AWS Security Blog

This week, Kati Paizee, a technical writer on the Amazon EC2 team, takes an in-depth look at the permissions you need to give your users so that they can administer EC2 using the console. The Amazon EC2 console provides an easy-to-use interface that allows your users to carry out compute-based tasks without asking them to […]

Is your key chain too full for yet another key fob? Ever find yourself locked out of AWS because you didn’t have your key chain on hand? Gemalto, a third-party provider, has just released a new multi-factor authentication (MFA) device in a convenient “credit card” form factor that fits comfortably into a wallet. It works […]

On May 21, AWS launched encryption for EBS volumes, a frequently requested feature, which can help you meet stricter security and encryption compliance requirements. You can now create an encrypted EBS volume and attach it to an EC2 instance. Data on the volume, disk I/O, and snapshots created from the volume are all encrypted. The […]

Updated May 21, 2014: Clarified that for the Mac, the private key is stored in memory and the passphrase in the keychain. Important note: You should enable SSH agent forwarding with caution. When you set up agent forwarding, a socket file is created on the forwarding host, which is the mechanism by which the key […]

May is the month of security oriented webinars at AWS. We’re presenting three webinars that touch on different identity and access management (IAM) technologies and use cases. The first webinar highlights AWS CloudTrail, APN (AWS Partner Network) partner Splunk, and FINRA. The webinar begins with an overview of CloudTrail, followed by a discussion of how […]

July 26, 2017, update: We recommend that you use cross-account access by switching roles in the AWS Management Console. Also see the related documentation: Switching to a Role (AWS Management Console). Last December we described how you can delegate access to your AWS account using IAM roles. Using IAM roles, you can take advantage of […]

Update from January 17, 2018: The techniques demonstrated in this blog post relate to traditional SAML federation for AWS. These techniques are still valid and useful. However, AWS Single Sign-On (AWS SSO) provides analogous capabilities by way of a managed service. If you are just getting started with federating access to your AWS accounts, we recommend […]

Keeping your AWS keys secure is one of the most important things you can do. This week Will Kruse, Security Engineer on the AWS Identity and Access Management (IAM) team, explains the steps to safeguard your account in the event you inadvertently expose your AWS access key. Your AWS credentials (access key ID and secret access […]

As part of our ongoing efforts to help keep your resources secure, on April 21, 2014, AWS removed the ability to retrieve existing secret access keys for your AWS (root) account. See the updated blog post Where’s My Secret Access Key? for more information about access keys and secret access keys. -Kai

Note: As of March 28, 2017,  Amazon EC2 supports tagging on creation, enforced tag usage, AWS Identity and Access Management (IAM) resource-level permissions, and enforced volume encryption. See New – Tag EC2 Instances & EBS Volumes on Creation on the AWS Blog for more information. AWS announced initial support for Amazon EC2 resource-level permissions in July of […]