AWS Security Blog
Category: Technical How-to
Set up AWS Private Certificate Authority to issue certificates for use with IAM Roles Anywhere
Traditionally, applications or systems—defined as pieces of autonomous logic functioning without direct user interaction—have faced challenges associated with long-lived credentials such as access keys. In certain circumstances, long-lived credentials can increase operational overhead and the scope of impact in the event of an inadvertent disclosure. To help mitigate these risks and follow the best practice […]
How to improve your security incident response processes with Jupyter notebooks
Customers face a number of challenges to quickly and effectively respond to a security event. To start, it can be difficult to standardize how to respond to a particular security event, such as an Amazon GuardDuty finding. Additionally, silos can form with reliance on one security analyst who is designated to perform certain tasks, such […]
Build an entitlement service for business applications using Amazon Verified Permissions
Amazon Verified Permissions is designed to simplify the process of managing permissions within an application. In this blog post, we aim to help customers understand how this service can be applied to several business use cases. Companies typically use custom entitlement logic embedded in their business applications. This is the most common approach, and it […]
Aggregating, searching, and visualizing log data from distributed sources with Amazon Athena and Amazon QuickSight
Part 1 of a 3-part series Part 2 – How to visualize Amazon Security Lake findings with Amazon QuickSight Part 3 – How to share security telemetry per Organizational Unit using Amazon Security Lake and AWS Lake Formation Customers using Amazon Web Services (AWS) can use a range of native and third-party tools to build […]
How to visualize Amazon Security Lake findings with Amazon QuickSight
Part 2 of a 3-part series Part 1 – Aggregating, searching, and visualizing log data from distributed sources with Amazon Athena and Amazon QuickSight Part 3 – How to share security telemetry per Organizational Unit using Amazon Security Lake and AWS Lake Formation In this post, we expand on the earlier blog post Ingest, transform, […]
Transforming transactions: Streamlining PCI compliance using AWS serverless architecture
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is critical for organizations that handle cardholder data. Achieving and maintaining PCI DSS compliance can be a complex and challenging endeavor. Serverless technology has transformed application development, offering agility, performance, cost, and security. In this blog post, we examine the benefits of using AWS […]
Scaling national identity schemes with itsme and Amazon Cognito
In this post, we demonstrate how you can use identity federation and integration between the identity provider itsme® and Amazon Cognito to quickly consume and build digital services for citizens on Amazon Web Services (AWS) using available national digital identities. We also provide code examples and integration proofs of concept to get you started quickly. […]
IAM Roles Anywhere with an external certificate authority
AWS Identity and Access Management Roles Anywhere allows you to use temporary Amazon Web Services (AWS) credentials outside of AWS by using X.509 Certificates issued by your certificate authority (CA). Faraz Angabini goes deep into using IAM Roles Anywhere in his blog post Extend AWS IAM roles to workloads outside of AWS with IAM Roles […]
Now available: Building a scalable vulnerability management program on AWS
Vulnerability findings in a cloud environment can come from a variety of tools and scans depending on the underlying technology you’re using. Without processes in place to handle these findings, they can begin to mount, often leading to thousands to tens of thousands of findings in a short amount of time. We’re excited to announce […]
Use SAML with Amazon Cognito to support a multi-tenant application with a single user pool
Amazon Cognito is a customer identity and access management solution that scales to millions of users. With Cognito, you have four ways to secure multi-tenant applications: user pools, application clients, groups, or custom attributes. In an earlier blog post titled Role-based access control using Amazon Cognito and an external identity provider, you learned how to […]