AWS Security Blog
Tag: Amazon SNS
Mask and redact sensitive data published to Amazon SNS using managed and custom data identifiers
Today, we’re announcing a new capability for Amazon Simple Notification Service (Amazon SNS) message data protection. In this post, we show you how you can use this new capability to create custom data identifiers to detect and protect domain-specific sensitive data, such as your company’s employee IDs. Previously, you could only use managed data identifiers […]
How to receive alerts when your IAM configuration changes
June 12, 2024: Update: This post has been updated to deploy the solution in the North Virginia (us-east-1) AWS Region. August 21, 2023: This post had been updated to change from wildcard pattern matching to using “prefixes” for EventBridge pattern rules. July 27, 2023: This post was originally published February 5, 2015, and received a […]
Sign Amazon SNS messages with SHA256 hashing for HTTP subscriptions
Amazon Simple Notification Service (Amazon SNS) now supports message signatures based on Secure Hash Algorithm 256 (SHA256) hashing. Amazon SNS signs the messages that are delivered from your Amazon SNS topic so that subscribed HTTP endpoints can verify the authenticity of the messages. In this blog post, we will show you how to enable message […]
Automatically update security groups for Amazon CloudFront IP ranges using AWS Lambda
June 21, 2023: This blog post is out of date. You should now use the new managed prefix list for CloudFront in your Security Group instead of this custom Lambda solution. Please refer to this blog post for detailed info. Amazon CloudFront is a content delivery network that can help you increase the performance of […]
Updated AWS SOC Reports Include Three New Regions and Three Additional Services
The updated AWS Service Organization Control (SOC) 1 and SOC 2 Security, Availability, and Confidentiality Reports covering the period of October 1, 2016, through March 31, 2017, are now available. Because we are always looking for ways to improve the customer experience, the current AWS SOC 2 Confidentiality Report has been combined with the […]
How to Remediate Amazon Inspector Security Findings Automatically
May 31, 2022: The updated blog post is available here. June 18, 2020: This solution no longer works, and the Lambda runtime this code is relying on has been deprecated. When we have an updated blog, we’ll add a link to it here. Updated on November 27, 2018: We added a policy to the instructions […]
How to Use Amazon CloudWatch Events to Monitor Application Health
Amazon CloudWatch Events enables you to react selectively to events in the cloud as well as in your applications. Specifically, you can create CloudWatch Events rules that match event patterns, and take actions in response to those patterns. CloudWatch Events lets you process both AWS-provided events and custom events (those that you create and inject […]
How to Reduce Security Threats and Operating Costs Using AWS WAF and Amazon CloudFront
Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository. Some Internet operations trust that clients are “well behaved.” As an operator of a publicly accessible web application, for example, you have to trust that the clients […]
How to Record and Govern Your IAM Resource Configurations Using AWS Config
AWS Config recently added the ability to record changes to the configuration of your AWS Identity and Access Management (IAM) users, groups, and roles (collectively referred to as IAM entities) and the policies associated with them. Using this feature, you can record configuration details for these IAM entities, including details about which policies are associated […]
How to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda
Note from April 1, 2021: Before implementing the steps in this blog post, please request an EC2 limit increase for “rules per security group.” Ask for 220 rules per security group in the AWS Region where your security groups will be. Note from December 3, 2019: The features and services described in this post have […]