AWS Security Blog

AWS GDPR Data Processing Addendum – Now Part of Service Terms

Today, we’re happy to announce that the AWS GDPR Data Processing Addendum(.pdf) is now part of our online Service Terms. This means all AWS customers globally can rely on the terms of the AWS GDPR DPA which will apply automatically from May 25, 2018, whenever they use AWS services to process personal data under the GDPR. The AWS […]

Read More

An easier way to control access to AWS resources by using the AWS organization of IAM principals

AWS Identity and Access Management (IAM) now makes it easier for you to control access to your AWS resources by using the AWS organization of IAM principals (users and roles). For some services, you grant permissions using resource-based policies to specify the accounts and principals that can access the resource and what actions they can […]

Read More

The AWS Shared Responsibility Model and GDPR

The EU’s General Data Protection Regulation (GDPR) describes data processor and data controller roles, and some customers and AWS Partner Network (APN) partners are asking how this affects the long-established AWS Shared Responsibility Model. I wanted to take some time to help folks understand shared responsibilities for us and for our customers in context of […]

Read More

Spring 2018 AWS SOC Reports are Now Available with 11 Services Added in Scope

Since our last System and Organization Control (SOC) audit, our service and compliance teams have been working to increase the number of AWS Services in scope prioritized based on customer requests. Today, we’re happy to report 11 services are newly SOC compliant, which is a 21 percent increase in the last six months. With the […]

Read More

How AWS Meets a Physical Separation Requirement with a Logical Separation Approach

We have a new resource available to help you meet a requirement for physically-separated infrastructure using logical separation in the AWS cloud. Our latest guide, Logical Separation: An Evaluation of the U.S. Department of Defense Cloud Security Requirements for Sensitive Workloads outlines how AWS meets the U.S. Department of Defense’s (DoD) stringent physical separation requirement by […]

Read More

How to use Amazon AppStream 2.0 to reduce your bastion host attack surface

To help protect their assets, many security-conscious enterprises require their system administrators to go through a “bastion” (or “jump”) host to gain administrative access to backend systems in protected or sensitive network segments. A bastion host is a special-purpose instance that hosts a minimal number of administrative applications, such as RDP for Windows or Putty […]

Read More

How to Use AWS Config to Monitor for and Respond to Amazon S3 Buckets Allowing Public Access

AWS Config enables continuous monitoring of your AWS resources, making it simple to assess, audit, and record resource configurations and changes. AWS Config does this through the use of rules that define the desired configuration state of your AWS resources. AWS Config provides a number of AWS managed rules that address a wide range of […]

Read More

How to Eliminate the Need for Hardcoded AWS Credentials in Devices by Using the AWS IoT Credentials Provider

The Internet of Things (IoT) has precipitated to an influx of connected devices and data that can be mined to gain useful business insights. If you own an IoT device, you might want the data to be uploaded seamlessly from your connected devices to the cloud so that you can make use of cloud storage […]

Read More

Enhanced Domain Protections for Amazon CloudFront Requests

Over the coming weeks, we’ll be adding enhanced domain protections to Amazon CloudFront. The short version is this: the new measures are designed to ensure that requests handled by CloudFront are handled on behalf of legitimate domain owners. Using CloudFront to receive traffic for a domain you aren’t authorized to use is already a violation […]

Read More