AWS Sync is a monthly brief of AWS announcements, tuned specifically for businesses that need the signal without the noise.

Among AWS’s January 2025 announcements, several updates stand out for their impact on security posture and compliance capabilities. From enhanced root access controls to cross-border compliance automation, these changes demonstrate AWS’s commitment to addressing evolving security challenges while streamlining compliance management. Let’s examine the most security-relevant announcements and their practical implications for your infrastructure.

Enhanced Security and Compliance

AWS has rolled out several critical security improvements this month. Most notably, they’ve introduced centralized root access management for AWS Organizations, allowing security teams to implement temporary, task-specific root sessions limited to 15 minutes. This change significantly reduces the attack surface by eliminating the need for permanent root credentials across member accounts.

Learn more about secure root user access in AWS Organizations

Adding another layer of security, AWS has issued an important advisory about preventing unintended encryption of S3 objects. This addresses an emerging threat where compromised credentials are used to maliciously encrypt S3 objects using server-side encryption with client-provided keys (SSE-C). The advisory provides practical steps for implementing defense-in-depth strategies through short-term credentials, robust monitoring, and proper backup procedures.

Read the full security advisory on S3 object encryption

For organizations operating in both US and Canadian markets, AWS has expanded their compliance-as-code capabilities by adopting OSCAL for Canadian cybersecurity requirements. This standardization enables automated analysis of control overlaps between US FedRAMP/NIST requirements and Canadian compliance frameworks, streamlining cross-border compliance management.

Explore OSCAL implementation for Canadian cybersecurity requirements

Improved Multi-Account Management

AWS’s introduction of multi-session support in the Management Console is a double-edged sword that warrants careful consideration. While the ability to maintain up to 5 different AWS sessions simultaneously in a single browser is a significant operational improvement, it introduces new risks that need to be actively managed. Yes, it eliminates the friction of multiple browsers and constant context switching – but that friction served as a natural safeguard against accidental cross-account actions. Organizations adopting this feature should implement strong visual distinctions between environments (like mandatory account aliases and role tags), maintain strict role separation, and consider limiting multi-session access to specific user groups. The convenience of managing multiple accounts simultaneously shouldn’t come at the cost of security awareness.

Read about simultaneous sign-in for multiple AWS accounts

Infrastructure Optimization and Data Management

AWS Compute Optimizer has expanded its capabilities for EC2 Auto Scaling groups, providing enhanced idle and rightsizing recommendations. This update helps teams make data-driven decisions about their dynamic infrastructure scaling, identifying both over-provisioned resources that waste money and under-provisioned setups that could impact performance.

Learn more about AWS Compute Optimizer’s new capabilities

In the database realm, Amazon DynamoDB now offers configurable point-in-time-recovery periods. Organizations can align their backup retention with specific regulatory requirements rather than being locked into the previous 35-day period. This flexibility supports both compliance requirements and cost optimization goals by allowing organizations to maintain backups only for the duration needed.

Explore DynamoDB’s configurable recovery periods

Conclusion

January’s updates reflect AWS’s focus on practical operational improvements while strengthening security and compliance capabilities. The combination of enhanced security controls, streamlined multi-account management, and improved infrastructure optimization tools provides organizations with more flexibility and control over their AWS environment. These changes particularly benefit organizations managing complex, multi-account structures with strict security and compliance requirements.

As we move further into 2025, these updates lay a strong foundation for organizations looking to optimize their cloud operations while maintaining robust security postures. The emphasis on practical, security-focused features demonstrates AWS’s understanding of the challenges facing modern cloud operations teams.