AWS Security Blog
Tag: Best of
Top 11 posts during 2019
The Security Blog set new records for page views in 2019, but we’re always looking for ways to improve. Please tell us what you want to read about in the Comments section below. We read all of your feedback and do our best to act on it. The top 11 posts during 2019 based on […]
Read MoreTop 10 Security Blog posts in 2019 so far
Twice a year, we like to share what’s been popular to let you know what everyone’s reading and so you don’t miss something interesting. One of the top posts so far this year has been the registration announcement for the re:Inforce conference that happened last week. We hope you attended or watched the keynote live […]
Read MoreTop 11 posts in 2018
We covered a lot of ground in 2018: from GDPR to re:Inforce and numerous feature announcements, AWS GuardDuty deep-dives to SOC reports, automated reasoning explanations, and a series of interviews with AWS thought leaders. We’ve got big plans for 2019, but there’s room for more: please let us know what you want to read about […]
Read MoreSetting the Record Straight on Bloomberg BusinessWeek’s Erroneous Article
Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media’s hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS’s China Region. As we shared with Bloomberg BusinessWeek multiple times over […]
Read MoreHow to Restrict Amazon S3 Bucket Access to a Specific IAM Role
I am a cloud support engineer here at AWS, and customers often ask me how they can limit Amazon S3 bucket access to a specific AWS Identity and Access Management (IAM) role. In general, they attempt to do this the same way that they would with an IAM user: use a bucket policy to explicitly […]
Read MoreHow to Control Access to Your Amazon Elasticsearch Service Domain
With the recent release of Amazon Elasticsearch Service (Amazon ES), you now can build applications without setting up and maintaining your own search cluster on Amazon EC2. One of the key benefits of using Amazon ES is that you can leverage AWS Identity and Access Management (IAM) to grant or deny access to your search […]
Read MoreHow to Connect Your On-Premises Active Directory to AWS Using AD Connector
AD Connector is designed to give you an easy way to establish a trusted relationship between your Active Directory and AWS. When AD Connector is configured, the trust allows you to: Sign in to AWS applications such as Amazon WorkSpaces, Amazon WorkDocs, and Amazon WorkMail by using your Active Directory credentials. Seamlessly join Windows instances […]
Read MoreA New and Standardized Way to Manage Credentials in the AWS SDKs
One of the advantages of using the AWS SDKs for programmatic access to AWS is that the SDKs handle the task of signing requests. All you have to do is provide AWS credentials (access key id and secret access key), and when you invoke a method that makes a call to AWS, the SDK translates […]
Read MoreSecurely Connect to Linux Instances Running in a Private Amazon VPC
Updated May 21, 2014: Clarified that for the Mac, the private key is stored in memory and the passphrase in the keychain. Important note: You should enable SSH agent forwarding with caution. When you set up agent forwarding, a socket file is created on the forwarding host, which is the mechanism by which the key […]
Read MoreIAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)
Updated on January 8, 2019: Based on customer feedback, we updated the third paragraph in the “What about S3 ACLs?” section to clarify permission management. In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 folders. This week we’ll discuss […]
Read More