AWS Security Blog

Tag: AWS CloudFormation

How to create SAML providers with AWS CloudFormation

As organizations grow, they often experience an inflection point where it becomes impractical to manually manage separate user accounts in disparate systems. Managing multiple AWS accounts is no exception. Many large organizations have dozens or even hundreds of AWS accounts spread across multiple business units. AWS provides many solutions that can orchestrate a person’s identity […]

Read More

How to define least-privileged permissions for actions called by AWS services

February 21, 2020: We fixed a missing comma in a policy example. March 3, 2020: We added some clarifying language to the “Step 2: Define permissions on the S3 bucket” section. When you perform certain actions in AWS, the service you called sometimes takes additional actions in other AWS services on your behalf. AWS Identity […]

Read More

How to create and retrieve secrets managed in AWS Secrets Manager using AWS CloudFormation templates

Updated November 15, 2018: We added information to make variables more clear in the sample template. AWS Secrets Manager now integrates with AWS CloudFormation so you can create and retrieve secrets securely using CloudFormation. This integration makes it easier to automate provisioning your AWS infrastructure. For example, without any code changes, you can generate unique […]

Read More

How to Use AWS Organizations to Automate End-to-End Account Creation

AWS Organizations offers new capabilities for managing AWS accounts, including automated account creation via the Organizations API. For example, you can bring new development teams onboard by using the Organizations API to create an account, AWS CloudFormation templates to configure the account (such as for AWS Identity and Access Management [IAM] and networking), and service control […]

Read More

How to Control TLS Ciphers in Your AWS Elastic Beanstalk Application by Using AWS CloudFormation

Securing data in transit is critical to the integrity of transactions on the Internet. Whether you log in to an account with your user name and password or give your credit card details to a retailer, you want your data protected as it travels across the Internet from place to place. One of the protocols […]

Read More

More Than One Dozen AWS Cloud Services Receive Department of Defense Impact Level 4 Provisional Authorizations in the AWS GovCloud (US) Region

Today, I am pleased to announce that the AWS GovCloud (US) Region has received Defense Information Systems Agency Impact Level 4 (IL4) Provisional Authorization (PA) for more than one dozen new services. The IL4 PA enables Department of Defense (DoD) customers to operate their mission-critical and regulated workloads in the AWS GovCloud (US) Region, with data […]

Read More

Register for and Attend This March 29 Tech Talk—Best Practices for Managing Security Operations in AWS

Update: This webinar is now available as an on-demand video and slide deck. As part of the AWS Monthly Online Tech Talks series, AWS will present Best Practices for Managing Security Operations in AWS on Wednesday, March 29. This tech talk will start at 9:00 A.M. and end at 10:00 A.M. Pacific Time. AWS Global Cloud Security […]

Read More

How to Use AWS CloudFormation to Automate Your AWS WAF Configuration with Example Rules and Match Conditions

Note from July 4, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   AWS WAF is a web application firewall that integrates closely with Amazon CloudFront (AWS’s content delivery network [CDN]). AWS WAF gives you control to allow or block […]

Read More

How to Import IP Address Reputation Lists to Automatically Update AWS WAF IP Blacklists

Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository.   You can use AWS WAF (a web application firewall) to help protect your web applications from exploits that originate from groups of IP addresses that are known […]

Read More

Register for and Attend This March 30 Webinar—Best Practices for Managing Security Operations in AWS

Update: The video and slides from the webinar are now available. As part of the AWS Webinar Series, AWS will present Best Practices for Managing Security Operations in AWS on Wednesday, March 30. This webinar will start at 10:30 A.M. and end at 11:30 A.M. Pacific Time (UTC-7). AWS Security Solutions Architect Henrik Johansson will share […]

Read More