AWS Security Blog

Tag: AWS Lambda

How to Use AWS Config to Monitor for and Respond to Amazon S3 Buckets Allowing Public Access

AWS Config enables continuous monitoring of your AWS resources, making it simple to assess, audit, and record resource configurations and changes. AWS Config does this through the use of rules that define the desired configuration state of your AWS resources. AWS Config provides a number of AWS managed rules that address a wide range of […]

Read More

AWS Adds 12 More Services to Its PCI DSS Compliance Program

Twelve more AWS services have obtained Payment Card Industry Data Security Standard (PCI DSS) compliance, giving you more options, flexibility, and functionality to process and store sensitive payment card data in the AWS Cloud. The services were audited by Coalfire to ensure that they meet strict PCI DSS standards. The newly compliant AWS services are: […]

Read More

How to Visualize and Refine Your Network’s Security by Adding Security Group IDs to Your VPC Flow Logs

Note from July 11, 2017: In response to readers’ feedback, the author of this blog post has updated this post’s example code to provide more reliable handling of error scenarios, particularly in which the geographical lookup fails. Additionally, the author has added details about testing the example code by using Amazon Kinesis Data Generator. If you already […]

Read More

How to Remediate Amazon Inspector Security Findings Automatically

Updated on November 27, 2018: We added a policy to the instructions for creating an IAM role. The Amazon Inspector security assessment service can evaluate the operating environments and applications you have deployed on AWS for common and emerging security vulnerabilities automatically. As an AWS-built service, Amazon Inspector is designed to exchange data and interact […]

Read More

How to Simplify Security Assessment Setup Using Amazon EC2 Systems Manager and Amazon Inspector

In a July 2016 AWS Blog post, I discussed how to integrate Amazon Inspector with third-party ticketing systems by using Amazon Simple Notification Service (SNS) and AWS Lambda. This AWS Security Blog post continues in the same vein, describing how to use Amazon Inspector to automate various aspects of security management. In this post, I […]

Read More

Now Available: Videos from re:Invent 2016 Security and Compliance Sessions

Whether you want to review a Security and Compliance track session you attended at AWS re:Invent 2016 or you want to experience a session for the first time, videos from the Security and Compliance track and re:Source Mini Con for Security Services are now available. Note: Slide decks also will be available in the coming […]

Read More

How to Use Amazon CloudWatch Events to Monitor Application Health

Amazon CloudWatch Events enables you to react selectively to events in the cloud as well as in your applications. Specifically, you can create CloudWatch Events rules that match event patterns, and take actions in response to those patterns. CloudWatch Events lets you process both AWS-provided events and custom events (those that you create and inject […]

Read More

New Amazon Inspector Blog Post on the AWS Blog

On the AWS Blog yesterday, Jeff Barr published a new security-related blog post written by AWS Principal Security Engineer Eric Fitzgerald. Here’s the beginning of the post, which is entitled, Scale Your Security Vulnerability Testing with Amazon Inspector: “At AWS re:Invent 2015 we announced Amazon Inspector, our security vulnerability assessment service that helps customers test for […]

Read More

How to Automatically Tag Amazon EC2 Resources in Response to API Events

Note: As of March 28, 2017,  Amazon EC2 supports tagging on creation, enforced tag usage, AWS Identity and Access Management (IAM) resource-level permissions, and enforced volume encryption. See New – Tag EC2 Instances & EBS Volumes on Creation on the AWS Blog for more information. Access to manage Amazon EC2 instances can be controlled using […]

Read More