Category: Security, Identity, & Compliance

In November 2019, Amazon launched a new version of AWS Web Application Firewall (WAF) that offers a richer and easier to use set of features. In this post, we show you some of the changes and how to migrate from AWS WAF Classic to the new AWS WAF. AWS Managed Rules for AWS WAF is […]

In this post, I will provide guidance and resources that will help you align to the expectations of the Monetary Authority of Singapore (MAS) Notice 655 – Notice on Cyber Hygiene. The Monetary Authority of Singapore (MAS) issued Notice 655 – Notice on Cyber Hygiene on 6 Aug 2019. This notice is applicable to all […]

Amazon SageMaker, like other services in Amazon Web Services (AWS), includes security-related parameters and configurations that you can use to improve the security posture of resources as you deploy them. However, many of these security-related parameters are optional, allowing you to deploy resources without them. While this might be acceptable in the initial exploration stage, […]

We are pleased to announce that Amazon Web Services (AWS) has achieved FedRAMP JAB authorization on an additional nine AWS services. These services provide capabilities that enable your organization to: Assemble and deploy serverless architectures in powerful new ways using AWS Serverless Application Repository Simplify application delivery and complete workload migration to the cloud using […]

We’re happy to share an update on the service documentation initiative that we first told you about on the AWS Security Blog in June, 2019. We’re excited to announce that over 150 services now have dedicated security chapters available in the AWS security documentation. In case you aren’t familiar with the security chapters, they were […]

We’re sharing an update to the Logical Separation on AWS: Moving Beyond Physical Isolation in the Era of Cloud Computing whitepaper to help customers benefit from the security and innovation benefits of logical separation in the cloud. This paper discusses using a multi-pronged approach—leveraging identity management, network security, serverless and containers services, host and instance […]

Recently, the Court of Justice of the European Union (CJEU) issued a ruling regarding the EU-US Privacy Shield and Standard Contractual Clauses (SCCs), also known as model clauses. The CJEU ruled that the EU-US Privacy Shield is no longer valid for the transfer of personal data from the European Union (EU) to the United States […]

AWS Organizations provides central governance and management across AWS accounts. In this post, we explain how AWS Organizations can make the lives of your Information Security engineers easier, based on our experience in the Information Security team at Amazon. The service control policies (SCPs) feature in AWS Organizations offers you central control over permissions for […]

In this post, we show you how you can use AWS Certificate Manager (ACM) Private Certificate Authority (CA) to request or issue private certificates across a multi-account environment by using IAM roles. This solution allows you to centralize your ACM Private CA inside your AWS Organization, which reduces the complexity and the cost of having […]

You can use AWS CloudHSM to help manage your encryption keys on FIPS 140-2 Level 3 validated hardware security modules (HSMs). AWS recommends running a high-availability production architecture with at least two CloudHSM HSMs in different Availability Zones. Although many workloads must be available 24/7, quality assurance or development environments typically do not have this […]