Category: Security, Identity, & Compliance

AWS IAM Roles Anywhere allow you to use identity and access management roles to obtain temporary credentials for workloads outside AWS. This minimizes exposed credentials, enables centralized access controls with AWS IAM, and provides granular permissions to virtual machines. Explore common use cases for using IAM Roles Anywhere for your workloads running on VMware Cloud on AWS and the relevant setup process on a virtual machine in VMware Cloud on AWS.

For applications running outside AWS, developers often create IAM users with long-lived credentials which can increase security risks. Instead, learn how to integrate AWS IAM Web Identity Roles with Microsoft Entra ID for centralized user management. This post walks through manual setup steps to register an app in Entra ID and create a role in AWS, and describes an automated architecture to synchronize Entra ID service principals and AWS roles.

AWS customers can run Kubernetes on managed services like Amazon EKS or self-managed options. To secure these environments, Red Hat Advanced Cluster Security for Kubernetes (RHACS) detects vulnerabilities and policy violations. Its findings can be sent to AWS Security Hub which aggregates security issues across AWS services. This post walks through installing RHACS on Red Hat OpenShift Service on AWS, creating policies in RHACS, and integrating with Security Hub to view findings.

Industrial IoT adoption is increasing the connectivity of operational technology to IT systems, necessitating better visibility into assets. Claroty Edge on AWS Snowcone enables asset discovery to build an accurate inventory and identify vulnerabilities. Combined with Claroty xDome, this provides comprehensive IT/OT asset management and vulnerability insights. xDome integrates with AWS Security Hub to simplify deploying asset visibility and enable organizations to defend and secure their connected environments.

Complying with FedRAMP poses challenges for DevOps teams, including slower deployment speeds, process overhead, and complex AWS GovCloud requirements. To optimize velocity while maintaining compliance, organizations can shift security controls left, automate workflows, and architect secure in-boundary pipelines. With the proper frameworks, teams can increase deployment frequency and reduce change failure rates in FedRAMP environments.

AWS SaaS Factory and Skyflow break down what data residency is and why it’s often a barrier for businesses to scale globally. Explore how Skyflow Data Privacy Vault works and how it helps businesses overcome this barrier. To illustrate the practical application of this approach, we’ll highlight a customer story and real-world example of a company that successfully addressed its data residency needs with a scalable SaaS solution based on Skyflow Data Privacy Vault.

Crayon’s customizable landing zone accelerator automates setup of a secure, scalable AWS environment aligned to best practices. It establishes foundational accounts, applies baseline security controls, and integrates AWS services across the organization to drive cloud adoption for companies migrating to AWS while also improving governance for existing customers. Crayon guides customers through the landing zone build and subsequent workload migration, providing automation kits to speed deployments.

As cyber threats grow more sophisticated, real-time threat detection is critical for robust cloud security. AWS Partner Cloudanix leverages cloud infrastructure logs and machine learning to provide holistic, agentless monitoring across AWS environments. By analyzing activities and APIs in real-time, Cloudanix identifies threats and anomalies, alerts security teams, and recommends remediation steps. This enables rapid incident response, proactive security measures, and comprehensive visibility.

AWS PrivateLink allows customers to securely connect cloud and on-premises data sources to Alation’s data catalog without exposing traffic to the public internet. This integration provides private connectivity between the customer’s VPC and Alation Cloud Service and simplifies network architecture. Using PrivateLink with Alation enables organizations to build a catalog of metadata from selected data assets while maintaining compliance with security and regulatory requirements.

Kubernetes security is often approached in a fragmented way, separating build time, runtime, and infrastructure security. An interconnected security approach is essential, acknowledging relationships between build, runtime, and infrastructure. Cloudanix enables this through end-to-end integration, from build time image scanning to runtime threat monitoring, strengthening security posture by reducing attack surface, enhancing compliance, and empowering swift response.