AWS Security Blog

Tag: Security Blog

Join me in Boston this July for AWS re:Inforce 2022

I’d like to personally invite you to attend the Amazon Web Services (AWS) security conference, AWS re:Inforce 2022, in Boston, MA on July 26–27. This event offers interactive educational content to address your security, compliance, privacy, and identity management needs. Join security experts, customers, leaders, and partners from around the world who are committed to […]

Read More

When and where to use IAM permissions boundaries

Customers often ask for guidance on permissions boundaries in AWS Identity and Access Management (IAM) and when, where, and how to use them. A permissions boundary is an IAM feature that helps your centralized cloud IAM teams to safely empower your application developers to create new IAM roles and policies in Amazon Web Services (AWS). […]

Read More
Figure 1: The steps for hybrid encryption

How to use AWS KMS RSA keys for offline encryption

This blog post discusses how you can use AWS Key Management Service (AWS KMS) RSA public keys on end clients or devices and encrypt data, then subsequently decrypt data by using private keys that are secured in AWS KMS. Asymmetric cryptography is a cryptographic system that uses key pairs. Each pair consists of a public […]

Read More

How to use regional SAML endpoints for failover

August 10, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. Many Amazon Web Services (AWS) customers choose to use federation with SAML 2.0 in order to use their existing identity provider (IdP) and avoid […]

Read More

Spring 2022 SOC 2 Type I Privacy report now available

Your privacy considerations are at the core of our compliance work at Amazon Web Services (AWS), and we are focused on the protection of your content while using AWS services. Our Spring 2022 SOC 2 Type I Privacy report is now available, which provides customers with a third-party attestation of our system and the suitability […]

Read More

Spring 2022 SOC reports now available with 150 services in scope

At Amazon Web Services (AWS), we’re committed to providing our customers with continued assurance over the security, availability and confidentiality of the AWS control environment. We’re proud to deliver the Spring 2022 System and Organizational (SOC) 1, 2 and 3 reports, which cover October 1, 2021 to March 31, 2022, to support our AWS customers’ […]

Read More

AWS Security Profile: Ely Kahn, Principal Product Manager for AWS Security Hub

In the AWS Security Profile series, I interview some of the humans who work in Amazon Web Services Security and help keep our customers safe and secure. This interview is with Ely Kahn, principal product manager for AWS Security Hub. Security Hub is a cloud security posture management service that performs security best practice checks, […]

Read More

Choosing the right certificate revocation method in ACM Private CA

AWS Certificate Manager Private Certificate Authority (ACM PCA) is a highly available, fully managed private certificate authority (CA) service that allows you to create CA hierarchies and issue X.509 certificates from the CAs you create in ACM PCA. You can then use these certificates for scenarios such as encrypting TLS communication channels, cryptographically signing code, […]

Read More

Getting started with AWS SSO delegated administration

May 23, 2022: AWS SSO supports two forms of delegation. One form, which is covered in this blog, is to delegate a member account where you can administer the service, which eliminates the requirement to sign in to the AWS Organizations management account for daily administrative work. The second form is delegating which people can […]

Read More

Establishing a data perimeter on AWS

For your sensitive data on AWS, you should implement security controls, including identity and access management, infrastructure security, and data protection. Amazon Web Services (AWS) recommends that you set up multiple accounts as your workloads grow to isolate applications and data that have specific security requirements. AWS tools can help you establish a data perimeter […]

Read More