AWS Security Blog


How to Use the REST API to Encrypt S3 Objects by Using AWS KMS

AWS Key Management Service (AWS KMS) allows you to use keys under your control to encrypt data at rest stored in Amazon S3. The two primary methods for implementing this encryption are server-side encryption (SSE) and client-side encryption (CSE). Each method offers multiple interfaces and API options to choose from. In this blog post, I […]

Read More

How to Configure Your EC2 Instances to Automatically Join a Microsoft Active Directory Domain

Seamlessly joining Windows EC2 instances in AWS to a Microsoft Active Directory domain is a common scenario, especially for enterprises building a hybrid cloud architecture. With AWS Directory Service, you can target an Active Directory domain managed on-premises or within AWS. How to Connect Your On-Premises Active Directory to AWS Using AD Connector takes you […]

Read More

AWS Directory Service Now Supports API Access and Logging Via AWS CloudTrail

Developers can now programmatically create and configure Simple AD and AD Connector directories in AWS Directory Service via the AWS SDKs or CLI. You can also now use Cloud Trail to log API actions performed via an SDK, the CLI, or AWS Directory Service console. Permissions for performing these actions can be controlled via an AWS […]

Read More

An Easier Way to Determine the Presence of AWS Account Access Keys

Last month, the AWS Security Blog encouraged you to adhere to AWS Identity and Access Management (IAM) best practices. One of these best practices is to lock away your AWS account (root) access keys and password, and not use them for day-to-day interaction with AWS. In fact, when it comes to your root account access […]

Read More

How to Rotate Access Keys for IAM Users

Changing access keys (which consist of an access key ID and a secret access key) on a regular schedule is a well-known security best practice because it shortens the period an access key is active and therefore reduces the business impact if they are compromised. Having an established process that is run regularly also ensures […]

Read More