AWS Security Blog

How to use CI/CD to deploy and configure AWS security services with Terraform

Like the infrastructure your applications are built on, security infrastructure can be handled using infrastructure as code (IAC) and continuous integration/continuous deployment (CI/CD). In this post, I’ll show you how to build a CI/CD pipeline using AWS Developer Tools and HashiCorp’s Terraform platform as an IAC tool for AWS Web Application Firewall (WAF) deployments. AWS […]

Read More

AWS Security Profiles: Dan Plastina, VP of Security Services

In the weeks leading up to re:Invent 2019, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do as the VP […]

Read More

Use IAM to share your AWS resources with groups of AWS accounts in AWS Organizations

You can now reference Organizational Units (OUs), which are groups of AWS accounts in AWS Organizations, in AWS Identity and Access Management (IAM) policies, making it easier to define access for your IAM principals (users and roles) to the AWS resources in your organization. AWS Organizations lets you organize your accounts into OUs to align […]

Read More

Continuously monitor unused IAM roles with AWS Config

Developing in the cloud encourages you to iterate frequently as your applications and resources evolve. You should also apply this iterative approach to the AWS Identity and Access Management (IAM) roles you create. Periodically ensuring that all the resources you’ve created are still being used can reduce operational complexity by eliminating the need to track […]

Read More
Sarah Cecchetti photo

AWS Security Profiles: Sarah Cecchetti, Principal Product Manager, Amazon Cognito

In the weeks leading up to re:Invent 2019, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. What do you do in your current role at AWS? I’m an identity nerd! I […]

Read More

Identify unused IAM roles and remove them confidently with the last used timestamp

November 25, 2019: We’ve corrected a documentation link. As you build on AWS, you create AWS Identity and Access Management (IAM) roles to enable teams and applications to use AWS services. As those teams and applications evolve, you might only rely on a sub-set of your original roles to meet your needs. This can leave […]

Read More

Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service

November 20, 2019: We’ve added a link to the re:Invent session about this topic. Since it first launched over 10 years ago, the Amazon EC2 Instance Metadata Service (IMDS) has helped customers build secure and scalable applications. The IMDS solved a big security headache for cloud users by providing access to temporary, frequently rotated credentials, […]

Read More

2019 ISO certificates are here, with a 12 percent increase of in-scope services

AWS successfully completed the re-certification audits with no findings. Ernst and Young Certify Point auditors issued the new certificates on November 6, 2019, marking the start of the new three-year cycle. We increased the number of ISO services in scope to 134 services in total that have been validated against ISO 9001, 27001, 27017, and […]

Read More

New guidance to help you navigate Australian Prudential Regulation Authority requirements

There have been two noteworthy 2019 updates for Australian Prudential Regulation Authority (APRA) regulated entities such as banks, insurance companies, credit unions, deposit takers, and the superannuation industry. On June 25, APRA released an updated version of the Prudential Practice Guide CPG 234 Information Security, which provides guidance on how to implement the revised Prudential […]

Read More