Category: Security, Identity, & Compliance

<Repost from AWS Blog, here in its entirety> One of the most powerful features of AWS Identity and Access Management (IAM) is its ability to issue temporary security credentials and grant controlled access to people in a network without having to define individual identities for each user (i.e., identity federation). This enables customers to extend their existing authentication […]

Last week’s blog post explained how to distribute AWS credentials to EC2 instances using IAM roles.  Will Kruse, Security Engineer on the AWS Identity and Access Management (IAM) team, is back again this week to discuss how roles can also be used to distribute arbitrary secrets to EC2 instances. As we discussed last week, Amazon EC2 Roles for Instances […]

If you have applications running on EC2 that also access other AWS services like Amazon S3 or Amazon DynamoDB, then these applications require credentials out on the EC2 instance.  You can hard-code AWS access keys into your application, but you’re faced with the added responsibility of distributing them to the instance securely and then the […]

** Update:  the Google Autenticator application for iOS has been updated and now available from Apple’s App Store.  It no longer has an issue of potentially losing existing AWS MFA tokens as reported in this post. Do you use Google Authenticator for iOS for AWS MFA? If so, then read this! If you use Google […]

Previously, we blogged about how to use resource-level permissions for Amazon EC2 to control access to specific EC2 instances.  Resource-level permissions can now also be applied to Amazon Relational Database Service (Amazon RDS).  This week’s guest blogger, Chris Checkwitch, Software Development Manager on the RDS team, will explain how to tackle the commonly requested use case of controlling access to […]

Jeff Barr, AWS’s chief evangelist, recently did an AWS Report interview with Symplified’s CTO and co-founder Darren Plat covering identity federation and single sign-on to cloud-based apps.  The interview goes into depth about the need for identity federation services in the cloud and how Symplified implemented their offering for AWS services. You can watch the […]

In this blog post, I’ll discuss what you should do in case you’ve lost your secret access key or need a new one. This post assumes that you are familiar with what access keys are. If you aren’t, see the AWS documentation about security credentials for a brief summary. Our security policy on secret access keys Secret […]

We’re happy to announce the availability of the 2013 PCI Compliance Package. Along with the AWS PCI Attestation of Compliance, this package includes our independent assessor’s revised and expanded PCI Customer Responsibility Matrix, which describes the customer and AWS shared responsibility for each of the 200+ PCI Data Security Standard controls. This document will help […]

In May 2013, we announced support for federation using identities Amazon, Facebook, and Google (a.k.a. web identity federation), which allows your apps to authenticate users via Amazon, Facebook, or Google and then access AWS resources managed under your account. To help you understand how web identity federation works, today we’re releasing the Web Identity Federation […]

If you’re a frequent reader of this blog, you probably know that AWS recommends as a security best practice that you set up one or more AWS Identity and Access Management (IAM) users for interaction with AWS services, rather than use your root account. Why? The credentials for your AWS root account provide full access […]