AWS Security Blog

Category: Security, Identity, & Compliance

How to visualize IAM Access Analyzer policy validation findings with QuickSight

In this blog post, we show you how to create an Amazon QuickSight dashboard to visualize the policy validation findings from AWS Identity and Access Management (IAM) Access Analyzer. You can use this dashboard to better understand your policies and how to achieve least privilege by periodically validating your IAM roles against IAM best practices. […]

Updated ebook: Protecting your AWS environment from ransomware

Amazon Web Services is excited to announce that we’ve updated the AWS ebook, Protecting your AWS environment from ransomware. The new ebook includes the top 10 best practices for ransomware protection and covers new services and features that have been released since the original published date in April 2020. We know that customers care about […]

AWS Secrets Manager logo

Improve security of Amazon RDS master database credentials using AWS Secrets Manager

Amazon Relational Database Service (Amazon RDS) makes it simpler to set up, operate, and scale a relational database in the AWS Cloud. AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets. Amazon RDS now offers integration with Secrets Manager to manage master database credentials. You no longer have to manage master database credentials, such as […]

The anatomy of ransomware event targeting data residing in Amazon S3

Ransomware events have significantly increased over the past several years and captured worldwide attention. Traditional ransomware events affect mostly infrastructure resources like servers, databases, and connected file systems. However, there are also non-traditional events that you may not be as familiar with, such as ransomware events that target data stored in Amazon Simple Storage Service […]

AWS IAM Identity Center

Define a custom session duration and terminate active sessions in IAM Identity Center

September 12, 2023: This post has been updated to reflect the increased maximum session duration limit from 7 days to 90 days in IAM Identity Center. Managing access to accounts and applications requires a balance between delivering simple, convenient access and managing the risks associated with active user sessions. Based on your organization’s needs, you […]

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

Secrets managers are a great tool to securely store your secrets and provide access to secret material to a set of individuals, applications, or systems that you trust. Across your environments, you might have multiple secrets managers hosted on different providers, which can increase the complexity of maintaining a consistent operating model for your secrets. […]

Reduce risk by implementing HttpOnly cookie authentication in Amazon API Gateway

September 8, 2023: It’s important to know that if you activate user sign-up in your user pool, anyone on the internet can sign up for an account and sign in to your apps. Don’t enable self-registration in your user pool unless you want to open your app to allow users to sign up. Some web […]

AWS achieves ISO 20000-1:2018 certification for 109 services

We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that AWS Regions and AWS Edge locations are now certified by the International Organization for Standardization (ISO) 20000-1:2018 standard. This certification demonstrates our continuous commitment to adhere to the heightened expectations for cloud service providers. […]

Visualize AWS WAF logs with an Amazon CloudWatch dashboard

AWS WAF is a web application firewall service that helps you protect your applications from common exploits that could affect your application’s availability and your security posture. One of the most useful ways to detect and respond to malicious web activity is to collect and analyze AWS WAF logs. You can perform this task conveniently […]

Figure 1: Architecture diagram

How to run AWS CloudHSM workloads in container environments

January 25, 2023: We updated this post to reflect the fact that CloudHSM SDK3 does not support serverless environments and we strongly recommend deploying SDK5. AWS CloudHSM provides hardware security modules (HSMs) in the AWS Cloud. With CloudHSM, you can generate and use your own encryption keys in the AWS Cloud, and manage your keys […]