AWS Security Blog
Category: Security, Identity, & Compliance
How to create auto-suppression rules in AWS Security Hub
January 29, 2024: This post is out of date. Please see this post for the best, updated info. July 13, 2021: We’ve updated this post to clarify how SecurityHub and EventBridge rules exchange data between management and member accounts. AWS Security Hub gives you a comprehensive view of your security alerts and security posture across […]
Configure SAML single sign-on for Kibana with AD FS on Amazon Elasticsearch Service
September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. It’s a common use case for customers to integrate identity providers (IdPs) with Amazon Elasticsearch Service (Amazon ES) to achieve single sign-on (SSO) with Kibana. This integration makes it possible for users to leverage their existing identity credentials and offers […]
Automate resolution for IAM Access Analyzer cross-account access findings on IAM roles
In this blog post, we show you how to automatically resolve AWS Identity and Access Management (IAM) Access Analyzer findings generated in response to unintended cross-account access for IAM roles. The solution automates the resolution by responding to the Amazon EventBridge event generated by IAM Access Analyzer for each active finding. You can use identity-based […]
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
Build an end-to-end attribute-based access control strategy with AWS IAM Identity Center and Okta
April 25, 2023: We’ve updated this blog post to include more security learning resources. September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. This blog post discusses the benefits of using an attribute-based […]
How to monitor and track failed logins for your AWS Managed Microsoft AD
AWS Directory Service for Microsoft Active Directory provides customers with the ability to review security logs on their AWS Managed Microsoft AD domain controllers by either using a domain management Amazon Elastic Compute Cloud (Amazon EC2) instance or by forwarding domain controller security event logs to Amazon CloudWatch Logs. You can further improve visibility by […]
AWS achieves Spain’s ENS High certification across 149 services
Gaining and maintaining customer trust is an ongoing commitment at Amazon Web Services (AWS). We continually add more services to our ENS certification scope. This helps to assure public sector organizations in Spain that want to build secure applications and services on AWS that the expected ENS certification security standards are being met. ENS certification […]
How to integrate third-party IdP using developer authenticated identities
Amazon Cognito identity pools enable you to create and manage unique identifiers for your users and provide temporary, limited-privilege credentials to your application to access AWS resources. Currently, there are several out of the box external identity providers (IdPs) to integrate with Amazon Cognito identity pools, including Facebook, Google, and Apple. If your application’s primary […]
AWS Security Reference Architecture: A guide to designing with AWS security services
Amazon Web Services (AWS) is happy to announce the publication of the AWS Security Reference Architecture (AWS SRA). This is a comprehensive set of examples, guides, and design considerations that you can use to deploy the full complement of AWS security services in a multi-account environment that you manage through AWS Organizations. The architecture and […]
AWS Verified episode 6: A conversation with Reeny Sondhi of Autodesk
I’m happy to share the latest episode of AWS Verified, where we bring you global conversations with leaders about issues impacting cybersecurity, privacy, and the cloud. We take this opportunity to meet with leaders from various backgrounds in security, technology, and leadership. For our latest episode of Verified, I had the opportunity to meet virtually […]