AWS Security Blog

Using AWS in the Context of CESG UK’s Cloud Security Principles

Last year, CESG UK published the Cloud Security Guidance documents for public sector organizations that are considering the use of cloud services for handling information classified as OFFICIAL. The guidance aims to help public sector organizations make informed decisions about cloud services and choose a cloud service that balances business benefits and security risks. In […]

Read More

Security Best Practices: Compliance Beyond the Check Box–Register For and Attend the Webinar

Update: The slides from this webinar are now available. As part of the AWS Webinar Series, AWS will present Security Best Practices: Compliance Beyond the Check Box on Tuesday, April 28. This webinar will start at 10:30 A.M. and end at 11:30 A.M. Pacific Time (UTC-7). Principal Solutions Architect Bill Shinn will help you understand […]

Read More

DoD-Compliant Implementations in the AWS Cloud

Our US federal customers are finding interesting and exciting ways to use the AWS cloud for their IT infrastructure and data management. Our focus on these customers remains a high priority for AWS Compliance, and to further our efforts in providing customer-focused compliance enablers, we have updated our existing Department of Defense (DoD) whitepaper. This […]

Read More

New Whitepaper—Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth

The newly released whitepaper, Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth, will help you integrate your existing LDAP-based user directory with AWS. When you integrate your existing directory with AWS, your users can access AWS by using their existing credentials. This means that your users don’t need to maintain yet another user name and password […]

Read More

Focus on Customers: Next Gen Compliance Enablers

AWS has radically improved cloud service provider compliance offerings with the ongoing development and releases of next gen customer-focused compliance enablers that directly assist customers in 1) understanding how to apply legacy compliance requirements to an AWS environment, and 2) helping establish a secure, compliant, and auditable AWS IT environment. Traditionally our global customers have […]

Read More

How to Create a Limited IAM Administrator by Using Managed Policies

AWS Identity and Access Management (IAM) recently launched managed policies, which enable you to attach a single access control policy to multiple entities (IAM users, groups, and roles). Managed policies also give you precise, fine-grained control over how your users can manage policies and permissions for other entities. For example, you can control which managed […]

Read More

Newly Upgraded: Identity and Access Management Policy Validation

Earlier this month, we let you know that AWS Identity and Access Management (IAM) would be upgrading policy validation today (March 25, 2015) to help you ensure that your IAM policies match your intentions. This upgrade is now in effect for all IAM policies. Starting today, to save changes to your IAM policies, you must […]

Read More

New Security and Compliance Workbook: IT-Grundschutz

AWS Compliance has made available a new security and compliance workbook for AWS customers who are subject to the German Federal Office for Information Security (BSI) IT Baseline protection methodology (IT-Grundschutz). IT-Grundschutz Compliance on Amazon Web Services is a new customer workbook that was developed and published by TÜV TRUST IT GmbH TÜV Austria Group, […]

Read More