AWS Security Blog

Tag: Security Blog

Deploy a dashboard for AWS WAF with minimal effort

In this post, I’ll show you how to deploy a solution in your Amazon Web Services (AWS) account that will provide a fully automated dashboard for AWS Web Application Firewall (WAF) service. The solution uses logs generated and collected by AWS WAF, and displays them in a user-friendly dashboard shown in Figure 1. Figure 1: […]

Read More

New PCI DSS on AWS Compliance Guide provides essential information for implementing compliant applications

Our mission in AWS Security Assurance Services is to ease Payment Card Industry Data Security Standard (PCI DSS) compliance for all Amazon Web Services (AWS) customers. We work closely with the AWS audit team to answer customer questions about understanding their compliance, finding and implementing solutions, and optimizing their controls and assessments. The most frequent […]

Read More

How to use G Suite as an external identity provider for AWS SSO

August 3, 2020: This post has been updated to include some additional information about managing users and permissions. Do you want to control access to your Amazon Web Services (AWS) accounts with G Suite? In this post, we show you how to set up G Suite as an external identity provider in AWS Single Sign-On […]

Read More

Monitoring AWS Certificate Manager Private CA with AWS Security Hub

Certificates are a vital part of any security infrastructure because they allow a company’s internal or external facing products, like websites and devices, to be trusted. To deploy certificates successfully and at scale, you need to set up a certificate authority hierarchy that provisions and issues certificates. You also need to monitor this hierarchy closely, […]

Read More

Code signing using AWS Certificate Manager Private CA and AWS Key Management Service asymmetric keys

In this post, we show you how to combine the asymmetric signing feature of the AWS Key Management Service (AWS KMS) and code-signing certificates from the AWS Certificate Manager (ACM) Private Certificate Authority (PCA) service to digitally sign any binary data blob and then verify its identity and integrity. AWS KMS makes it easy for […]

Read More

Spring 2020 PCI DSS report now available with 124 services in scope

Amazon Web Services (AWS) continues to expand the scope of our PCI compliance program to support our customers’ most important workloads. We are pleased to announce that six services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) compliance program. These services were validated by Coalfire, our independent […]

Read More

What is a cyber range and how do you build one on AWS?

In this post, we provide advice on how you can build a current cyber range using AWS services. Conducting security incident simulations is a valuable exercise for organizations. As described in the AWS Security Incident Response Guide, security incident response simulations (SIRS) are useful tools to improve how an organization handles security events. These simulations […]

Read More

Accreditation models for secure cloud adoption

Today, as part of its Secure Cloud Adoption series, AWS released new strategic outlook recommendations to support decision makers in any sector considering or planning for secure cloud adoption. “Accreditation Models for Secure Cloud Adoption” provides best practices with respect to cloud accreditation to help organizations capitalize on the security benefits of commercial cloud computing, […]

Read More

The importance of encryption and how AWS can help

Encryption is a critical component of a defense-in-depth strategy, which is a security approach with a series of defensive mechanisms designed so that if one security mechanism fails, there’s at least one more still operating. As more organizations look to operate faster and at scale, they need ways to meet critical compliance requirements and improve […]

Read More

Tighten S3 permissions for your IAM users and roles using access history of S3 actions

Customers tell us that when their teams and projects are just getting started, administrators may grant broad access to inspire innovation and agility. Over time administrators need to restrict access to only the permissions required and achieve least privilege. Some customers have told us they need information to help them determine the permissions an application […]

Read More