AWS Security Blog
Category: Security, Identity, & Compliance
2024 ISO and CSA STAR certificates now available with two additional AWS Regions and three additional services
Amazon Web Services (AWS) successfully completed a special onboarding audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, and 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. Ernst and Young CertifyPoint auditors conducted the audit and reissued the certificates on May 16, 2024. The objective of the audit […]
Integrating AWS Verified Access with Jamf as a device trust provider
In this post, we discuss how to architect Zero Trust based remote connectivity to your applications hosted within Amazon Web Services (AWS). Specifically, we show you how to integrate AWS Verified Access with Jamf as a device trust provider. This post is an extension of our previous post explaining how to integrate AWS Verified Access […]
A sneak peek at the data protection sessions for re:Inforce 2024
Gain deep insights into securing data across AWS services at AWS re:Inforce 2024, with sessions covering encryption, compliance, healthcare AI, and more, from industry leaders like United Airlines and Fannie Mae.
How to set up SAML federation in Amazon Cognito using IdP-initiated single sign-on, request signing, and encrypted assertions
When an identity provider (IdP) serves multiple service providers (SPs), IdP-initiated single sign-on provides a consistent sign-in experience that allows users to start the authentication process from one centralized portal or dashboard. It helps administrators have more control over the authentication process and simplifies the management. However, when you support IdP-initiated authentication, the SP (Amazon […]
AWS plans to invest €7.8B into the AWS European Sovereign Cloud, set to launch by the end of 2025
The AWS European Sovereign Cloud, launching in 2025, is backed by a €7.8B investment in infrastructure, jobs creation, and skills development.
Investigating lateral movements with Amazon Detective investigation and Security Lake integration
According to the MITRE ATT&CK framework, lateral movement consists of techniques that threat actors use to enter and control remote systems on a network. In Amazon Web Services (AWS) environments, threat actors equipped with illegitimately obtained credentials could potentially use APIs to interact with infrastructures and services directly, and they might even be able to use […]
Governing and securing AWS PrivateLink service access at scale in multi-account environments
Amazon Web Services (AWS) customers have been adopting the approach of using AWS PrivateLink to have secure communication to AWS services, their own internal services, and third-party services in the AWS Cloud. As these environments scale, the number of PrivateLink connections outbound to external services and inbound to internal services increase and are spread out […]
How to use AWS managed applications with IAM Identity Center: Enable Amazon Q without migrating existing IAM federation flows
AWS IAM Identity Center is the preferred way to provide workforce access to Amazon Web Services (AWS) accounts, and enables you to provide workforce access to many AWS managed applications, such as Amazon Q. As we continue to release more AWS managed applications, customers have told us they want to onboard to IAM Identity Center […]
How to use WhatsApp to send Amazon Cognito notification messages
While traditional channels like email and SMS remain important, businesses are increasingly exploring alternative messaging services to reach their customers more effectively. In recent years, WhatsApp has emerged as a simple and effective way to engage with users. According to statista, as of 2024, WhatsApp is the most popular mobile messenger app worldwide and has […]
How to enforce a security baseline for an AWS WAF ACL across your organization using AWS Firewall Manager
Most organizations prioritize protecting their web applications that are exposed to the internet. Using the AWS WAF service, you can create rules to control bot traffic, help prevent account takeover fraud, and block common threat patterns such as SQL injection or cross-site scripting (XSS). Further, for those customers managing multi-account environments, it is possible to […]