AWS Security Blog

Category: Security, Identity, & Compliance*

A Primer on RDS Resource-Level Permissions

Previously, we blogged about how to use resource-level permissions for Amazon EC2 to control access to specific EC2 instances.  Resource-level permissions can now also be applied to Amazon Relational Database Service (Amazon RDS).  This week’s guest blogger, Chris Checkwitch, Software Development Manager on the RDS team, will explain how to tackle the commonly requested use case of controlling access to […]

Read More

Jeff Barr Talks with Symplified About Identity Federation and SSO

Jeff Barr, AWS’s chief evangelist, recently did an AWS Report interview with Symplified’s CTO and co-founder Darren Plat covering identity federation and single sign-on to cloud-based apps.  The interview goes into depth about the need for identity federation services in the cloud and how Symplified implemented their offering for AWS services. You can watch the […]

Read More

Where’s My Secret Access Key?

In this blog post, I’ll discuss what you should do in case you’ve lost your secret access key or need a new one. This post assumes that you are familiar with what access keys are. If you aren’t, see the AWS documentation about security credentials for a brief summary. Our security policy on secret access keys Secret […]

Read More

2013 PCI Compliance Package Available Now

We’re happy to announce the availability of the 2013 PCI Compliance Package. Along with the AWS PCI Attestation of Compliance, this package includes our independent assessor’s revised and expanded PCI Customer Responsibility Matrix, which describes the customer and AWS shared responsibility for each of the 200+ PCI Data Security Standard controls. This document will help […]

Read More

New Playground App to Explore Web Identity Federation with Amazon, Facebook, and Google

In May 2013, we announced support for federation using identities Amazon, Facebook, and Google (a.k.a. web identity federation), which allows your apps to authenticate users via Amazon, Facebook, or Google and then access AWS resources managed under your account. To help you understand how web identity federation works, today we’re releasing the Web Identity Federation […]

Read More

Improve the Security of Your AWS Account in Less Than 5 Minutes

If you’re a frequent reader of this blog, you probably know that AWS recommends as a security best practice that you set up one or more AWS Identity and Access Management (IAM) users for interaction with AWS services, rather than use your root account. Why? The credentials for your AWS root account provide full access […]

Read More

Controlling Network Access to EC2 Instances Using a Bastion Server

As the number of EC2 instances in your AWS environment grows, so too does the number of administrative access points to those instances. Depending on where your administrators connect to your instances from, you may consider enforcing stronger network-based access controls. A best practice in this area is to use a bastion. A bastion is […]

Read More

Securing Access to AWS Using MFA – Part 3

In Part 1 (configuring MFA for sign-in) and Part 2 (MFA-protected API access) of this series, we discussed various ways in which AWS Multi-Factor Authentication (MFA) can improve the security of your account.  This week’s topic will be a brief overview of how you can use MFA in conjunction with Amazon S3 Versioning. What is […]

Read More

Resource-Level Permissions for EC2–Controlling Management Access on Specific Instances

Note: As of March 28, 2017,  Amazon EC2 supports tagging on creation, enforced tag usage, AWS Identity and Access Management (IAM) resource-level permissions, and enforced volume encryption. See New – Tag EC2 Instances & EBS Volumes on Creation on the AWS Blog for more information. We are happy to announce that we launched resource-level permissions […]

Read More

Looking for Feedback from Our Readers

Dear readers, We hope you’ve found our posts over the past couple of months both informative and useful. While we’ve posted a variety of topics to appeal to a broad audience, we’d like to hear directly from you about what we could do better. What additional topics would you like us to write about related […]

Read More