AWS Security Blog
Category: Security, Identity, & Compliance
How to implement the principle of least privilege with CloudFormation StackSets
March 24, 2021: We’ve corrected errors in the policy statements in steps 2 and 3 of the section “To create the IAM policy document.” AWS CloudFormation is a service that lets you create a collection of related Amazon Web Services and third-party resources and provision them in an orderly and predictable fashion. A typical access […]
How to scale your authorization needs by using attribute-based access control with S3
August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. May 26, 2021: In the section “Secure your tags using an AWS Organizations service control […]
Highlights from the latest AWS Identity launches
August 10, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. Here is the latest from AWS Identity from November 2020 through February 2021. The features highlighted in this blog post can help you manage […]
AWS achieves its first ISMAP certification in Japan
Earning and maintaining customer trust is an ongoing commitment at Amazon Web Services (AWS). Our customers’ industry security requirements drive the scope and portfolio of the compliance reports, attestations, and certifications we pursue. We’re excited to announce that AWS has achieved certification under the Information System Security Management and Assessment Program (ISMAP) program, effective from March […]
Automatically block suspicious traffic with AWS Network Firewall and Amazon GuardDuty
According to the AWS Security Incident Response Guide, by using security response automation, you can increase both the scale and the effectiveness of your security operations. Automation also helps you to adopt a more proactive approach to securing your workloads on AWS. For example, rather than spending time manually reacting to security alerts, you can […]
How to auto-remediate internet accessible ports with AWS Config and AWS Systems Manager
With the AWS Config service, you can assess, audit, and evaluate the configuration of your Amazon Web Services (AWS) resources. AWS Config continuously monitors and records your AWS resource configurations changes, and enables you to automate the evaluation of those recordings against desired configurations. Not only can AWS Config monitor and detect deviations from desired […]
How you can use Amazon GuardDuty to detect suspicious activity within your AWS account
September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Amazon GuardDuty is an automated threat detection service that continuously monitors for suspicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. In this post, I’ll share how you can use GuardDuty with […]
Demystifying AWS KMS key operations, bring your own key (BYOK), custom key store, and ciphertext portability
October 4, 2024: This post has been updated to cover the following changes: FIPS 140-2 Level 3 validation of AWS Key Management Service (AWS KMS), the addition of the external key store service to AWS KMS, and FIPS 140-3 validation of AWS CloudHSM. As you prepare to build or migrate your workload on Amazon Web […]
Validate access to your S3 buckets before deploying permissions changes with IAM Access Analyzer
AWS Identity and Access Management (IAM) Access Analyzer helps you monitor and reduce access by using automated reasoning to generate comprehensive findings for resource access. Now, you can preview and validate public and cross-account access before deploying permission changes. For example, you can validate whether your S3 bucket would allow public access before deploying your […]
How to replicate secrets in AWS Secrets Manager to multiple Regions
On March 3, 2021, we launched a new feature for AWS Secrets Manager that makes it possible for you to replicate secrets across multiple AWS Regions. You can give your multi-Region applications access to replicated secrets in the required Regions and rely on Secrets Manager to keep the replicas in sync with the primary secret. […]