Tag: AWS IAM

With the recent launch of AWS Identity and Access Management (IAM) session tags, customers can simplify fine-grained access to Amazon Web Services (AWS) resources by using attributes from their own corporate directories in permissions rules. Enterprise customers frequently manage their workforce identities (the “who”) using an identity provider (IdP) such as PingFederate or PingOne for Enterprise by Ping Identity.

Automation is becoming more and more critical to organizations needing to manage and govern cloud infrastructure. Cloud Conformity’s auto-remediation tool helps to alleviate security and compliance concerns by using AWS Lambda to fix any non-compliant resources within your AWS account. Cloud Conformity is an assurance and governance tool that continuously monitors one or more AWS services based on AWS Well-Architected best practices.

It can be overwhelming for organizations to keep pace with the amount of data being generated by machines every day. There’s a great deal of meaningful information that can be extracted from data, but companies need software vendors to develop tools that help. In this post, learn about Splunk SmartStore and how it helps customers to reduce storage cost in a Splunk deployment on AWS. Many customers are using SmartStore to reduce the size of Amazon EBS volumes and moving data to Amazon S3.

Security isn’t always top of mind for developers because it can slow down software releases. HashiCorp Vault helps eliminate much of the security burden developers experience while trying to comply with security team requirements. Vault was built to address the difficult task of passing sensitive data to users and applications without it being compromised. Within Vault, all transactions are token-based, which limits potential malicious activity, and provides greater visibility into whom and what is accessing that information.

Enterprises migrating to AWS with multiple applications and distributed teams often lack centralized governance, management, or security systems. With AWS Landing Zone, you can configure and provision a secure, scalable, automated, multi-account AWS environment aligned with AWS best practices without existing resources. It gives you granular, centralized control over your cloud workloads, with a consistent level of security and compliance across all accounts.

DevOps staff in many organizations are one misconfiguration away from compromising their AWS resources to attackers as they migrate to and grow their adoption of existing and new AWS services. In this post, AWS Security Partner Cavirin proposes “Closed Loop Security” based on unifying proactive and reactive risk signals as a key strategy for DevOps staff to protect their AWS infrastructure from misconfigurations and vulnerabilities.

To gain the insights needed to fuel business growth, organizations need to collect more data and do more with it. That’s where a data lake can help—it’s a repository that holds a large amount of raw data in its native (structured or unstructured) format until that data is needed, enabling you to accommodate virtually any use case. Check out Cloudwick’s Data Lake Foundation on AWS Quick Start, and then drill down a bit deeper into the workings and value of the data catalog.

Identity is a fundamental design decision that software as a service (SaaS) architects must consider when developing a multi-tenant system. Developers who are building SaaS applications must be able to identify a user, the tenant associated with the user, the user’s permissions, and the relationship a tenant has with the provider, such as usage plan or tier. In this post for SaaS Technology Partners, I will explore how to architect a multi-tenant system and identify tenant context and role using Amazon Cognito.

APN Partners new to managed services often have questions about how to protect their customers from social engineering attacks and how to best test themselves to meet APN Program requirements. In the same way a traditional MSP is responsible for the physical security of your datacenter, a next-gen MSP is a customer’s trusted resource for helping maintain their portion of the Shared Responsibility Model. Instead of physical keys, the MSP is their customer’s gatekeepers into the cloud.

AWS Partner Solutions Architects highlight offerings from APN Technology Partners. Cesanta provides streamlined tools that simplify the onboarding process and unblocks developers. GorillaStack enables customers to apply simple rules to managing cloud resources across all AWS accounts and regions. GuardiCore offers the Centra Security Platform to help bridge the gaps of customers’ security configuration in the AWS cloud.