PGLinks

https://aws.amazon.com/blogs/security/delegate-permission-management-to-developers-using-iam-permissions-boundaries/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_delegate_permission&linkId=54227051

Today, AWS released a new IAM feature that makes it easier for you to delegate permissions management to trusted employees. As your organization grows, you might want to allow trusted employees to configure and manage IAM permissions to help your organization scale permission management and move workloads to AWS faster. For example, you might want […]

aws permissions security

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-automate-saml-federation-to-multiple-aws-accounts-from-microsoft-azure-active-directory/?sc_channel=sm&sc_publisher=TWITTER&sc_country=Security+%26+Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_automate_SAML_federation&linkId=62627605

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. December 2, 2019: Since the author wrote this post, AWS Single Sign On (AWS IAM Identity Center) has launched native features that simplify using […]

authentication aws integration saml security

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-build-a-multi-region-aws-security-hub-analytic-pipeline/?sc_channel=sm&sc_campaign=AWSSecurity_Blog&sc_publisher=TWITTER&sc_country=Security&sc_geo=GLOBAL&sc_outcome=awareness&trk=AWSSecurity_Blog_TWITTER&s=09

AWS Security Hub is a service that gives you aggregated visibility into your security and compliance posture across multiple Amazon Web Services (AWS) accounts. By joining Security Hub with Amazon QuickSight—a scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud—your senior leaders and decision-makers can use dashboards to empower data-driven decisions […]

analysing aws security visualisation

Added 1 month ago

How to build a CI/CD pipeline for container vulnerability scanning with Tri

https://aws.amazon.com/blogs/security/how-to-build-ci-cd-pipeline-container-vulnerability-scanning-trivy-and-aws-security-hub/

In this post, I’ll show you how to build a continuous integration and continuous delivery (CI/CD) pipeline using AWS Developer Tools, as well as Aqua Security‘s open source container vulnerability scanner, Trivy. You’ll build two Docker images, one with vulnerabilities and one without, to learn the capabilities of Trivy and how to send all vulnerability […]

aws containers scanning security vulnerability

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-centralize-and-automate-iam-policy-creation-in-sandbox-development-and-test-environments/?sc_channel=sm&sc_publisher=TWITTER&sc_country=Security+%26+Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_centralize_automate_IAM&linkId=62045363

To keep pace with AWS innovation, many customers allow their application teams to experiment with AWS services in sandbox environments as they move toward production-ready architecture. These teams need timely access to various sets of AWS services and resources, which means they also need a mechanism to help ensure least privilege is granted. In other […]

aws iam security testing

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-centralize-dns-management-in-a-multi-account-environment/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_directory_service&linkId=51000854

Note from June 5, 2019: The approach and architecture in this post is recommended if you prefer more control over DNS servers or prefer to use AWS Managed Active Directory for DNS resolution, however there are some limitations to this approach and we added a “Limitations and additional considerations” section to this post to describe […]

amazon aws dns multi-account

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-create-custom-alerts-with-amazon-macie/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_macie_custom_alerts&linkId=52705999

June 15, 2020: This blog is out of date. Please refer here for the updated info: https://aws.amazon.com/blogs/aws/new-enhanced-amazon-macie-now-available/ Amazon Macie is a security service that makes it easy for you to discover, classify, and protect sensitive data in Amazon Simple Storage Service (Amazon S3). Macie collects AWS CloudTrail events and Amazon S3 metadata such as permissions […]

amazon aws macie security

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-delegate-administration-of-your-aws-managed-microsoft-ad-directory-to-your-on-premises-active-directory-users/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_delegate_admin_msft_ad_on_prem&linkId=48982350

You can now enable your on-premises users administer your AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD. Using an Active Directory (AD) trust and the new AWS delegated AD security groups, you can grant administrative permissions to your on-premises users by managing group membership in your on-premises AD directory. […]

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-encrypt-and-decrypt-your-data-with-the-aws-encryption-cli/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=awsencryptioncli&sc_category=AWS_Identity_and_Access_Management&linkId=44937334

August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info You can now encrypt and decrypt your data at the command line and in scripts—no […]

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multiple-accounts/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_guard_duty_multiple_accounts&linkId=50540054

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Introduced at AWS re:Invent 2017, Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. In an AWS Blog post, Jeff Barr shows you how to […]

amazon aws security

Added 1 month ago

How to Prepare for AWS’s Move to Its Own Certificate Authority | AWS Securi

https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate-authority/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=awscertificateauthority&sc_category=AWS_Identity_and_Access_Management&linkId=46957413

March 24, 2025: We’ve updated this post to remove an example that referenced an old CA. November 18, 2024: This post was updated to reflect the latest certificate authority information for Amazon issued public certificates. July 11, 2019: The service team has resolved an error that caused customers to see a “Certificate Transparency Required” […]

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-use-aws-config-to-monitor-for-and-respond-to-amazon-s3-buckets-allowing-public-access/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_AWS-Config-monitoring-tweet-2&linkId=51888090

