AWS Security Blog
Category: Security, Identity, & Compliance
PCI Compliance in the AWS Cloud
PCI compliance in the cloud is an important topic for many of our customers. Our PCI FAQ page has received more than 45,000 views, and we have issued our PCI compliance package directly to customers in all major regions and industry verticals. To build on our growing demand of PCI enablers, today we’re happy to […]
Read MorePrivacy and Data Security
Amazon knows customers care deeply about privacy and data security, and we optimize our work to get these issues right for customers. With this post I’d like to provide a number of observations on our policies and positions: Amazon does not disclose customer information unless we’re required to do so to comply with a legally […]
Read MoreFERPA Compliance in the AWS Cloud
July 24, 2020: The whitepaper Auditing Security Checklist in the list of additional resources has been replaced by a Cloud Audit Academy course. The security of personally identifiable information (PII) continues to be an important topic among all sectors, and education is no exception. Covered entities subject to FERPA are turning to cloud computing […]
Read MoreHow to Delegate Management of Multi-Factor Authentication to AWS IAM Users
Note from September 20, 2017: Based on customer feedback, we have moved the process outlined in this post to the official AWS documentation. AWS Identity and Access Management (IAM) has a list of best practices that you are encouraged to use. One of those best practices is to enable multi-factor authentication (MFA) for your AWS root […]
Read MoreHow to Implement Federated API and CLI Access Using SAML 2.0 and AD FS
Important note from July 18, 2019: The original version of this blog uses Python2.x scripts. We now have a Python3.x script that you can download here: Python3.x script Note from May 24, 2019: The features and services described in this post have changed since the post was published and the procedures described might be out […]
Read MoreAWS Key Management Service Adds Support for Updating Key Aliases
August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. In November 2014, AWS launched Key Management Service (KMS), a managed service that makes it […]
Read MoreTest Your Roles’ Access Policies Using the AWS Identity and Access Management Policy Simulator
You can now use the AWS Identity and Access Management (IAM) policy simulator to test and validate your roles’ access control policies. The policy simulator is a tool to help you author and validate the policies that set permissions on your AWS resources. This tool provides a “playground” where you can iteratively author least privilege […]
Read MoreNew SOC 1, 2, and 3 Reports Available — Including a New Region and Service In-Scope
We are now in our sixth year of regularly publishing comprehensive independent audit reports attesting to our alignment with globally accepted security best practices. We have just completed our thorough and extensive semiannual audit and are happy to announce that Amazon Simple Queue Service (SQS) and our newest region in Europe (Frankfurt) are now in-scope […]
Read MoreRegister for and Attend This May 22 Webinar: Getting Started with AWS Identity and Access Management
As part of the AWS Webinar Series, AWS will present Getting Started with AWS Identity and Access Management on Friday, May 22. This webinar will start at 10:30 A.M. and end at 11:30 A.M. Pacific Time (UTC-7). AWS Security Solutions Architect Jonathan Desrocher will introduce the fundamental concepts of AWS Identity and Access Management (IAM) […]
Read MoreAWS Directory Service Now Supports API Access and Logging Via AWS CloudTrail
Developers can now programmatically create and configure Simple AD and AD Connector directories in AWS Directory Service via the AWS SDKs or CLI. You can also now use Cloud Trail to log API actions performed via an SDK, the CLI, or AWS Directory Service console. Permissions for performing these actions can be controlled via an AWS […]
Read More