AWS Security Blog

Tag: Amazon SNS

Updated AWS SOC Reports Include Three New Regions and Three Additional Services

  The updated AWS Service Organization Control (SOC) 1 and SOC 2 Security, Availability, and Confidentiality Reports covering the period of October 1, 2016, through March 31, 2017, are now available. Because we are always looking for ways to improve the customer experience, the current AWS SOC 2 Confidentiality Report has been combined with the […]

Read More

How to Remediate Amazon Inspector Security Findings Automatically

Updated on November 27, 2018: We added a policy to the instructions for creating an IAM role. The Amazon Inspector security assessment service can evaluate the operating environments and applications you have deployed on AWS for common and emerging security vulnerabilities automatically. As an AWS-built service, Amazon Inspector is designed to exchange data and interact […]

Read More

How to Use Amazon CloudWatch Events to Monitor Application Health

Amazon CloudWatch Events enables you to react selectively to events in the cloud as well as in your applications. Specifically, you can create CloudWatch Events rules that match event patterns, and take actions in response to those patterns. CloudWatch Events lets you process both AWS-provided events and custom events (those that you create and inject […]

Read More

How to Reduce Security Threats and Operating Costs Using AWS WAF and Amazon CloudFront

Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   Some Internet operations trust that clients are “well behaved.” As an operator of a publicly accessible web application, for example, you have to trust that the clients […]

Read More

How to Record and Govern Your IAM Resource Configurations Using AWS Config

AWS Config recently added the ability to record changes to the configuration of your AWS Identity and Access Management (IAM) users, groups, and roles (collectively referred to as IAM entities) and the policies associated with them. Using this feature, you can record configuration details for these IAM entities, including details about which policies are associated […]

Read More

How to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda

Update on June 14, 2018: We removed an out-of-date code sample. Update on August 23, 2018: We revised the “Configure your Lambda function’s trigger” procedure. Amazon CloudFront can help you increase the performance of your web applications and significantly lower the latency of delivering content to your customers. Recently announced, AWS WAF (a web application firewall) […]

Read More

How to Receive Alerts When Specific APIs Are Called by Using AWS CloudTrail, Amazon SNS, and AWS Lambda

Let’s face it—not all APIs were created equal. For example, you may be really interested in knowing when any of your Amazon EC2 instances are terminated (ec2:TerminateInstance), but less interested when an object is put in an Amazon S3 bucket (s3:PutObject). In this example, you can delete an object, but you can’t bring back that […]

Read More

How to Receive Alerts When Your IAM Configuration Changes

Note: This post has been updated to support the recently launched managed policies. As an AWS administrator, you want to know when your security configuration changes. Though some changes are expected, you may want to review unexpected changes or changes made by a privileged user. Fortunately, a newly released combination of AWS CloudTrail, Amazon CloudWatch […]

Read More