AWS Security Blog

We are pleased to announce that AWS OpsWorks now supports resource-level permissions. AWS OpsWorks is an application management service that lets you provision resources, deploy and update software, automate common operational tasks, and monitor the state of your environment. You can optionally use the popular Chef automation platform to extend OpsWorks using your own custom […]

Amazon Web Services (AWS) held its second annual users conference, re:Invent 2013,  in Las Vegas on November 13th-15th.  Security was again one of the top tracks of the program, with 22 sessions covering every area in cloud security.  Re:Invent 2013 was a great success. Here are links to the videos and presentations all the security related […]

Yesterday the EC2 team announced fine grained controls for managing RunInstances. This release enables you to set fine-grained controls over the AMIs, Snapshots, Subnets, and other resources that can be used when creating instances and the types of instances and volumes that users can create when using the RunInstances API. This is a major milestone […]

We’re excited to make three announcements around encryption of data at rest in AWS: We’ve published a new whitepaper: Securing Data at Rest with Encryption, which describes the various options for encrypting data at rest in AWS. It describes these options in terms of where encryption keys are stored and how access to those keys […]

November 3, 2020: This blog is out of date. Please refer to this post for updated info: Introducing the AWS Best Practices for Security, Identity, & Compliance Webpage and Customer Polling Feature We have just published an updated version of our AWS Security Best Practices whitepaper. You wanted us to provide a holistic and familiar […]

Check out the new IAM policy simulator, a tool that enables you to test the effects of IAM access control policies before committing them into production, making it easier to verify and troubleshoot permissions. Learn more at the AWS Blog. – Kai

Many of our readers have told us that they want to learn more about encryption and key management in AWS. CloudHSM is an AWS service that can establish an even greater trust in AWS from which encryption and key management applications can be anchored. If you’re not familiar with AWS CloudHSM, you can read more […]

I often get asked when to use different AWS accounts to enforce separation of duties versus using IAM users and groups within a single account. While the complete answer depends on what AWS services you use, the general guidelines in this post will point you in the right direction. As context for the guidelines, consider […]

Today AWS CloudFormation released added support for  temporary security credentials provided by the AWS Security Token Service.  This release enables a number of scenarios such as federated users being able to use CloudFormation from the AWS Management Console and authorizing Amazon EC2 instances with IAM roles to call CloudFormation APIs.  To learn more about this new […]

AWS re:Invent 2013, AWS’s second annual conference for developers and technical leaders, is less than a month away.  We have some great sessions and activities lined up to ensure that content quality is high and that your questions are answered. Update (20 May 2014): For links to the session videos and slide presentations from AWS […]