Nov-2025)
I’m sure the Data Perimeter boffins are excited about this.

S3 Security

Amazon S3 Block Public Access organization-level enforcement (26-Nov-2025)
This is actually implemented via an AWS Organizational Policy, similar to the Security Hub and AWS Inspector policies. It’s like the Declarative Policy for EC2 in that it manages the service, rather than limits permissions like an SCP or RCP. There are a few things worth noting about this:
1. Unlike IAM Organization Policies, a deny does not trump an allow. So you can "@@assign": "all" at the root OU, and override with "@@assign": "none" on the accounts where you might have a legacy public bucket or need to allow one.
2. This also doesn’t allow for any fine-grained control - you either enable all four S3 BPA controls or none.
So while we cannot yet move buckets, this can help companies with legacy bucket issues.
Amazon S3 attribute-based access control (20-Nov-2025)
This was a major gap in the rollout of RCPs: Allow me to write an RCP that grants or denies permission based on a tag on the bucket. Maybe Rich can finally fix his lab
Amazon S3 bucket-level standardize encryption types (19-Nov-2025)
There’s an interesting nuance in this that the announcement doesn’t really call out. You can now explicitly disable SSE-C - a technique ransomware syndicates use to encrypt your data when you leak an access key. Buried in the link is this announcement:

Starting in April 2026, AWS will disable server-side encryption with customer-provided keys (SSE-C) for all new buckets. In addition, SSE-C encryption will be disabled for all existing buckets in AWS accounts that do not contain any SSE-C-encrypted data. With these changes, the few applications that require SSE-C encryption must explicitly enable it via the PutBucketEncryption API after creating the bucket. In these cases, you might need to update automation scripts, CloudFormation templates, or other infrastructure configuration tools to configure these settings. For more information, see the AWS Storage Blog post.

SSE-C is a legacy capability that dates back to the early pre-KMS days of S3. You probably don’t need it.

Threat Detection & Response

Security Incident Response metered pricing and free tier (21-Nov-2025)
A Client asked about Security Incident Response a few weeks ago, and I said, “Remember how we saved all that money disabling Config and duplicate Cloudtrails? This will cost 2x the savings.”
AWS Security Incident Response with agentic AI-powered investigation (21-Nov-2025)
I guess the way AWS can lower prices is by firing the humans.
Amazon GuardDuty Extended Threat Detection now supports Amazon EC2 and Amazon ECS (02-Dec-2025)
GuardDuty is noisy, and these extended detections that alert as Critical (severity 9+) are a good way to know when you need to act.
AWS Security Hub is now generally available with near real-time risk analytics (02-Dec-2025)
This seems like AWS’s response to GoogleWiz. That said, Security Hub is no longer misnamed. This is a step toward measuring risk and not just compliance.

This announces a brand-new service: Security Hub 2.0. The OG Security Hub is now called Security Hub CSPM (even though it still aggregates events from other services). That said, it still requires all the bullcrap of running AWS Config Recorders, which haven’t been upgraded to support modern organizational management. I’m gonna wait a bit before I revisit this service to tell you how much I hate it.

CloudTrail

Two new enhancements to CloudTrail that, on my initial look, don’t really seem to fix the major pain points customers have with the service.

CloudTrail data event aggregation for security monitoring (19-Nov-2025)
This is disappointing. You still need the expensive data events enabled to use this. However, most of the use cases I’ve seen for Data Events are about “how often or is this bucket getting used?” Now you get to pay 30% more on top of your data event costs to get the answer that an Athena Query will offer.
AWS launches simplified enablement of AWS CloudTrail events in Amazon CloudWatch (05-Dec-2025)
This is a new method for pushing CloudTrail events into CloudWatch logs that doesn’t require creating a CloudTrail or configuring CloudWatch settings. This has a very different financial model. Rather than paying by event, you pay by GB (probably uncompressed) at $0.75/GB ($0.25 for Cloudtrail, and $0.50 for CloudWatch). While I’ve not done the math, I’m pretty sure this doesn’t make collecting data events any less outrageously expensive.

Network Security

Active threat defense as default in Network Firewall (18-Nov-2025)
Making threat defense the default is the right move - opt-out security is better than opt-in.
AWS NAT Gateway regional availability (19-Nov-2025)
This is interesting because it is a much more managed service. You no longer need Public Subnets, or to configure each private subnet’s route table to egress via the respective NatGW in the same AZ. Instead, you just point the private route table to the Regional NatGW, and AWS handles the rest.

The pricing is the same as a Zonal (i.e., legacy) NatGW, but there’s a hitch: if your non-prod environments currently use a single NatGW for cost savings, when you switch to a regional NatGW, your price will go up 2-3x based on the number of AZs you deploy non-prod workloads to. If you run a hybrid approach (Regional in prod, zonal in non-prod), then non-prod VPCs need public subnets. Now you have different VPC architectures for Prod and Non-Prod. Sad.
AWS VPC encryption controls (21-Nov-2025)
Let’s start with why you should avoid this - $110 per month per non-empty VPC. This is absolutely worth it if you need “To meet stringent compliance standards like HIPAA and PCI DSS” and “demonstrate compliance with encryption standards”.

