AWS Security Blog
Category: Security, Identity, & Compliance
How to add DNS filtering to your NAT instance with Squid
September 23, 2020: The squid configuration file in this blog post and associated YAML template have been updated. September 4, 2019: We’ve updated this blog post, initially published on January 26, 2016. Major changes include: support of Amazon Linux 2, no longer having to compile Squid 3.5, and a high availability version of the solution […]
Read MoreImproving security as part of accelerated data center migrations
Approached correctly, cloud migrations are a great opportunity to improve the security and stability of your applications. Many organizations are looking for guidance on how to meet their security requirements while moving at the speed that the cloud enables. They often try to configure everything perfectly in the data center before they migrate their first […]
Read MoreOn-Demand SCIM provisioning of Azure AD to AWS SSO with PowerShell
February 14, 2022: We updated this post to include a link to an updated version of this solution in the Prerequisites section. July 6, 2021: We updated this post to remove the user requirement to trigger the API endpoint because authentication is performed by application permissions. January 8, 2021: We updated this post to reflect […]
Read MoreAutomatically updating AWS WAF Rule in real time using Amazon EventBridge
December 4, 2020: This post has been updated to include links to the CloudFormation templates used in the solution. In this post, I demonstrate a method for collecting and sharing threat intelligence between Amazon Web Services (AWS) accounts by using AWS WAF, Amazon Kinesis Data Analytics, and Amazon EventBridge. AWS WAF helps protect against common […]
Read MoreGet ready for upcoming changes in the AWS Single Sign-On user sign-in process
October 21, 2020: This post has been updated to reflect the change in date for updates to AWS SSO sign-in process from early October to early November. To improve security, enhance user experience, and address compatibility with future AWS Identity changes, AWS Single Sign-On (SSO) is making changes to the sign-in process that will affect […]
Read MoreHow Security Operation Centers can use Amazon GuardDuty to detect malicious behavior
The Security Operations Center (SOC) has a tough job. As customers modernize and shift to cloud architectures, the ability to monitor, detect, and respond to risks poses different challenges. In this post we address how Amazon GuardDuty can address some common concerns of the SOC regarding the number of security tools and the overhead to […]
Read MoreRole-based access control using Amazon Cognito and an external identity provider
Amazon Cognito simplifies the development process by helping you manage identities for your customer-facing applications. As your application grows, some of your enterprise customers may ask you to integrate with their own Identity Provider (IdP) so that their users can sign-on to your app using their company’s identity, and have role-based access-control (RBAC) based on […]
Read MoreIntegrating AWS CloudFormation security tests with AWS Security Hub and AWS CodeBuild reports
The concept of infrastructure as code, by using pipelines for continuous integration and delivery, is fundamental for the development of cloud infrastructure. Including code quality and vulnerability scans in the pipeline is essential for the security of this infrastructure as code. In one of our previous posts, How to build a CI/CD pipeline for container […]
Read MoreHow to configure an LDAPS endpoint for Simple AD
In this blog post, we show you how to configure an LDAPS (LDAP over SSL or TLS) encrypted endpoint for Simple AD so that you can extend Simple AD over untrusted networks. Our solution uses Network Load Balancer (NLB) as SSL/TLS termination. The data is then decrypted and sent to Simple AD. Network Load Balancer […]
Read MoreIntroducing the AWS Best Practices for Security, Identity, & Compliance Webpage and Customer Polling Feature
The AWS Security team has made it easier for you to find information and guidance on best practices for your cloud architecture. We’re pleased to share the Best Practices for Security, Identity, & Compliance webpage of the new AWS Architecture Center. Here you’ll find top recommendations for security design principles, workshops, and educational materials, and […]
Read More