The 10 Most Viewed Security-Related AWS Knowledge Center Articles and Videos for November 2017

The AWS Knowledge Center helps answer the questions most frequently asked by AWS Support customers. The following 10 Knowledge Center security articles and videos have been the most viewed this month. It’s likely you’ve wondered about a few of these topics yourself, so here’s a chance to learn the answers!

1. How do I create an AWS Identity and Access Management (IAM) policy to restrict access for an IAM user, group, or role to a particular Amazon Virtual Private Cloud (VPC)?
   Learn how to apply a custom IAM policy to restrict IAM user, group, or role permissions for creating and managing Amazon EC2 instances in a specified VPC.
2. How do I use an MFA token to authenticate access to my AWS resources through the AWS CLI?
   One IAM best practice is to protect your account and its resources by using a multi-factor authentication (MFA) device. If you plan use the AWS Command Line Interface (CLI) while using an MFA device, you must create a temporary session token.
3. Can I restrict an IAM user’s EC2 access to specific resources?
   This article demonstrates how to link multiple AWS accounts through AWS Organizations and isolate IAM user groups in their own accounts.
4. I didn’t receive a validation email for the SSL certificate I requested through AWS Certificate Manager (ACM)—where is it?
   Can’t find your ACM validation emails? Be sure to check the email address to which you requested that ACM send validation emails.
5. How do I create an IAM policy that has a source IP restriction but still allows users to switch roles in the AWS Management Console?
   Learn how to write an IAM policy that not only includes a source IP restriction but also lets your users switch roles in the console.
6. How do I allow users from another account to access resources in my account through IAM?
   If you have the 12-digit account number and permissions to create and edit IAM roles and users for both accounts, you can permit specific IAM users to access resources in your account.
7. What are the differences between a service control policy (SCP) and an IAM policy?
   Learn how to distinguish an SCP from an IAM policy.
8. How do I share my customer master keys (CMKs) across multiple AWS accounts?
   To grant another account access to your CMKs, create an IAM policy on the secondary account that grants access to use your CMKs.
9. How do I set up AWS Trusted Advisor notifications?
   Learn how to receive free weekly email notifications from Trusted Advisor.
10. How do I use AWS Key Management Service (AWS KMS) encryption context to protect the integrity of encrypted data?
    Encryption context name-value pairs used with AWS KMS encryption and decryption operations provide a method for checking ciphertext authenticity. Learn how to use encryption context to help protect your encrypted data.

The AWS Security Blog will publish an updated version of this list regularly going forward. You also can subscribe to the AWS Knowledge Center Videos playlist on YouTube.

– Maggie