AWS Security Blog

Tag: Security

Introducing the Security at the Edge: Core Principles whitepaper

Amazon Web Services (AWS) recently released the Security at the Edge: Core Principles whitepaper. Today’s business leaders know that it’s critical to ensure that both the security of their environments and the security present in traditional cloud networks are extended to workloads at the edge. The whitepaper provides security executives the foundations for implementing a […]

Read More

Ransomware mitigation: Top 5 protections and recovery preparation actions

In this post, I’ll cover the top five things that Amazon Web Services (AWS) customers can do to help protect and recover their resources from ransomware. This blog post focuses specifically on preemptive actions that you can take. #1 – Set up the ability to recover your apps and data In order for a traditional […]

Read More

Confidential computing: an AWS perspective

Customers around the globe—from governments and highly regulated industries to small businesses and start-ups—trust Amazon Web Services (AWS) with their most sensitive data and applications. At AWS, keeping our customers’ workloads secure and confidential, while helping them meet their privacy and data sovereignty requirements, is our highest priority. Our investments in security technologies and rigorous […]

Read More

Protect public clients for Amazon Cognito by using an Amazon CloudFront proxy

In Amazon Cognito user pools, an app client is an entity that has permission to call unauthenticated API operations (that is, operations that don’t have an authenticated user), such as operations to sign up, sign in, and handle forgotten passwords. In this post, I show you a solution designed to protect these API operations from […]

Read More

Integrate CloudHSM PKCS #11 Library 5.0 with serverless workloads

Amazon Web Services (AWS) recently released PCKS #11 Library version 5.0 for AWS CloudHSM. This blog post describes the changes implemented in the new library. We also cover a simple encryption example with the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), dockerized, running on AWS Fargate. The primary change from the previous SDK […]

Read More

Hands-on walkthrough of the AWS Network Firewall flexible rules engine

AWS Network Firewall is a managed service that makes it easy to provide fine-grained network protections for all of your Amazon Virtual Private Clouds (Amazon VPCs) to ensure that your traffic is inspected, monitored, and logged. The firewall scales automatically with your network traffic, and offers built-in redundancies designed to provide high availability. AWS Network […]

Read More

Whitepaper available: Classic intrusion analysis frameworks for AWS environments

Amazon Web Services (AWS) has released a new whitepaper, Classic intrusion analysis frameworks for AWS environments, to help organizations plan and implement a classic intrusion analysis framework for AWS environments. This whitepaper provides context that will help you understand how such frameworks are used and shows you, in detail, how to mitigate advanced attack tactics […]

Read More

Review last accessed information to identify unused EC2, IAM, and Lambda permissions and tighten access for your IAM roles

AWS Identity and Access Management (IAM) helps customers analyze access and achieve least privilege. When you are working on new permissions for your team, you can use IAM Access Analyzer policy generation to create a policy based on your access activity and set fine-grained permissions. To analyze and refine existing permissions, you can use last […]

Read More

7 ways to improve security of your machine learning workflows

In this post, you will learn how to use familiar security controls to build more secure machine learning (ML) workflows. The ideal audience for this post includes data scientists who want to learn basic ways to improve security of their ML workflows, as well as security engineers who want to address threats specific to an […]

Read More

Approaches for authenticating external applications in a machine-to-machine scenario

Amazon Web Services (AWS) supports multiple authentication mechanisms (AWS Signature v4, OpenID Connect, SAML 2.0, and more), essential in providing secure access to AWS resources. However, in a strictly machine-to machine (m2m) scenario, not all are a good fit. In these cases, a human is not present to provide user credential input. An example of […]

Read More