AWS Security Blog

Category: Security, Identity, & Compliance

How to decrypt ciphertexts in multiple regions with the AWS Encryption SDK in C

You’ve told us that you want to encrypt data once with AWS Key Management Service (AWS KMS) and decrypt that data with customer master keys (CMKs) that you specify, often with CMKs in different AWS Regions. Doing this saves you compute resources and helps you to enable secure and efficient high-availability schemes. The AWS Crypto […]

Read More

AWS Security Profiles: Stephen Quigg, Principal Security Solutions Architect, Financial Services Industry

In the weeks leading up to re:Inforce, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do as a Principal Security […]

Read More
AWS Security Profiles: Tracy Pierce, Senior Consultant, Security Specialty, Remote Consulting Services

AWS Security Profiles: Tracy Pierce, Senior Consultant, Security Specialty, Remote Consulting Services

In the weeks leading up to re:Inforce, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. You’ve worn a lot of hats at AWS. What do you do in your current role, […]

Read More

Spring 2019 SOC 2 Type 1 Privacy report now available

At AWS, our customers’ security and privacy is of the highest importance and we continue to provide transparency into our security and privacy posture. Following our first SOC 2 Type 1 Privacy report released in December 2018, AWS is proud to announce the release of the Spring 2019 SOC 2 Type 1 Privacy report. The […]

Read More

Spring 2019 SOC reports now available with 104 services in scope

We’re celebrating the addition of 31 new services in scope with our latest SOC report, pushing AWS past the century mark for the first time – with 104 total services in scope, to be exact! These services are now available under our System and Organizational Controls (SOC) 1, 2, and 3 audits, including the 31 […]

Read More

Create fine-grained session permissions using IAM managed policies

As a security best practice, AWS Identity and Access Management (IAM) recommends that you use temporary security credentials from AWS Security Token Service (STS) when you access your AWS resources. Temporary credentials are short-term credentials generated dynamically and provided to the user upon request. Today, one of the most widely used mechanisms for requesting temporary […]

Read More

How to share encrypted AMIs across accounts to launch encrypted EC2 instances

October 30, 2019: We’ve updated Figure 2 and its accompanying steps to show the KMS console. October 16, 2019: We’ve updated Figure 1 to show the KMS console. August 26, 2019: We’ve corrected the name of the console in step one. Do you encrypt your Amazon Machine Instances (AMIs) with AWS Key Management Service (AWS […]

Read More

How to quickly launch encrypted EBS-backed EC2 instances from unencrypted AMIs

An Amazon Machine Image (AMI) provides the information that you need to launch an instance (a virtual server) in your AWS environment. There are a number of AMIs on the AWS Marketplace (such as Amazon Linux, Red Hat or Ubuntu) that you can use to launch an Amazon Elastic Compute Cloud (Amazon EC2) instance. When […]

Read More

Improve availability and latency of applications by using AWS Secret Manager’s Python client-side caching library

Note from May 10, 2019: We’ve updated a code sample for accuracy. Today, AWS Secrets Manager introduced a client-side caching library for Python that improves the availability and latency of accessing and distributing credentials to your applications. It can also help you reduce the cost associated with retrieving secrets. In this post, I’ll walk you […]

Read More

How to BYOK (bring your own key) to AWS KMS for less than $15.00 a year using AWS CloudHSM

Note: BYOK is helpful for certain use cases, but I recommend that you familiarize yourself with KMS best practices before you adopt this approach. You can review best practices in the AWS Key Management Services Best Practices (.pdf) whitepaper. May 14, 2019: We’ve updated a sentence to clarify that this solution does not include instructions […]

Read More