AWS Security Blog
Category: Security, Identity, & Compliance
How to Connect Your On-Premises Active Directory to AWS Using AD Connector
AD Connector is designed to give you an easy way to establish a trusted relationship between your Active Directory and AWS. When AD Connector is configured, the trust allows you to: Sign in to AWS applications such as Amazon WorkSpaces, Amazon WorkDocs, and Amazon WorkMail by using your Active Directory credentials. Seamlessly join Windows instances […]
Read MoreIntroducing s2n-tls, a New Open Source TLS Implementation
February 22, 2022: s2n had been renamed to s2n-tls. See details. At Amazon Web Services, strong encryption is one of our standard features, and an integral aspect of that is the TLS (previously called SSL) encryption protocol. TLS is used with every AWS API and is also available directly to customers of many AWS services […]
Read MoreHow to Receive Notifications When Your AWS Account’s Root Access Keys Are Used
AWS Identity and Access Management (IAM) best practices recommend using IAM users or roles to access your AWS resources, instead of using your root credentials. If you follow this best practice, though, how can you monitor for root activity and take action if such activity occurs? AWS CloudTrail and Amazon CloudWatch provide the solution. In […]
Read MorePCI Compliance in the AWS Cloud
PCI compliance in the cloud is an important topic for many of our customers. Our PCI FAQ page has received more than 45,000 views, and we have issued our PCI compliance package directly to customers in all major regions and industry verticals. To build on our growing demand of PCI enablers, today we’re happy to […]
Read MorePrivacy and Data Security
Amazon knows customers care deeply about privacy and data security, and we optimize our work to get these issues right for customers. With this post I’d like to provide a number of observations on our policies and positions: Amazon does not disclose customer information unless we’re required to do so to comply with a legally […]
Read MoreFERPA Compliance in the AWS Cloud
July 24, 2020: The whitepaper Auditing Security Checklist in the list of additional resources has been replaced by a Cloud Audit Academy course. The security of personally identifiable information (PII) continues to be an important topic among all sectors, and education is no exception. Covered entities subject to FERPA are turning to cloud computing […]
Read MoreHow to Delegate Management of Multi-Factor Authentication to AWS IAM Users
Note from September 20, 2017: Based on customer feedback, we have moved the process outlined in this post to the official AWS documentation. AWS Identity and Access Management (IAM) has a list of best practices that you are encouraged to use. One of those best practices is to enable multi-factor authentication (MFA) for your AWS root […]
Read MoreHow to Implement Federated API and CLI Access Using SAML 2.0 and AD FS
Important note from July 18, 2019: The original version of this blog uses Python2.x scripts. We now have a Python3.x script that you can download here: Python3.x script Note from May 24, 2019: The features and services described in this post have changed since the post was published and the procedures described might be out […]
Read MoreAWS Key Management Service Adds Support for Updating Key Aliases
August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. In November 2014, AWS launched Key Management Service (KMS), a managed service that makes it […]
Read MoreTest Your Roles’ Access Policies Using the AWS Identity and Access Management Policy Simulator
You can now use the AWS Identity and Access Management (IAM) policy simulator to test and validate your roles’ access control policies. The policy simulator is a tool to help you author and validate the policies that set permissions on your AWS resources. This tool provides a “playground” where you can iteratively author least privilege […]
Read More