AWS Security Blog

How to Use the REST API to Encrypt S3 Objects by Using AWS KMS

AWS Key Management Service (AWS KMS) allows you to use keys under your control to encrypt data at rest stored in Amazon S3. The two primary methods for implementing this encryption are server-side encryption (SSE) and client-side encryption (CSE). Each method offers multiple interfaces and API options to choose from. In this blog post, I […]

Read More

How to Automatically Tag Amazon EC2 Resources in Response to API Events

Note: As of March 28, 2017,  Amazon EC2 supports tagging on creation, enforced tag usage, AWS Identity and Access Management (IAM) resource-level permissions, and enforced volume encryption. See New – Tag EC2 Instances & EBS Volumes on Creation on the AWS Blog for more information. Access to manage Amazon EC2 instances can be controlled using […]

Read More

Spring SOC Report Now Available—Amazon WorkMail Now in Scope

Today, I’m pleased to announce that we have completed our semiannual AWS Service Organization Control (SOC) assessments and the reports are available to NDA customers now. The AWS SOC program is an intense, period-in-time audit performed every six months. We have been releasing AWS services SOC Reports (or their SAS 70 predecessors) regularly since 2009, […]

Read More

Start Planning for AWS re:Invent 2016

Updated June 23, 2016: Registration is now open! ————– AWS re:Invent 2016 will take place November 28–December 2, 2016, in Las Vegas, Nevada.  Start planning now to attend the world’s largest global cloud computing conference. We have designed re:Invent 2016 to give you increased opportunities to connect, collaborate, and learn about AWS solutions. This year, we […]

Read More

How to Configure Your EC2 Instances to Automatically Join a Microsoft Active Directory Domain

Seamlessly joining Windows EC2 instances in AWS to a Microsoft Active Directory domain is a common scenario, especially for enterprises building a hybrid cloud architecture. With AWS Directory Service, you can target an Active Directory domain managed on-premises or within AWS. How to Connect Your On-Premises Active Directory to AWS Using AD Connector takes you […]

Read More

In Case You Missed These: AWS Security Blog Posts from March and April

In case you missed any of the AWS Security Blog posts from March and April, they are summarized and linked to below. The posts are shown in reverse chronological order (most recent first), and the subject matter ranges from the AWS Config Rules repository to automatically updating AWS WAF IP blacklists. April April 28, AWS […]

Read More

How to Control Access to Your Amazon Elasticsearch Service Domain

With the recent release of Amazon Elasticsearch Service (Amazon ES), you now can build applications without setting up and maintaining your own search cluster on Amazon EC2. One of the key benefits of using Amazon ES is that you can leverage AWS Identity and Access Management (IAM) to grant or deny access to your search […]

Read More

How to Optimize and Visualize Your Security Groups

Note: On May 3, 2017, we published a related blog post also written by Guy Denney, How to Visualize and Refine Your Network’s Security by Adding Security Group IDs to Your VPC Flow Logs. Many organizations start their journey with AWS by experimenting with existing applications. Those experiments may include trying to move an application to […]

Read More