Category: Security, Identity, & Compliance

July 19, 2021: We’ve updated this post to clarify PHI encryption requirements for Amazon CloudWatch Logs. In a previous blog post, Frequently Asked Questions About HIPAA Compliance in the AWS Cloud, I looked at some of the broad questions you have asked us about running protected health information (PHI) in the AWS cloud. In this […]

Today, I’m pleased to announce that we have completed our semiannual AWS Service Organization Control (SOC) assessments and the reports are available to NDA customers now. The AWS SOC program is an intense, period-in-time audit performed every six months. We have been releasing AWS services SOC Reports (or their SAS 70 predecessors) regularly since 2009, […]

We are happy to announce that we recently launched improved search functionality on the Users page in the AWS Identity and Access Management (IAM) console. For starters, we have enabled you to find an IAM user by their access key ID. Simply paste an access key ID in the Filter box on the Users page. If […]

In case you missed any of the AWS Security Blog posts from March and April, they are summarized and linked to below. The posts are shown in reverse chronological order (most recent first), and the subject matter ranges from the AWS Config Rules repository to automatically updating AWS WAF IP blacklists. April April 28, AWS […]

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. With the recent release of Amazon Elasticsearch Service (Amazon ES), you now can build applications without setting up and maintaining your own search cluster on Amazon EC2. One of the key benefits of using Amazon ES is that you can […]

Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   You can use AWS WAF (a web application firewall) to help protect your web applications from exploits that originate from groups of IP addresses that are known […]

March 10, 2020: This blog post is out of date. Please refer to this post for updated info: How to set up federated single sign-on to AWS using Google Workspace The AWS Security Blog has covered a variety of solutions for federating single sign-on (SSO) to the AWS Management Console. For example, How to Connect […]

At some point, you might have to deal with hotlinking: when third parties embed in their websites the content they find on your websites. The third-party website does not incur the cost of hosting the content, which means your website can end up paying for the content other sites use. Now, you can use AWS […]

Today, Amazon Cognito launched the beta of a new feature that makes it easy for developers to add sign-up and sign-in functionality to mobile and web apps. With this new feature, you get a simple, fully managed service you can use to create and maintain your user pool that can scale to hundreds of millions […]

Yesterday, AWS announced that Amazon Inspector, an automated security assessment service, is now available to all customers. Inspector helps you improve the security and compliance of your applications running on Amazon Elastic Compute Cloud (Amazon EC2) by identifying potential security issues, vulnerabilities, or deviations from security standards. You pay only for the assessments you run, with […]