AWS Security Blog

AWS Organizations now available in the AWS GovCloud (US) Regions for central governance and management of AWS accounts

AWS Organizations is now available in the AWS GovCloud (US) Regions, enabling you to centrally govern and manage your AWS GovCloud (US) accounts. AWS Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts. Using AWS Organizations, you can: Define organization-wide permission guardrails to establish controls […]

Read More

Trimming AWS WAF logs with Amazon Kinesis Firehose transformations

In an earlier post, Enabling serverless security analytics using AWS WAF full logs, Amazon Athena, and Amazon QuickSight, published on March 28, 2019, the authors showed you how to stream WAF logs with Amazon Kinesis Firehose for visualization using QuickSight. This approach used no filtering of the logs so that you could visualize the full […]

Read More

AWS Security Profiles: CJ Moses, Deputy CISO and VP of Security Engineering

We recently sat down with CJ Moses, Deputy, Chief Information Security Officer (CISO), to learn about his day-to-day as a cybersecurity executive. He also shared more about his passion for racecar driving and why AWS is partnering with the SRO GT World Challenge America series this year. How long have you been with AWS, and […]

Read More

AWS Security Profiles: Olivier Klein, Head of Emerging Technologies in the APAC region

Leading up to AWS Summit Singapore, we’re sharing our conversation with keynote speaker Olivier Klein about his work with emerging technology and about the overlap between “emerging technology” and “cloud security.” You’re the “Head of Emerging Technologies in the APAC region” on your team at AWS. What kind of work do you do? I continuously […]

Read More

Provable security podcast: automated reasoning’s past, present, and future with Moshe Vardi

AWS just released the first podcast of a new miniseries called Provable Security: Conversations on Next Gen Security. We published a podcast on provable security last fall, and, due to high customer interest, we decided to bring you a regular peek into this AWS initiative. This series will explore the unique intersection between academia and […]

Read More

AWS Security releases IoT security whitepaper

We’ve published a whitepaper, Securing Internet of Things (IoT) with AWS, to help you understand and address data security as it relates to your IoT devices and the data generated by them. The whitepaper is intended for a broad audience who is interested in learning about AWS IoT security capabilities at a service-specific level and […]

Read More
Architecture diagram

How to run AWS CloudHSM workloads on Docker containers

AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. Your HSMs are part of a CloudHSM cluster. CloudHSM automatically manages synchronization, high availability, and […]

Read More

New whitepaper: Achieving Operational Resilience in the Financial Sector and Beyond

AWS has released a new whitepaper, Amazon Web Services’ Approach to Operational Resilience in the Financial Sector and Beyond, in which we discuss how AWS and customers build for resiliency on the AWS cloud. We’re constantly amazed at the applications our customers build using AWS services — including what our financial services customers have built, […]

Read More

Enabling serverless security analytics using AWS WAF full logs, Amazon Athena, and Amazon QuickSight

Traditionally, analyzing data logs required you to extract, transform, and load your data before using a number of data warehouse and business intelligence tools to derive business intelligence from that data—on top of maintaining the servers that ran behind these tools. This blog post will show you how to analyze AWS Web Application Firewall (AWS […]

Read More

How to use service control policies to set permission guardrails across accounts in your AWS Organization

AWS Organizations provides central governance and management for multiple accounts. Central security administrators use service control policies (SCPs) with AWS Organizations to establish controls that all IAM principals (users and roles) adhere to. Now, you can use SCPs to set permission guardrails with the fine-grained control supported in the AWS Identity and Access Management (IAM) […]

Read More