Category: Security, Identity, & Compliance

If you’ve worked with AWS Identity and Access Management (IAM) policies, you know that they’re expressed as JSON documents. For example, here’s a policy that grants permission to perform some actions in our Amazon Glacier storage service: { “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “glacier:ListVaults”, “glacier:DescribeVault”, “glacier:GetVaultNotifications” ], “Effect”: “Allow”, “Resource”: “*” } ] } […]

Many of you have asked how to construct an AWS Identity and Access Management (IAM) policy with folder-level permissions for Amazon S3 buckets. This week’s guest blogger Elliot Yamaguchi, Technical Writer on the IAM team, will explain the basics of writing that type of policy. To show you how to create a policy with folder-level […]

In part I of our series on multi-factor authentication (MFA), we mentioned that the next topic would be securing access to AWS APIs with MFA. This week’s guest blogger Kai Zhao, Product Manager on our AWS Identity and Access Management (IAM) team, will give a brief overview of AWS MFA-protected API access. Introduction MFA-protected API […]

Log into Facebook or Google, then access AWS resources? Impossible (well, perhaps difficult…) you say – until now. On 5/28 the AWS Identity and Access Management (IAM) team launched web identity federation. This new feature expands existing AWS identity federation capabilities to include support for public identity providers such as Facebook, Google, or the newly […]

Thinking about building a secure delegation solution to grant temporary access to your AWS account?  This week’s guest blogger Kai Zhao, Product Manager on our AWS Identity and Access Management (IAM) team, will discuss some considerations when deciding on an approach: Introduction Using temporary security credentials (“sessions”) enables you to securely delegate access to your AWS environment […]

I’m very excited to share that AWS is now a FedRAMP-compliant cloud service provider. See the Amazon press release. This is game-changing news for our U.S. government customers and systems integrators and other companies that provide products and services to the U.S. government because: It provides agencies a standardized approach to security assessment, authorization, and […]

AWS is pleased to announce the immediate availability of the AWS Service Organization Control (SOC) 3 report, which you can freely distribute. This report on AWS security practices enables you and your stakeholders to validate that AWS has obtained independent auditor assurance, which attests to our alignment with the American Institute of Certified Public Accountants […]

In this post, we’ll address a common question about how to write an AWS Identity and Access Management (IAM) policy to grant read-write access to an Amazon S3 bucket.  Doing so helps you control who can access your data stored in Amazon S3. You can grant either programmatic access or AWS Management Console access to […]

In this series of blog posts, we’ll walk through different ways to keep your AWS resources secure using AWS Multi-Factor Authentication (MFA). As a best practice, we strongly recommend that you secure access to your account with AWS MFA.  It’s a simple way to add an extra layer of protection on top of your username […]

This blog will feature information for customers interested in AWS security and compliance.  You’ll see content from many AWS team members covering a range of topics, including: Security best practices for AWS services, including Amazon EC2, Amazon S3, AWS IAM, and others How-to guides Compliance milestones Customer and partner stories And more! To get future […]