AWS Security Blog

AWS awarded PROTECTED certification in Australia

The Australian Cyber Security Centre (ACSC) has awarded PROTECTED certification to AWS for 42 of our cloud services. This is the highest data security certification available in Australia for cloud service providers, and AWS offers the most PROTECTED services of any public cloud service provider. You will find AWS on the ACSC’s Certified Cloud Services […]

Read More

Signing executables with Microsoft SignTool.exe using AWS CloudHSM-backed certificates

Code signing is the process of digitally signing executables and scripts to confirm the software author and to demonstrate that the code has not been altered or corrupted since it was signed. Packaged software uses branding and trusted sales outlets to assure users of its integrity, but these guarantees are not available when code is […]

Read More

Alerting, monitoring, and reporting for PCI-DSS awareness with Amazon Elasticsearch Service and AWS Lambda

Logging account activity within your AWS infrastructure is paramount to your security posture and could even be required by compliance standards such as PCI-DSS (Payment Card Industry Security Standard). Organizations often analyze these logs to adapt to changes and respond quickly to security events. For example, if users are reporting that their resources are unable […]

Read More

How to automate SAML federation to multiple AWS accounts from Microsoft Azure Active Directory

You can use federation to centrally manage access to multiple AWS accounts using credentials from your corporate directory. Federation is the practice of establishing trust between a system acting as an identity provider and other systems, often called service providers, that accept authentication tokens from that identity provider. Amazon Web Services (AWS) supports open federation […]

Read More
Author

AWS Security Profiles: Akihiro Umegai, Japan Lead, Office of the CISO

In the weeks leading up to the Solution Days event in Tokyo, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been with AWS, and what is your […]

Read More

Add a layer of security for AWS SSO user portal sign-in with context-aware email-based verification

If you’re an IT administrator of a growing workforce, your users will require access to a growing number of business applications and AWS accounts. You can use AWS Single Sign-On (AWS SSO) to create and manage users centrally and grant access to AWS accounts and business applications, such as such Salesforce, Box, and Slack. When […]

Read More
Author

AWS Security profiles: Michael South, Principal Business Development Manager for Security Acceleration

In the weeks leading up to the Solution Days event in Tokyo, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you […]

Read More

New AWS services launch with HIPAA, PCI, ISO, and SOC – a company first

Our security culture is one of the things that sets AWS apart. Security is job zero — it is the foundation for all AWS employees and impacts the work we do every day, across the company. And that’s reflected in our services, which undergo exacting internal and external security reviews before being released. From there, […]

Read More

How to use AWS WAF to filter incoming traffic from embargoed countries

AWS WAF provides inline inspection of inbound traffic at the application layer to detect and filter against critical web application security flaws from common web exploits that could affect application availability, compromise security, or consume excessive resources. The inbound traffic is inspected against web access control list (web ACL) rules that you can create manually […]

Read More

How to centralize and automate IAM policy creation in sandbox, development, and test environments

To keep pace with AWS innovation, many customers allow their application teams to experiment with AWS services in sandbox environments as they move toward production-ready architecture. These teams need timely access to various sets of AWS services and resources, which means they also need a mechanism to help ensure least privilege is granted. In other […]

Read More