AWS Security Blog
Category: Security, Identity, & Compliance
Add a layer of security for AWS IAM Identity Center user portal sign-in with context-aware email-based verification
September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. If you’re an IT administrator of a growing workforce, your users will require access to a growing number of business applications and AWS accounts. […]
AWS Security profiles: Michael South, Principal Business Development Manager for Security Acceleration
In the weeks leading up to the Solution Days event in Tokyo, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you […]
New AWS services launch with HIPAA, PCI, ISO, and SOC – a company first
Our security culture is one of the things that sets AWS apart. Security is job zero — it is the foundation for all AWS employees and impacts the work we do every day, across the company. And that’s reflected in our services, which undergo exacting internal and external security reviews before being released. From there, […]
How to use AWS WAF to filter incoming traffic from embargoed countries
AWS WAF provides inline inspection of inbound traffic at the application layer to detect and filter against critical web application security flaws from common web exploits that could affect application availability, compromise security, or consume excessive resources. The inbound traffic is inspected against web access control list (web ACL) rules that you can create manually […]
How to centralize and automate IAM policy creation in sandbox, development, and test environments
To keep pace with AWS innovation, many customers allow their application teams to experiment with AWS services in sandbox environments as they move toward production-ready architecture. These teams need timely access to various sets of AWS services and resources, which means they also need a mechanism to help ensure least privilege is granted. In other […]
Top 11 posts in 2018
September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. We covered a lot of ground in 2018: from GDPR to re:Inforce and numerous feature announcements, AWS GuardDuty deep-dives to SOC reports, automated reasoning explanations, and a series of interviews with AWS thought leaders. We’ve got big plans for 2019, […]
New SOC 2 Report Available: Privacy
Maintaining your trust is an ongoing commitment of ours, and your voice drives our growing portfolio of compliance reports, attestations, and certifications. As a result of your feedback and deep interest in privacy and data security, we are happy to announce the publication of our new SOC 2 Type I Privacy report. Keeping you informed […]
AWS Security Profile (and re:Invent 2018 wrap-up): Eric Docktor, VP of AWS Cryptography
We sat down with Eric Docktor to learn more about his 19-year career at Amazon, what’s new with cryptography, and to get his take on this year’s re:Invent conference. (Need a re:Invent recap? Check out this post by AWS CISO Steve Schmidt.) How long have you been at AWS, and what do you do in […]
New podcast: VP of Security answers your compliance and data privacy questions
Does AWS comply with X program? How about GDPR? What about after Brexit? And what happens with machine learning data? In the latest AWS Security & Compliance Podcast, we sit down with VP of Security Chad Woolf, who answers your compliance and data privacy questions. Including one of the most frequently asked questions from customers […]
Creating an opportunistic IPSec mesh between EC2 instances
August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. IPSec (IP Security) is a protocol for in-transit data protection between hosts. Configuration of site-to-site […]