AWS Security Blog

Tag: Encryption

How to Remove Single Points of Failure by Using a High-Availability Partition Group in Your AWS CloudHSM Environment

A hardware security module (HSM) is a hardware device designed with the security of your data and cryptographic key material in mind. It is tamper-resistant hardware that prevents unauthorized users from attempting to pry open the device, plug any extra devices in to access data or keys such as subtokens, or damage the outside housing. […]

How to Prevent Uploads of Unencrypted Objects to Amazon S3

There are many use cases to prevent uploads of unencrypted objects to an Amazon S3 bucket, but the underlying objective is to protect the confidentiality and integrity of the objects stored in that bucket. AWS provides several services that help make this process easier, such as AWS Identity and Access Management (IAM) and AWS Key […]

How to Use the REST API to Encrypt S3 Objects by Using AWS KMS

August 4, 2023: This blog post is out of date, and is in the process of being updated. AWS Key Management Service (AWS KMS) allows you to use keys under your control to encrypt data at rest stored in Amazon S3. The two primary methods for implementing this encryption are server-side encryption (SSE) and client-side […]

How to Use the New AWS Encryption SDK to Simplify Data Encryption and Improve Application Availability

The AWS Cryptography team is happy to announce the AWS Encryption SDK. This new SDK makes encryption easier for developers while minimizing errors that could lessen the security of your applications. The new SDK does not require you to be an AWS customer, but it does include ready-to-use examples for AWS customers. Developers using encryption […]

What’s New in AWS Key Management Service: AWS CloudFormation Support and Integration with More AWS Services

November 1, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. We’re happy to make two announcements about what’s new in AWS Key Management Service (KMS). […]

How to Protect the Integrity of Your Encrypted Data by Using AWS Key Management Service and EncryptionContext

One of the most important and critical concepts in AWS Key Management Service (KMS) for advanced and secure data usage is EncryptionContext. Using EncryptionContext properly can help significantly improve the security of your applications. In this blog post, I will show the importance of EncryptionContext and will provide a simple example showing how you can […]

AWS Key Management Service Now Supports Deletion of Encryption Keys

Today, AWS launched a new feature that lets you delete your encryption keys managed in AWS Key Management Service (KMS). You can now manage the complete lifecycle of your keys from creation to usage to disablement to deletion. In this blog post, I will explain the changes introduced with this new feature, tell you what […]

Now Available: Videos and Slide Decks from the re:Invent 2015 Security and Compliance Track

Whether you want to review a Security and Compliance track session you attended at re:Invent 2015, or you want to experience a session for the first time, videos and slide decks from the Security and Compliance track are now available. SEC201: AWS Security State of the Union: How Should We All Think About Security? Video Slide […]

Learn About the Rest of the Security and Compliance Track Sessions Being Offered at re:Invent 2015

Previously, I mentioned that the re:Invent 2015 Security & Compliance track sessions had been announced, and I also discussed the AWS Identity and Access Management (IAM) sessions that will be offered as part of the Security & Compliance track. Today, I will highlight the remainder of the sessions that will be presented as part of the […]