AWS Security Blog

Category: Security, Identity, & Compliance*

Introducing s2n, a New Open Source TLS Implementation

At Amazon Web Services, strong encryption is one of our standard features, and an integral aspect of that is the TLS (previously called SSL) encryption protocol. TLS is used with every AWS API and is also available directly to customers of many AWS services including Elastic Load Balancing (ELB), AWS Elastic Beanstalk, Amazon CloudFront, Amazon S3, […]

Read More

How to Receive Notifications When Your AWS Account’s Root Access Keys Are Used

AWS Identity and Access Management (IAM) best practices recommend using IAM users or roles to access your AWS resources, instead of using your root credentials. If you follow this best practice, though, how can you monitor for root activity and take action if such activity occurs? AWS CloudTrail and Amazon CloudWatch provide the solution. In […]

Read More

PCI Compliance in the AWS Cloud

PCI compliance in the cloud is an important topic for many of our customers. Our PCI FAQ page has received more than 45,000 views, and we have issued our PCI compliance package directly to customers in all major regions and industry verticals. To build on our growing demand of PCI enablers, today we’re happy to […]

Read More

In Case You Missed These: Recent AWS Security Blog Posts

Just in case you missed any of the AWS Security Blog posts from the last month or so, we have summarized and linked to them in this blog post. The linked posts are shown in reverse chronological order (most recent first), and the subject matter ranges from privacy and data security at Amazon to AWS […]

Read More

Privacy and Data Security

Amazon knows customers care deeply about privacy and data security, and we optimize our work to get these issues right for customers. With this post I’d like to provide a number of observations on our policies and positions: Amazon does not disclose customer information unless we’re required to do so to comply with a legally […]

Read More

FERPA Compliance in the AWS Cloud

The security of personally identifiable information (PII) continues to be an important topic among all sectors, and education is no exception. Covered entities subject to FERPA are turning to cloud computing as a highly efficient way to manage and secure vast amounts of educational records and student data. To bring clarity to securing student data […]

Read More

How to Delegate Management of Multi-Factor Authentication to AWS IAM Users

Note from September 20, 2017: Based on customer feedback, we have moved the process outlined in this post to the official AWS documentation. AWS Identity and Access Management (IAM) has a list of best practices that you are encouraged to use. One of those best practices is to enable multi-factor authentication (MFA) for your AWS root […]

Read More

How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS

Note 1: On August 12, 2015, I published a follow-up to this post, which is called How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0. Be sure to see that post if you want to implement a general federation solution (not specific to AD FS). Note 2: This post focuses on NTLM authentication, […]

Read More

AWS Key Management Service Adds Support for Updating Key Aliases

In November 2014, AWS launched Key Management Service (KMS), a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data managed by AWS services and within your own applications. One of the features KMS offers is the key alias, an arbitrary string that can be […]

Read More

Test Your Roles’ Access Policies Using the AWS Identity and Access Management Policy Simulator

You can now use the AWS Identity and Access Management (IAM) policy simulator to test and validate your roles’ access control policies. The policy simulator is a tool to help you author and validate the policies that set permissions on your AWS resources. This tool provides a “playground” where you can iteratively author least privilege […]

Read More