Amazon Web Services Inc. today reaffirmed its commitment to security at its annual re:Inforce conference, announcing a series of new artificial intelligence-powered features and enhanced security measures.

The new features are said to link back to seven reasons why security will always be Amazon’s top priority. The reasons include security being a part of everyone’s job, getting security basics right and security being a requirement for innovation.

Leading the list of announcements was AWS Identity and Access Management now supporting passkeys as a second authentication factor to provide easier and more secure sign-ins across devices. Built on the WebAuthentication standard, passkeys are a type of authentication credential that allows users to log in to sites and services without having to enter a password.

IAM now allows users to secure access to their AWS accounts using passkeys for multifactor authentication, with support for built-in authenticators, such as Touch ID on Apple MacBooks and Windows Hello facial recognition on PCs. Passkeys can be created with a hardware security key or through a chosen passkey provider using a fingerprint, face or device PIN, which can be synced across devices to sign in with AWS.

AWS Cloudtrail Lake, Amazon’s managed service that enables organizations to store, access and analyze AWS activity events, has been given an AI boost with new AI-powered natural language query generation. The feature allows users to ask questions and analyze AWS activity events in CloudTrail Lake without having to write complex SQL queries.

Also receiving some additional AI attention is AWS Audit Management, which is now offering a new version of the “generative AI best practices framework” that provides visibility into a customer’s generative AI usage on Amazon SageMaker and Amazon Bedrock. The AWS framework includes 110 controls across areas such as governance, data security, privacy, incident management and business continuity planning.

Other new features include AWS IAM Access Analyzer now offering unused access recommendations for least privilege. With the service, users can now include step-by-step recommendations provided by IAM Access Analyzer to notify and simplify how developers refine unused permissions. IAM Access Analyzer also now extends customer policy checks to proactively detect non-conformant updates to policies that grant public access or grant access to critical AWS resources ahead of their deployments.

In addition, AWS has extended support for Amazon GuardDuty Malware Protection to Amazon S3, allowing users to scan newly uploaded objects to S3 buckets for potential malware, viruses and other suspicious uploads. Last but not least, a new AWS Cloud WAN service insertion feature allows users to streamline the integration of network services such as firewalls, instruction detection and prevention systems, and other appliances to their global networks.

Image: AWS