AWS Compute Blog

Category: Security, Identity, & Compliance

Integrating AWS WAF with your Amazon Lightsail instance

This blog post is written by Riaz Panjwani, Solutions Architect, Canada CSC and Dylan Souvage, Solutions Architect, Canada CSC. Security is the top priority at AWS. This post shows how you can level up your application security posture on your Amazon Lightsail instances with an AWS Web Application Firewall (AWS WAF) integration. Amazon Lightsail offers […]

AWS Nitro Enclaves uses the proven isolation of the Nitro Hypervisor to further isolate the CPU and memory of the Nitro Enclaves from users, applications, and libraries on the parent instance.

Validating attestation documents produced by AWS Nitro Enclaves

This blog post is written by Paco Gonzalez Senior EMEA IoT Specialist SA. AWS Nitro Enclaves offers an isolated, hardened, and highly constrained environment to host security-critical applications. Think of AWS Nitro Enclaves as regular Amazon Elastic Compute Cloud (Amazon EC2) virtual machines (VMs) but with the added benefit of the environment being highly constrained. […]

Secure Connectivity from Public to Private: Introducing EC2 Instance Connect Endpoint

This blog post is written by Ariana Rahgozar, Solutions Architect, and Kenneth Kitts, Sr. Technical Account Manager, AWS. Imagine trying to connect to an Amazon Elastic Compute Cloud (Amazon EC2) instance within your Amazon Virtual Private Cloud (Amazon VPC) over the Internet. Typically, you’d first have to connect to a bastion host with a public […]

AWS Nitro System gets independent affirmation of its confidential compute capabilities

Anthony Liguori is an AWS VP and Distinguished Engineer for EC2. Customers around the world trust AWS to keep their data safe, and keeping their workloads secure and confidential is foundational to how we operate. Since the inception of AWS, we have relentlessly innovated on security, privacy tools, and practices to meet, and even exceed, […]

Figure 1 Landing Zones Accelerator Local Zones workload on AWS high level Architecture

Best Practices for managing data residency in AWS Local Zones using landing zone controls

This blog post is written by Abeer Naffa’, Sr. Solutions Architect, Solutions Builder AWS, David Filiatrault, Principal Security Consultant, and Jared Thompson Hybrid Edge SA Specialist. In this post, we discuss how you can leverage AWS Control Tower landing zone and AWS Organizations custom policies – guardrails – at the root level, known as Service […]

Figure 4 An example workflow for a EC2 Image Builder Cascading Pipelines

Implementing up-to-date images with automated EC2 Image Builder pipelines

This blog post is written by Devin Gordon, Senior Solutions Architect, WWPS, and Brad Watson, Senior Solutions Architect, WWPS. Amazon EC2 Image Builder is a service designed to simplify the creation and deployment of customized Virtual Machine (VM) and container images on AWS or on-premises. The posts Automate OS Image Build Pipelines with EC2 Image […]

ICYMI2023Q1

Serverless ICYMI Q1 2023

February 12, 2024: Amazon Kinesis Data Firehose has been renamed to Amazon Data Firehose. Read the AWS What’s New post to learn more. Welcome to the 21st edition of the AWS Serverless ICYMI (in case you missed it) quarterly recap. Every quarter, we share all the most recent product launches, feature enhancements, blog posts, webinars, […]

Figure 1 Landing Zone Accelerator Outposts workload on AWS high level Architecture

Architecting for data residency with AWS Outposts rack and landing zone guardrails

This blog post was written by Abeer Naffa’, Sr. Solutions Architect, Solutions Builder AWS, David Filiatrault, Principal Security Consultant, AWS and Jared Thompson, Hybrid Edge SA Specialist, AWS. In this post, we will explore how organizations can use AWS Control Tower landing zone and AWS Organizations custom guardrails to enable compliance with data residency requirements […]

Enabling Microsoft Defender Credential Guard on Amazon EC2

This blog post is written by Jason Nicholls, Principal Solutions Architect AWS. In this post we show you how to enable Windows Defender Credential Guard (Credential Guard) on Amazon Elastic Compute Cloud (Amazon EC2) running Microsoft Windows Server. Credential Guard, when enabled on Amazon EC2 Windows Instances protects sensitive user login information from being extracted […]

Securing Lambda Function URLs using Amazon Cognito, Amazon CloudFront and AWS WAF

This post is written by Madhu Singh (Solutions Architect), and Krupanidhi Jay (Solutions Architect). Lambda function URLs is a dedicated HTTPs endpoint for a AWS Lambda function. You can configure a function URL to have two methods of authentication: IAM and NONE. IAM authentication means that you are restricting access to the function URL (and […]