AWS Security Blog

How to quickly find and update your access keys, password, and MFA setting using the AWS Management Console

You can now more quickly view and update all your security credentials from one place using the “My Security Credentials” page in the AWS Management Console. When you grant your developers programmatic access or AWS Management Console access, they receive credentials, such as a password or access keys, to access AWS resources. For example, creating […]

Read More

Updated whitepaper now available: Aligning to the NIST Cybersecurity Framework in the AWS Cloud

I’m proud to announce an updated resource that is designed to provide guidance to help your organization align to the National Institute of Standards and Technology (NIST) Cybersecurity Framework Version 1.1, which was released in 2018. The updated guide, NIST Cybersecurity Framework (CSF): Aligning to the NIST CSF in the AWS Cloud, is designed to […]

Read More

AWS awarded PROTECTED certification in Australia

The Australian Cyber Security Centre (ACSC) has awarded PROTECTED certification to AWS for 42 of our cloud services. This is the highest data security certification available in Australia for cloud service providers, and AWS offers the most PROTECTED services of any public cloud service provider. You will find AWS on the ACSC’s Certified Cloud Services […]

Read More

Signing executables with Microsoft SignTool.exe using AWS CloudHSM-backed certificates

Code signing is the process of digitally signing executables and scripts to confirm the software author and to demonstrate that the code has not been altered or corrupted since it was signed. Packaged software uses branding and trusted sales outlets to assure users of its integrity, but these guarantees are not available when code is […]

Read More

Alerting, monitoring, and reporting for PCI-DSS awareness with Amazon Elasticsearch Service and AWS Lambda

Logging account activity within your AWS infrastructure is paramount to your security posture and could even be required by compliance standards such as PCI-DSS (Payment Card Industry Security Standard). Organizations often analyze these logs to adapt to changes and respond quickly to security events. For example, if users are reporting that their resources are unable […]

Read More

How to automate SAML federation to multiple AWS accounts from Microsoft Azure Active Directory

You can use federation to centrally manage access to multiple AWS accounts using credentials from your corporate directory. Federation is the practice of establishing trust between a system acting as an identity provider and other systems, often called service providers, that accept authentication tokens from that identity provider. Amazon Web Services (AWS) supports open federation […]

Read More
Author

AWS Security Profiles: Akihiro Umegai, Japan Lead, Office of the CISO

In the weeks leading up to the Solution Days event in Tokyo, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been with AWS, and what is your […]

Read More

Add a layer of security for AWS SSO user portal sign-in with context-aware email-based verification

If you’re an IT administrator of a growing workforce, your users will require access to a growing number of business applications and AWS accounts. You can use AWS Single Sign-On (AWS SSO) to create and manage users centrally and grant access to AWS accounts and business applications, such as such Salesforce, Box, and Slack. When […]

Read More
Author

AWS Security profiles: Michael South, Principal Business Development Manager for Security Acceleration

In the weeks leading up to the Solution Days event in Tokyo, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you […]

Read More

New AWS services launch with HIPAA, PCI, ISO, and SOC – a company first

Our security culture is one of the things that sets AWS apart. Security is job zero — it is the foundation for all AWS employees and impacts the work we do every day, across the company. And that’s reflected in our services, which undergo exacting internal and external security reviews before being released. From there, […]

Read More