Tag: Security Blog

July 21, 2020: The number of services in scope for SOC compliance was updated from 116 to 122. Also, more than 55 AWS services now have support for VPC Endpoints, instead of 45. As a Principal Solutions Architect within the Worldwide Financial Services industry group, one of the most frequently asked questions I receive is […]

AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM also automatically manages synchronization, high availability and failover within a cluster. When the service […]

In this post, I will show you how to run a Chef InSpec scan with AWS Systems Manager and Systems Manager Run Command across your managed instances. InSpec is an open-source runtime framework that lets you create human-readable profiles to define security, compliance, and policy requirements and then test your Amazon Elastic Compute Cloud (Amazon […]

AWS recently updated how Amazon Cognito user pools are created so that new user pools are case insensitive by default. An Amazon Cognito user pool is a user directory that helps you manage end-user identities. With this new feature, the native user name, email alias, and preferred user name alias are marked as case insensitive […]

February 21, 2020: We fixed a missing comma in a policy example. March 3, 2020: We added some clarifying language to the “Step 2: Define permissions on the S3 bucket” section. When you perform certain actions in AWS, the service you called sometimes takes additional actions in other AWS services on your behalf. AWS Identity […]

Digital certificates, also known as X.509 or TLS/SSL certificates, are used to prove the identity of entities like web servers or VPN users and to establish secure communication channels between them. In this blog post, I’ll discuss certificate extensions. You can use certificate extensions for applications beyond the common use case of identifying TLS server […]

On February 13, 2020, AWS added partial support for the Payment Card Industry Data Security Standard (PCI DSS) version 3.2.1 requirements to AWS Security Hub. This update enables you to validate a subset of PCI DSS’s requirements and helps with ongoing PCI DSS security activities by conducting continuous and automated checks. The new Security Hub […]

AWS Key Management Service (KMS) publishes API usage metrics to Amazon CloudWatch and Service Quotas allowing you to both monitor and manage your AWS KMS API request rate quotas. This functionality helps you understand trends in your usage of AWS KMS and can help prevent API request throttling as you grow your use of AWS […]

You can now better protect your organization’s identity data by encrypting Lightweight Directory Access Protocol (LDAP) communications between AWS Directory Service products (AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, and AD Connector) and self-managed Active Directory. Client-side secure LDAP (LDAPS) support enables applications that integrate with AWS Directory […]

Typically, when you protect data in Amazon Simple Storage Service (Amazon S3), you use a combination of Identity and Access Management (IAM) policies and S3 bucket policies to control access, and you use the AWS Key Management Service (AWS KMS) to encrypt the data. This approach is well-understood, documented, and widely implemented. However, many customers […]