AWS Security Blog

Category: Security, Identity, & Compliance*

Analyzing OS-Related Security Events on EC2 with SplunkStorm

An important objective of analyzing OS-generated data is to detect, correlate, and report on potential security events. Several partner solutions available in AWS Marketplace provide this functionality, including Splunk.  Splunk is also used for many other use cases relevant to AWS, including devops, where developers and operations use Splunk to analyze logs for better performance and availability […]

Read More

Delegating API Access to AWS Services Using IAM Roles

Suppose you run a research lab and you dump a terabyte or so of data into Amazon DynamoDB for easy processing and analysis. Your colleagues at other labs and in the commercial sphere have become aware of your research and would like to reproduce your results and perform further analysis on their own. AWS supports this very important […]

Read More

AWS SDK Blog Posts About IAM Roles

The .NET Developers Blog recently published two easy-to-read posts about access key management for .NET applications. The first one goes through some of the background of access key management, as well as the use of IAM roles for EC2. The second post goes deeper into creating and using IAM users and groups instead of using root […]

Read More

Credentials Best Practices on the AWS Java Developers Blog

David Murray  published a great post about best practices for IAM credentials earlier today (December 9th).  He gives a high level description of IAM, followed by methods for using IAM roles for EC2.  To learn more go to the Java Developers Blog. – Ben

Read More

Amazon EC2 Resource-Level Permissions for RunInstances

Yesterday the EC2 team announced fine grained controls for managing RunInstances. This release enables you to set fine-grained controls over the AMIs, Snapshots, Subnets, and other resources that can be used when creating instances and the types of instances and volumes that users can create when using the RunInstances API. This is a major milestone […]

Read More

IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)

In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 folders. This week we’ll discuss another frequently asked-about topic: the distinction between IAM policies, S3 bucket policies, S3 ACLs, and when to use each. They’re all part of the AWS […]

Read More

New Whitepaper: AWS Cloud Security Best Practices

We have just published an updated version of our AWS Security Best Practices whitepaper. You wanted us to provide a holistic and familiar approach to managing the overall information security posture of the organization that’s based on periodic risk assessments when you deploy applications and assets on AWS. Specifically, you asked for: How security responsibilities […]

Read More

Introducing the AWS Compliance Forum

We’re happy to announce the launch of the AWS Compliance Forum – a unique community designed for AWS customers interested in achieving compliance while using AWS services. The AWS Compliance Forum was developed based on discussions with customers who wanted a community to connect with fellow AWS customers, interact with AWS compliance specialists, and access […]

Read More

Announcing New IAM Policy Simulator

Check out the new IAM policy simulator, a tool that enables you to test the effects of IAM access control policies before committing them into production, making it easier to verify and troubleshoot permissions. Learn more at the AWS Blog. – Kai

Read More

AWS CloudHSM Use Cases (Part One of the AWS CloudHSM Series)

Many of our readers have told us that they want to learn more about encryption and key management in AWS. CloudHSM is an AWS service that can establish an even greater trust in AWS from which encryption and key management applications can be anchored. If you’re not familiar with AWS CloudHSM, you can read more […]

Read More