AWS Security Blog

Category: Security, Identity, & Compliance

AWS Directory Service logo

Now Available: Simplified Configuration of Trust Relationships in the AWS Directory Service Console

Today, we made it easier for you to configure trust relationships between AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also referred to as Microsoft AD, and your on-premises Microsoft Active Directory. Establishing trust relationships requires conditional forwarders, which resolve Domain Name System (DNS) queries between the domain names of trusting directories. Now, by […]

Read More

Frequently Asked Questions About Compliance in the AWS Cloud

May 22, 2019 update: We’ve removed a reference to the IT-Grundschutz Certification Workbook. AWS now recommends that customers refer to the Cloud Computing Compliance Controls Catalog (C5) instead. Learn more about C5 here: https://aws.amazon.com/compliance/bsi-c5/ Every month, AWS Compliance fields thousands of questions about how to achieve and maintain compliance in the cloud. Among other things, […]

Read More

How to Detect and Automatically Revoke Unintended IAM Access with Amazon CloudWatch Events

Update on October 24, 2018: Note that if you do not author the Lambda function correctly, this setup can create an infinite loop (in this case, a rule that is fired repeatedly, which can impact your AWS resources and cause higher than expected charges to your account). The example Lambda function I provide in Step […]

Read More

How to Easily Identify Your Federated Users by Using AWS CloudTrail

Starting today, you can use AWS CloudTrail to track the activity of your federated users (web identity federation and Security Assertion Markup Language [SAML]). For example, you can now use CloudTrail to identify a SAML federated user who terminated an Amazon EC2 instance in your AWS account, or to identify a mobile application user who […]

Read More

Register for and Attend This March 30 Webinar—Best Practices for Managing Security Operations in AWS

Update: The video and slides from the webinar are now available. As part of the AWS Webinar Series, AWS will present Best Practices for Managing Security Operations in AWS on Wednesday, March 30. This webinar will start at 10:30 A.M. and end at 11:30 A.M. Pacific Time (UTC-7). AWS Security Solutions Architect Henrik Johansson will share […]

Read More

How to Use the New AWS Encryption SDK to Simplify Data Encryption and Improve Application Availability

The AWS Cryptography team is happy to announce the AWS Encryption SDK. This new SDK makes encryption easier for developers while minimizing errors that could lessen the security of your applications. The new SDK does not require you to be an AWS customer, but it does include ready-to-use examples for AWS customers. Developers using encryption […]

Read More

How to Set Up Uninterrupted, Federated User Access to AWS Using AD FS

Microsoft Active Directory Federation Services (AD FS) is a common identity provider that many AWS customers use to give federated users access to the AWS Management Console. AD FS uses multiple certificates to ensure secure communication between servers and to act as authentication mechanisms. One such mechanism is called the token-signing certificate. When the token-signing certificate expires, […]

Read More

How to Reduce Security Threats and Operating Costs Using AWS WAF and Amazon CloudFront

Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   Some Internet operations trust that clients are “well behaved.” As an operator of a publicly accessible web application, for example, you have to trust that the clients […]

Read More

How to Automate Restricting Access to a VPC by Using AWS IAM and AWS CloudFormation

Back in September, I wrote about How to Help Lock Down a User’s Amazon EC2 Capabilities to a Single VPC. In that blog post, I highlighted what I have found to be an effective approach to the virtual private cloud (VPC) lockdown scenario. Since that time, I have worked on making the related information easier […]

Read More