AWS Security Blog

A Retrospective of 2013

We established the Security Blog in April 2013 to provide you with guidance, best practices, and technical walk-throughs to help increase the security of your AWS account and better achieve compliance. Hopefully you have been able to read all of the posts published in 2013, but in case you’ve missed a few, here is an index of our in-depth posts:


We posted a mixture of prescriptive guidance and detailed explanations about released Identity and Access Management features and best practices geared towards practitioners.

Policies and Permissions

IAM policies and permissions are powerful tools for authorization.  Therefore, we focused a number of articles to help you fully realize the potential of IAM.  There were also a number of announcements by services teams about supporting resource-level permissions.

Identity Federation

AWS launched three identity federation features and also made several smaller announcements. The Security Blog published several posts that described the benefits of these new features and provided details about setting them up.


Although there weren’t as many posts about encryption as some of the other categories, these two were in the top ten of the most popular posts of the year:


There were a number of great posts about compliance in the cloud.  Some of the most popular were:


Although most of the posts are geared towards best practices and prescriptive guidance, several important topics related to AWS Security also found their way into the blog.  Two were partner related and the other two were references to other security related material published and distributed in different venues.

2013 was a great year for the Security Blog, and we look forward to an even better one in 2014.  Stay abreast of upcoming content by following us on Twitter or through the RSS feed.  And don’t hesitate to comment on any of the posts!  We are always looking for a good dialogue.

– Jim