AWS Security Blog

Category: Top Posts

Top 10 security items to improve in your AWS account

If you’re looking to improve your cloud security, a good place to start is to follow the top 10 most important cloud security tips that Stephen Schmidt, Chief Information Security Officer for AWS, laid out at AWS re:Invent 2019. Below are the tips, expanded to help you take action. 1) Accurate account information When AWS […]

Read More

How to define least-privileged permissions for actions called by AWS services

February 21, 2020: We fixed a missing comma in a policy example. March 3, 2020: We added some clarifying language to the “Step 2: Define permissions on the S3 bucket” section. When you perform certain actions in AWS, the service you called sometimes takes additional actions in other AWS services on your behalf. AWS Identity […]

Read More

Automated Response and Remediation with AWS Security Hub

AWS Security Hub is a service that gives you aggregated visibility into your security and compliance status across multiple AWS accounts. In addition to consuming findings from Amazon services and integrated partners, Security Hub gives you the option to create custom actions, which allow a customer to manually invoke a specific response or remediation action […]

Read More

How to Restrict Amazon S3 Bucket Access to a Specific IAM Role

I am a cloud support engineer here at AWS, and customers often ask me how they can limit Amazon S3 bucket access to a specific AWS Identity and Access Management (IAM) role. In general, they attempt to do this the same way that they would with an IAM user: use a bucket policy to explicitly […]

Read More

Writing IAM Policies: Grant Access to User-Specific Folders in an Amazon S3 Bucket

Many of you have asked how to construct an AWS Identity and Access Management (IAM) policy with folder-level permissions for Amazon S3 buckets. This week’s guest blogger Elliot Yamaguchi, Technical Writer on the IAM team, will explain the basics of writing that type of policy. To show you how to create a policy with folder-level […]

Read More