A Retrospective of 2013

We established the Security Blog in April 2013 to provide you with guidance, best practices, and technical walk-throughs to help increase the security of your AWS account and better achieve compliance. Hopefully you have been able to read all of the posts published in 2013, but in case you’ve missed a few, here is an index of our in-depth posts:

IAM

We posted a mixture of prescriptive guidance and detailed explanations about released Identity and Access Management features and best practices geared towards practitioners.

• Where’s my secret access key?
• A safer way to distribute AWS credentials to EC2
• IAM policies and Bucket Policies and ACLs! Oh My! (Controlling Access to S3 Resources)
• Guidelines for when to use Accounts, Users, and Groups
• How to rotate access keys for IAM users
• Improve the security of your AWS account in less than 5 minutes
• Securing access to AWS using MFA – Part I
• Securing access to AWS using MFA – Part 2
• Securing access to AWS using MFA – Part 3

Policies and Permissions

IAM policies and permissions are powerful tools for authorization.  Therefore, we focused a number of articles to help you fully realize the potential of IAM.  There were also a number of announcements by services teams about supporting resource-level permissions.

• Generating IAM Policies in Code
• Writing IAM Policies: How to grant access to an Amazon S3 bucket
• IAM policies and Bucket Policies and ACLs! Oh My! (Controlling Access to S3 Resources)
• Resource-level Permissions for EC2 – Controlling Management Access on Specific Instances
• Announcement: Resource Permissions for additional EC2 API actions
• Amazon EC2 Resource-Level Permissions for RunInstances
• Announcing New IAM Policy Simulator
• A primer on RDS resource-level permissions
• Announcing resource-level permissions for AWS OpsWorks

Identity Federation

AWS launched three identity federation features and also made several smaller announcements. The Security Blog published several posts that described the benefits of these new features and provided details about setting them up.

• Delegating API Access to AWS Services Using IAM Roles
• Enabling Federation to AWS using Windows Active Directory, ADFS, and SAML 2.0
• New AWS web identity federation supports Amazon.com, Facebook, and Google identities
• Understanding the API options for securely delegating access to your AWS account
• AWS CloudFormation now supports federated users and temporary security credentials
• New playground app to explore web identity federation with Amazon, Facebook, and Google

Encryption

Although there weren’t as many posts about encryption as some of the other categories, these two were in the top ten of the most popular posts of the year:

• Encrypting data in Amazon S3
• AWS CloudHSM Use Cases (Part One of the AWS CloudHSM Series)

Compliance

There were a number of great posts about compliance in the cloud.  Some of the most popular were:

• Auditing Security Checklist for AWS Now Available
• 2013 PCI Compliance Package available now
• New Whitepaper: AWS Cloud Security Best Practices
• AWS Achieves First FedRAMP(SM) Agency ATOs

Other

Although most of the posts are geared towards best practices and prescriptive guidance, several important topics related to AWS Security also found their way into the blog.  Two were partner related and the other two were references to other security related material published and distributed in different venues.

• Controlling network access to EC2 instances using a bastion server
• Recap of re:Invent Sessions
• Credentials Best Practices on the AWS Java Developers Blog
• CloudBerry Active Directory Bridge for Authenticating non-AWS AD Users to S3
• Analyzing OS-Related Security Events on EC2 with SplunkStorm

2013 was a great year for the Security Blog, and we look forward to an even better one in 2014.  Stay abreast of upcoming content by following us on Twitter or through the RSS feed.  And don’t hesitate to comment on any of the posts!  We are always looking for a good dialogue.

– Jim