AWS Security Blog

Category: Security, Identity, & Compliance

Use AWS Fargate and Prowler to send security configuration findings about AWS services to Security Hub

In this blog post, I’ll show you how to integrate Prowler, an open-source security tool, with AWS Security Hub. Prowler provides dozens of security configuration checks related to services such as Amazon Redshift, Amazon ElasticCache, Amazon API Gateway and Amazon CloudFront. Integrating Prowler with Security Hub will provide posture information about resources not currently covered […]

Read More

How to get started with security response automation on AWS

December 2, 2019: We’ve updated this post to include some additional information about Security Hub. At AWS, we encourage you to use automation to help quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps you scale your security operations as […]

Read More

Rely on employee attributes from your corporate directory to create fine-grained permissions in AWS

In my earlier post Simplify granting access to your AWS resources by using tags on AWS IAM users and roles, I explained how to implement attribute-based access control (ABAC) in AWS to simplify permissions management at scale. In that scenario, I talked about relying on attributes on your IAM users and roles for access control […]

Read More

Additional on-premises option for data localization with AWS

Today, AWS released an updated resource — AWS Policy Perspectives-Data Residency — to provide an additional option for you if you need to store and process your data on premises. This white paper update discusses AWS Outposts, which offers a hybrid solution for customers that might find that certain workloads are better suited for on-premises […]

Read More

Digital signing with the new asymmetric keys feature of AWS KMS

AWS Key Management Service (AWS KMS) now supports asymmetric keys. You can create, manage, and use public/private key pairs to protect your application data using the new APIs via the AWS SDK. Similar to the symmetric key features we’ve been offering, asymmetric keys can be generated as customer master keys (CMKs) where the private portion […]

Read More

Ramp-Up Learning Guide available for AWS Cloud Security, Governance, and Compliance

Cloud security is the top priority for AWS and for our customers around the world. It’s important that professionals have a way to keep up with this dynamically evolving area of cloud computing. Often, customers seek AWS guidance on cloud-specific security, governance, and compliance best practices, including skills upgrade plans. To address this need, AWS […]

Read More

How to set up Sign in with Apple for Amazon Cognito

Amazon Cognito user pools enables you to add user sign-in and sign-up to your mobile and web applications using a secure and scalable user directory. With Amazon Cognito user pools, your end users can sign in using a user name or password, or with a third-party identity service, such as Facebook or Google. The process […]

Read More

Use attribute-based access control with AD FS to simplify IAM permissions management

AWS Identity and Access Management (IAM) allows customers to provide granular access control to resources in AWS. One approach to granting access to resources is to use attribute-based access control (ABAC) to centrally govern and manage access to your AWS resources across accounts. Using ABAC enables you to simplify your authentication strategy by enabling you […]

Read More

15 additional AWS services receive DoD Impact Level 4 and 5 authorization

I’m pleased to announce that the Defense Information Systems Agency (DISA) has extended the Provisional Authorization to Operate (P-ATO) of AWS GovCloud (US) Regions for Department of Defense (DoD) workloads at DoD Impact Levels (IL) 4 and 5 under the DoD’s Cloud Computing Security Requirements Guide (DoD CC SRG). Our authorizations at DoD IL 4 […]

Read More

re:Invent 2019 – Your guide to AWS Cryptography sessions, workshops, and chalk talks

AWS re:Invent 2019 is just over a week away! We have many Security, Identity, and Compliance sessions, and this is a post about AWS Cryptography-related breakout sessions, workshops, builders sessions, and chalk talks at AWS re:Invent 2019. The AWS Cryptography mission is to help you get encryption right. We build tools that help you navigate […]

Read More