AWS Security Blog
Tag: AWS Organizations
Get more out of service control policies in a multi-account environment
Many of our customers use AWS Organizations to manage multiple Amazon Web Services (AWS) accounts. There are many benefits to using multiple accounts in your organization, such as grouping workloads with a common business purpose, complying with regulatory frameworks, and establishing strong isolation barriers between applications based on ownership. Customers are even using distinct accounts […]
Read MoreGetting started with AWS SSO delegated administration
May 23, 2022: AWS SSO supports two forms of delegation. One form, which is covered in this blog, is to delegate a member account where you can administer the service, which eliminates the requirement to sign in to the AWS Organizations management account for daily administrative work. The second form is delegating which people can […]
Read MoreHow to control access to AWS resources based on AWS account, OU, or organization
AWS Identity and Access Management (IAM) recently launched new condition keys to make it simpler to control access to your resources along your Amazon Web Services (AWS) organizational boundaries. AWS recommends that you set up multiple accounts as your workloads grow, and you can use multiple AWS accounts to isolate workloads or applications that have […]
Read MoreHow to automate AWS account creation with SSO user assignment
Background AWS Control Tower offers a straightforward way to set up and govern an Amazon Web Services (AWS) multi-account environment, following prescriptive best practices. AWS Control Tower orchestrates the capabilities of several other AWS services, including AWS Organizations, AWS Service Catalog, and AWS Single Sign-On (AWS SSO), to build a landing zone very quickly. AWS […]
Read MoreHow to enrich AWS Security Hub findings with account metadata
In this blog post, we’ll walk you through how to deploy a solution to enrich AWS Security Hub findings with additional account-related metadata, such as the account name, the Organization Unit (OU) associated with the account, security contact information, and account tags. Account metadata can help you search findings, create insights, and better respond to […]
Read MoreSimplify setup of Amazon Detective with AWS Organizations
Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities by collecting log data from your AWS resources. Amazon Detective simplifies the process of a deep dive into a security finding from other AWS security services, such as Amazon GuardDuty and AWS SecurityHub. Detective […]
Read MoreEnable Security Hub PCI DSS standard across your organization and disable specific controls
At this time, enabling the PCI DSS standard from within AWS Security Hub enables this compliance framework only within the Amazon Web Services (AWS) account you are presently administering. This blog post showcases a solution that can be used to customize the configuration and deployment of the PCI DSS standard compliance standard using AWS Security […]
Read MoreHow to restrict IAM roles to access AWS resources from specific geolocations using AWS Client VPN
You can improve your organization’s security posture by enforcing access to Amazon Web Services (AWS) resources based on IP address and geolocation. For example, users in your organization might bring their own devices, which might require additional security authorization checks and posture assessment in order to comply with corporate security requirements. Enforcing access to AWS […]
Read MoreHighlights from the latest AWS Identity launches
Here is the latest from AWS Identity from November 2020 through February 2021. The features highlighted in this blog post can help you manage and secure your Amazon Web Services (AWS) environment. Identity services answer the question of who has access to what. They enable you to securely manage identities, resources, and permissions at scale and […]
Read MoreUse new account assignment APIs for AWS SSO to automate multi-account access
February 18, 2021: We updated the name of the organization management account used in the example. The new name is ExampleOrgManagement. February 10, 2021: We updated the commands in the Cleanup section of this post. In this blog post, we’ll show how you can programmatically assign and audit access to multiple AWS accounts for your […]
Read More