AWS Government, Education, & Nonprofits Blog

What’s New for AWS Security & Compliance Services from re:Invent 2016

At this year’s re:Invent conference in Las Vegas, AWS made several security and compliance-related service availability announcements important to our public sector customers, including: AWS Shield, AWS Organizations, EC2 Systems Manager, enhancements to AWS Cloud Trail, and AWS Artifact.

AWS Shield

AWS Shield is a new managed service that protects your web applications against DDoS (Distributed Denial of Service) attacks. It works in conjunction with Elastic Load Balancing, Amazon CloudFront, and Amazon Route 53 to protect you from DDoS attacks of many types, shapes, and sizes. There are two tiers of service:

  • AWS Shield Standard is available to all AWS customers at no extra cost. It protects you from 96% of the most common attacks today, including SYN/ACK floods, Reflection attacks, and HTTP slow reads. This protection is applied automatically and transparently to your Elastic Load Balancers, CloudFront distributions, and Route 53 resources.
  • AWS Shield Advanced provides additional DDoS mitigation capability for volumetric attacks, intelligent attack detection, and mitigation for attacks at the application and network layers. You get 24×7 access to our DDoS Response Team (DRT) for custom mitigation during attacks, advanced real-time metrics and reports, and DDoS cost protection to guard against bill spikes in the aftermath of a DDoS attack.

AWS Organizations

Many nonprofits, governments, and educational institutions have more than one AWS account. AWS Organizations is a new service that makes it easy for you to manage multiple accounts by creating groupings. You can use these groupings to organize your AWS accounts by application, environment, team, or any other grouping that makes sense for your department. AWS Organizations then lets you apply organization control policies to the groupings, making it easier to centralize management of security and automation settings for all of your accounts.

EC2 Systems Manager

EC2 Systems Manager helps you easily understand and control the current state of your EC2 instance and OS configurations. With EC2 Systems Manager, you can collect software configuration and inventory information about your fleet of instances and the software installed on them. You can track detailed system configuration, OS patch levels, application configurations, and other details about your deployment. Integration with AWS Config lets you easily view changes as they occur over time.

EC2 Systems Manager helps keep your systems compliant with your defined configuration policies. You can define patch baselines, maintain up-to-date anti-virus definitions, and enforce firewall policies.  With EC2 Systems Manager, you can maintain software compliance and improve your security posture.

AWS CloudTrail

Visibility into computing events is a key security best practice. AWS CloudTrail now supports Amazon S3 Data Events to enhance greater visibility into object-level activity on their data stored in Amazon Simple Storage Service (S3)AWS CloudTrail for Amazon S3 Data Events can let you know when a particular IAM user accesses sensitive information stored in a specific part of an S3 bucket. You can now record all API actions on S3 Objects and receive detailed information, such as the AWS account of the caller, IAM user role of the caller, time of the API call, IP address of the API, and other details.

AWS Artifact

AWS now offers AWS Artifact to assist you with demonstrating security and compliance of your AWS infrastructure and services to your auditors or regulators. AWS Artifact is a no-cost, self-service audit report and certification retrieval portal in the AWS Management Console that gives AWS customers on-demand access to AWS compliance reports.

To document the current and historical compliance of AWS infrastructure and services, many AWS customers provide compliance reports—including those for ISOSOC, and PCI—to their auditors or regulators. You can now sign into the AWS Management Console on your computer or mobile phone, and pull relevant reports in minutes. You can also give auditors and regulators direct access to one or more AWS compliance reports using AWS Identity and Access Management (IAM) permissions. You can access the AWS Artifact portal directly from the AWS Management Console.

We will continue to highlight the new announcements released at re:Invent in the coming weeks for our government, education, and nonprofit communities. Keep checking back in for our round ups!