A Recap of the AWS Security Blog in 2014

The goal of the AWS Security blog is to provide you with guidance, best practices, and technical walkthroughs covering new service launches or topics such as how to help increase the security of your AWS account or better achieve your compliance goals. As we welcome 2015, we want to make sure that you did not miss any of the posts from 2014. This blog post includes a complete, categorized list of the AWS Security Blog posts published in 2014. 

IAM

In 2014, we redesigned the AWS Identity and Access Management (IAM) console and launched a host of other features to enhance your experience of using IAM, such as an at-a-glance view of last AWS sign-in, and sign-in events logged to CloudTrail. The following posts detail the various launches and new IAM features:

• A Simple Way to Export Your IAM Settings
• New in the IAM console: at a glance view of last AWS sign in
• Amazon CloudSearch: Now with More Granular Access Control for Domains
• Introducing the Redesigned IAM Console
• AWS CloudTrail Now Logs AWS Management Console Sign-In Events
• Enhanced IAM Capabilities for the AWS Billing Console
• A Convenient New Hardware MFA Form Factor
• How to enable cross-account access to the AWS Management Console
• Important change to how you manage your AWS account’s access keys
• IAM User Sign-in Page Changes
• Coming soon! An important change to how you manage your AWS account’s access keys
• How do I protect cross-account access using MFA?

Policies and permissions

In 2014, we posted in detail about how to use the IAM policy language and create IAM policies for specific tasks:

• Back to School: Understanding the IAM Policy Grammar
• Granting Permission to Launch EC2 Instances with IAM Roles (PassRole Permission)
• With new ELB permissions, support for IAM in AWS is going strong
• Granting Users Permission to Work in the Amazon EC2 Console
• Demystifying EC2 Resource-Level Permissions
• An In-Depth Look at the IAM Policy Simulator

Identity federation

In 2014, we added support for more AWS services to use federation and also introduced new features in identity federation. We published detailed blog posts about using these features:

• Federated Users Can Now Access the AWS Support Center
• Easier Role Selection for SAML-Based Single Sign-On
• Building an App using Amazon Cognito and an OpenID Connect Identity Provider
• New in AWS Elastic Beanstalk: Support for Federation and Instance Profiles
• How Does Amazon Cognito Relate to Existing Web Identity Federation?
• New in Amazon EMR: Support for Federated Users
• Federating Identity Management at Netflix with OneLogin
• How to use Shibboleth for single sign-on to the AWS Management Console
• Use AWS CloudFormation to configure Web Identity Federation

Encryption

With the launch of EBS Encryption in May 2014 and AWS Key Management Service (KMS) in November 2014, we’ve provided more features to help you manage your encryption keys in AWS:

• Amazon Elastic Transcoder Now Supports Media File Encryption
• A new way to encrypt your data and manage encryption keys using AWS Key Management Service
• Benefits of a Key Hierarchy with a Master Key (Part Two of the AWS CloudHSM Series)
• Some AWS SDKs security features you should know about
• Encryption for EBS volumes can help you with security and compliance

Compliance

We published a number of posts in 2014 to help you better understand how to maintain security and data protection in AWS to achieve compliance:

• AWS GovCloud Earns DoD CSM Level 3-5 Provisional Authorization
• New IAM Features: Enhanced Password Management and Credential Reports
• Redshift – FedRAMP AWS Security Blog Announcement
• AWS Secures DoD Provisional Authorization
• New Whitepaper: Security at Scale: Logging in AWS
• Tracking Federated User Access to Amazon S3 and Best Practices for Protecting Log Data

Other

We also addressed other security topics on the blog, ranging from posts about security best practices for using AWS services to AWS announcements:

• 2014 re:Invent Roundup
• Don’t Forget to Enable Access to the Billing Console!
• Sharing AWS CloudTrail Log Files Between Accounts
• In Case You Missed Them: Some Recent Security Enhancements in AWS
• A New and Standardized Way to Manage Credentials in the AWS SDKs
• Want help with securing your AWS account? Here are some resources.
• Securely connect to Linux instances running in a private Amazon VPC
• What to Do If You Inadvertently Expose an AWS Access Key
• AWS Security and CVE-2014-0160 (“Heartbleed”)
• Read what others recommend for IAM best practices
• High Availability IAM Design Patterns
• Dilbert Learns to Set Up Temporary Credentials
• An Instructive Tale about Using IAM Best Practices

We’d love to hear from you so that we can write posts about security topics that are of the most interest to you. You can follow us on Twitter, subscribe to our RSS feed to get the latest content from this blog, or join the conversations on the IAM forum. And keep those comments about our posts coming in!

– Sree