AWS Security Blog
Category: Technical How-to
Establishing a data perimeter on AWS: Analyze your account activity to evaluate impact and refine controls
A data perimeter on Amazon Web Services (AWS) is a set of preventive controls you can use to help establish a boundary around your data in AWS Organizations. This boundary helps ensure that your data can be accessed only by trusted identities from within networks you expect and that the data cannot be transferred outside […]
Accelerate incident response with Amazon Security Lake
This blog post is the first of a two-part series that will demonstrate the value of Amazon Security Lake and how you can use it and other resources to accelerate your incident response (IR) capabilities. Security Lake is a purpose-built data lake that centrally stores your security logs in a common, industry-standard format. In part […]
How to implement single-user secret rotation using Amazon RDS admin credentials
You might have security or compliance standards that prevent a database user from changing their own credentials and from having multiple users with identical permissions. AWS Secrets Manager offers two rotation strategies for secrets that contain Amazon Relational Database Service (Amazon RDS) credentials: single-user and alternating-user. In the preceding scenario, neither single-user rotation nor alternating-user rotation would […]
Integrating AWS Verified Access with Jamf as a device trust provider
In this post, we discuss how to architect Zero Trust based remote connectivity to your applications hosted within Amazon Web Services (AWS). Specifically, we show you how to integrate AWS Verified Access with Jamf as a device trust provider. This post is an extension of our previous post explaining how to integrate AWS Verified Access […]
How to set up SAML federation in Amazon Cognito using IdP-initiated single sign-on, request signing, and encrypted assertions
When an identity provider (IdP) serves multiple service providers (SPs), IdP-initiated single sign-on provides a consistent sign-in experience that allows users to start the authentication process from one centralized portal or dashboard. It helps administrators have more control over the authentication process and simplifies the management. However, when you support IdP-initiated authentication, the SP (Amazon […]
Investigating lateral movements with Amazon Detective investigation and Security Lake integration
According to the MITRE ATT&CK framework, lateral movement consists of techniques that threat actors use to enter and control remote systems on a network. In Amazon Web Services (AWS) environments, threat actors equipped with illegitimately obtained credentials could potentially use APIs to interact with infrastructures and services directly, and they might even be able to use […]
Governing and securing AWS PrivateLink service access at scale in multi-account environments
Amazon Web Services (AWS) customers have been adopting the approach of using AWS PrivateLink to have secure communication to AWS services, their own internal services, and third-party services in the AWS Cloud. As these environments scale, the number of PrivateLink connections outbound to external services and inbound to internal services increase and are spread out […]
How to use AWS managed applications with IAM Identity Center: Enable Amazon Q without migrating existing IAM federation flows
AWS IAM Identity Center is the preferred way to provide workforce access to Amazon Web Services (AWS) accounts, and enables you to provide workforce access to many AWS managed applications, such as Amazon Q. As we continue to release more AWS managed applications, customers have told us they want to onboard to IAM Identity Center […]
How to enforce a security baseline for an AWS WAF ACL across your organization using AWS Firewall Manager
Most organizations prioritize protecting their web applications that are exposed to the internet. Using the AWS WAF service, you can create rules to control bot traffic, help prevent account takeover fraud, and block common threat patterns such as SQL injection or cross-site scripting (XSS). Further, for those customers managing multi-account environments, it is possible to […]
How Amazon Security Lake is helping customers simplify security data management for proactive threat analysis
Centralize visibility across hybrid environments for streamlined incident response, optimized log retention, and proactive threat detection. Use AI-driven enhancements for automated investigations.