AWS Compute Blog

Category: Security

AWS Nitro Enclaves uses the proven isolation of the Nitro Hypervisor to further isolate the CPU and memory of the Nitro Enclaves from users, applications, and libraries on the parent instance.

Validating attestation documents produced by AWS Nitro Enclaves

This blog post is written by Paco Gonzalez Senior EMEA IoT Specialist SA. AWS Nitro Enclaves offers an isolated, hardened, and highly constrained environment to host security-critical applications. Think of AWS Nitro Enclaves as regular Amazon Elastic Compute Cloud (Amazon EC2) virtual machines (VMs) but with the added benefit of the environment being highly constrained. […]

AWS Nitro System gets independent affirmation of its confidential compute capabilities

Anthony Liguori is an AWS VP and Distinguished Engineer for EC2. Customers around the world trust AWS to keep their data safe, and keeping their workloads secure and confidential is foundational to how we operate. Since the inception of AWS, we have relentlessly innovated on security, privacy tools, and practices to meet, and even exceed, […]

Figure 1 Landing Zones Accelerator Local Zones workload on AWS high level Architecture

Best Practices for managing data residency in AWS Local Zones using landing zone controls

This blog post is written by Abeer Naffa’, Sr. Solutions Architect, Solutions Builder AWS, David Filiatrault, Principal Security Consultant, and Jared Thompson Hybrid Edge SA Specialist. In this post, we discuss how you can leverage AWS Control Tower landing zone and AWS Organizations custom policies – guardrails – at the root level, known as Service […]

Figure 4 An example workflow for a EC2 Image Builder Cascading Pipelines

Implementing up-to-date images with automated EC2 Image Builder pipelines

This blog post is written by Devin Gordon, Senior Solutions Architect, WWPS, and Brad Watson, Senior Solutions Architect, WWPS. Amazon EC2 Image Builder is a service designed to simplify the creation and deployment of customized Virtual Machine (VM) and container images on AWS or on-premises. The posts Automate OS Image Build Pipelines with EC2 Image […]

Enabling Microsoft Defender Credential Guard on Amazon EC2

This blog post is written by Jason Nicholls, Principal Solutions Architect AWS. In this post we show you how to enable Windows Defender Credential Guard (Credential Guard) on Amazon Elastic Compute Cloud (Amazon EC2) running Microsoft Windows Server. Credential Guard, when enabled on Amazon EC2 Windows Instances protects sensitive user login information from being extracted […]

Image of airplanes with bounding boxes

Running AI-ML Object Detection Model to Process Confidential Data using Nitro Enclaves

This blog post was written by, Antoine Awad, Solutions Architect, Kevin Taylor, Senior Solutions Architect and Joel Desaulniers, Senior Solutions Architect. Machine Learning (ML) models are used for inferencing of highly sensitive data in many industries such as government, healthcare, financial, and pharmaceutical. These industries require tools and services that protect their data in transit, […]

Understanding VPC links in Amazon API Gateway private integrations

This post is written by Jose Eduardo Montilla Lugo, Security Consultant, AWS. A VPC link is a resource in Amazon API Gateway that allows for connecting API routes to private resources inside a VPC. A VPC link acts like any other integration endpoint for an API and is an abstraction layer on top of other […]

Getting Started with AWS Nitro Enclaves on Microsoft Windows

This post is written by Scott Malkie, Specialist Solutions Architect, EC2 AWS Nitro Enclaves, introduced in October 2020, are isolated compute environments. They leverage the power of the AWS Nitro System to provide isolation and attestation for sensitive data processing. Customers use Nitro Enclaves to isolate their data processing workloads, even from users with root […]

Evaluating access control methods to secure Amazon API Gateway APIs

This post is written by Bryant Bost, Cloud Application Architect. There is not a one-size-fits-all approach to access control for Amazon API Gateway. Properties of your application such as API type, identity provider, client access patterns, privacy requirements, and others influence the design of your access control solution. Understanding the types of access control available […]