AWS Security Blog

Category: Security, Identity, & Compliance

Spring 2020 SOC reports now available with 122 services in scope

At AWS, our customers’ security is of the highest importance and we continue to provide transparency into our security posture. We’re proud to deliver the System and Organizational Controls (SOC) 1, 2, and 3 reports to our AWS customers. The SOC program continues to enable our global customer base to maintain confidence in our secured […]

AWS achieves Spain’s ENS High certification across 105 services

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. AWS achieved Spain’s Esquema Nacional de Seguridad (ENS) High certification across 105 services in all AWS Regions. To successfully achieve the ENS High certification, BDO España conducted an independent audit and attested that AWS meets confidentiality, integrity, and availability standards. […]

Easily control the naming of individual IAM role sessions

AWS Identity and Access Management (IAM) now has a new sts:RoleSessionName condition element for the AWS Security Token Service (AWS STS), that makes it easy for AWS account administrators to control the naming of individual IAM role sessions. IAM roles help you grant access to AWS services and resources by using dynamically generated short-term credentials. […]

Enabling AWS Security Hub integration with AWS Chatbot

October 6, 2020: The code for sending your findings to Slack, and one image, have been updated in this blog post. In this post, we show you how to configure AWS Chatbot to send findings from AWS Security Hub to Slack. Security Hub gives you a comprehensive view of your security high-priority alerts and security […]

AWS Foundational Security Best Practices standard now available in Security Hub

AWS Security Hub offers a new security standard, AWS Foundational Security Best Practices This week AWS Security Hub launched a new security standard called AWS Foundational Security Best Practices. This standard implements security controls that detect when your AWS accounts and deployed resources do not align with the security best practices defined by AWS security […]

AWS IAM introduces updated policy defaults for IAM user passwords

November 2, 2020: This post has been updated to reflect the change in date for the default password policy from October 28 to November 18. October 20, 2020: This post has been updated to reflect the change in date for the default password policy from October 2 to October 21 to October 28. July 27, […]

IAM Access Analyzer flags unintended access to S3 buckets shared through access points

Customers use Amazon Simple Storage Service (S3) buckets to store critical data and manage access to data at scale. With Amazon S3 Access Points, customers can easily manage shared data sets by creating separate access points for individual applications. Access points are unique hostnames attached to a bucket and customers can set distinct permissions using […]

Use AWS Firewall Manager and VPC security groups to protect your applications hosted on EC2 instances

June 21, 2024: This blog was updated to reflect new service features and console changes, and to add additional resources. You can use AWS Firewall Manager to centrally configure and manage Amazon Virtual Private Cloud (Amazon VPC) security groups across all your AWS accounts. This post will take you through the step-by-step instructions to apply common security group rules, […]

How to track changes to secrets stored in AWS Secrets Manager using AWS Config and AWS Config Rules

On April 20th, AWS Config announced support for AWS Secrets Manager, making it easier to track configuration changes to the secrets you manage in AWS Secrets Manager. You can now use AWS Config to track changes to secrets’ metadata — such as secret description and rotation configuration, relationship to other AWS sources such as the […]

16 additional AWS services authorized at DoD Impact Level 4 for AWS GovCloud (US) Regions

I’m excited to share that the Defense Information Systems Agency (DISA) has authorized 16 additional AWS services at Impact Level 4 and one service at Impact Level 5 in the AWS GovCloud (US) Regions. With these additional 16 services, AWS now offers a total of 72 services and features authorized to process data at Impact […]