Category: Security, Identity, & Compliance

To celebrate 10 years of AWS, qwikLABS is offering 95 free online labs through the end of March 2016. Here are some of the labs related to security and compliance that you can take for free while the offer is live: Introduction to AWS Identity and Access Management (IAM) Introduction to AWS Key Management Service Performing […]

Microsoft Active Directory Federation Services (AD FS) is a common identity provider that many AWS customers use to give federated users access to the AWS Management Console. AD FS uses multiple certificates to ensure secure communication between servers and to act as authentication mechanisms. One such mechanism is called the token-signing certificate. When the token-signing certificate expires, […]

Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   Some Internet operations trust that clients are “well behaved.” As an operator of a publicly accessible web application, for example, you have to trust that the clients […]

Back in September, I wrote about How to Help Lock Down a User’s Amazon EC2 Capabilities to a Single VPC. In that blog post, I highlighted what I have found to be an effective approach to the virtual private cloud (VPC) lockdown scenario. Since that time, I have worked on making the related information easier […]

Today, we’re happy to release the AWS Config Rules repository, a community-based source of custom AWS Config Rules. This new repository gives you a streamlined way to automate your assessment and compliance against best practices for security of AWS resources. AWS Config Rules is a service that provides automated, periodic security and compliance checking of […]

In case you missed any of the AWS Security Blog posts from January and February, they are summarized and linked to below. The posts are shown in reverse chronological order (most recent first), and the subject matter ranges from using AWS WAF to automating HIPAA compliance. February February 29, AWS Compliance Announcement: Announcing Industry Best Practices […]

Today, we are happy to announce that the Center for Internet Security (CIS) has published the CIS AWS Foundations Benchmark, a set of security configuration best practices for AWS. These industry-accepted best practices go beyond the high-level security guidance already available, providing AWS users with clear, step-by-step implementation and assessment procedures. This is the first […]

Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   Internet-facing web applications are frequently scanned and probed by various sources, sometimes for good and other times to identify weaknesses. It takes some sleuthing to determine the […]

In my previous posts in this series, I explained how to get started with the DevSecOps environment for HIPAA that is depicted in the following architecture diagram. In my second post in this series, I gave you guidance about how to set up AWS Service Catalog (#4 in the following diagram) to allow developers a […]

Update: The video and slides from the webinar are now available. As part of the AWS Webinar Series, AWS will present Using AWS WAF and Lambda for Automatic Protection on Wednesday, March 2. This webinar will start at 10:00 A.M. and end at 11:00 A.M. Pacific Time (UTC-8). AWS WAF Software Development Manager Nathan Dye […]