Category: Security, Identity, & Compliance

AWS Identity and Access Management (IAM) now makes it easier for you to control access to your AWS resources by using the AWS organization of IAM principals (users and roles). For some services, you grant permissions using resource-based policies to specify the accounts and principals that can access the resource and what actions they can […]

The EU’s General Data Protection Regulation (GDPR) describes data processor and data controller roles, and some customers and AWS Partner Network (APN) partners are asking how this affects the long-established AWS Shared Responsibility Model. I wanted to take some time to help folks understand shared responsibilities for us and for our customers in context of […]

Since our last System and Organization Control (SOC) audit, our service and compliance teams have been working to increase the number of AWS Services in scope prioritized based on customer requests. Today, we’re happy to report 11 services are newly SOC compliant, which is a 21 percent increase in the last six months. With the […]

We have a new resource available to help you meet a requirement for physically-separated infrastructure using logical separation in the AWS cloud. Our latest guide, Logical Separation: An Evaluation of the U.S. Department of Defense Cloud Security Requirements for Sensitive Workloads outlines how AWS meets the U.S. Department of Defense’s (DoD) stringent physical separation requirement by […]

Note from June 5, 2019: The approach and architecture in this post is recommended if you prefer more control over DNS servers or prefer to use AWS Managed Active Directory for DNS resolution, however there are some limitations to this approach and we added a “Limitations and additional considerations” section to this post to describe […]

Update on February 20, 2019: We updated the policy example to remove the “iam:AttachRolePolicy” permission. We also added a reference to the permissions boundaries security blog post to show how to grant developers the permissions to create roles they can pass to AWS services. We made it easier for you to comply with regulatory standards […]

Oct 3, 2019: We’ve updated a sentence to clarify that AWS services can be used in compliance with GDPR. Security is our top priority at AWS, and from the beginning we have built security into the fabric of our services. With the introduction of GDPR (which becomes enforceable on May 25 of 2018), privacy and […]

AWS CloudHSM provides fully managed, single-tenant hardware security modules (HSMs) in the AWS cloud. A CloudHSM cluster contains either one or multiple HSMs. Multiple HSMs support higher throughput levels for cryptographic operations and provide redundancy. For clusters with multiple HSMs, the CloudHSM service supports server-side automated synchronization of keys and policies. Users, however, are synchronized […]

  Update from April 24, 2018: On April 24, 2018, we updated ACM to publish certificates to CT logs on issuance and on renewal, unless you disable Certificate Transparency logging. No action from you is required if you want ACM to publish your certificates to Certificate Transparency logs, which will avoid Google Chrome displaying error […]

August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. Recently, we launched AWS Secrets Manager, a service that makes it easier to rotate, manage, […]