AWS Security Blog

AWS Security and CVE-2014-0160 (“Heartbleed”)

We have reviewed all AWS services for impact by CVE-2014-0160 (also known as the Heartbleed bug) and have either determined that the services were unaffected or we’ve applied mitigations that do not require customer action. In a few cases, we are recommending that customers rotate SSL certificates or secret keys. For additional detail see AWS Services Updated to Address OpenSSL Vulnerability.

Update (23 Apr 2014): The AWS premium support site has added an FAQ page for questions about the CVE-2014-0160 issue.

For information about managing private keys and certificates, see the following topics.

If you have questions, please visit the IAM forums.

– Jim