Tag: Best of

We covered a lot of ground in 2018: from GDPR to re:Inforce and numerous feature announcements, AWS GuardDuty deep-dives to SOC reports, automated reasoning explanations, and a series of interviews with AWS thought leaders. We’ve got big plans for 2019, but there’s room for more: please let us know what you want to read about […]

Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media’s hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS’s China Region. As we shared with Bloomberg BusinessWeek multiple times over […]

I am a cloud support engineer here at AWS, and customers often ask me how they can limit Amazon S3 bucket access to a specific AWS Identity and Access Management (IAM) role. In general, they attempt to do this the same way that they would with an IAM user: use a bucket policy to explicitly […]

With the recent release of Amazon Elasticsearch Service (Amazon ES), you now can build applications without setting up and maintaining your own search cluster on Amazon EC2. One of the key benefits of using Amazon ES is that you can leverage AWS Identity and Access Management (IAM) to grant or deny access to your search […]

AD Connector is designed to give you an easy way to establish a trusted relationship between your Active Directory and AWS. When AD Connector is configured, the trust allows you to: Sign in to AWS applications such as Amazon WorkSpaces, Amazon WorkDocs, and Amazon WorkMail by using your Active Directory credentials. Seamlessly join Windows instances […]

One of the advantages of using the AWS SDKs for programmatic access to AWS is that the SDKs handle the task of signing requests. All you have to do is provide AWS credentials (access key id and secret access key), and when you invoke a method that makes a call to AWS, the SDK translates […]

Updated May 21, 2014: Clarified that for the Mac, the private key is stored in memory and the passphrase in the keychain. Important note: You should enable SSH agent forwarding with caution. When you set up agent forwarding, a socket file is created on the forwarding host, which is the mechanism by which the key […]

Updated on January 8, 2019: Based on customer feedback, we updated the third paragraph in the “What about S3 ACLs?” section to clarify permission management. In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 folders. This week we’ll discuss […]

In this blog post, I’ll discuss what you should do in case you’ve lost your secret access key or need a new one. This post assumes that you are familiar with what access keys are. If you aren’t, see the AWS documentation about security credentials for a brief summary. Our security policy on secret access keys Secret […]

Many of you have asked how to construct an AWS Identity and Access Management (IAM) policy with folder-level permissions for Amazon S3 buckets. This week’s guest blogger Elliot Yamaguchi, Technical Writer on the IAM team, will explain the basics of writing that type of policy. To show you how to create a policy with folder-level […]