AWS Security Blog

Register for and Attend This July 29 Webinar—Best Practices for Managing Security Operations in AWS

Update: This webinar is now available as an on-demand video and slide deck. As part of the AWS Webinar Series, AWS will present Best Practices for Managing Security Operations in AWS on Friday, July 29. This webinar will start at 10:30 A.M. and end at 11:30 A.M. Pacific Time. AWS Security Solutions Architect Henrik Johansson will show you […]

Read More

New Whitepaper Now Available: The Security Perspective of the AWS Cloud Adoption Framework

Today, AWS released the Security Perspective of the AWS Cloud Adoption Framework (AWS CAF). The AWS CAF provides a framework to help you structure and plan your cloud adoption journey, and build a comprehensive approach to cloud computing throughout the IT lifecycle. The framework provides seven specific areas of focus or Perspectives: business, platform, maturity, […]

Read More

New Amazon Inspector Blog Post on the AWS Blog

On the AWS Blog yesterday, Jeff Barr published a new security-related blog post written by AWS Principal Security Engineer Eric Fitzgerald. Here’s the beginning of the post, which is entitled, Scale Your Security Vulnerability Testing with Amazon Inspector: “At AWS re:Invent 2015 we announced Amazon Inspector, our security vulnerability assessment service that helps customers test for […]

Read More

How to Use AWS CloudFormation to Automate Your AWS WAF Configuration with Example Rules and Match Conditions

Note from July 4, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   AWS WAF is a web application firewall that integrates closely with Amazon CloudFront (AWS’s content delivery network [CDN]). AWS WAF gives you control to allow or block […]

Read More

How to Restrict Amazon S3 Bucket Access to a Specific IAM Role

I am a cloud support engineer here at AWS, and customers often ask me how they can limit Amazon S3 bucket access to a specific AWS Identity and Access Management (IAM) role. In general, they attempt to do this the same way that they would with an IAM user: use a bucket policy to explicitly […]

Read More

How to Use SAML to Automatically Direct Federated Users to a Specific AWS Management Console Page

Identity federation enables your enterprise users (such as Active Directory users) to access the AWS Management Console via single sign-on (SSO) by using their existing credentials. In Security Assertion Markup Language (SAML) 2.0, RelayState is an optional parameter that identifies a specified destination URL your users will access after signing in with SSO. When using […]

Read More

How to Prevent Uploads of Unencrypted Objects to Amazon S3

There are many use cases to prevent uploads of unencrypted objects to an Amazon S3 bucket, but the underlying objective is to protect the confidentiality and integrity of the objects stored in that bucket. AWS provides several services that help make this process easier, such as AWS Identity and Access Management (IAM) and AWS Key […]

Read More