AWS Security Blog

Category: Security, Identity, & Compliance

AWS IAM introduces updated policy defaults for IAM user passwords

November 2, 2020: This post has been updated to reflect the change in date for the default password policy from October 28 to November 18. October 20, 2020: This post has been updated to reflect the change in date for the default password policy from October 2 to October 21 to October 28. July 27, […]

Read More

IAM Access Analyzer flags unintended access to S3 buckets shared through access points

Customers use Amazon Simple Storage Service (S3) buckets to store critical data and manage access to data at scale. With Amazon S3 Access Points, customers can easily manage shared data sets by creating separate access points for individual applications. Access points are unique hostnames attached to a bucket and customers can set distinct permissions using […]

Read More

Use AWS Firewall Manager and VPC security groups to protect your applications hosted on EC2 instances

You can use AWS Firewall Manager to centrally configure and manage Amazon Virtual Private Cloud (Amazon VPC) security groups across all your AWS accounts. This post will take you through the step-by-step instructions to apply common security group rules, audit your security groups, and detect unused and redundant rules in your security groups across your […]

Read More

How to track changes to secrets stored in AWS Secrets Manager using AWS Config and AWS Config Rules

On April 20th, AWS Config announced support for AWS Secrets Manager, making it easier to track configuration changes to the secrets you manage in AWS Secrets Manager. You can now use AWS Config to track changes to secrets’ metadata — such as secret description and rotation configuration, relationship to other AWS sources such as the […]

Read More

16 additional AWS services authorized at DoD Impact Level 4 for AWS GovCloud (US) Regions

I’m excited to share that the Defense Information Systems Agency (DISA) has authorized 16 additional AWS services at Impact Level 4 and one service at Impact Level 5 in the AWS GovCloud (US) Regions. With these additional 16 services, AWS now offers a total of 72 services and features authorized to process data at Impact […]

Read More

How to verify AWS KMS asymmetric key signatures locally with OpenSSL

In this post, I demonstrate a sample workflow for generating a digital signature within AWS Key Management Service (KMS) and then verifying that signature on a client machine using OpenSSL. The support for asymmetric keys in AWS KMS has exciting use cases. The ability to create, manage, and use public and private key pairs with […]

Read More

Round 2 Hybrid Post-Quantum TLS Benchmarks

AWS Cryptography has completed benchmarks of Round 2 Versions of the Bit Flipping Key Encapsulation (BIKE) and Supersingular Isogeny Key Encapsulation (SIKE) hybrid post-quantum Transport Layer Security (TLS) Algorithms. Both of these algorithms have been submitted to the National Institute of Standards and Technology (NIST) as part of NIST’s Post-Quantum Cryptography standardization process. In the […]

Read More

2019 C5 attestation is now available

AWS has completed its 2019 assessment against the Cloud Computing Compliance Controls Catalog (C5) information security and compliance program. Germany’s national cybersecurity authority—Bundesamt für Sicherheit in der Informationstechnik (BSI)—established C5 to define a reference standard for German cloud security requirements. With C5, customers in German states can use the work performed under this BSI compliance […]

Read More

Enable automatic logging of web ACLs by using AWS Config

In this blog post, I will show you how to use AWS Config, with its auto-remediation functionality, to ensure that all web ACLs have logging enabled. The AWS CloudFormation template included in this blog post will facilitate this solution, and will get you started being able to manage web ACL logging at scale. AWS Firewall […]

Read More

Selecting and migrating a Facebook API version for Amazon Cognito

On May 1, 2020, Facebook will remove version 2.12 of the Facebook Graph API. This change impacts Amazon Cognito customers who are using version 2.12 of the Facebook Graph API in their identity federation configuration. In this post, I explain how to migrate your Amazon Cognito configuration to use the latest version of the Facebook […]

Read More