AWS Security Blog

Category: Security, Identity, & Compliance

Don’t Forget to Enable Access to the Billing Console!

We’ve seen a question appear periodically on the IAM forum about granting IAM users access to the AWS Billing console. The question is this: even after an administrator sets appropriate permissions for an IAM user to access the console, the user can’t get to the console. Why not? Access to the console actually requires two […]

Read More

In Case You Missed Them: Some Recent Security Enhancements in AWS

With the steady cadence of updates and enhancements for AWS services, it can sometimes be easy to miss announcements about features that relate to security. Here are some recent security-related updates in AWS services that we’re excited about and that you might not have heard about. AWS Trusted Advisor inspects your AWS environment and finds […]

Read More

AWS GovCloud Earns DoD CSM Level 3-5 Provisional Authorization

I’m very excited to share that AWS has received the first ever U.S. Department of Defense (DoD) level 3-5 Provisional Authorization for the AWS GovCloud (US) region under the Defense Information Systems Agency’s (DISA) Cloud Security Model (CSM). AWS has been authorized for CSM levels 1-2 workloads for all US regions since March of this […]

Read More

AWS CloudTrail Now Logs AWS Management Console Sign-In Events

We’ve heard from many of you that you want greater visibility into when users sign in to the AWS Management Console. We are excited to announce that AWS CloudTrail now captures console sign-in events whenever an account owner, a federated user, or an IAM user signs into the console. For those of you who aren’t […]

Read More

New IAM Features: Enhanced Password Management and Credential Reports

The AWS IAM team recently released new credential lifecycle management features that enable AWS account administrators to define and enforce security best practices for IAM users. We’ve expanded IAM password policies to enable self-service password rotation, on top of existing options to enforce password complexity. Furthermore, you can download reports for better visibility into the […]

Read More

Enhanced IAM Capabilities for the AWS Billing Console

In this post, Graham Evans, a developer on the AWS Billing team, describes new security features that expand how you can secure access to billing information in your AWS account. My team—AWS Billing— recently released the new and improved Billing and Cost Management Console.  We’re now happy to introduce an improvement to the access and […]

Read More

Want Help with Securing Your AWS Account? Here Are Some Resources

Some customers have asked how they should be using AWS Identity and Access Management (IAM) to help limit their exposure to problems like those that have recently been in the news. In general, AWS recommends that you enable multi-factor authentication (MFA) for your AWS account and for IAM users who are allowed to perform sensitive […]

Read More

Federating Identity Management at Netflix with OneLogin

As one of our most active customers, Netflix has hundreds of administrators who need access to AWS daily. Therefore, by eliminating their need to use AWS credentials via identity federation, they saved time, money, and administrative effort almost immediately. They were able to use SAML and OneLogin, their existing identity management provider, to federate users […]

Read More