AWS Security Blog
Category: Security, Identity, & Compliance
AWS achieves FedRAMP JAB High and Moderate Provisional Authorization across 26 services in the AWS US East/West and AWS GovCloud (US) Regions
AWS continues to expand the number of services that customers can use to run sensitive and highly regulated workloads in the federal government space. Today, I’m pleased to announce another expansion of our FedRAMP program, marking a 36.2% increase in our number of FedRAMP authorizations. We’ve achieved authorizations for 26 additional services, 7 of which […]
Read MoreHow to get specific security information about AWS services
December 10, 2019: This post was originally published July 2019. Since then, the number of services with a dedicated security chapter has grown from 40 to over 70. We’ve updated our post accordingly. We’re excited to announce the launch of dedicated security chapters in the AWS documentation for over 70 services. Security is a key […]
Read MoreTop 11 posts during 2019
The Security Blog set new records for page views in 2019, but we’re always looking for ways to improve. Please tell us what you want to read about in the Comments section below. We read all of your feedback and do our best to act on it. The top 11 posts during 2019 based on […]
Read MoreUse AWS Fargate and Prowler to send security configuration findings about AWS services to Security Hub
In this blog post, I’ll show you how to integrate Prowler, an open-source security tool, with AWS Security Hub. Prowler provides dozens of security configuration checks related to services such as Amazon Redshift, Amazon ElasticCache, Amazon API Gateway and Amazon CloudFront. Integrating Prowler with Security Hub will provide posture information about resources not currently covered […]
Read MoreHow to get started with security response automation on AWS
December 2, 2019: We’ve updated this post to include some additional information about Security Hub. At AWS, we encourage you to use automation to help quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps you scale your security operations as […]
Read MoreRely on employee attributes from your corporate directory to create fine-grained permissions in AWS
In my earlier post Simplify granting access to your AWS resources by using tags on AWS IAM users and roles, I explained how to implement attribute-based access control (ABAC) in AWS to simplify permissions management at scale. In that scenario, I talked about relying on attributes on your IAM users and roles for access control […]
Read MoreAdditional on-premises option for data localization with AWS
Today, AWS released an updated resource — AWS Policy Perspectives-Data Residency — to provide an additional option for you if you need to store and process your data on premises. This white paper update discusses AWS Outposts, which offers a hybrid solution for customers that might find that certain workloads are better suited for on-premises […]
Read MoreDigital signing with the new asymmetric keys feature of AWS KMS
AWS Key Management Service (AWS KMS) now supports asymmetric keys. You can create, manage, and use public/private key pairs to protect your application data using the new APIs via the AWS SDK. Similar to the symmetric key features we’ve been offering, asymmetric keys can be generated as customer master keys (CMKs) where the private portion […]
Read MoreRamp-Up Learning Guide available for AWS Cloud Security, Governance, and Compliance
Cloud security is the top priority for AWS and for our customers around the world. It’s important that professionals have a way to keep up with this dynamically evolving area of cloud computing. Often, customers seek AWS guidance on cloud-specific security, governance, and compliance best practices, including skills upgrade plans. To address this need, AWS […]
Read MoreHow to set up Sign in with Apple for Amazon Cognito
January 7, 2020: Based on customer feedback, we revised the wording of a step in a procedure to improve clarity. Amazon Cognito user pools enables you to add user sign-in and sign-up to your mobile and web applications using a secure and scalable user directory. With Amazon Cognito user pools, your end users can sign […]
Read More