AWS Security Blog

Category: Security, Identity, & Compliance

How to use AWS Config to determine compliance of AWS KMS key policies to your specifications

One of the top security methodologies is the principle of least privilege, which is the practice of limiting user, application, and service permissions to only those necessary to perform a function or task. In this post, I will describe how you can use AWS Config to create compliance rules that will scan AWS Key Management […]

Read More

Privacy conscious cloud migrations: mapping the AWS Cloud Adoption Framework to the NIST Privacy Framework

This post will help you make privacy-conscious cloud migration decisions by mapping the National Institute of Standards and Technology (NIST) Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management (NIST Privacy Framework) to the AWS Cloud Adoption Framework (AWS CAF). AWS Professional Services created the AWS CAF to help organizations successfully migrate to […]

Read More

Securing resource tags used for authorization using a service control policy in AWS Organizations

In this post, I explain how you can use attribute-based access controls (ABAC) in Amazon Web Services (AWS) to help provision simple, maintainable access controls to different projects, teams, and workloads as your organization grows. ABAC gives you access to granular permissions and employee-attribute based authorization. By using ABAC, you need fewer AWS Identity and […]

Read More

19 additional AWS services authorized at DoD Impact Level 5 for AWS GovCloud (US) Regions

I’m excited to share that the Defense Information Systems Agency (DISA) has authorized 19 additional AWS services at Impact Level (IL) 5 and four services at IL 4 in the AWS GovCloud (US) Regions. With these additional 19 services, a total of 80 AWS services and features at IL4 and IL 5 are authorized and […]

Read More

How to use AWS RAM to share your ACM Private CA cross-account

In this post, I use the new Cross-Account feature of AWS Certificate Manager (ACM) Private Certificate Authority (CA) to create a CA in one account and then use ACM in a second account to issue a private certificate that automatically renews the following year. This newly available workflow expands the usability of ACM Private CA […]

Read More

Updated guidance to assist customers with APRA requirements

Just over a year ago, on July 1, 2019, the Australian Prudential Regulation Authority’s (APRA’s) Prudential Standard CPS 234 Information Security became effective. This standard is a set of legally enforceable information security requirements for APRA-regulated entities. CPS 234 aims to: “…ensure that an APRA regulated entity takes measures to be resilient against information security […]

Read More

Quickly build STIG-compliant Amazon Machine Images using Amazon EC2 Image Builder

In this post, we discuss how to implement the operating system security requirements defined by the Defence Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs). As an Amazon Web Services (AWS) customer, you can use Amazon Machine Images (AMIs) published by AWS or APN partners. These AMIs, which are owned and published by AWS, […]

Read More

Automate Amazon Athena queries for PCI DSS log review using AWS Lambda

In this post, I will show you how to use AWS Lambda to automate PCI DSS (v3.2.1) evidence generation, and daily log review to assist with your ongoing PCI DSS activities. We will specifically be looking at AWS CloudTrail Logs stored centrally in Amazon Simple Storage Service (Amazon S3) (which is also a Well-Architected Security […]

Read More

Migrating your rules from AWS WAF Classic to the new AWS WAF

In November 2019, Amazon launched a new version of AWS Web Application Firewall (WAF) that offers a richer and easier to use set of features. In this post, we show you some of the changes and how to migrate from AWS WAF Classic to the new AWS WAF. AWS Managed Rules for AWS WAF is […]

Read More

Cyber hygiene and MAS Notice 655

In this post, I will provide guidance and resources that will help you align to the expectations of the Monetary Authority of Singapore (MAS) Notice 655 – Notice on Cyber Hygiene. The Monetary Authority of Singapore (MAS) issued Notice 655 – Notice on Cyber Hygiene on 6 Aug 2019. This notice is applicable to all […]

Read More