AWS Security Blog
Category: Security, Identity, & Compliance
How to Rotate Access Keys for IAM Users
Changing access keys (which consist of an access key ID and a secret access key) on a regular schedule is a well-known security best practice because it shortens the period an access key is active and therefore reduces the business impact if they are compromised. Having an established process that is run regularly also ensures […]
Read MoreAnnouncement: Resource Permissions for additional EC2 API actions
Yesterday AWS announced that it now supports resource-level permissions for seven additional EC2 APIs, including: DeleteNetworkAcl DeleteNetworkAclEntry DeleteRoute DeleteRouteTable DeleteDhcpOptions DeleteInternetGateway DeleteCustomerGateway As with other EC2 API actions that support resource-level permissions, you can also construct policies based on the tags associated with the resources. To learn more, go to either our recent post on […]
Read MoreEnable Single Sign-On to the AWS Management Console via Shibboleth
<Repost from AWS Blog, here in its entirety> One of the most powerful features of AWS Identity and Access Management (IAM) is its ability to issue temporary security credentials and grant controlled access to people in a network without having to define individual identities for each user (i.e., identity federation). This enables customers to extend their existing authentication […]
Read MoreUsing IAM Roles to Distribute Non-AWS Credentials to Your EC2 Instances
Last week’s blog post explained how to distribute AWS credentials to EC2 instances using IAM roles. Will Kruse, Security Engineer on the AWS Identity and Access Management (IAM) team, is back again this week to discuss how roles can also be used to distribute arbitrary secrets to EC2 instances. As we discussed last week, Amazon EC2 Roles for Instances […]
Read MoreA Safer Way to Distribute AWS Credentials to EC2
If you have applications running on EC2 that also access other AWS services like Amazon S3 or Amazon DynamoDB, then these applications require credentials out on the EC2 instance. You can hard-code AWS access keys into your application, but you’re faced with the added responsibility of distributing them to the instance securely and then the […]
Read MoreImportant Notification About Your AWS Virtual MFA Device
** Update: the Google Autenticator application for iOS has been updated and now available from Apple’s App Store. It no longer has an issue of potentially losing existing AWS MFA tokens as reported in this post. Do you use Google Authenticator for iOS for AWS MFA? If so, then read this! If you use Google […]
Read MoreA Primer on RDS Resource-Level Permissions
Previously, we blogged about how to use resource-level permissions for Amazon EC2 to control access to specific EC2 instances. Resource-level permissions can now also be applied to Amazon Relational Database Service (Amazon RDS). This week’s guest blogger, Chris Checkwitch, Software Development Manager on the RDS team, will explain how to tackle the commonly requested use case of controlling access to […]
Read MoreJeff Barr Talks with Symplified About Identity Federation and SSO
Jeff Barr, AWS’s chief evangelist, recently did an AWS Report interview with Symplified’s CTO and co-founder Darren Plat covering identity federation and single sign-on to cloud-based apps. The interview goes into depth about the need for identity federation services in the cloud and how Symplified implemented their offering for AWS services. You can watch the […]
Read MoreWhere’s My Secret Access Key?
Update on March 12, 2019: You can now find and update your access keys from a single, central location in the AWS Management Console. Learn how in this post. In this blog post, I’ll discuss what you should do in case you’ve lost your secret access key or need a new one. This post assumes that […]
Read More2013 PCI Compliance Package Available Now
We’re happy to announce the availability of the 2013 PCI Compliance Package. Along with the AWS PCI Attestation of Compliance, this package includes our independent assessor’s revised and expanded PCI Customer Responsibility Matrix, which describes the customer and AWS shared responsibility for each of the 200+ PCI Data Security Standard controls. This document will help […]
Read More