AWS Security Blog

Tag: Security Blog

AWS achieves FedRAMP JAB High and Moderate provisional authorization across nine additional services in AWS US Regions

We are pleased to announce that Amazon Web Services (AWS) has achieved FedRAMP JAB authorization on an additional nine AWS services. These services provide capabilities that enable your organization to: Assemble and deploy serverless architectures in powerful new ways using AWS Serverless Application Repository Simplify application delivery and complete workload migration to the cloud using […]

Read More

Over 150 AWS services now have a security chapter

We’re happy to share an update on the service documentation initiative that we first told you about on the AWS Security Blog in June, 2019. We’re excited to announce that over 150 services now have dedicated security chapters available in the AWS security documentation. In case you aren’t familiar with the security chapters, they were […]

Read More

Logical separation: Moving beyond physical isolation in the cloud computing era

We’re sharing an update to the Logical Separation on AWS: Moving Beyond Physical Isolation in the Era of Cloud Computing whitepaper to help customers benefit from the security and innovation benefits of logical separation in the cloud. This paper discusses using a multi-pronged approach—leveraging identity management, network security, serverless and containers services, host and instance […]

Read More

Customer update: AWS and the EU-US Privacy Shield

Recently, the Court of Justice of the European Union (CJEU) issued a ruling regarding the EU-US Privacy Shield and Standard Contractual Clauses (SCCs), also known as model clauses. The CJEU ruled that the EU-US Privacy Shield is no longer valid for the transfer of personal data from the European Union (EU) to the United States […]

Read More

How to use AWS Organizations to simplify security at enormous scale

AWS Organizations provides central governance and management across AWS accounts. In this post, we explain how AWS Organizations can make the lives of your Information Security engineers easier, based on our experience in the Information Security team at Amazon. The service control policies (SCPs) feature in AWS Organizations offers you central control over permissions for […]

Read More

Using ACM Private Certificate Authority in a multi-account environment by using IAM roles

In this post, we show you how you can use AWS Certificate Manager (ACM) Private Certificate Authority (CA) to request or issue private certificates across a multi-account environment by using IAM roles. This solution allows you to centralize your ACM Private CA inside your AWS Organization, which reduces the complexity and the cost of having […]

Read More

How to lower costs by automatically deleting and recreating HSMs

You can use AWS CloudHSM to help manage your encryption keys on FIPS 140-2 Level 3 validated hardware security modules (HSMs). AWS recommends running a high-availability production architecture with at least two CloudHSM HSMs in different Availability Zones. Although many workloads must be available 24/7, quality assurance or development environments typically do not have this […]

Read More

How to use AWS Certificate Manager with AWS CloudFormation

Last month, Amazon Web Services (AWS) introduced the ability to automate issuing and validating public and private certificates using AWS CloudFormation. To make this easier, AWS has introduced three new features that let you: Automate the steps to validate your domain with DNS validation and issue your public certificate. Use AWS CloudFormation templates to issue […]

Read More

How to use Amazon AppStream 2.0 to reduce your bastion host attack surface

July 16, 2020: This post was originally published May 2, 2018, and has been updated to clarify some AppStream 2.0 details. Update: To help protect their assets, many security-conscious enterprises require their system administrators to go through a “bastion” (or “jump”) host to gain administrative access to backend systems in protected or sensitive network segments. […]

Read More

Learn and use 13 AWS security tools to implement SEC recommended protection of stored customer data in the cloud

Most businesses collect, process, and store sensitive customer data that needs to be secured to earn customer trust and protect customers against abuses. Regulated businesses must prove they meet guidelines established by regulatory bodies. As an example, in the capital markets, broker-dealers and investment advisors must demonstrate they address the guidelines proposed by the Office […]

Read More