AWS Security Blog
Category: Security, Identity, & Compliance
AWS Security Profiles: Nihar Bihani, Senior Manager; Jeff Lyon, Systems Development Manager
In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current role? […]
Read More
How to automate replication of secrets in AWS Secrets Manager across AWS Regions
March 4, 2021: AWS Secrets Manager has launched a new feature to help you easily replicate secrets across AWS Regions. To learn more, see How to replicate secrets in AWS Secrets Manager to multiple Regions. August 2, 2019: We updated the policy based on customer feedback. May 28, 2019: To correct a small bug, we’ve […]
Read More
Fall 2018 SOC reports now available with 73 services in scope
Seventy-three. That’s the number of AWS services now available to our customers under our System and Organizational Controls (SOC) 1, 2, and 3 audits, with 11 additional services included during this most recent audit cycle. The SOC reports are now available to you on demand in the AWS Management Console. The SOC 3 report can […]
Read More
AWS Security Profiles: Chad Woolf, VP of AWS Security
In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current role? […]
Read More
How to manage security governance using DevOps methodologies
I’ve conducted more security audits and reviews than I can comfortably count, and I’ve found that these reviews can be surprisingly open to interpretation (as much as they try not to be). Many companies use spreadsheets to explain and limit business risks, with an annual review to confirm the continued suitability of their controls. However, […]
Read More
Simplify granting access to your AWS resources by using tags on AWS IAM users and roles
Recently, AWS enabled tags on IAM principals (users and roles). The main benefit of this new feature is that you’ll be able to author a single policy to grant access to individual resources and you’ll no longer need to update your policies for each new resource that you add. In other words, you can now […]
Read More
AWS Security Profiles: Sam Elmalak, Enterprise Solutions Architect
In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current role? […]
Read More
Use AWS Secrets Manager client-side caching libraries to improve the availability and latency of using your secrets
At AWS, we offer features that make it easier for you to follow the AWS Identity and Access Management (IAM) best practice of using short-term credentials. For example, you can use an IAM role that rotates and distributes short-term AWS credentials to your applications automatically. Similarly, you can configure AWS Secrets Manager to rotate a […]
Read More
AWS Security Profiles: Adrian Cockcroft, VP of Cloud Architecture Strategy
In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current role? […]
Read More
AWS Security Profiles: Misty Haddox, AWS Customer Audit Manager
In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current role? […]
Read More