AWS Security Blog

Enabling Federation to AWS Using Windows Active Directory, ADFS, and SAML 2.0

Update from January 17, 2018: The techniques demonstrated in this blog post relate to traditional SAML federation for AWS. These techniques are still valid and useful. However, AWS Single Sign-On (AWS SSO) provides analogous capabilities by way of a managed service. If you are just getting started with federating access to your AWS accounts, we recommend […]

Read More

Announcing Resource-Level Permissions for AWS OpsWorks

We are pleased to announce that AWS OpsWorks now supports resource-level permissions. AWS OpsWorks is an application management service that lets you provision resources, deploy and update software, automate common operational tasks, and monitor the state of your environment. You can optionally use the popular Chef automation platform to extend OpsWorks using your own custom […]

Read More

Recap of re:Invent 2013 Sessions

Amazon Web Services (AWS) held its second annual users conference, re:Invent 2013,  in Las Vegas on November 13th-15th.  Security was again one of the top tracks of the program, with 22 sessions covering every area in cloud security.  Re:Invent 2013 was a great success. Here are links to the videos and presentations all the security related […]

Read More

Amazon EC2 Resource-Level Permissions for RunInstances

Yesterday the EC2 team announced fine grained controls for managing RunInstances. This release enables you to set fine-grained controls over the AMIs, Snapshots, Subnets, and other resources that can be used when creating instances and the types of instances and volumes that users can create when using the RunInstances API. This is a major milestone […]

Read More

IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)

In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 folders. This week we’ll discuss another frequently asked-about topic: the distinction between IAM policies, S3 bucket policies, S3 ACLs, and when to use each. They’re all part of the AWS […]

Read More

Three Data-at-Rest Encryption Announcements

We’re excited to make three announcements around encryption of data at rest in AWS: We’ve published a new whitepaper: Securing Data at Rest with Encryption, which describes the various options for encrypting data at rest in AWS. It describes these options in terms of where encryption keys are stored and how access to those keys […]

Read More

New Whitepaper: AWS Cloud Security Best Practices

We have just published an updated version of our AWS Security Best Practices whitepaper. You wanted us to provide a holistic and familiar approach to managing the overall information security posture of the organization that’s based on periodic risk assessments when you deploy applications and assets on AWS. Specifically, you asked for: How security responsibilities […]

Read More