Category: Security, Identity, & Compliance

We’ve heard from many of you that you want greater visibility into when users sign in to the AWS Management Console. We are excited to announce that AWS CloudTrail now captures console sign-in events whenever an account owner, a federated user, or an IAM user signs into the console. For those of you who aren’t […]

The AWS IAM team recently released new credential lifecycle management features that enable AWS account administrators to define and enforce security best practices for IAM users. We’ve expanded IAM password policies to enable self-service password rotation, on top of existing options to enforce password complexity. Furthermore, you can download reports for better visibility into the […]

As you might have seen, AWS recently released Amazon Cognito, a user identity and data synchronization service that helps you securely manage and synchronize app data for your users across their mobile devices. If you develop mobile apps that call AWS services, you definitely want to check out Amazon Cognito. What is Amazon Cognito? Amazon […]

In this post, Graham Evans, a developer on the AWS Billing team, describes new security features that expand how you can secure access to billing information in your AWS account. My team—AWS Billing— recently released the new and improved Billing and Cost Management Console.  We’re now happy to introduce an improvement to the access and […]

One of the advantages of using the AWS SDKs for programmatic access to AWS is that the SDKs handle the task of signing requests. All you have to do is provide AWS credentials (access key id and secret access key), and when you invoke a method that makes a call to AWS, the SDK translates […]

Some customers have asked how they should be using AWS Identity and Access Management (IAM) to help limit their exposure to problems like those that have recently been in the news. In general, AWS recommends that you enable multi-factor authentication (MFA) for your AWS account and for IAM users who are allowed to perform sensitive […]

As one of our most active customers, Netflix has hundreds of administrators who need access to AWS daily. Therefore, by eliminating their need to use AWS credentials via identity federation, they saved time, money, and administrative effort almost immediately. They were able to use SAML and OneLogin, their existing identity management provider, to federate users […]

When you launch an Amazon EC2 instance, you can associate an AWS IAM role with the instance to give applications or CLI commands that run on the instance permissions that are defined by the role. When a role is associated with an instance, EC2 obtains temporary security credentials for the role you associated with the […]

The Elastic Load Balancing team announced on May 13, 2014 that they’ve added support for resource-level permissions. Not only can you specify which ELB actions a user can perform, you can specify which resources the user can perform those actions on. For more information about the new ELB permissions, see Controlling Access to Your Load […]

Is your key chain too full for yet another key fob? Ever find yourself locked out of AWS because you didn’t have your key chain on hand? Gemalto, a third-party provider, has just released a new multi-factor authentication (MFA) device in a convenient “credit card” form factor that fits comfortably into a wallet. It works […]