When enabled in monitor mode, you get an extra field in your VPC FlowLogs indicating whether the session was encrypted and how. Enforce mode doesn’t actually encrypt traffic; rather, it prevents you from attaching an ENI to a non-encrypted resource. You cannot enable enforce mode if you have non-encrypted-in-transit resources in your VPC.

The migration effort here will be great, but if your auditors are making you do the work by hand, this is worth the cost.

Control Tower

Friends still don’t let friends run Control Tower, but it sounds like the service team is listening to some of the pain points.

AWS Control Tower automatic enrollment (10-Nov-2025)
AWS Control Tower controls in a dedicated experience (21-Nov-2025)

EC2 Security

Supplementary packages for Amazon Linux (18-Nov-2025)
It’s almost 2026, and AWS is finally giving us an EPEL repo! This is after almost everyone who had to migrate off Amazon Linux2 has already figured out their crappy workarounds. So much for customer obsession.
EC2 AMI ancestry: complete AMI lineage visibility (20-Nov-2025)
Speaking of getting off end-of-life operating systems, this looks like it might finally help solve the thorny problem of identifying an OS Version via the EC2 APIs. I look forward to updating my EC2 EOL reporting script to use this.
Recycle Bin support for Amazon EBS volumes (20-Nov-2025)
First off, I have a set of former coworkers who are asking for this in RDS, too! This is an excellent capability that could save your ass during a ransomware attack. Sadly, it’s not enabled by default. You should enable this in all your accounts, then lock down the ability to alter it via SCPs. You still pay the hourly EBS costs for the volumes, but a few extra hours in a recycling bin is worth the fast restore when a machine is accidentally terminated.

Oh, can I have this as part of the EC2 Declarative Policies?
Amazon Inspector organization-wide management with AWS Organizations policies (19-Nov-2025)
This is a new type of AWS Organizations Management Policy (similar to Security Hub), but it looks pretty duplicative of what I already get with Inspector Delegated Administrator. So far, the docs don’t clearly articulate when or why you’d use one technique over the other.

Other Security Stuff

AWS Secrets Manager managed external secrets (19-Nov-2025)
Currently, it only supports Salesforce, BigID, and Snowflake secrets, but this will help with rotation with Secrets Manager.
Amazon OpenSearch Serverless audit logs for dataplane APIs (18-Nov-2025)
AWS CloudTrail data events for OpenSearch Serverless. An expensive auditing method for an overly expensive service. Make sure you have a good use case before enabling this.

Cloud Governance & Costs

Announcing Database Savings Plans with up to 35% savings (02-Dec-2025)
Matt dropped this as a Steve Jobs “one more thing” at the very end of his keynote. RI and Savings plans aren’t my thing, but this will be a significant boon for the FinOps crew. As a security practitioner, use this to get the devs to shut down unnecessary RDS and/or upgrade their MySQL5 before buying into this.
AWS Organizations direct account transfers (19-Nov-2025)
I have been asking for this since 2015. In 2019, we had to migrate a thousand accounts during the Warner/AT&T merger. This is finally here. Good Luck Netflix.

84 years in cloud-years maybe.
Billing transfer and multi-organization billing in Cost Management (19-Nov-2025)
At one point, I had 17 payers - 9 of them because a certain premium cable channel’s finance team couldn’t figure out how to do cost allocations. This wouldn’t have fixed that stupid, but it would have made the subsequent account consolidation easier.

Snark aside, this is a BIG WIN for companies buying AWS through a reseller. Till now, the reseller had to be able to control the Organization’s Management Account for billing purposes. Now the reseller’s ~victim~ err customer can get all the glorious security benefits of AWS Organizations.
CloudFront flat rate pricing plans (18-Nov-2025)
Read the fine print on what happens when you go over your performance allocation - these prices are per-month, not billed per-hour. That said, offering a single flat rate for CDN, WAF, DDoS, and logging should be a great way to drive adoption of basic edge security controls.
AWS CloudFormation StackSets deployment ordering (21-Nov-2025)
StackSets have always been a tool for invariants - simple things that I want to insist exist in every account, no matter what. I’ve found that you need to keep the invariant simple - StackSets fall over at scale and with any amount of complexity. This release seems to be an attempt to fix that.
Configuration drift detection enhanced in CloudFormation StackSets (18-Nov-2025)
So, basically, after ten years, CloudFormation is getting what we had with Terraform since the beginning.
Validate and enforce required tags in CloudFormation, Terraform, and Pulumi (20-Nov-2025)
I’ve never been able to enforce tagging policies because the mix of Tag Policies & SCPs inevitably breaks someone’s pipeline. I’m hoping that this will help overcome that and be able to abort a Terraform plan/apply before putting production into a screwed up state.

