Category: Advanced (300)

AWS Firewall Manager is a powerful tool that organizations can use to define common AWS WAF rules with centralized security policies. These policies specify which accounts and resources are in scope. Firewall Manager creates a web access control list (web ACL) that adheres to the organization’s policy requirements and associates it with the in-scope resources. […]

January 23, 2025: We updated this post to clarify the definition of indirect prompt injection and provided a new example of indirect prompt injection. Generative AI applications have become powerful tools for creating human-like content, but they also introduce new security challenges, including prompt injections, excessive agency, and others. See the OWASP Top 10 for […]

March 18, 2025: This post was updated to include additional guidance around monitoring and detection. January 17, 2025: We updated this post to highlight the importance of using short-term credentials to mitigate the risk of unauthorized techniques such as the one detailed in this blog. At Amazon Web Services (AWS), the security of our customers’ […]

September 4, 2025:The Amazon CloudWatch Logs Insights query in this blog has been updated to reflect the current AWS CloudTrail log for an Amazon Cognito M2M token issue event. This CloudTrail event now includes the client ID for all M2M token requests by default. Amazon Cognito is a developer-centric and security-focused customer identity and access […]

As organizations continue their cloud journeys, effective data security in the cloud is a top priority. Whether it’s protecting customer information, intellectual property, or compliance-mandated data, encryption serves as a fundamental security control. This is where AWS Key Management Service (AWS KMS) steps in, offering a robust foundation for encryption key management on AWS. One […]

Amazon Web Services (AWS) is migrating to post-quantum cryptography (PQC). Like other security and compliance features in AWS, we will deliver PQC as part of our shared responsibility model. This means that some PQC features will be transparently enabled for all customers while others will be options that customers can choose to implement to help meet their […]

Retrieval-Augmented Generative (RAG) applications enhance the responses retrieved from large language models (LLMs) by integrating external data such as downloaded files, web scrapings, and user-contributed data pools. This integration improves the models’ performance by adding relevant context to the prompt. While RAG applications are a powerful way to dynamically add additional context to an LLM’s prompt […]

December 30, 2024: In response to customer feedback, we updated the effective date for the announced changes from January 13, 2025, to July 14, 2025, and clarified that these changes apply exclusively to IAM Identity Center CloudTrail events. We are streamlining AWS CloudTrail events for AWS IAM Identity Center, retaining only essential fields needed for […]

Amazon Web Services (AWS) customers use various AWS services to migrate, build, and innovate in the AWS Cloud. To align with compliance requirements, customers need to monitor, evaluate, and detect changes made to AWS resources. AWS Config continuously audits, assesses, and evaluates the configurations of your AWS resources. AWS Config rules continuously evaluate your AWS […]

Vulnerability management is a vital part of network, application, and infrastructure security, and its goal is to protect an organization from inadvertent access and exposure of sensitive data and infrastructure. As part of vulnerability management, organizations typically perform a risk assessment to determine which vulnerabilities pose the greatest risk, evaluate their impact on business goals […]