AWS Security Blog

Category: Security, Identity, & Compliance

Spring 2019 SOC 2 Type 1 Privacy report now available

At AWS, our customers’ security and privacy is of the highest importance and we continue to provide transparency into our security and privacy posture. Following our first SOC 2 Type 1 Privacy report released in December 2018, AWS is proud to announce the release of the Spring 2019 SOC 2 Type 1 Privacy report. The […]

Spring 2019 SOC reports now available with 104 services in scope

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. We’re celebrating the addition of 31 new services in scope with our latest SOC report, pushing AWS past the century mark for the first time – with 104 total services in scope, to be exact! These services are now available […]

Create fine-grained session permissions using IAM managed policies

As a security best practice, AWS Identity and Access Management (IAM) recommends that you use temporary security credentials from AWS Security Token Service (STS) when you access your AWS resources. Temporary credentials are short-term credentials generated dynamically and provided to the user upon request. Today, one of the most widely used mechanisms for requesting temporary […]

How to share encrypted AMIs across accounts to launch encrypted EC2 instances

May 18, 2023:We’ve updated the syntax in the JSON policy document in the Create the policy setting for the source account section. August 31, 2021:AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some […]

How to quickly launch encrypted EBS-backed EC2 instances from unencrypted AMIs

August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. An Amazon Machine Image (AMI) provides the information that you need to launch an instance […]

Improve availability and latency of applications by using AWS Secret Manager’s Python client-side caching library

November 1, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. Note from May 10, 2019: We’ve updated a code sample for accuracy. Today, AWS Secrets […]

How to BYOK (bring your own key) to AWS KMS for less than $15.00 a year using AWS CloudHSM

February 26, 2024: We’ve updated this post to replace the key_mgmt_util with cloudhsm-cli, which is part of the newer SDK 5. August 31, 2021:AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations […]

How to migrate your EC2 Oracle Transparent Data Encryption (TDE) database encryption wallet to CloudHSM

In this post, I’ll show you how to migrate an encryption wallet for an Oracle database installed on Amazon EC2 from using an outside HSM to using AWS CloudHSM. Transparent Data Encryption (TDE) for Oracle is a common use case for Hardware Security Module (HSM) devices like AWS CloudHSM. Oracle TDE uses what is called […]

AWS Security Profiles: Paul Hawkins, Security Solutions Architect

Leading up to AWS Summit Sydney, we’re sharing our conversation with Paul Hawkins, who helped put together the summit’s “Secure” track, so you can learn more about him and some of the interesting work that he’s doing. What does a day in the life of an AWS Security Solutions Architect look like? That’s an interesting […]

AWS Organizations now available in the AWS GovCloud (US) Regions for central governance and management of AWS accounts

AWS Organizations is now available in the AWS GovCloud (US) Regions, enabling you to centrally govern and manage your AWS GovCloud (US) accounts. AWS Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts. Using AWS Organizations, you can: Define organization-wide permission guardrails to establish controls […]