AWS Security Blog

Category: Security, Identity, & Compliance*

New Whitepaper Now Available: The Security Perspective of the AWS Cloud Adoption Framework

Today, AWS released the Security Perspective of the AWS Cloud Adoption Framework (AWS CAF). The AWS CAF provides a framework to help you structure and plan your cloud adoption journey, and build a comprehensive approach to cloud computing throughout the IT lifecycle. The framework provides seven specific areas of focus or Perspectives: business, platform, maturity, […]

Read More

New Amazon Inspector Blog Post on the AWS Blog

On the AWS Blog yesterday, Jeff Barr published a new security-related blog post written by AWS Principal Security Engineer Eric Fitzgerald. Here’s the beginning of the post, which is entitled, Scale Your Security Vulnerability Testing with Amazon Inspector: “At AWS re:Invent 2015 we announced Amazon Inspector, our security vulnerability assessment service that helps customers test for […]

Read More

How to Use AWS CloudFormation to Automate Your AWS WAF Configuration with Example Rules and Match Conditions

Note from July 4, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   AWS WAF is a web application firewall that integrates closely with Amazon CloudFront (AWS’s content delivery network [CDN]). AWS WAF gives you control to allow or block […]

Read More

How to Restrict Amazon S3 Bucket Access to a Specific IAM Role

I am a cloud support engineer here at AWS, and customers often ask me how they can limit Amazon S3 bucket access to a specific AWS Identity and Access Management (IAM) role. In general, they attempt to do this the same way that they would with an IAM user: use a bucket policy to explicitly […]

Read More

How to Use SAML to Automatically Direct Federated Users to a Specific AWS Management Console Page

Identity federation enables your enterprise users (such as Active Directory users) to access the AWS Management Console via single sign-on (SSO) by using their existing credentials. In Security Assertion Markup Language (SAML) 2.0, RelayState is an optional parameter that identifies a specified destination URL your users will access after signing in with SSO. When using […]

Read More

The Top 20 AWS IAM Documentation Pages so Far This Year

The following 20 pages have been the most viewed AWS Identity and Access Management (IAM) documentation pages so far this year. I have included a brief description with each link to give you a clearer idea of what each page covers. Use this list to see what other people have been viewing and perhaps to […]

Read More

The Most Viewed AWS Security Blog Posts so Far in 2016

The following 10 posts are the most viewed AWS Security Blog posts that we published during the first six months of this year. You can use this list as a guide to catch up on your blog reading or even read a post again that you found particularly useful. How to Set Up DNS Resolution […]

Read More

AWS Earns Department of Defense Impact Level 4 Provisional Authorization

I am pleased to share that, for our AWS GovCloud (US) Region, AWS has received a Defense Information Systems Agency (DISA) Provisional Authorization (PA) at Impact Level 4 (IL4). This will allow Department of Defense (DoD) agencies to use the AWS Cloud for production workloads with export-controlled data, privacy information, and protected health information as well as […]

Read More

AWS Achieves FedRAMP High JAB Provisional Authorization

We are pleased to announce that AWS has received a FedRAMP High JAB Provisional Authorization to Operate (P-ATO) from the Joint Authorization Board (JAB) for the AWS GovCloud (US) Region. The new Federal Risk and Authorization Management Program (FedRAMP) High JAB Provisional Authorization is mapped to more than 400 National Institute of Standards and Technology (NIST) security controls. This […]

Read More

Register for and Attend This June 27 Webinar—Getting Started with Amazon Inspector

Update: This webinar is now available as an on-demand video and slide deck. As part of the AWS Webinar Series, AWS will present Getting Started with Amazon Inspector on Monday, June 27. This webinar will start at 10:30 A.M. and end at 11:30 A.M. Pacific Time. AWS Principal Security Engineer Eric Fitzgerald will show how […]

Read More