AWS Security Blog

Category: Security, Identity, & Compliance

How to Use Service Control Policies in AWS Organizations

With AWS Organizations, you can centrally manage policies across multiple AWS accounts without having to use custom scripts and manual processes. For example, you can apply service control policies (SCPs) across multiple AWS accounts that are members of an organization. SCPs allow you to define which AWS service APIs can and cannot be executed by […]

Read More

Enable Federated API Access to your AWS Resources for up to 12 hours Using IAM Roles

Now, your applications and federated users can complete longer running workloads in a single session by increasing the maximum session duration up to 12 hours for an IAM role. Users and applications still retrieve temporary credentials by assuming roles using AWS Security Token Service (AWS STS), but these credentials can now be valid for up […]

Read More

How to Prepare for AWS’s Move to Its Own Certificate Authority

  Update from March 28, 2018: We updated the Amazon Trust Services table by replacing an out-of-date value with a new value. Transport Layer Security (TLS, formerly called Secure Sockets Layer [SSL]) is essential for encrypting information that is exchanged on the internet. For example, Amazon.com uses TLS for all traffic on its website, and […]

Read More

Newly released guide provides Australian public sector the ability to evaluate AWS at PROTECTED level

Australian public sector customers now have a clear roadmap to use our secure services for sensitive workloads at the PROTECTED level. For the first time, we’ve released our Information Security Registered Assessors Program (IRAP) PROTECTED documentation via AWS Artifact. This information provides the ability to plan, architect, and self-assess systems built in AWS under the […]

Read More

AWS and the Australian Notifiable Data Breaches Scheme

Recent amendments to the Australian Privacy Act 1988 (Privacy Act) established the Notifiable Data Breaches (NDB) scheme in Australia, which went into effect February 22, 2018. The NDB scheme aims to give affected individuals the opportunity to take steps to protect their personal information following a data breach that is likely to result in serious […]

Read More

All AWS Services GDPR ready

Today, I’m very pleased to announce that AWS services comply with the General Data Protection Regulation (GDPR). This means that, in addition to benefiting from all of the measures that AWS already takes to maintain services security, customers can deploy AWS services as a key part of their GDPR compliance plans. This announcement confirms we […]

Read More

AWS Achieves Spain’s ENS High Certification Across 29 Services

AWS has achieved Spain’s Esquema Nacional de Seguridad (ENS) High certification across 29 services. To successfully achieve the ENS High Standard, BDO España conducted an independent audit and attested that AWS meets confidentiality, integrity, and availability standards. This provides the assurance needed by Spanish Public Sector organizations wanting to build secure applications and services on […]

Read More

AWS Key Management Service now offers FIPS 140-2 validated cryptographic modules enabling easier adoption of the service for regulated workloads

AWS Key Management Service (KMS) now uses FIPS 140-2 validated hardware security modules (HSM) and supports FIPS 140-2 validated endpoints, which provide independent assurances about the confidentiality and integrity of your keys. Having additional third-party assurances about the keys you manage in AWS KMS can make it easier to use the service for regulated workloads. […]

Read More

How we reduce complexity and rapidly iterate on Amazon GuardDuty: twelve new detections added

We’re relentlessly innovating on your behalf at AWS, especially when it comes to security. Last November, we launched Amazon GuardDuty, a continuous security monitoring and threat detection service that incorporates threat intelligence, anomaly detection, and machine learning to help protect your AWS resources, including your AWS accounts. Many large customers, including General Electric, Autodesk, and […]

Read More

How to Delegate Administration of Your AWS Managed Microsoft AD Directory to Your On-Premises Active Directory Users

You can now enable your on-premises users administer your AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD. Using an Active Directory (AD) trust and the new AWS delegated AD security groups, you can grant administrative permissions to your on-premises users by managing group membership in your on-premises AD directory. […]

Read More