AWS Security Blog

Category: Security, Identity, & Compliance

How to use service control policies to set permission guardrails across accounts in your AWS Organization

AWS Organizations provides central governance and management for multiple accounts. Central security administrators use service control policies (SCPs) with AWS Organizations to establish controls that all IAM principals (users and roles) adhere to. Now, you can use SCPs to set permission guardrails with the fine-grained control supported in the AWS Identity and Access Management (IAM) […]

Read More

AWS Security Profiles: Nathan Case, Senior Security Specialist, Solutions Architect

Leading up to the AWS Santa Clara Summit, we’re sharing our conversation with Nathan Case, who will be presenting at the event, so you can learn more about him and some of the interesting work that he’s doing. How long have you been at AWS, and what do you do in your current role? I’ve […]

Read More

How to rotate Amazon DocumentDB and Amazon Redshift credentials in AWS Secrets Manager

November 1, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. Using temporary credentials is an AWS Identity and Access Management (IAM) best practice. Even Dilbert […]

Read More

Registration for AWS re:Inforce 2019 now open!

In late November, I announced AWS re:Inforce, a standalone conference where we will deep dive into the latest approaches to security, identity, and risk management utilizing AWS services, features, and tools. Now, after months of planning, the time has arrived to open registration! Ticket sales begin on March 12th at 10:00am PDT, and you can […]

Read More

How to visualize Amazon GuardDuty findings: serverless edition

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. July 20, 2020:This post has been updated to reflect the new Amazon GuardDuty support for exporting findings to an S3 bucket. July 12, 2019: Due to a feature name change, we’ve updated some examples throughout the post. Note: This blog […]

Read More

Guidelines for protecting your AWS account while using programmatic access

One of the most important things you can do as a customer to ensure the security of your resources is to maintain careful control over who has access to them. This is especially true if any of your AWS users have programmatic access. Programmatic access allows you to invoke actions on your AWS resources either […]

Read More

AWS achieves HDS certification

Update on March 13, 2019: The AWS Region in Paris is now certified. At AWS, the security, privacy, and protection of customer data always comes first, which is why I am pleased to share the news that AWS has achieved “Hébergeur de Données de Santé” (HDS) certification. With HDS certification, customers and partners who host […]

Read More

How to enable secure access to Kibana using AWS Single Sign-On

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Note from March 18, 2020: The Amazon ES domain no longer has to match the Amazon Cognito domain name, and we’ve updated this blog to reflect that change. Note from August 22, 2019: Thanks to a customer providing feedback, we fixed […]

Read More

How to eliminate EC2 keypairs from password retrieval of provisioned Windows instances using Secrets Manager and CloudFormation

Update on April 26, 2019: We’ve adjusted a sentence to clarify that the scope of this post does not include automatic password rotation. In my previous post, I showed you how you can increase the durability of your applications and prepare for disaster recovery by using AWS Secrets Manager to replicate your secrets across AWS […]

Read More