AWS Security Blog

Category: Security, Identity, & Compliance

Spring SOC Report Now Available—Amazon WorkMail Now in Scope

Today, I’m pleased to announce that we have completed our semiannual AWS Service Organization Control (SOC) assessments and the reports are available to NDA customers now. The AWS SOC program is an intense, period-in-time audit performed every six months. We have been releasing AWS services SOC Reports (or their SAS 70 predecessors) regularly since 2009, […]

Read More

In Case You Missed These: AWS Security Blog Posts from March and April

In case you missed any of the AWS Security Blog posts from March and April, they are summarized and linked to below. The posts are shown in reverse chronological order (most recent first), and the subject matter ranges from the AWS Config Rules repository to automatically updating AWS WAF IP blacklists. April April 28, AWS […]

Read More

How to Control Access to Your Amazon Elasticsearch Service Domain

With the recent release of Amazon Elasticsearch Service (Amazon ES), you now can build applications without setting up and maintaining your own search cluster on Amazon EC2. One of the key benefits of using Amazon ES is that you can leverage AWS Identity and Access Management (IAM) to grant or deny access to your search […]

Read More

How to Import IP Address Reputation Lists to Automatically Update AWS WAF IP Blacklists

Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   You can use AWS WAF (a web application firewall) to help protect your web applications from exploits that originate from groups of IP addresses that are known […]

Read More

How to Prevent Hotlinking by Using AWS WAF, Amazon CloudFront, and Referer Checking

At some point, you might have to deal with hotlinking: when third parties embed in their websites the content they find on your websites. The third-party website does not incur the cost of hosting the content, which means your website can end up paying for the content other sites use. Now, you can use AWS […]

Read More

Now Generally Available: Amazon Inspector

Yesterday, AWS announced that Amazon Inspector, an automated security assessment service, is now available to all customers. Inspector helps you improve the security and compliance of your applications running on Amazon Elastic Compute Cloud (Amazon EC2) by identifying potential security issues, vulnerabilities, or deviations from security standards. You pay only for the assessments you run, with […]

Read More