Cloud Networking

Preview: AWS Interconnect multicloud (30-Nov-2025)
Gated preview: Interconnect last mile (30-Nov-2025)
These two are interesting. The night before re:Invent, AWS drops a new service, AWS Interconnect, without any fanfare, and mentions two sub-features. I’m waiting for ~~Project Kuiper~~ err Amazon Leo to be announced as Interconnect SPACE!

The MultiCloud is very interesting. It’s in preview, so pricing is still TBD, and it’s only got GCP right now. Azure will come in 2026. Also, be warned, per the docs,

At the time AWS Interconnect becomes Generally Available, any “preview” 1Gbps connections will be removed from your account

So stuff will break!

Serverless Stuff

AWS CloudFormation intelligent authoring in IDEs (19-Nov-2025)
A significant pain point in doing work with CloudFormation. The docs are unclear, and the examples are few and far between. Hopefully this improves things, but… Don’t you have an MCP server to do this for me yet?
AWS Lambda tenant isolation mode (19-Nov-2025)
This is nifty. You can now route invocations to specific execution environments.

To use the new tenant isolation mode, customers specify a unique tenant identifier when invoking their Lambda function. Lambda uses this identifier to route invocation requests to a function’s underlying execution environments and ensures that execution environments associated with a particular tenant are never used to serve requests from other tenants invoking the function.
AWS Lambda managed instances (30-Nov-2025)
“AWS Lambda Managed Instances lets you run Lambda functions on your Amazon EC2 instances while maintaining Lambda’s operational simplicity." So this is like reverse FARGATE.
AWS Step Functions local testing with TestState API (20-Nov-2025)
Speaking of services that are a major pain to author due to unclear docs and lack of examples…
Amazon API Gateway adds MCP proxy support (02-Dec-2025)

Amazon API Gateway now supports Model Context Protocol (MCP) proxy, allowing you to transform your existing REST APIs into MCP-compatible endpoints. This new capability enables organizations to make their APIs accessible to AI agents and MCP clients. Through integration with Amazon Bedrock AgentCore’s Gateway service, you can securely convert your REST APIs into agent-compatible tools while enabling intelligent tool discovery through semantic search.

GenAI & Bedrock

Amazon Bedrock Guardrails for coding use cases (19-Nov-2025)
I’m pretty sure that anyone with the intention to “Generate code for a deepfake application to create non-consensual intimate images” is not going to do so in a work environment with GuardRails enabled. Maybe this will prevent your account from being used for Pedophile ChatBots, but I really don’t see the use here.
OpenSearch Service agentic search (25-Nov-2025)
Honestly, this looks really cool - OpenSearch doesn’t have the most intuitive interface, and using GenAI to answer questions about the data might be a useful reason to make polar bears homeless.

AWS continues to invest in Bedrock, the only right call they’ve made in the GenAI space:

Amazon Bedrock reserved service tier (26-Nov-2025)
This is a positive development for Bedrock users with consistent, predictable workloads.
Amazon Bedrock now supports Responses API from OpenAI (04-Dec-2025)
Amazon Bedrock adds 18 fully managed open weight models, the largest expansion of new models to date (02-Dec-2025)
Amazon Bedrock AgentCore now includes Policy (preview), Evaluations (preview) and more (02-Dec-2025)
Introducing AWS AI Factories (02-Dec-2025)
The Outposts team was desperate to figure out a way to meet their GenAI OKRs.

MCPs!

The AWS API MCP Server in AWS Marketplace (26-Nov-2025)
Hey, we’re making it easier to deploy the API MCP via the AWS Marketplace
AWS MCP Server (30-Nov-2025)
Hey, we’re deprecating the thing we just announced, combining it with another MCP, and putting it into preview.

I’m all for simplifying things, but the disconnect from these two announcements makes me shrug and wonder if AWS knows what it’s doing in the GenAI space.

And the other random stuff

Amazon S3 increases the maximum object size to 50 TB (02-Dec-2025)
I’m sure there is a weird customer to whom this is a big deal. For the rest of you, if you’re creating 50T objects, you really need to rethink your life choices.
Amazon CloudWatch launches unified management and analytics for operational, security, and compliance data (02-Dec-2025)
Most places I know use a SIEM or data aggregation tools for logs, so it’s not clear to me what pain point this solves.
Introducing AWS DevOps Agent (preview), frontier agent for operational excellence (02-Dec-2025)
After generating loyalty from DevOps professionals for a decade and a half, AWS now replaces you with a small shell script and dice-rolling machine. I wonder how this will do the next time us-east-1 shits itself. “We recommend migrating this workload to OCI”.