AWS Compute Blog

Category: Security, Identity, & Compliance

Centralizing security with Amazon API Gateway and cross-account AWS Lambda authorizers

This post courtesy of Diego Natali, AWS Solutions Architect Customers often have multiple teams working on APIs. They might have separate teams working on individual API functionality, and another handling secure access control. You can now use an AWS Lambda function from a different AWS account as your API integration backend. Cross-account Lambda authorizers allow […]

Read More

Maintaining Transport Layer Security all the way to your container part 2: Using AWS Certificate Manager Private Certificate Authority

This post contributed by AWS Senior Cloud Infrastructure Architect Anabell St Vincent and AWS Solutions Architect Alex Kimber. The previous post, Maintaining Transport Layer Security All the Way to Your Container, covered how the layer 4 Network Load Balancer can be used to maintain Transport Layer Security (TLS) all the way from the client to […]

Read More

Powering HIPAA-compliant workloads using AWS Serverless technologies

This post courtesy of Mayank Thakkar, AWS Senior Solutions Architect Serverless computing refers to an architecture discipline that allows you to build and run applications or services without thinking about servers. You can focus on your applications, without worrying about provisioning, scaling, or managing any servers. You can use serverless architectures for nearly any type […]

Read More

Control access to your APIs using Amazon API Gateway resource policies

This post courtesy of Tapodipta Ghosh, AWS Solutions Architect Amazon API Gateway provides you with a simple, flexible, secure, and fully managed service that lets you focus on building core business services. API Gateway supports multiple mechanisms of access control using AWS Identity and Access Management (IAM), AWS Lambda authorizers, and Amazon Cognito. You may […]

Read More

Protecting your API using Amazon API Gateway and AWS WAF — Part I

This post courtesy of Thiago Morais, AWS Solutions Architect When you build web applications or expose any data externally, you probably look for a platform where you can build highly scalable, secure, and robust REST APIs. As APIs are publicly exposed, there are a number of best practices for providing a secure mechanism to consumers […]

Read More

Extending Amazon Linux 2 with EPEL and Let’s Encrypt

This post courtesy of Jeff Levine Solutions Architect for Amazon Web Services Amazon Linux 2 is the next generation of Amazon Linux, a Linux server operating system from Amazon Web Services (AWS). Amazon Linux 2 offers a high-performance Linux environment suitable for organizations of all sizes. It supports applications ranging from small websites to enterprise-class, […]

Read More

Sharing Secrets with AWS Lambda Using AWS Systems Manager Parameter Store

This post courtesy of Roberto Iturralde, Sr. Application Developer- AWS Professional Services Application architects are faced with key decisions throughout the process of designing and implementing their systems. One decision common to nearly all solutions is how to manage the storage and access rights of application configuration. Shared configuration should be stored centrally and securely with […]

Read More

Serverless Automated Cost Controls, Part1

This post courtesy of Shankar Ramachandran, Pubali Sen, and George Mao In line with AWS’s continual efforts to reduce costs for customers, this series focuses on how customers can build serverless automated cost controls. This post provides an architecture blueprint and a sample implementation to prevent budget overruns. This solution uses the following AWS products: […]

Read More

Automating Security Group Updates with AWS Lambda

Customers often use public endpoints to perform cross-region replication or other application layer communication to remote regions. But a common problem is how do you protect these endpoints? It can be tempting to open up the security groups to the world due to the complexity of keeping security groups in sync across regions with a […]

Read More

Using Enhanced Request Authorizers in Amazon API Gateway

Recently, AWS introduced a new type of authorizer in Amazon API Gateway, enhanced request authorizers. Previously, custom authorizers received only the bearer token included in the request and the ARN of the API Gateway method being called. Enhanced request authorizers receive all of the headers, query string, and path parameters as well as the request […]

Read More