AWS Security Blog
Category: Amazon CloudFront
Protect public clients for Amazon Cognito by using an Amazon CloudFront proxy
June 7, 2022: Amazon Cognito now supports propagation of IP Address in un-authenticated APIs, blog post has been updated to include information on enabling IP Address propagation through the proxy layer and update solution limitations section to remove this limitation from the list. In Amazon Cognito user pools, an app client is an entity that […]
Read MoreHow to protect sensitive data for its entire lifecycle in AWS
Many Amazon Web Services (AWS) customer workflows require ingesting sensitive and regulated data such as Payments Card Industry (PCI) data, personally identifiable information (PII), and protected health information (PHI). In this post, I’ll show you a method designed to protect sensitive data for its entire lifecycle in AWS. This method can help enhance your data […]
Read MoreAutomatically update security groups for Amazon CloudFront IP ranges using AWS Lambda
February 8, 2022: You can now use the new managed prefix list for CloudFront in your Security Group instead of this custom Lambda solution. Amazon CloudFront is a content delivery network that can help you increase the performance of your web applications and significantly lower the latency of delivering content to your customers. For CloudFront […]
Read MoreHow to enhance Amazon CloudFront origin security with AWS WAF and AWS Secrets Manager
Whether your web applications provide static or dynamic content, you can improve their performance, availability, and security by using Amazon CloudFront as your content delivery network (CDN). CloudFront is a web service that speeds up distribution of your web content through a worldwide network of data centers called edge locations. CloudFront ensures that end-user requests […]
Read MoreDeploy a dashboard for AWS WAF with minimal effort
September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. In this post, I’ll show you how to deploy a solution in your Amazon Web Services (AWS) account that will provide a fully automated dashboard for AWS Web Application Firewall (WAF) service. The solution uses logs generated and collected by […]
Read MoreEnhanced Domain Protections for Amazon CloudFront Requests
Over the coming weeks, we’ll be adding enhanced domain protections to Amazon CloudFront. The short version is this: the new measures are designed to ensure that requests handled by CloudFront are handled on behalf of legitimate domain owners. Using CloudFront to receive traffic for a domain you aren’t authorized to use is already a violation […]
Read MoreHow to Use Bucket Policies and Apply Defense-in-Depth to Help Secure Your Amazon S3 Data
Amazon S3 provides comprehensive security and compliance capabilities that meet even the most stringent regulatory requirements. It gives you flexibility in the way you manage data for cost optimization, access control, and compliance. However, because the service is flexible, a user could accidentally configure buckets in a manner that is not secure. For example, let’s […]
Read MoreHow to Enhance the Security of Sensitive Customer Data by Using Amazon CloudFront Field-Level Encryption
Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content to end users through a worldwide network of edge locations. CloudFront provides a number of benefits and capabilities that can help you secure your applications and content while meeting compliance requirements. For example, you can configure CloudFront to […]
Read MoreHow to Help Protect Dynamic Web Applications Against DDoS Attacks by Using Amazon CloudFront and Amazon Route 53
Using a content delivery network (CDN) such as Amazon CloudFront to cache and serve static text and images or downloadable objects such as media files and documents is a common strategy to improve webpage load times, reduce network bandwidth costs, lessen the load on web servers, and mitigate distributed denial of service (DDoS) attacks. AWS […]
Read MoreUpdated Whitepaper Available: AWS Best Practices for DDoS Resiliency
AWS is committed to providing you high availability, security, and resiliency in the face of bad actors on the Internet. As part of this commitment, AWS provides tools, best practices, and AWS services that you can use to build distributed denial of services (DDoS)–resilient applications. We recently released the 2016 version of the AWS Best […]
Read More