AWS Security Blog

Tag: Encryption

How to Configure an LDAPS Endpoint for Simple AD

Simple AD, which is powered by Samba  4, supports basic Active Directory (AD) authentication features such as users, groups, and the ability to join domains. Simple AD also includes an integrated Lightweight Directory Access Protocol (LDAP) server. LDAP is a standard application protocol for the access and management of directory information. You can use the […]

Read More

AWS Encryption SDK: How to Decide if Data Key Caching Is Right for Your Application

Today, the AWS Crypto Tools team introduced a new feature in the AWS Encryption SDK: data key caching. Data key caching lets you reuse the data keys that protect your data, instead of generating a new data key for each encryption operation. Data key caching can reduce latency, improve throughput, reduce cost, and help you […]

Read More

Amazon Simple Queue Service Introduces Server-Side Encryption for Queues

You can now use Amazon Simple Queue Service (SQS) to exchange sensitive data between applications using server-side encryption (SSE). SQS is a fully managed message queuing service for reliably communicating between distributed software components and microservices at any scale. You can use SQS to take advantage of the scale, cost, and operational benefits of a […]

Read More

New AWS Encryption SDK for Python Simplifies Multiple Master Key Encryption

The AWS Cryptography team is happy to announce a Python implementation of the AWS Encryption SDK. This new SDK helps manage data keys for you, and it simplifies the process of encrypting data under multiple master keys. As a result, this new SDK allows you to focus on the code that drives your business forward. It […]

Read More

How to Protect Data at Rest with Amazon EC2 Instance Store Encryption

Note: By default, an instance type that includes an NVMe instance store encrypts data at rest using an XTS-AES-256 block cipher. See this FAQ about NVMe-supported instance types. If you’re using an NVMw instance type, then data at rest is encrypted by default, and this post doesn’t apply to your situation. Encrypting data at rest […]

Read More

How to Create a Custom AMI with Encrypted Amazon EBS Snapshots and Share It with Other Accounts and Regions

An Amazon Machine Image (AMI) provides the information required to launch an instance (a virtual server) in your AWS environment. You can launch an instance from a public AMI, customize the instance to meet your security and business needs, and save configurations as a custom AMI. With the recent release of the ability to copy […]

Read More

In Case You Missed These: AWS Security Blog Posts from June, July, and August

In case you missed any AWS Security Blog posts from June, July, and August, they are summarized and linked to below. The posts are shown in reverse chronological order (most recent first), and the subject matter ranges from a tagging limit increase to recording SSH sessions established through a bastion host. August August 16: Updated […]

Read More

New! Import Your Own Keys into AWS Key Management Service

Today, we are happy to announce the launch of the new import key feature that enables you to import keys from your own key management infrastructure (KMI) into AWS Key Management Service (KMS). After you have exported keys from your existing systems and imported them into KMS, you can use them in all KMS-integrated AWS […]

Read More

How to Remove Single Points of Failure by Using a High-Availability Partition Group in Your AWS CloudHSM Environment

A hardware security module (HSM) is a hardware device designed with the security of your data and cryptographic key material in mind. It is tamper-resistant hardware that prevents unauthorized users from attempting to pry open the device, plug any extra devices in to access data or keys such as subtokens, or damage the outside housing. […]

Read More

How to Prevent Uploads of Unencrypted Objects to Amazon S3

There are many use cases to prevent uploads of unencrypted objects to an Amazon S3 bucket, but the underlying objective is to protect the confidentiality and integrity of the objects stored in that bucket. AWS provides several services that help make this process easier, such as AWS Identity and Access Management (IAM) and AWS Key […]

Read More