AWS Security Blog

Tag: Security

Frequently Asked Questions About HIPAA Compliance in the AWS Cloud

Today, we continue a series of AWS cloud compliance FAQs by focusing on the Health Insurance Portability and Accountability Act (HIPAA) and protected health information (PHI). AWS’s Healthcare and Life Science customers are doing important things for their customers in the AWS cloud, and we are excited to work with our partners to help tackle […]

Read More

AWS Secures DoD Provisional Authorization

I’m very excited to share that AWS has received a DISA Provisional Authorization under the DoD Cloud Security Model’s impact levels 1-2 for all four of AWS’s Infrastructure Regions in the U.S., including AWS GovCloud (US). With this distinction, AWS has shown it can meet the DoD’s stringent security and compliance requirements; and as a […]

Read More

Amazon EC2 Resource-Level Permissions for RunInstances

Yesterday the EC2 team announced fine grained controls for managing RunInstances. This release enables you to set fine-grained controls over the AMIs, Snapshots, Subnets, and other resources that can be used when creating instances and the types of instances and volumes that users can create when using the RunInstances API. This is a major milestone […]

Read More

IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)

In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 folders. This week we’ll discuss another frequently asked-about topic: the distinction between IAM policies, S3 bucket policies, S3 ACLs, and when to use each. They’re all part of the AWS […]

Read More

New Whitepaper: AWS Cloud Security Best Practices

We have just published an updated version of our AWS Security Best Practices whitepaper. You wanted us to provide a holistic and familiar approach to managing the overall information security posture of the organization that’s based on periodic risk assessments when you deploy applications and assets on AWS. Specifically, you asked for: How security responsibilities […]

Read More

Guidelines for When to Use Accounts, Users, and Groups

I often get asked when to use different AWS accounts to enforce separation of duties versus using IAM users and groups within a single account. While the complete answer depends on what AWS services you use, the general guidelines in this post will point you in the right direction. As context for the guidelines, consider […]

Read More

AWS CloudFormation Now Supports Federated Users and Temporary Security Credentials

Today AWS CloudFormation released added support for  temporary security credentials provided by the AWS Security Token Service.  This release enables a number of scenarios such as federated users being able to use CloudFormation from the AWS Management Console and authorizing Amazon EC2 instances with IAM roles to call CloudFormation APIs.  To learn more about this new […]

Read More

Security Sessions at re:Invent 2013

AWS re:Invent 2013, AWS’s second annual conference for developers and technical leaders, is less than a month away.  We have some great sessions and activities lined up to ensure that content quality is high and that your questions are answered. Update (20 May 2014): For links to the session videos and slide presentations from AWS […]

Read More

CloudBerry Active Directory Bridge for Authenticating non-AWS AD Users to S3

One of the benefits of AWS is the highly available, durable, and practically unlimited cloud-based storage you can get with Amazon Simple Storage Services (Amazon S3).  Over two trillion objects are already stored in S3 and customers are always finding more creative uses for S3.  One of the more commonly requested use cases is how […]

Read More