AWS Security Blog

Category: Security, Identity, & Compliance*

Getting Started: Follow Security Best Practices as You Configure Your AWS Resources

After you create your first AWS account, you might be tempted to start immediately addressing the issue that brought you to AWS. For example, you might set up your first website, spin up a virtual server, or create your first storage solution. However, AWS recommends that first, you follow some security best practices to help […]

Read More

How to Deploy Local Administrator Password Solution with AWS Microsoft AD

Local Administrator Password Solution (LAPS) from Microsoft simplifies password management by allowing organizations to use Active Directory (AD) to store unique passwords for computers. Typically, an organization might reuse the same local administrator password across the computers in an AD domain. However, this approach represents a security risk because it can be exploited during lateral […]

Read More

New: Use Amazon Cloud Directory Typed Links to Create and Search Relationships Across Hierarchies

Starting today, you can create and search relationships across hierarchies in Amazon Cloud Directory by using typed links. With typed links, you can build directories that can be searched across hierarchies more efficiently by filtering your queries based on relationship type. Typed links also enable you to model different types of relationships between objects in […]

Read More

New Features for IAM Policy Summaries – An Easier Way to Detect Potential Typos in Your IAM Policies

Last month, we introduced policy summaries to make it easier for you to understand the permissions in your AWS Identity and Access Management (IAM) policies. On Thursday, May 25, I announced three new features that have been added to policy summaries and reviewed resource summaries. Yesterday, I reviewed the benefits of being able to view services […]

Read More

New Features for IAM Policy Summaries – Services and Actions Not Granted by a Policy

Last month, we introduced policy summaries to make it easier for you to understand the permissions in your AWS Identity and Access Management (IAM) policies. On Thursday, May 25, I announced three new features that have been added to policy summaries and reviewed one of those features: resource summaries. Tomorrow, I will discuss how policy […]

Read More

New Features for IAM Policy Summaries – Resource Summaries

In March, we introduced policy summaries, which make it easier for you to understand the permissions in your AWS Identity and Access Management (IAM) policies. Today, we added three new features to policy summaries to improve the experience of understanding and troubleshooting your policies. First, we added resource summaries for you to see the resources […]

Read More

The Resource Groups Tagging API Makes It Easier to List Your Resources by Using a New Pagination Parameter

Today, the Resource Groups Tagging API introduced a pagination parameter to the GetResources action that makes it easier for you to manage lists of resources returned by your queries. Using this parameter, you can list your resources that are associated with specific tags or resource types, and limit result sets to a specific number per […]

Read More

AWS HIPAA Program Update – Dedicated Instances and Hosts Are No Longer Required

Over the years, we have seen tremendous growth in the use of the AWS Cloud for healthcare applications. Our customers and AWS Partner Network (APN) Partners who offer solutions that store, process, and transmit Protected Health Information (PHI) sign a Business Associate Addendum (BAA) with AWS. As part of the AWS HIPAA compliance program, customers and […]

Read More

How to Update AWS CloudHSM Devices and Client Instances to the Software and Firmware Versions Supported by AWS

Note from September 18, 2017: In this blog post, “AWS CloudHSM” refers to the product that’s now known as AWS CloudHSM Classic. As I explained in my previous Security Blog post, a hardware security module (HSM) is a hardware device designed with the security of your data and cryptographic key material in mind. It is […]

Read More

Now Available: Use Resource-Level Permissions to Control Access to and Permissions on Auto Scaling Resources

As of May 15, 2017, you can define AWS Identity and Access Management policies to control which Auto Scaling resources users can access and the actions users are permitted to perform on those resources. Auto Scaling helps you maintain application availability and allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you […]

Read More