AWS Security Blog

Update: The on-demand recording and slides from this webinar are now available.   As part of the AWS Webinar Series, AWS will present Deep Dive: Protecting Your Data with AWS Encryption on Tuesday, June 16. This webinar will start at 9:00 A.M. and end at 10:00 A.M. Pacific Time (UTC-7). AWS Principal Product Manager Ken Beer […]

The security of personally identifiable information (PII) continues to be an important topic among all sectors, and education is no exception. Covered entities subject to FERPA are turning to cloud computing as a highly efficient way to manage and secure vast amounts of educational records and student data. To bring clarity to securing student data […]

Note from September 20, 2017: Based on customer feedback, we have moved the process outlined in this post to the official AWS documentation. AWS Identity and Access Management (IAM) has a list of best practices that you are encouraged to use. One of those best practices is to enable multi-factor authentication (MFA) for your AWS root […]

Note 1: On August 12, 2015, I published a follow-up to this post, which is called How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0. Be sure to see that post if you want to implement a general federation solution (not specific to AD FS). Note 2: This post focuses on NTLM authentication, […]

In November 2014, AWS launched Key Management Service (KMS), a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data managed by AWS services and within your own applications. One of the features KMS offers is the key alias, an arbitrary string that can be […]

You can now use the AWS Identity and Access Management (IAM) policy simulator to test and validate your roles’ access control policies. The policy simulator is a tool to help you author and validate the policies that set permissions on your AWS resources. This tool provides a “playground” where you can iteratively author least privilege […]

We are now in our sixth year of regularly publishing comprehensive independent audit reports attesting to our alignment with globally accepted security best practices. We have just completed our thorough and extensive semiannual audit and are happy to announce that Amazon Simple Queue Service (SQS) and our newest region in Europe (Frankfurt) are now in-scope […]

As part of the AWS Webinar Series, AWS will present Getting Started with AWS Identity and Access Management on Friday, May 22. This webinar will start at 10:30 A.M. and end at 11:30 A.M. Pacific Time (UTC-7). AWS Security Solutions Architect Jonathan Desrocher will introduce the fundamental concepts of AWS Identity and Access Management (IAM) […]

Let’s face it—not all APIs were created equal. For example, you may be really interested in knowing when any of your Amazon EC2 instances are terminated (ec2:TerminateInstance), but less interested when an object is put in an Amazon S3 bucket (s3:PutObject). In this example, you can delete an object, but you can’t bring back that […]

Developers can now programmatically create and configure Simple AD and AD Connector directories in AWS Directory Service via the AWS SDKs or CLI. You can also now use Cloud Trail to log API actions performed via an SDK, the CLI, or AWS Directory Service console. Permissions for performing these actions can be controlled via an AWS […]