AWS Security Blog

Benefits of a Key Hierarchy with a Master Key (Part Two of the AWS CloudHSM Series)

Previously, Todd Cignetti, AWS Security Product Manager, wrote a post that covered some typical use cases for AWS CloudHSM, a service that helps you securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you. In this post, Todd continues the series on AWS CloudHSM with […]

Read More

Back to School: Understanding the IAM Policy Grammar

Have you ever had to create access policies for users, groups, roles, or resources and wished you could learn more about the policy language? If so, you’ve come to the right place. In this blog, I’ll describe the attributes and structure of the Identity and Access Management (IAM) policy language. I’ll also include examples that […]

Read More

Building an App Using Amazon Cognito and an OpenID Connect Identity Provider

Today, I’m happy to announce that AWS now supports OpenID Connect (OIDC), an open standard that enables app developers to leverage additional identity providers for authentication. Now you can use Amazon Cognito to easily build AWS-powered apps that use identities from any provider that supports this industry standard. This compliments the existing capabilities to use […]

Read More

New in AWS Elastic Beanstalk: Support for Federation and Instance Profiles

In September, the AWS Elastic Beanstalk team announced two new features that involve roles: support for federation and support for instance profiles. Support for federated users means that people in your organization can sign in to the AWS Management Console and manage Elastic Beanstalk using their own credentials, without having to have a IAM user […]

Read More

Easier Role Selection for SAML-Based Single Sign-On

At the end of 2013, we introduced single sign-on to the AWS Management Console using the Security Assertion Markup Language (SAML) 2.0. This enables you to use your organization’s existing identity system to sign in to the console without having to provide AWS credentials. Today we’re happy to announce that, in response to your feedback, […]

Read More

Upcoming Security Sessions at re:Invent 2014

AWS re:Invent is only one month away! Several members of the AWS Security and AWS Identity and Access Management (IAM) teams will be presenting on security topics and answering your questions in the AWS Security Booth. We have 21 sessions covering security this year. In this blog post, I want to highlight six essential sessions […]

Read More

Don’t Forget to Enable Access to the Billing Console!

We’ve seen a question appear periodically on the IAM forum about granting IAM users access to the AWS Billing console. The question is this: even after an administrator sets appropriate permissions for an IAM user to access the console, the user can’t get to the console. Why not? Access to the console actually requires two […]

Read More

In Case You Missed Them: Some Recent Security Enhancements in AWS

With the steady cadence of updates and enhancements for AWS services, it can sometimes be easy to miss announcements about features that relate to security. Here are some recent security-related updates in AWS services that we’re excited about and that you might not have heard about. AWS Trusted Advisor inspects your AWS environment and finds […]

Read More