AWS Security Blog

Category: Intermediate (200)

Build a strong identity foundation that uses your existing on-premises Active Directory

This blog post outlines how to use your existing Microsoft Active Directory (AD) to reliably authenticate access to your Amazon Web Services (AWS) accounts, infrastructure running on AWS, and third-party applications. The architecture we describe is designed to be highly available and extends access to your existing AD to AWS, enabling your users to use […]

Read More

Getting started with AWS SSO delegated administration

May 23, 2022: AWS SSO supports two forms of delegation. One form, which is covered in this blog, is to delegate a member account where you can administer the service, which eliminates the requirement to sign in to the AWS Organizations management account for daily administrative work. The second form is delegating which people can […]

Read More

Establishing a data perimeter on AWS

For your sensitive data on AWS, you should implement security controls, including identity and access management, infrastructure security, and data protection. Amazon Web Services (AWS) recommends that you set up multiple accounts as your workloads grow to isolate applications and data that have specific security requirements. AWS tools can help you establish a data perimeter […]

Read More

How to protect HMACs inside AWS KMS

April 20, 2022: In the section “Use the HMAC key to encode a signed JWT,” we fixed an error in the code sample. Today AWS Key Management Service (AWS KMS) is introducing new APIs to generate and verify hash-based message authentication codes (HMACs) using the Federal Information Processing Standard (FIPS) 140-2 validated hardware security modules […]

Read More
Streamlining evidence collection with AWS Audit Manager

Streamlining evidence collection with AWS Audit Manager

In this post, we will show you how to deploy a solution into your Amazon Web Services (AWS) account that enables you to simply attach manual evidence to controls using AWS Audit Manager. Making evidence-collection as seamless as possible minimizes audit fatigue and helps you maintain a strong compliance posture. As an AWS customer, you […]

Read More
ABAC POLICIES

Control access to Amazon Elastic Container Service resources by using ABAC policies

As an AWS customer, if you use multiple Amazon Elastic Container Service (Amazon ECS) services/tasks to achieve better isolation, you often have the challenge of how to manage access to these containers. In such cases, using tags can enable you to categorize these services in different ways, such as by owner or environment. This blog […]

Read More
Figure 1: Create a secret to store your RDS Database credentials

How to configure rotation windows for secrets stored in AWS Secrets Manager

AWS Secrets Manager now enables you to specify a rotation window for each secret stored. With this launch, you can continue to follow best practice of regularly rotating your secrets, while using the defined time window of your choice. With Secrets Manager, you can manage, retrieve, and rotate database credentials, API keys, and other secrets. […]

Read More

How to deploy AWS Network Firewall to help protect your network from malware

Protecting your network and computers from security events requires multi-level strategies, and you can use network level traffic filtration as one level of defense. Users need access to the internet for business reasons, but they can inadvertently download malware, which can impact network and data security. This post describes how to use custom Suricata Rules […]

Read More

Best practices for cross-Region aggregation of security findings

AWS Security Hub enables customers to have a centralized view into the security posture across their AWS environment by aggregating your security alerts from various AWS services and partner products in a standardized format so that you can more easily take action on them. To facilitate that central view, Security Hub allows you to designate […]

Read More
Figure 1: Solution workflow

Continuous compliance monitoring using custom audit controls and frameworks with AWS Audit Manager

French version For most customers today, security compliance auditing can be a very cumbersome and costly process. This activity within a security program often comes with a dependency on third party audit firms and robust security teams, to periodically assess risk and raise compliance gaps aligned with applicable industry requirements. Due to the nature of […]

Read More