AWS Security Blog
Category: Best Practices
Security considerations for running containers on Amazon ECS
January 11, 2024: We’ve updated this post to include information about Amazon GuardDuty Runtime Monitoring for Amazon ECS clusters. If you’re looking to enhance the security of your containers on Amazon Elastic Container Service (Amazon ECS), you can begin with the six tips that we’ll cover in this blog post. These curated best practices are […]
Evolving cyber threats demand new security approaches – The benefits of a unified and global IT/OT SOC
In this blog post, we discuss some of the benefits and considerations organizations should think through when looking at a unified and global information technology and operational technology (IT/OT) security operations center (SOC). Although this post focuses on the IT/OT convergence within the SOC, you can use the concepts and ideas discussed here when thinking […]
A phased approach towards a complex HITRUST r2 validated assessment
Health Information Trust Alliance (HITRUST) offers healthcare organizations a comprehensive and standardized approach to information security, privacy, and compliance. HITRUST Common Security Framework (HITRUST CSF) can be used by organizations to establish a robust security program, ensure patient data privacy, and assist with compliance with industry regulations. HITRUST CSF enhances security, streamlines compliance efforts, reduces […]
Mask and redact sensitive data published to Amazon SNS using managed and custom data identifiers
Today, we’re announcing a new capability for Amazon Simple Notification Service (Amazon SNS) message data protection. In this post, we show you how you can use this new capability to create custom data identifiers to detect and protect domain-specific sensitive data, such as your company’s employee IDs. Previously, you could only use managed data identifiers […]
IAM Roles Anywhere with an external certificate authority
AWS Identity and Access Management Roles Anywhere allows you to use temporary Amazon Web Services (AWS) credentials outside of AWS by using X.509 Certificates issued by your certificate authority (CA). Faraz Angabini goes deep into using IAM Roles Anywhere in his blog post Extend AWS IAM roles to workloads outside of AWS with IAM Roles […]
Securing generative AI: An introduction to the Generative AI Security Scoping Matrix
Generative artificial intelligence (generative AI) has captured the imagination of organizations and is transforming the customer experience in industries of every size across the globe. This leap in AI capability, fueled by multi-billion-parameter large language models (LLMs) and transformer neural networks, has opened the door to new productivity improvements, creative capabilities, and more. As organizations […]
Delegating permission set management and account assignment in AWS IAM Identity Center
January 31, 2024: Updated IAM policy for use case 3 to allow the actions sso:CreateAccountAssignment and sso:ProvisionPermissionSet for resources of type permissionSet In this blog post, we look at how you can use AWS IAM Identity Center (successor to AWS Single Sign-On) to delegate the management of permission sets and account assignments. Delegating the day-to-day […]
Use AWS Secrets Manager to store and manage secrets in on-premises or multicloud workloads
AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles. You might already use Secrets Manager to store and manage secrets in your applications built on Amazon Web Services (AWS), but what about secrets for applications that are hosted in your on-premises data center, or hosted […]
Enable Security Hub partner integrations across your organization
AWS Security Hub offers over 75 third-party partner product integrations, such as Palo Alto Networks Prisma, Prowler, Qualys, Wiz, and more, that you can use to send, receive, or update findings in Security Hub. We recommend that you enable your corresponding Security Hub third-party partner product integrations when you use these partner solutions. By centralizing […]
Validate IAM policies with Access Analyzer using AWS Config rules
You can use AWS Identity and Access Management (IAM) Access Analyzer policy validation to validate IAM policies against IAM policy grammar and best practices. The findings generated by Access Analyzer policy validation include errors, security warnings, general warnings, and suggestions for your policy. These findings provide actionable recommendations that help you author policies that are functional and conform […]