Category: Advanced (300)

October 29, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. AWS Key Management Service (AWS KMS) now supports asymmetric keys. You can create, manage, and […]

February 19, 2024: You can now use IAM Access Analyzer to easily identify unused roles. Read this blog post to learn more. January 6, 2021: We updated this post to fix a bug related to allow listing noncompliant roles. January 6, 2020: We updated this post to reflect a valid STS session duration if configured […]

July 27, 2021: We’ve updated the link to the 2019 re:Invent session on this topic. Since it first launched over 10 years ago, the Amazon EC2 Instance Metadata Service (IMDS) has helped customers build secure and scalable applications. The IMDS solved a big security headache for cloud users by providing access to temporary, frequently rotated […]

January 30, 2024: The API in this blog post has been changed in newer version of the AWS CRT Client. See this page for more info. January 25, 2023: AWS KMS, ACM, Secrets Manager TLS endpoints have been updated to only support NIST’s Round 3 picked KEM, Kyber. s2n-tls and s2n-quic have also been updated […]

Feb 17, 2025: This blog post references AWS CloudHSM Client SDK 3, which is no longer the recommended version. AWS recommends that you use the latest version, AWS CloudHSM Client SDK 5, which provides updated functionality and commands. We are currently working on an updated blog post for CloudHSM Client SDK 5. See the AWS […]

July 2, 2025: The approach in this blog post is no longer required or recommended to manage SSH keys for EC2 Instances. We instead recommend using EC2 Instance Connect that uses AWS Identity and Access Management (IAM) policies and principals to control SSH access to your instances, removing the need to share and manage SSH […]

Feb 17, 2025: This blog post references AWS CloudHSM Client SDK 3, which is no longer the recommended version. AWS recommends that you use the latest version, AWS CloudHSM Client SDK 5, which provides updated functionality and commands. We are currently working on an updated blog post for CloudHSM Client SDK 5. See the AWS […]

May 12, 2025: We’ve updated the CloudFormation template to use a launch template instead of a launch configuration. November 16, 2020: We’ve updated the CloudFormation template and the launch stack URL used in this solution. July 24, 2019: We’ve added a link to a GitHub repository that contains the stack content for this solution. Controlling […]

April 29, 2022: This post has been updated based on working backwards from a customer need to securely allow access and use of Amazon RDS database credentials from a AWS Lambda function. In this blog post, we will show you how to use AWS Secrets Manager to secure your database credentials and send them to […]

December 5, 2019: We removed some information about ASP .NET projects that is no longer relevant. November 14, 2019: We updated the cache library code sample. AWS Secrets Manager now has a client-side caching library for.NET that makes it easier to access secrets from .NET applications. This is in addition to client-side caching libraries for […]