AWS Security Blog

Category: Security, Identity, & Compliance*

A New Way to Encrypt Your Data and Manage Encryption Keys Using AWS Key Management Service

Today, we’re excited to announce AWS Key Management Service (KMS) a new service that gives you control and visibility over the encryption keys that protect your data, with strong security and audit controls. AWS KMS is integrated with other AWS services including Amazon EBS, Amazon S3, and Amazon Redshift to simplify encryption of your data within those […]

Read More

Benefits of a Key Hierarchy with a Master Key (Part Two of the AWS CloudHSM Series)

Previously, Todd Cignetti, AWS Security Product Manager, wrote a post that covered some typical use cases for AWS CloudHSM, a service that helps you securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you. In this post, Todd continues the series on AWS CloudHSM with […]

Read More

Back to School: Understanding the IAM Policy Grammar

Have you ever had to create access policies for users, groups, roles, or resources and wished you could learn more about the policy language? If so, you’ve come to the right place. In this blog, I’ll describe the attributes and structure of the Identity and Access Management (IAM) policy language. I’ll also include examples that […]

Read More

New in the IAM Console: An At-a-Glance View of Last AWS Sign-In

Have you ever needed to quickly look up the last time one of your users signed in to your AWS account? Or have you been following security best practices and want verify that no one in your organization has been signing in using the AWS root account? If you use AWS CloudTrail, the information is […]

Read More

Easier Role Selection for SAML-Based Single Sign-On

At the end of 2013, we introduced single sign-on to the AWS Management Console using the Security Assertion Markup Language (SAML) 2.0. This enables you to use your organization’s existing identity system to sign in to the console without having to provide AWS credentials. Today we’re happy to announce that, in response to your feedback, […]

Read More

Upcoming Security Sessions at re:Invent 2014

AWS re:Invent is only one month away! Several members of the AWS Security and AWS Identity and Access Management (IAM) teams will be presenting on security topics and answering your questions in the AWS Security Booth. We have 21 sessions covering security this year. In this blog post, I want to highlight six essential sessions […]

Read More

Don’t Forget to Enable Access to the Billing Console!

We’ve seen a question appear periodically on the IAM forum about granting IAM users access to the AWS Billing console. The question is this: even after an administrator sets appropriate permissions for an IAM user to access the console, the user can’t get to the console. Why not? Access to the console actually requires two […]

Read More

In Case You Missed Them: Some Recent Security Enhancements in AWS

With the steady cadence of updates and enhancements for AWS services, it can sometimes be easy to miss announcements about features that relate to security. Here are some recent security-related updates in AWS services that we’re excited about and that you might not have heard about. AWS Trusted Advisor inspects your AWS environment and finds […]

Read More

AWS GovCloud Earns DoD CSM Level 3-5 Provisional Authorization

I’m very excited to share that AWS has received the first ever U.S. Department of Defense (DoD) level 3-5 Provisional Authorization for the AWS GovCloud (US) region under the Defense Information Systems Agency’s (DISA) Cloud Security Model (CSM). AWS has been authorized for CSM levels 1-2 workloads for all US regions since March of this […]

Read More

Introducing the Redesigned IAM Console

We are excited to announce the redesigned IAM console, now with a streamlined look and feel that makes it even easier to manage your IAM settings. We’ve made it more convenient to manage large resource lists (for example, hundreds of users, groups, or roles), eliminated tab switching, and optimized the console to offer a better […]

Read More