AWS at Locked Shields 2026: Strengthening Allied Cyber Defence at Scale

For the third consecutive year, Amazon Web Services (AWS) is delighted to support Locked Shields – the NATO Cooperative Cyber Defence Centre of Excellence’s (NATO CCDCOE’s) premier live-fire cyber defence exercise. Locked Shields is a demonstration of how commercial cloud capabilities can directly strengthen collective security, at a moment when the cyber threat landscape has never been more complex.

Training at the Speed and Scale of Modern Cyber Threats

Locked Shields 2026 brought together more than 4,000 cyber defenders from over 40 nations, organised into 16 blue teams, testing their ability to protect critical IT systems and infrastructure against more than 8,000 sophisticated, real-time cyberattacks. AWS provided the cloud backbone for more than half of the virtual machines running in the exercise environment. More than 50 AWS accounts were vended for the  teams, each with multiple web and other applications to defend from red team attackers. The scale of this exercise demands hyperscale, resilient infrastructure. AWS delivered the compute, networking, and security services that allowed defenders to train in conditions mirroring the contested environments they will face in the real world. AWS specialist teams were also engaged on the ground, providing technical support and enablement directly to NATO CCDCOE and the training audience throughout the exercise – accelerating the development of critical cloud skills across NATO allies and likeminded nations.

“Exercise Locked Shields 2026 demonstrated that cyber defense is no longer the responsibility of governments or militaries alone. Critical resilience emerges only when industry, government, and military organizations train, experiment, and innovate together under realistic pressure. In the cyber domain, trust, interoperability, and adaptation cannot be improvised during a crisis — they must be built through continuous collective exercises. AWS’s participation in the exercise is a good example of doing what is needed to face crises and challenges in and or through cyberspace,” said LTC Teet Laeks, Locked Shields 2026 deputy director.

Proven under fire – Realising security and Innovation in the Cloud

Blue teams used AWS-native security tooling throughout the exercise, utilising Amazon Inspector for container vulnerabilities, Amazon GuardDuty for threat detection, and AWS Security Hub CSPM for centralising security events as well as other third party and open source tools. Under live-fire pressure, defenders chose AWS tooling due to the operational credibility of AWS security services in contested environments. The red team, meanwhile, used more than 100 AWS CloudFront deployments to host Command and Control infrastructure during the exercise – an inventive use of CloudFront to disguise C2 traffic.

“Locked Shields is central to cyber resilience planning across NATO. 2026 most successful ever. Across 2 days of sustained attack, AWS infra reported 0 downtime and 0 incidents.”

Security is Job Zero

AWS’s engagement with Locked Shields reflects broader AWS strategy: security is not a feature – it is the foundation of cloud adoption for multinational and national security & defence organisations. Across AWS, thousands of security professionals continuously monitor and automate responses to attack patterns across millions of global customers. The depth of operational security experience is what enables AWS to stand out for the defence community – we provide exceptional security without compromising the innovation that makes cloud transformative.

At the time of writing, AWS supports 143 security standards and compliance certifications and attestations helping customers satisfy compliance requirements around the globe. This breadth of compliance coverage means defence and national security organisations can meet their most stringent data security obligations while operating under the AWS shared responsibility model – retaining control and the flexibility to deploy the services they need.

A Strategic Partnership for Collective Cyber Resilience

Our partnership with NATO CCDCOE positions AWS as the trusted cloud platform for cyber defence training across the NATO alliance and likeminded nations. AWS supports NATO’s digital transformation objectives by demonstrating – at operational scale – how commercial cloud capabilities can enhance national security & defence operations. As cyber threats grow in sophistication and scale, AWS remains committed to providing the infrastructure, expertise, and security architecture that nations need to defend, adapt, and prevail.

To learn more about AWS for Defence and National Security, visit aws.amazon.com/government-education/defense.