Category: Intermediate (200)

At AWS re:Invent 2019 and in a subsequent blog post, Stephen Schmidt, Chief Information Security Officer for Amazon Web Services (AWS), laid out the top 10 security items that AWS customers should pay special attention to if they want to improve their security posture. High on the list is the need to manage your network […]

September 28, 2022: In July 2022, we renamed AWS Single Sign-On to AWS IAM Identity Center. In this blog, you will notice that we preserved backward compatibility with API calls and CLI scripts by retaining the API and CLI namespaces that were used under AWS Single Sign-On. September 12, 2022: This blog post has been […]

April 25, 2023: We’ve updated this blog post to include more security learning resources. August 3, 2022: Conclusion updated to reference the AWS “Threat modeling the right way for builders” workshop training. February 14, 2022: Conclusion updated to reference the companion “How to approach threat modelling” video session. In this post, I’ll provide my tips […]

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Amazon Elasticsearch Service (Amazon ES) is a fully managed service that you can use to deploy, secure, and run Elasticsearch cost-effectively at scale. The service provides support for open-source Elasticsearch APIs, managed Kibana, and integration with Logstash and other AWS […]

January 29, 2021: We made minor updates to the architectural diagram in Figure 1. Amazon Web Services (AWS) customers who establish shared infrastructure services in a multi-account environment through AWS Organizations and AWS Resource Access Manager (RAM) may find that the default permissions assigned to the management account are too broad. This may allow organizational […]

AWS Certificate Manager (ACM) lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with Amazon Web Services (AWS) services and your internal connected resources. For private certificates, AWS Certificate Manager Private Certificate Authority (ACM PCA) can be used to create private CA hierarchies, including root […]

Feb 17, 2025: This blog post references AWS CloudHSM Client SDK 3, which is no longer the recommended version. AWS recommends that you use the latest version, AWS CloudHSM Client SDK 5, which provides updated functionality and commands. We are currently working on an updated blog post for CloudHSM Client SDK 5. See the AWS […]

December, 6, 2022: The post had been updated to reflect the updates on Lambda function runtime in the cloudformation template from version 3.6 to 3.9, as 3.6 is deprecated, as well as updates in Lambda deployment package filename in the same template. In this post, I take you through the steps to deploy a public […]

Many Amazon Web Services (AWS) customers use Active Directory to centralize user authentication and authorization for a variety of applications and services. For these customers, Active Directory is a critical piece of their IT infrastructure. AWS offers AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, to provide a highly […]

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. When you connect an external identity provider (IdP) to AWS IAM Identity Center using Security Assertion Markup Language (SAML) 2.0 standard, you must create […]