AWS Security Blog

Category: AWS Lambda

How to Create an AWS IAM Policy to Grant AWS Lambda Access to an Amazon DynamoDB Table

When managing your AWS resources, you often need to grant one AWS service access to another to accomplish tasks. For example, you could use an AWS Lambda function to resize, watermark, and postprocess images, for which you would need to store the associated metadata in Amazon DynamoDB. You also could use Lambda, Amazon S3, and […]

Read More

How to Visualize and Refine Your Network’s Security by Adding Security Group IDs to Your VPC Flow Logs

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. August 31, 2020: The directions in this blog post for how to create an Amazon ES cluster have been updated. February 28, 2019: The features and services described in this post have changed since the post was published and the […]

Read More

Register for and Attend This March 2 Webinar—Using AWS WAF and Lambda for Automatic Protection

Update: The video and slides from the webinar are now available. As part of the AWS Webinar Series, AWS will present Using AWS WAF and Lambda for Automatic Protection on Wednesday, March 2. This webinar will start at 10:00 A.M. and end at 11:00 A.M. Pacific Time (UTC-8). AWS WAF Software Development Manager Nathan Dye […]

Read More

How to Configure Rate-Based Blacklisting with AWS WAF and AWS Lambda

Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   One security challenge you may have faced is how to prevent your web servers from being flooded by unwanted requests, or scanning tools such as bots and […]

Read More

How to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda

Note from April 1, 2021: Before implementing the steps in this blog post, please request an EC2 limit increase for “rules per security group.” Ask for 220 rules per security group in the AWS Region where your security groups will be. Note from December 3, 2019: The features and services described in this post have […]

Read More

How to Receive Alerts When Specific APIs Are Called by Using AWS CloudTrail, Amazon SNS, and AWS Lambda

Let’s face it—not all APIs were created equal. For example, you may be really interested in knowing when any of your Amazon EC2 instances are terminated (ec2:TerminateInstance), but less interested when an object is put in an Amazon S3 bucket (s3:PutObject). In this example, you can delete an object, but you can’t bring back that […]

Read More