AWS Security Blog

2014 re:Invent Roundup

In early November, AWS hosted our annual conference, re:Invent 2014, in Las Vegas. This year the security track offered 23 sessions covering topics ranging from AWS Identity and Access Management (IAM) best practices to the newly launched AWS Key Management Service (KMS). For those of you who attended, we hope the sessions provided you with […]

Read More

Federated Users Can Now Access the AWS Support Center

Recently, the AWS Support Center moved to the AWS Management Console. In addition to providing a better user experience, it enabled another important feature – federated access. Users in your company can now use their existing credentials to access the AWS Support Center for actions like creating a case, looking at the case history, or […]

Read More

A New Way to Encrypt Your Data and Manage Encryption Keys Using AWS Key Management Service

Today, we’re excited to announce AWS Key Management Service (KMS) a new service that gives you control and visibility over the encryption keys that protect your data, with strong security and audit controls. AWS KMS is integrated with other AWS services including Amazon EBS, Amazon S3, and Amazon Redshift to simplify encryption of your data within those […]

Read More

Benefits of a Key Hierarchy with a Master Key (Part Two of the AWS CloudHSM Series)

Previously, Todd Cignetti, AWS Security Product Manager, wrote a post that covered some typical use cases for AWS CloudHSM, a service that helps you securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you. In this post, Todd continues the series on AWS CloudHSM with […]

Read More

Back to School: Understanding the IAM Policy Grammar

Have you ever had to create access policies for users, groups, roles, or resources and wished you could learn more about the policy language? If so, you’ve come to the right place. In this blog, I’ll describe the attributes and structure of the Identity and Access Management (IAM) policy language. I’ll also include examples that […]

Read More

Building an App Using Amazon Cognito and an OpenID Connect Identity Provider

Today, I’m happy to announce that AWS now supports OpenID Connect (OIDC), an open standard that enables app developers to leverage additional identity providers for authentication. Now you can use Amazon Cognito to easily build AWS-powered apps that use identities from any provider that supports this industry standard. This compliments the existing capabilities to use […]

Read More

New in the IAM Console: An At-a-Glance View of Last AWS Sign-In

Have you ever needed to quickly look up the last time one of your users signed in to your AWS account? Or have you been following security best practices and want verify that no one in your organization has been signing in using the AWS root account? If you use AWS CloudTrail, the information is […]

Read More

New in AWS Elastic Beanstalk: Support for Federation and Instance Profiles

In September, the AWS Elastic Beanstalk team announced two new features that involve roles: support for federation and support for instance profiles. Support for federated users means that people in your organization can sign in to the AWS Management Console and manage Elastic Beanstalk using their own credentials, without having to have a IAM user […]

Read More

Easier Role Selection for SAML-Based Single Sign-On

At the end of 2013, we introduced single sign-on to the AWS Management Console using the Security Assertion Markup Language (SAML) 2.0. This enables you to use your organization’s existing identity system to sign in to the console without having to provide AWS credentials. Today we’re happy to announce that, in response to your feedback, […]

Read More

Upcoming Security Sessions at re:Invent 2014

AWS re:Invent is only one month away! Several members of the AWS Security and AWS Identity and Access Management (IAM) teams will be presenting on security topics and answering your questions in the AWS Security Booth. We have 21 sessions covering security this year. In this blog post, I want to highlight six essential sessions […]

Read More