AWS Security Blog

Category: Security, Identity, & Compliance*

New AWS Partner Network Blog Post: Securely Accessing Customers’ AWS Accounts with Cross-Account IAM Roles

On the AWS Security Blog, we have talked regularly about following AWS security best practices. For example, we published Adhere to IAM Best Practices in 2016 in January. Best practices can help you keep your AWS resources as secure as possible, and should be applied when you grant access inside and outside your organization. Building off AWS […]

Read More

How to Use AWS Service Catalog for Code Deployments: Part 2 of the Automating HIPAA Compliance Series

In my previous blog post, I discussed the idea of using the cloud to protect the cloud and improving healthcare IT by applying DevSecOps methods. In Part 2 today, I will show an architecture composed of AWS services that gives healthcare security administrators necessary controls, allows healthcare developers to interact with the system using familiar […]

Read More

How to Automate HIPAA Compliance (Part 1): Use the Cloud to Protect the Cloud

The United States healthcare ecosystem is highly complex. It is composed of review boards, regulating bodies, government agencies, pharmaceutical companies, insurance payers, and a mix of public and private provider entities, all of which intersect and overlap. Underlying this system lays highly sensitive patient data, which is governed by the U.S. Health Insurance Portability and […]

Read More

How to Configure Rate-Based Blacklisting with AWS WAF and AWS Lambda

Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   One security challenge you may have faced is how to prevent your web servers from being flooded by unwanted requests, or scanning tools such as bots and […]

Read More

AWS FedRAMP-Trusted Internet Connection (TIC) Overlay Pilot Program

I’m pleased to announce a newly created resource for usage of the Federal Cloud—after successfully completing the testing phase of the FedRAMP-Trusted Internet Connection (TIC) Overlay pilot program, we’ve developed Guidance for TIC Readiness on AWS. This new way of architecting cloud solutions that address TIC capabilities (in a FedRAMP moderate baseline) comes as the […]

Read More

How to Set Up DNS Resolution Between On-Premises Networks and AWS Using AWS Directory Service and Microsoft Active Directory

In my previous post, I showed how to use Simple AD to forward DNS requests originating from on-premises networks to an Amazon Route 53 private hosted zone. Today, I will show how you can use Microsoft Active Directory (also provisioned with AWS Directory Service) to provide the same DNS resolution with some additional forwarding capabilities. […]

Read More

How to Set Up DNS Resolution Between On-Premises Networks and AWS Using AWS Directory Service and Amazon Route 53

As you establish private connectivity between your on-premises networks and your AWS Virtual Private Cloud (VPC) environments, the need for Domain Name System (DNS) resolution across these environments grows in importance. One common approach used to address this need is to run DNS servers on Amazon EC2 across multiple Availability Zones (AZs) and integrate them […]

Read More

How to Help Protect Sensitive Data with AWS KMS

AWS Key Management Service (AWS KMS) celebrated its one-year launch anniversary in November 2015, and organizations of all sizes are using it to effectively manage their encryption keys. KMS also successfully completed the PCI DSS 3.1 Level 1 assessment as well as the latest SOC assessment in August 2015. One question KMS customers frequently ask […]

Read More

Now Available: AWS Certificate Manager

Secure Sockets Layer/Transport Layer Security (SSL/TLS) is a must-have whenever sensitive data is moved to and from a website. For example, sites that need to meet compliance requirements such as PCI-DSS, FedRAMP, and HIPAA make extensive use of SSL/TLS. Unfortunately, provisioning and managing SSL/TLS certificates can entail a lot of work that is usually manual […]

Read More

Introducing GxP Compliance on AWS

We’re happy to announce that customers now are enabled to bring the next generation of medical, health, and wellness solutions to their GxP systems by using AWS for their processing and storage needs. Compliance with healthcare and life sciences requirements is a key priority for us, and we are pleased to announce the availability of […]

Read More