AWS Security Blog

Category: Security, Identity, & Compliance

PCI Council

Fall 2021 PCI DSS report now available with 7 services added to compliance scope

We’re continuing to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that seven new services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification. These new services provide our customers with more options to process and store their […]

Read More

Best practices for cross-Region aggregation of security findings

AWS Security Hub enables customers to have a centralized view into the security posture across their AWS environment by aggregating your security alerts from various AWS services and partner products in a standardized format so that you can more easily take action on them. To facilitate that central view, Security Hub allows you to designate […]

Read More
Figure 1: Solution workflow

Continuous compliance monitoring using custom audit controls and frameworks with AWS Audit Manager

For most customers today, security compliance auditing can be a very cumbersome and costly process. This activity within a security program often comes with a dependency on third party audit firms and robust security teams, to periodically assess risk and raise compliance gaps aligned with applicable industry requirements. Due to the nature of how audits […]

Read More
Figure 1: Solution architecture diagram

Configure AWS SSO ABAC for EC2 instances and Systems Manager Session Manager

In this blog post, I show you how to configure AWS Single Sign-On to define attribute-based access control (ABAC) permissions to manage Amazon Elastic Compute Cloud (Amazon EC2) instances and AWS Systems Manager Session Manager for federated users. This combination allows you to control access to specific Amazon EC2 instances based on users’ attributes. I show […]

Read More

2021 AWS security-focused workshops

Every year, Amazon Web Services (AWS) looks to help our customers gain more experience and knowledge of our services through hands-on workshops. In 2021, we unfortunately couldn’t connect with you in person as much as we would have liked, so we wanted to create and share new ways to learn and build on AWS. We […]

Read More

New IRAP full assessment report is now available on AWS Artifact for Australian customers

We are excited to announce that a new Information Security Registered Assessors Program (IRAP) report is now available on AWS Artifact, after a successful full assessment completed in December 2021 by an independent ASD (Australian Signals Directorate) certified IRAP assessor. The new IRAP report includes reassessment of the existing 111 services which are already in […]

Read More

Using AWS security services to protect against, detect, and respond to the Log4j vulnerability

Overview In this post we will provide guidance to help customers who are responding to the recently disclosed log4j vulnerability. This covers what you can do to limit the risk of the vulnerability, how you can try to identify if you are susceptible to the issue, and then what you can do to update your […]

Read More
Figure 2: Amazon EC2 Instance role assumes cross account IAM role

Disabling Security Hub controls in a multi-account environment

In this blog post, you’ll learn about an automated process for disabling or enabling selected AWS Security Hub controls across multiple accounts and multiple regions. You may already know how to disable Security Hub controls through the Security Hub console, or using the Security Hub update-standards-control API. However, these methods work on a per account […]

Read More

Automatically resolve Security Hub findings for resources that no longer exist

In this post, you’ll learn how to automatically resolve AWS Security Hub findings for previously deleted Amazon Web Services (AWS) resources. By using an event-driven solution, you can automatically resolve findings for AWS and third-party service integrations. Security Hub provides a comprehensive view of your security alerts and security posture across your AWS accounts. Security […]

Read More