AWS Security Blog

Our US federal customers are finding interesting and exciting ways to use the AWS cloud for their IT infrastructure and data management. Our focus on these customers remains a high priority for AWS Compliance, and to further our efforts in providing customer-focused compliance enablers, we have updated our existing Department of Defense (DoD) whitepaper. This […]

The newly released whitepaper, Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth, will help you integrate your existing LDAP-based user directory with AWS. When you integrate your existing directory with AWS, your users can access AWS by using their existing credentials. This means that your users don’t need to maintain yet another user name and password […]

AWS has radically improved cloud service provider compliance offerings with the ongoing development and releases of next gen customer-focused compliance enablers that directly assist customers in 1) understanding how to apply legacy compliance requirements to an AWS environment, and 2) helping establish a secure, compliant, and auditable AWS IT environment. Traditionally our global customers have […]

AWS Identity and Access Management (IAM) recently launched managed policies, which enable you to attach a single access control policy to multiple entities (IAM users, groups, and roles). Managed policies also give you precise, fine-grained control over how your users can manage policies and permissions for other entities. For example, you can control which managed […]

Earlier this month, we let you know that AWS Identity and Access Management (IAM) would be upgrading policy validation today (March 25, 2015) to help you ensure that your IAM policies match your intentions. This upgrade is now in effect for all IAM policies. Starting today, to save changes to your IAM policies, you must […]

AWS Compliance has made available a new security and compliance workbook for AWS customers who are subject to the German Federal Office for Information Security (BSI) IT Baseline protection methodology (IT-Grundschutz). IT-Grundschutz Compliance on Amazon Web Services is a new customer workbook that was developed and published by TÜV TRUST IT GmbH TÜV Austria Group, […]

If you are an Amazon RDS customer, you might have received email from AWS notifying you about rotating your SSL certificates. The SSL certificates for RDS database instances are being updated on March 23, 2015, at 20:00 UTC. The certificates are being updated as part of standard maintenance and security best practices for RDS, and […]

On March 25, 2015, we will upgrade the Identity and Access Management (IAM) policy validation to help ensure that your policies reflect your intentions. Starting on this day, to save changes to policies, you must first ensure that your policies comply with the IAM policy grammar. Your existing policies will continue to work as they […]

Have you ever thought that authoring Identity and Access Management (IAM) policies would be easier if the JSON of your policies were automatically formatted? If so, you will be excited to hear you can now enable autoformatting for all your policies by simply selecting a single check box. In this blog post, I will show […]

Have you ever spent time searching for a syntax error—such as a missing comma—when editing an AWS Identity and Access Management (IAM) policy? If so, you will be happy to hear that AWS has made it easier for you to identify and correct such errors. To help you find the source of the errors, we’ve […]