AWS Security Blog
Tag: Security groups
How to continuously audit and limit security groups with AWS Firewall Manager
At AWS re:Invent 2019 and in a subsequent blog post, Stephen Schmidt, Chief Information Security Officer for Amazon Web Services (AWS), laid out the top 10 security items that AWS customers should pay special attention to if they want to improve their security posture. High on the list is the need to manage your network […]
Read MoreAutomatically update security groups for Amazon CloudFront IP ranges using AWS Lambda
Amazon CloudFront is a content delivery network that can help you increase the performance of your web applications and significantly lower the latency of delivering content to your customers. For CloudFront to access an origin (the source of the content behind CloudFront), the origin has to be publicly available and reachable. Anyone with the origin […]
Read MoreUse AWS Firewall Manager to deploy protection at scale in AWS Organizations
Security teams that are responsible for securing workloads in hundreds of Amazon Web Services (AWS) accounts in different organizational units aim for a consistent approach across AWS Organizations. Key goals include enforcing preventative measures to mitigate known security issues, having a central approach for notifying the SecOps team about potential distributed denial of service (DDoS) […]
Read MoreAWS Firewall Manager helps automate security group management: 3 scenarios
In this post, we walk you through scenarios that use AWS Firewall Manager to centrally manage security groups across your AWS Organizations implementation. Firewall Manager is a security management tool that helps you centralize, configure, and maintain AWS WAF rules, AWS Shield Advanced protections, and Amazon Virtual Private Cloud (Amazon VPC) security groups across AWS […]
Read MoreHow to Visualize and Refine Your Network’s Security by Adding Security Group IDs to Your VPC Flow Logs
August 31, 2020: The directions in this blog post for how to create an Amazon ES cluster have been updated. February 28, 2019: The features and services described in this post have changed since the post was published and the procedures described might be out of date and no longer accurate. If we update this […]
Read MoreHow to Monitor AWS Account Configuration Changes and API Calls to Amazon EC2 Security Groups
You can use AWS security controls to detect and mitigate risks to your AWS resources. The purpose of each security control is defined by its control objective. For example, the control objective of an Amazon VPC security group is to permit only designated traffic to enter or leave a network interface. Let’s say you have […]
Read MoreHow to Optimize and Visualize Your Security Groups
Note: On May 3, 2017, we published a related blog post also written by Guy Denney, How to Visualize and Refine Your Network’s Security by Adding Security Group IDs to Your VPC Flow Logs. Many organizations start their journey with AWS by experimenting with existing applications. Those experiments may include trying to move an application to […]
Read MoreHow to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda
Note from December 3, 2019: The features and services described in this post have changed since the post was published and the procedures described might be out of date and no longer accurate. If we update this post or create a replacement, we’ll add a notification about it here. Update on August 23, 2018: We […]
Read MoreHow to Help Prepare for DDoS Attacks by Reducing Your Attack Surface
Distributed denial of service (DDoS) attacks are sometimes used by malicious actors in an attempt to flood a network, system, or application with more traffic, connections, or requests than it can handle. Not surprisingly, customers often ask us how we can help them protect their applications against these types of attacks. To help you optimize […]
Read More