AWS Security Blog
Category: Security, Identity, & Compliance
Zero Trust architectures: An AWS perspective
Our mission at Amazon Web Services (AWS) is to innovate on behalf of our customers so they have less and less work to do when building, deploying, and rapidly iterating on secure systems. From a security perspective, our customers seek answers to the ongoing question What are the optimal patterns to ensure the right level […]
Automatically update security groups for Amazon CloudFront IP ranges using AWS Lambda
June 21, 2023: This blog post is out of date. You should now use the new managed prefix list for CloudFront in your Security Group instead of this custom Lambda solution. Please refer to this blog post for detailed info. Amazon CloudFront is a content delivery network that can help you increase the performance of […]
AWS Security Profile: Phillip Miller, Principal Security Advisor
In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting, and get a sneak peek at their work. How long have you been at AWS and what do you do in your current role? I’ve been at AWS since September 2019. I help executives and […]
How to deploy the AWS Solution for Security Hub Automated Response and Remediation
In this blog post I show you how to deploy the Amazon Web Services (AWS) Solution for Security Hub Automated Response and Remediation. The first installment of this series was about how to create playbooks using Amazon CloudWatch Events, AWS Lambda functions, and AWS Security Hub custom actions that you can run manually based on […]
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it’s a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
AWS and the New Zealand notifiable privacy breach scheme
The updated New Zealand Privacy Act 2020 (Privacy Act) will come into force on December 1, 2020. Importantly, it establishes a new notifiable privacy breach scheme (NZ scheme). The NZ scheme gives affected individuals the opportunity to take steps to protect their personal information following a privacy breach that has caused, or is likely to […]
Announcement: Availability of AWS recommendations for the management of AWS root account credentials
When AWS customers open their first account, they assume the responsibility for securely managing access to their root account credentials, under the Shared Responsibility Model. Initially protected by a password, it is the responsibility of each AWS customer to make decisions based on their operational and security requirements as to how they configure and manage […]
Centrally manage AWS WAF (API v2) and AWS Managed Rules at scale with Firewall Manager
October 29, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. […]
120 AWS services achieve HITRUST certification
We’re excited to announce that 120 Amazon Web Services (AWS) services are certified for the HITRUST Common Security Framework (CSF) for the 2020 cycle. The full list of AWS services that were audited by a third-party assessor and certified under HITRUST CSF is available on our Services in Scope by Compliance Program page. You can […]
Investigate VPC flow with Amazon Detective
Many Amazon Web Services (AWS) customers need enhanced insight into IP network flow. Traditionally, cost, the complexity of collection, and the time required for analysis has led to incomplete investigations of network flows. Having good telemetry is paramount, and VPC Flow Logs are a very important part of a robust centralized logging architecture. The information […]