AWS Security Blog

Category: Intermediate (200)

Approaches to meeting Australian Government gateway requirements on AWS

Australian Commonwealth Government agencies are subject to specific requirements set by the Protective Security Policy Framework (PSPF) for securing connectivity between systems that are running sensitive workloads, and for accessing less trusted environments, such as the internet. These agencies have often met the requirements by using some form of approved gateway solution that provides network-based […]

Read More

Creating a notification workflow from sensitive data discover with Amazon Macie, Amazon EventBridge, AWS Lambda, and Slack

Following the example of the EU in implementing the General Data Protection Regulation (GDPR), many countries are implementing similar data protection laws. In response, many companies are forming teams that are responsible for data protection. Considering the volume of information that companies maintain, it’s essential that these teams are alerted when sensitive data is at […]

Read More

Use EC2 Instance Connect to provide secure SSH access to EC2 instances with private IP addresses

In this post, I show you how to use Amazon EC2 Instance Connect to use Secure Shell (SSH) to securely access your Amazon Elastic Compute Cloud (Amazon EC2) instances running on private subnets within an Amazon Virtual Private Cloud (Amazon VPC). EC2 Instance Connect provides a simple and secure way to connect to your EC2 […]

Read More

Use ACM Private CA for Amazon API Gateway Mutual TLS

May 14, 2021: Under the section “Retrieving your ACM Private CA root CA certificate public key,” in step 1, we updated the command to include an input at the end. Last year Amazon API Gateway announced certificate-based mutual Transport Layer Security (TLS) authentication. Mutual TLS (mTLS) authenticates the server to the client, and requests the […]

Read More

IAM makes it easier for you to manage permissions for AWS services accessing your resources

Amazon Web Services (AWS) customers are storing an unprecedented amount of data on AWS for a range of use cases, including data lakes and analytics, machine learning, and enterprise applications. Customers secure their data by implementing data security controls including identity and access management, network security, and encryption. For non-public, sensitive data, customers want to […]

Read More

How to confirm your automated Amazon EBS snapshots are still created after the TLS 1.2 uplift on AWS FIPS endpoints

We are happy to announce that all AWS Federal Information Processing Standard (FIPS) endpoints have been updated to only accept a minimum of Transport Layer Security (TLS) 1.2 connections. This ensures that our customers who run regulated workloads can meet FedRAMP compliance requirements that mandate a minimum of TLS 1.2 encryption for data in transit. Attempts […]

Read More

Hands-on walkthrough of the AWS Network Firewall flexible rules engine

AWS Network Firewall is a managed service that makes it easy to provide fine-grained network protections for all of your Amazon Virtual Private Clouds (Amazon VPCs) to ensure that your traffic is inspected, monitored, and logged. The firewall scales automatically with your network traffic, and offers built-in redundancies designed to provide high availability. AWS Network […]

Read More

How to use AWS IAM Access Analyzer API to automate detection of public access to AWS KMS keys

In this blog post, I show you how to use AWS IAM Access Analyzer programmatically to automate the detection of public access to your resources in an AWS account. I also show you how to work with the Access Analyzer API, create an analyzer on your account and call specific API functions from your code. […]

Read More

How to set up a two-way integration between AWS Security Hub and ServiceNow

If you use both AWS Security Hub and ServiceNow, the new AWS Service Management Connector for ServiceNow integration enables you to provision, manage, and operate your AWS resources natively through ServiceNow. In this blog post, I’ll show you how to set up the new two-way integration of Security Hub and ServiceNow by using the AWS […]

Read More

Audit companion for the AWS PCI DSS Quick Start

If you’ve supported a Payment Card Industry Data Security Standard (PCI DSS) assessment as a Qualified Security Assessor (QSA) or as a technical team facing an assessment, it’s likely that you spent a lot of time collecting and analyzing evidence against PCI DSS requirements. In this blog post, I show you how to use automation […]

Read More