AWS Security Blog

Category: Security, Identity, & Compliance

AWS achieves FedRAMP JAB High and Moderate provisional authorization across nine additional services in AWS US Regions

We are pleased to announce that Amazon Web Services (AWS) has achieved FedRAMP JAB authorization on an additional nine AWS services. These services provide capabilities that enable your organization to: Assemble and deploy serverless architectures in powerful new ways using AWS Serverless Application Repository Simplify application delivery and complete workload migration to the cloud using […]

Over 150 AWS services now have a security chapter

We’re happy to share an update on the service documentation initiative that we first told you about on the AWS Security Blog in June, 2019. We’re excited to announce that over 150 services now have dedicated security chapters available in the AWS security documentation. In case you aren’t familiar with the security chapters, they were […]

Logical separation: Moving beyond physical isolation in the cloud computing era

We’re sharing an update to the Logical Separation on AWS: Moving Beyond Physical Isolation in the Era of Cloud Computing whitepaper to help customers benefit from the security and innovation benefits of logical separation in the cloud. This paper discusses using a multi-pronged approach—leveraging identity management, network security, serverless and containers services, host and instance […]

Customer update: AWS and the EU-US Privacy Shield

Recently, the Court of Justice of the European Union (CJEU) issued a ruling regarding the EU-US Privacy Shield and Standard Contractual Clauses (SCCs), also known as model clauses. The CJEU ruled that the EU-US Privacy Shield is no longer valid for the transfer of personal data from the European Union (EU) to the United States […]

How to use AWS Organizations to simplify security at enormous scale

AWS Organizations provides central governance and management across AWS accounts. In this post, we explain how AWS Organizations can make the lives of your Information Security engineers easier, based on our experience in the Information Security team at Amazon. The service control policies (SCPs) feature in AWS Organizations offers you central control over permissions for […]

Using ACM Private Certificate Authority in a multi-account environment by using IAM roles

In this post, we show you how you can use AWS Certificate Manager (ACM) Private Certificate Authority (CA) to request or issue private certificates across a multi-account environment by using IAM roles. This solution allows you to centralize your ACM Private CA inside your AWS Organization, which reduces the complexity and the cost of having […]

How to lower costs by automatically deleting and recreating HSMs

You can use AWS CloudHSM to help manage your encryption keys on FIPS 140-2 Level 3 validated hardware security modules (HSMs). AWS recommends running a high-availability production architecture with at least two CloudHSM HSMs in different Availability Zones. Although many workloads must be available 24/7, quality assurance or development environments typically do not have this […]

How to use AWS Certificate Manager with AWS CloudFormation

Last month, Amazon Web Services (AWS) introduced the ability to automate issuing and validating public and private certificates using AWS CloudFormation. To make this easier, AWS has introduced three new features that let you: Automate the steps to validate your domain with DNS validation and issue your public certificate. Use AWS CloudFormation templates to issue […]

Learn and use 13 AWS security tools to implement SEC recommended protection of stored customer data in the cloud

Most businesses collect, process, and store sensitive customer data that needs to be secured to earn customer trust and protect customers against abuses. Regulated businesses must prove they meet guidelines established by regulatory bodies. As an example, in the capital markets, broker-dealers and investment advisors must demonstrate they address the guidelines proposed by the Office […]

OSPAR 2020 report now available with 105 services in scope

We are excited to announce the addition of 41 new services in the scope of our latest Outsourced Service Provider Audit Report (OSPAR) audit cycle, for a total of 105 services in the Asia Pacific (Singapore) Region. The newly added services include: AWS Security Hub, which gives you a comprehensive view of high-priority security alerts […]