AWS Security Blog

Monday, November 27: Security, Compliance, & Identity Sessions Today at re:Invent

Today, the following Security, Compliance, & Identity sessions, workshops, and chalk talks will be presented at AWS re:Invent 2017 in Las Vegas. All sessions are in the MGM Grand and all times are local. See the re:Invent Session Catalog for complete information about every session. You can also download the AWS re:Invent 2017 Mobile App […]

Read More

Easier Certificate Validation Using DNS with AWS Certificate Manager

Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates are used to secure network communications and establish the identity of websites over the internet. Before issuing a certificate for your website, Amazon must validate that you control the domain name for your site. You can now use AWS Certificate Manager (ACM) Domain Name System (DNS) validation to […]

Read More

The 10 Most Viewed Security-Related AWS Knowledge Center Articles and Videos for November 2017

The AWS Knowledge Center helps answer the questions most frequently asked by AWS Support customers. The following 10 Knowledge Center security articles and videos have been the most viewed this month. It’s likely you’ve wondered about a few of these topics yourself, so here’s a chance to learn the answers! How do I create an AWS […]

Read More

How to Patch, Inspect, and Protect Microsoft Windows Workloads on AWS—Part 2

Yesterday in Part 1 of this blog post, I showed you how to: Launch an Amazon EC2 instance with an AWS Identity and Access Management (IAM) role, an Amazon Elastic Block Store (Amazon EBS) volume, and tags that Amazon EC2 Systems Manager (Systems Manager) and Amazon Inspector use. Configure Systems Manager to install the Amazon […]

Read More

Now You Can Use AWS Shield Advanced to Help Protect Your Amazon EC2 Instances and Network Load Balancers

Starting today, AWS Shield Advanced can help protect your Amazon EC2 instances and Network Load Balancers against infrastructure-layer Distributed Denial of Service (DDoS) attacks. Enable AWS Shield Advanced on an AWS Elastic IP address and attach the address to an internet-facing EC2 instance or Network Load Balancer. AWS Shield Advanced automatically detects the type of AWS resource behind the […]

Read More

How to Patch, Inspect, and Protect Microsoft Windows Workloads on AWS—Part 1

Most malware tries to compromise your systems by using a known vulnerability that the maker of the operating system has already patched. To help prevent malware from affecting your systems, two security best practices are to apply all operating system patches to your systems and actively monitor your systems for missing patches. In case you […]

Read More

AWS Achieves FedRAMP JAB Moderate Provisional Authorization for 20 Services in the AWS US East/West Region

The AWS US East/West Region has received a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) at the Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline. Though AWS has maintained an AWS US East/West Region Agency-ATO since early 2013, this announcement represents AWS’s carefully deliberated move to the JAB for the centralized maintenance […]

Read More

How AWS Managed Microsoft AD Helps to Simplify the Deployment and Improve the Security of Active Directory–Integrated .NET Applications

Companies using .NET applications to access sensitive user information, such as employee salary, Social Security Number, and credit card information, need an easy and secure way to manage access for users and applications. For example, let’s say that your company has a .NET payroll application. You want your Human Resources (HR) team to manage and […]

Read More

How to Encrypt and Decrypt Your Data with the AWS Encryption CLI

You can now encrypt and decrypt your data at the command line and in scripts—no cryptography or programming expertise is required. The new AWS Encryption SDK Command Line Interface (AWS Encryption CLI) brings the AWS Encryption SDK to the command line. With the AWS Encryption CLI, you can take advantage of the advanced data protection […]

Read More

Use the New Visual Editor to Create and Modify Your AWS IAM Policies

AWS Identity and Access Management (IAM) has made it easier for you to create and modify your IAM policies by using a point-and-click visual editor in the IAM console. The new visual editor guides you through granting permissions using IAM policies without requiring you to write the policy in JSON (although you can still author and edit policies in JSON, if you prefer). This update to the IAM console makes it easier to grant least privilege permissions for the AWS service actions you select by listing all the supported resource types and request conditions you can specify. And, as with policy summaries, the visual editor also identifies and helps you correct unrecognized services and actions and permissions errors when you import existing policies. In this blog post, I give a brief overview of policy concepts and show you how to create a new policy by using the visual editor.

Read More