AWS Security Blog

Category: Security, Identity, & Compliance

Strengthen the security of sensitive data stored in Amazon S3 by using additional AWS services

October 13, 2021: We’ve added a section on redacting and transforming personally identifiable information with Amazon S3 Object Lambda. In this post, we describe the AWS services that you can use to both detect and protect your data stored in Amazon Simple Storage Service (Amazon S3). When you analyze security in depth for your Amazon […]

Read More

The three most important AWS WAF rate-based rules

In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF […]

Read More

How to restrict IAM roles to access AWS resources from specific geolocations using AWS Client VPN

You can improve your organization’s security posture by enforcing access to Amazon Web Services (AWS) resources based on IP address and geolocation. For example, users in your organization might bring their own devices, which might require additional security authorization checks and posture assessment in order to comply with corporate security requirements. Enforcing access to AWS […]

Read More

Implement a centralized patching solution across multiple AWS Regions

August 3, 2021: We’ve updated the link to download the CloudFormation template in “Step 2: Deploy the CloudFormation template.” In this post, I show you how to implement a centralized patching solution across Amazon Web Services (AWS) Regions by using AWS Systems Manager in your AWS account. This helps you to initiate, track, and manage […]

Read More

OSPAR 2021 report now available with 127 services in scope

We are excited to announce the completion of the third Outsourced Service Provider Audit Report (OSPAR) audit cycle on July 1, 2021. The latest OSPAR certification includes the addition of 19 new services in scope, bringing the total number of services to 127 in the Asia Pacific (Singapore) Region. You can download our latest OSPAR […]

Read More

How AWS is helping EU customers navigate the new normal for data protection

French version German version Achieving compliance with the European Union’s data protection regulations is critical for hundreds of thousands of Amazon Web Services (AWS) customers. Many of them are subject to the EU’s General Data Protection Regulation (GDPR), which ensures individuals’ fundamental right to privacy and the protection of personal data. In February, we announced […]

Read More

TLS-enabled Kubernetes clusters with ACM Private CA and Amazon EKS

October 21, 2021: We updated this post to a new version of the helm chart awspca/aws-privateca-issuer. The old version of the chart awspca/aws-pca-issuer will no longer receive updates. In this blog post, we show you how to set up end-to-end encryption on Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Certificate Manager Private Certificate Authority. […]

Read More

Protect public clients for Amazon Cognito by using an Amazon CloudFront proxy

June 7, 2022: Amazon Cognito now supports propagation of IP Address in un-authenticated APIs, blog post has been updated to include information on enabling IP Address propagation through the proxy layer and update solution limitations section to remove this limitation from the list. In Amazon Cognito user pools, an app client is an entity that […]

Read More

How to create auto-suppression rules in AWS Security Hub

July 13, 2021: We’ve updated this post to clarify how SecurityHub and EventBridge rules exchange data between management and member accounts. AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. With Security Hub, you have a single place that aggregates, organizes, and prioritizes your security […]

Read More

Configure SAML single sign-on for Kibana with AD FS on Amazon Elasticsearch Service

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. It’s a common use case for customers to integrate identity providers (IdPs) with Amazon Elasticsearch Service (Amazon ES) to achieve single sign-on (SSO) with Kibana. This integration makes it possible for users to leverage their existing identity credentials and offers […]

Read More