AWS Security Blog

Announcing Resource-Level Permissions for AWS OpsWorks

We are pleased to announce that AWS OpsWorks now supports resource-level permissions. AWS OpsWorks is an application management service that lets you provision resources, deploy and update software, automate common operational tasks, and monitor the state of your environment. You can optionally use the popular Chef automation platform to extend OpsWorks using your own custom […]

Read More

Recap of re:Invent 2013 Sessions

Amazon Web Services (AWS) held its second annual users conference, re:Invent 2013,  in Las Vegas on November 13th-15th.  Security was again one of the top tracks of the program, with 22 sessions covering every area in cloud security.  Re:Invent 2013 was a great success. Here are links to the videos and presentations all the security related […]

Read More

Amazon EC2 Resource-Level Permissions for RunInstances

Yesterday the EC2 team announced fine grained controls for managing RunInstances. This release enables you to set fine-grained controls over the AMIs, Snapshots, Subnets, and other resources that can be used when creating instances and the types of instances and volumes that users can create when using the RunInstances API. This is a major milestone […]

Read More

IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)

In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 folders. This week we’ll discuss another frequently asked-about topic: the distinction between IAM policies, S3 bucket policies, S3 ACLs, and when to use each. They’re all part of the AWS […]

Read More

Three Data-at-Rest Encryption Announcements

We’re excited to make three announcements around encryption of data at rest in AWS: We’ve published a new whitepaper: Securing Data at Rest with Encryption, which describes the various options for encrypting data at rest in AWS. It describes these options in terms of where encryption keys are stored and how access to those keys […]

Read More

New Whitepaper: AWS Cloud Security Best Practices

We have just published an updated version of our AWS Security Best Practices whitepaper. You wanted us to provide a holistic and familiar approach to managing the overall information security posture of the organization that’s based on periodic risk assessments when you deploy applications and assets on AWS. Specifically, you asked for: How security responsibilities […]

Read More

Guidelines for When to Use Accounts, Users, and Groups

I often get asked when to use different AWS accounts to enforce separation of duties versus using IAM users and groups within a single account. While the complete answer depends on what AWS services you use, the general guidelines in this post will point you in the right direction. As context for the guidelines, consider […]

Read More

AWS CloudFormation Now Supports Federated Users and Temporary Security Credentials

Today AWS CloudFormation released added support for  temporary security credentials provided by the AWS Security Token Service.  This release enables a number of scenarios such as federated users being able to use CloudFormation from the AWS Management Console and authorizing Amazon EC2 instances with IAM roles to call CloudFormation APIs.  To learn more about this new […]

Read More