AWS Security Center
This page contains the following categories of information. Click to jump down:
The following information is also available. Click to open a new page:
Overview
Amazon Web Services (AWS) delivers a highly scalable cloud computing platform with high availability and dependability, and the flexibility to enable customers to build a wide range of applications. In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best practices, provides appropriate security features in those services, and documents how to use those features. In addition, AWS customers must use those features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.
At a high level, we’ve taken the following approach to secure the AWS infrastructure:
- Certifications and Accreditations. AWS has successfully completed a SAS70 Type II Audit, and will continue to obtain the appropriate security certifications and accreditations to demonstrate the security of our infrastructure and services.
- Physical Security. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.
- Secure Services. Each of the services within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand. For more information about the security capabilities of each service in the AWS cloud, consult the Amazon Web Services: Overview of Security Processes whitepaper.
- Data Privacy. AWS enables users to encrypt their personal or business data within the AWS cloud and publishes backup and redundancy procedures for services so that customers can gain greater understanding of how their data flows throughout AWS. For more information on the data privacy and backup procedures for each service in the AWS cloud, consult the Amazon Web Services: Overview of Security Processes whitepaper.
The AWS Security Center provides links to technical information, tools, and prescriptive guidance designed to help you build and manage secure applications in the AWS cloud. Our goal is to use this forum to proactively notify developers about security bulletins. Such transparency is the backbone of trust between AWS and our customers.
Certifications and Accreditations
Amazon Web Services has successfully completed a Statement on Auditing Standards No. 70 (SAS70) Type II Audit, and has obtained a favorable unbiased opinion from its independent auditors. SAS70 certifies that a service organization has had an in-depth audit of its controls (including control objectives and control activities), which in the case of AWS relates to operational performance and security to safeguard customer data. AWS will continue efforts to obtain the strictest of industry certifications in order to verify its commitment to provide a secure, world-class cloud computing environment.
In addition, the flexibility and customer control that the AWS platform provides permits the deployment of solutions that meet industry-specific certification requirements. For instance, customers have built HIPAA-compliant healthcare applications on AWS.
Background Information
Delivering a secure cloud computing platform involves implementing numerous best practices for on-premise infrastructure as well as a host of additional considerations unique to a hosted infrastructure environment. The Amazon Web Services: Overview of Security Processes whitepaper will provide background information and an overview of the AWS philosophy in offering a secure cloud computing platform.
Amazon Web Services Overview of Security Processes whitepaper (pdf)
Security Credentials
AWS provides a number of ways for you to identify yourself and securely access your account. You can find the complete list of credentials that we support on the Security Credentials page under Your Account. We also provide two additional security options that enable you to further protect your account and control access: Multi-Factor Authentication and Key Rotation.
AWS Multi-Factor Authentication (AWS MFA)
AWS Multi-Factor Authentication (AWS MFA) is an additional layer of security that offers enhanced control over your AWS account settings. When you enable this opt-in account feature, you’ll need to provide a six-digit single-use code in addition to your standard AWS account credentials before access is granted to your AWS account settings. You get this single use code from an authentication device that you keep in your physical possession. This is called Multi-Factor Authentication because two factors are checked before access is granted to your account: you need to provide both your Amazon email-id and password (the first “factor”: something you know) AND the precise code from your authentication device (the second “factor”: something you have).
It is easy to obtain an authentication device from a participating third party provider and to set it up for use via the AWS website. More information about multi-factor authentication is available here.
Key Rotation
For the same reasons as it is important to change your password frequently, AWS recommends that you rotate your access keys and certificates on a regular basis. To let you do this without potential impact to your applications’ availability, AWS supports multiple concurrent access keys and certificates. With this feature, you can rotate keys and certificates into and out of operation on a regular basis without any downtime to your application. This can help to mitigate risk from lost or compromised access keys or certificates.
To learn more about this feature or to begin using key rotation, click here.
©2010, Amazon Web Services LLC or its affiliates. All rights reserved.
