AWS Security Blog

Tag: Amazon CloudWatch

Now You Can Use AWS Shield Advanced to Help Protect Your Amazon EC2 Instances and Network Load Balancers

Starting today, AWS Shield Advanced can help protect your Amazon EC2 instances and Network Load Balancers against infrastructure-layer Distributed Denial of Service (DDoS) attacks. Enable AWS Shield Advanced on an AWS Elastic IP address and attach the address to an internet-facing EC2 instance or Network Load Balancer. AWS Shield Advanced automatically detects the type of AWS resource behind the […]

Read More

How to Monitor and Visualize Failed SSH Access Attempts to Amazon EC2 Linux Instances

As part of the AWS Shared Responsibility Model, you are responsible for monitoring and managing your resources at the operating system and application level. When you monitor your application servers, for example, you can measure, visualize, react to, and improve the security of those servers. You probably already do this on premises or in other […]

Read More

How to Monitor AWS Account Configuration Changes and API Calls to Amazon EC2 Security Groups

You can use AWS security controls to detect and mitigate risks to your AWS resources. The purpose of each security control is defined by its control objective. For example, the control objective of an Amazon VPC security group is to permit only designated traffic to enter or leave a network interface. Let’s say you have […]

Read More

How to Configure Rate-Based Blacklisting with AWS WAF and AWS Lambda

Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   One security challenge you may have faced is how to prevent your web servers from being flooded by unwanted requests, or scanning tools such as bots and […]

Read More

AWS Key Management Service Now Supports Deletion of Encryption Keys

Today, AWS launched a new feature that lets you delete your encryption keys managed in AWS Key Management Service (KMS). You can now manage the complete lifecycle of your keys from creation to usage to disablement to deletion. In this blog post, I will explain the changes introduced with this new feature, tell you what […]

Read More

Learn About the Rest of the Security and Compliance Track Sessions Being Offered at re:Invent 2015

Previously, I mentioned that the re:Invent 2015 Security & Compliance track sessions had been announced, and I also discussed the AWS Identity and Access Management (IAM) sessions that will be offered as part of the Security & Compliance track. Today, I will highlight the remainder of the sessions that will be presented as part of the […]

Read More

How to Receive Notifications When Your AWS Account’s Root Access Keys Are Used

AWS Identity and Access Management (IAM) best practices recommend using IAM users or roles to access your AWS resources, instead of using your root credentials. If you follow this best practice, though, how can you monitor for root activity and take action if such activity occurs? AWS CloudTrail and Amazon CloudWatch provide the solution. In […]

Read More

How to Receive Alerts When Your IAM Configuration Changes

Note: This post has been updated to support the recently launched managed policies. As an AWS administrator, you want to know when your security configuration changes. Though some changes are expected, you may want to review unexpected changes or changes made by a privileged user. Fortunately, a newly released combination of AWS CloudTrail, Amazon CloudWatch […]

Read More

An Instructive Tale About Using IAM Best Practices

An interesting blog post came to our attention recently—My $500 Cloud Security Screw-up by Rich Mogull. He describes how he learned to adhere to several important AWS security principles through several unfortunate events.   Mike Pope, senior technical writer for AWS Identity, paraphrases the post here. Rich had inadvertently leaked his AWS access keys, allowing some […]

Read More