Category: Security, Identity, & Compliance

AWS is excited to announce that Amazon Redshift has successfully completed the FedRAMP assessment and authorization process and has been added to our list of services covered under our US East/West FedRAMP Agency Authority to Operate (ATO) granted by the U.S. Department of Health and Human Services (HHS). This is the first new service we’ve […]

I’m very excited to share that AWS has received a DISA Provisional Authorization under the DoD Cloud Security Model’s impact levels 1-2 for all four of AWS’s Infrastructure Regions in the U.S., including AWS GovCloud (US). With this distinction, AWS has shown it can meet the DoD’s stringent security and compliance requirements; and as a […]

This week’s guest blogger, Ajith Ranabahu, Software Development Engineer on the AWS Identity and Access Management (IAM) team, presents an in-depth look at the IAM policy simulator. Many of you have asked about how to author and troubleshoot access control policies. To help with this task, last year we launched the policy simulator, which makes it easier […]

As part of our ongoing efforts to help keep your resources secure, on April 21, 2014, AWS removed the ability to retrieve existing secret access keys for your AWS (root) account. See the updated blog post Where’s My Secret Access Key? for more information about access keys and secret access keys. -Kai

Here on the AWS Security Blog we’ve published several posts that recommend IAM best practices. We’re pleased to find that third-party bloggers are adding their own voices. Codeship, a company that provides a continuous code deployment and testing service, just published a great post about how to secure your AWS account using Identity and Access […]

Today Will Kruse, Senior Security Engineer on the AWS Identity and Access Management (IAM) team, provides a tutorial on how to enable resiliency against authentication and authorization failures in an application deployed on Amazon EC2 using a high availability design pattern based on IAM roles. Background Many of you invest significant effort to ensure that a […]

Today AWS announced support for adding multi-factor authentication (MFA) for cross-account access. In this blog post, I will walk you through a common use case, including a code sample, which demonstrates how to create policies that enforce MFA when IAM users from one AWS account make programmatic requests for resources in a different account. Many […]

The newly released Security at Scale: Logging in AWS whitepaper is designed to illustrate how AWS CloudTrail can help you meet compliance and security requirements through the logging of API calls. The API call history can be used to track changes to resources, perform security analysis, operational troubleshooting and as an aid in meeting compliance […]

It seems that the topic of using temporary security credentials has been coming up at lot recently. Several weeks ago Rich Mogull expressed his chagrin for not using temporary credentials in his post titled, “My $500 Cloud Security Screw-up”. And over the weekend Scott Adams published a Dilbert comic poking fun of Dilbert not understanding […]

An interesting blog post came to our attention recently—My $500 Cloud Security Screw-up by Rich Mogull. He describes how he learned to adhere to several important AWS security principles through several unfortunate events.   Mike Pope, senior technical writer for AWS Identity, paraphrases the post here. Rich had inadvertently leaked his AWS access keys, allowing some […]