Tag: EC2

IPSec (IP Security) is a protocol for in-transit data protection between hosts. Configuration of site-to-site IPSec between multiple hosts can be an error-prone and intensive task. If you need to protect N EC2 instances, then you need a full mesh of N*(N-1)IPSec tunnels. You must manually propagate every IP change to all instances, configure credentials […]

Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. Given the many log types that Amazon GuardDuty analyzes (Amazon Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and DNS logs), you never know what it might discover in your […]

Amazon Elastic Block Store (EBS) offers an encryption solution for your Amazon EBS volumes so you don’t have to build, maintain, and secure your own infrastructure for managing encryption keys for block storage. Amazon EBS encryption uses AWS Key Management Service (AWS KMS) customer master keys (CMKs) when creating encrypted Amazon EBS volumes, providing you […]

As another new year begins, we encourage you to review our recommended AWS Identity and Access Management (IAM) best practices. Following these best practices can help you maintain the security of your AWS resources. You can learn more by watching the IAM Best Practices to Live By presentation that Anders Samuelsson gave at AWS re:Invent […]

As a cloud support engineer, I am frequently asked this question: “How can I lock down my user’s Amazon EC2 access to a single VPC?” This blog post will answer the question and explain how you can help control this level of access through the use of AWS Identity and Access Management (IAM) policies and […]

As another new year begins, we want to encourage you to be familiar with recommended AWS Identity and Access Management (IAM) best practices. Following these best practices can help you maintain the security of your AWS account. You can learn more by watching the IAM Best Practices presentation that was given by Anders Samuelsson at […]

Some customers have asked how they should be using AWS Identity and Access Management (IAM) to help limit their exposure to problems like those that have recently been in the news. In general, AWS recommends that you enable multi-factor authentication (MFA) for your AWS account and for IAM users who are allowed to perform sensitive […]

When you launch an Amazon EC2 instance, you can associate an AWS IAM role with the instance to give applications or CLI commands that run on the instance permissions that are defined by the role. When a role is associated with an instance, EC2 obtains temporary security credentials for the role you associated with the […]

This week, Kati Paizee, a technical writer on the Amazon EC2 team, takes an in-depth look at the permissions you need to give your users so that they can administer EC2 using the console. The Amazon EC2 console provides an easy-to-use interface that allows your users to carry out compute-based tasks without asking them to […]

Updated May 21, 2014: Clarified that for the Mac, the private key is stored in memory and the passphrase in the keychain. Important note: You should enable SSH agent forwarding with caution. When you set up agent forwarding, a socket file is created on the forwarding host, which is the mechanism by which the key […]