AWS Security Blog

Category: Security

Take a Digital Tour of an AWS Data Center to See How AWS Secures Data Centers Around The World

AWS has launched a digital tour of an AWS data center, providing you with a first-ever look at how AWS secures data centers around the world. The videos, pictures, and information in this tour show you how security is intrinsic to the design of our data centers, our global controls, and the AWS culture. As […]

Read More

Now Available: New Digital Training to Help You Learn About AWS Cloud Security

by Janna Pellegrino | on | in Security | Permalink | Comments |  Share

Cloud security with scalability and innovation: at AWS, this is our top priority. To help you securely architect cloud solutions, AWS Training and Certification recently added new free digital training about security, including a new course about Amazon GuardDuty, a new managed threat-detection service. These introductory courses, built by AWS experts, are suitable for users and decision makers […]

Read More

How to Audit Your AWS Resources for Security Compliance by Using Custom AWS Config Rules

AWS Config Rules enables you to implement security policies as code for your organization and evaluate configuration changes to AWS resources against these policies. You can use Config rules to audit your use of AWS resources for compliance with external compliance frameworks such as CIS AWS Foundations Benchmark and with your internal security policies related […]

Read More

Automated Reasoning and Amazon s2n

In June 2015, AWS Chief Information Security Officer Stephen Schmidt introduced AWS’s new Open Source implementation of the SSL/TLS network encryption protocols, Amazon s2n. s2n is a library that has been designed to be small and fast, with the goal of providing you with network encryption that is more easily understood and fully auditable. In […]

Read More

Frequently Asked Questions About HIPAA Compliance in the AWS Cloud

Today, we continue a series of AWS cloud compliance FAQs by focusing on the Health Insurance Portability and Accountability Act (HIPAA) and protected health information (PHI). AWS’s Healthcare and Life Science customers are doing important things for their customers in the AWS cloud, and we are excited to work with our partners to help tackle […]

Read More

AWS Secures DoD Provisional Authorization

I’m very excited to share that AWS has received a DISA Provisional Authorization under the DoD Cloud Security Model’s impact levels 1-2 for all four of AWS’s Infrastructure Regions in the U.S., including AWS GovCloud (US). With this distinction, AWS has shown it can meet the DoD’s stringent security and compliance requirements; and as a […]

Read More

Amazon EC2 Resource-Level Permissions for RunInstances

Yesterday the EC2 team announced fine grained controls for managing RunInstances. This release enables you to set fine-grained controls over the AMIs, Snapshots, Subnets, and other resources that can be used when creating instances and the types of instances and volumes that users can create when using the RunInstances API. This is a major milestone […]

Read More

IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)

In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 folders. This week we’ll discuss another frequently asked-about topic: the distinction between IAM policies, S3 bucket policies, S3 ACLs, and when to use each. They’re all part of the AWS […]

Read More

New Whitepaper: AWS Cloud Security Best Practices

We have just published an updated version of our AWS Security Best Practices whitepaper. You wanted us to provide a holistic and familiar approach to managing the overall information security posture of the organization that’s based on periodic risk assessments when you deploy applications and assets on AWS. Specifically, you asked for: How security responsibilities […]

Read More

Introducing the AWS Compliance Forum

We’re happy to announce the launch of the AWS Compliance Forum – a unique community designed for AWS customers interested in achieving compliance while using AWS services. The AWS Compliance Forum was developed based on discussions with customers who wanted a community to connect with fellow AWS customers, interact with AWS compliance specialists, and access […]

Read More