AWS Security Blog
Tag: Security Blog
154 AWS services achieve HITRUST certification
The AWS HITRUST Compliance Team is excited to announce that 154 Amazon Web Services (AWS) services are certified for the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) v9.6 for the 2022 cycle. These 154 AWS services were audited by a third-party assessor and certified under the HITRUST CSF. The full list is now […]
Amazon introduces dynamic intermediate certificate authorities
February 27, 2023: We’ve updated question and answer #3 on this blog post. October 7, 2022: This blog post has been updated to include a Frequently Asked Questions section at the end. September 30, 2022: This blog post has been updated to include the addition of the CN=Starfield Services Root Certificate Authority – G2,O=Starfield Technologies\, […]
Use AWS Network Firewall to filter outbound HTTPS traffic from applications hosted on Amazon EKS and collect hostnames provided by SNI
October 13, 2022: This post had been updated with diagram of Figure 1: Outbound internet access through Network Firewall from Amazon EKS worker nodes modified. This blog post shows how to set up an Amazon Elastic Kubernetes Service (Amazon EKS) cluster such that the applications hosted on the cluster can have their outbound internet access […]
Using AWS Shield Advanced protection groups to improve DDoS detection and mitigation
Amazon Web Services (AWS) customers can use AWS Shield Advanced to detect and mitigate distributed denial of service (DDoS) attacks that target their applications running on Amazon Elastic Compute Cloud (Amazon EC2), Elastic Local Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53. By using protection groups for Shield Advanced, you can logically […]
Implement step-up authentication with Amazon Cognito, Part 1: Solution overview
In this blog post, you’ll learn how to protect privileged business transactions that are exposed as APIs by using multi-factor authentication (MFA) or security challenges. These challenges have two components: what you know (such as passwords), and what you have (such as a one-time password token). By using these multi-factor security controls, you can implement […]
Scaling cross-account AWS KMS–encrypted Amazon S3 bucket access using ABAC
This blog post shows you how to share encrypted Amazon Simple Storage Service (Amazon S3) buckets across accounts on a multi-tenant data lake. Our objective is to show scalability over a larger volume of accounts that can access the data lake, in a scenario where there is one central account to share from. Most use […]
How to automate updates for your domain list in Route 53 Resolver DNS Firewall
Note: This post includes links to third-party websites. AWS is not responsible for the content on those websites. Following the release of Amazon Route 53 Resolver DNS Firewall, Amazon Web Services (AWS) published several blog posts to help you protect your Amazon Virtual Private Cloud (Amazon VPC) DNS resolution, including How to Get Started with […]
Announcing new AWS IAM Identity Center APIs to manage users and groups at scale
If you use AWS IAM Identity Center (successor to AWS Single Sign-On) as your identity source, you create and manage your users and groups manually in the IAM Identity Center console. However, you may prefer to automate this process to save time, spend less administrative effort, and to scale effectively as your organization grows. If […]
How to let builders create IAM resources while improving security and agility for your organization
September 7, 2022: The post was updated to rephrase the brief of creating builder role with the builder policy attached as the permissions policy. Many organizations restrict permissions to create and manage AWS Identity and Access Management (IAM) resources to a group of privileged users or a central team. This post explains how you can […]
Learn more about the new allow list feature in Macie
Updated on September 7, 2022: This post had been updated to correct the allow list in Macie. Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and help you protect your sensitive data in Amazon Web Services (AWS). The data that is available […]