AWS Config enables continuous monitoring of your AWS resources, making it simple to assess, audit, and record resource configurations and changes. AWS Config does this through the use of rules that define the desired configuration state of your AWS resources. AWS Config provides a number of AWS managed rules that address a wide range of […]

amazon aws compliance monitoring security

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/?sc_channel=sm&sc_campaign=AWSSecurity_Encryption&sc_publisher=TWITTER&sc_country=Security&sc_geo=GLOBAL&sc_outcome=awareness&trk=AWSSecurity_Blog_TWITTER&linkId=119175714&s=09

January 2, 2024: We’ve updated this post to include the new failover Region feature. April 29, 2021: We’ve updated the order of the commands in Step 1. April 23, 2021: We’ve updated the commands in Steps 1 and 5 and in the “Additional Features” section. Using AWS Secrets Manager, you can more securely retrieve secrets […]

k8s passwords security

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-use-kms-and-iam-to-enable-independent-security-controls-for-encrypted-data-in-s3/?sc_channel=sm&sc_campaign=AWSSecurity_Services&sc_publisher=TWITTER&sc_country=Security&sc_outcome=adoption&trk=AWSSecurity_Services_TWITTER&linkId=82078481

August 31, 2021:AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. Typically, when you protect data in Amazon Simple Storage Service (Amazon S3), you use a combination […]

aws encryption s3 security

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-in-aws-organizations/

January 20, 2020: Based on customer feedback, we rephrased the fourth goal in the “An example structure with nested OUs and SCPs” section to try to improve clarity. With AWS Organizations, you can centrally manage policies across multiple AWS accounts without having to use custom scripts and manual processes. For example, you can apply service […]

amazon authentication aws security

Added 1 month ago

https://aws.amazon.com/blogs/security/how-to-verify-aws-kms-asymmetric-key-signatures-locally-with-openssl/?sc_channel=sm&sc_campaign=AWSSecurity_Services&sc_publisher=TWITTER&sc_country=Security&sc_geo=GLOBAL&sc_outcome=adoption&trk=AWSSecurity_Services_TWITTER&linkId=86699220

August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. In this post, I demonstrate a sample workflow for generating a digital signature within AWS […]

aws certificates key security

Added 1 month ago

https://aws.amazon.com/blogs/security/introducing-aws-single-sign-on/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=awssso&sc_category=AWS_Identity_and_Access_Management&linkId=46975058

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. Today, AWS introduced AWS IAM Identity Center (AWS IAM Identity Center), a service that makes it easy for you to centrally manage IAM Identity […]

amazon authentication aws saml security sso

Added 1 month ago

https://aws.amazon.com/blogs/security/introducing-the-aws-security-incident-response-whitepaper/?sc_channel=sm&sc_campaign=AWSSecurity_Blog&sc_publisher=TWITTER&sc_country=Security+%26+Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=security_blog_incident_response_whitepaper_TWITTER&sc_content=security_blog_incident_response_whitepaper&linkId=69462957

April 25, 2023: We’ve updated this blog post to include more security learning resources. AWS recently released the AWS Security Incident Response whitepaper, to help you understand the fundamentals of responding to security incidents within your cloud environment. The whitepaper reviews how to prepare your organization for detecting and responding to security incidents, explores the […]

aws security whitepaper

Added 1 month ago

The Top 10 Most Downloaded AWS Security and Compliance Documents in 2017 |

https://aws.amazon.com/blogs/security/the-top-10-most-downloaded-aws-security-and-compliance-documents-in-2017/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=top10downloadeds&cdocuments2017&sc_category=AWS_Identity_and_Access_Management&linkId=46616500

July 24, 2020: The number 9 item in this list, the Auditing Security Checklist, has been replaced by a Cloud Audit Academy course. The following list includes the ten most downloaded AWS security and compliance documents in 2017. Using this list, you can learn about what other AWS customers found most interesting about security and […]

amazon aws process security

Added 1 month ago

The Top 20 Most Viewed AWS IAM Documentation Pages in 2017 | AWS Security B

https://aws.amazon.com/blogs/security/the-top-20-most-viewed-aws-iam-documentation-pages-in-2017/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=top20awsiamdocpagesin2017&sc_category=AWS_Identity_and_Access_Management&linkId=46619339

The following 20 pages were the most viewed AWS Identity and Access Management (IAM) documentation pages in 2017. I have included a brief description with each link to explain what each page covers. Use this list to see what other AWS customers have been viewing and perhaps to pique your own interest in a topic you’ve […]

amazon aws process security

Added 1 month ago

Two New Documents to Help You Navigate Australian Prudential Regulation Aut

https://aws.amazon.com/blogs/security/two-new-documents-to-help-you-navigate-australian-prudential-regulation-authority-apra-requirements/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=APRAdocuments&sc_category=AWS_Identity_and_Access_Management&linkId=46752971

amazon aws process security

Added 1 month ago

https://aws.amazon.com/blogs/security/understanding-aws-cloudhsm-cluster-synchronization/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_cloudhsm&linkId=50579720

Feb 17, 2025: This blog post references AWS CloudHSM Client SDK 3, which is no longer the recommended version. AWS recommends that you use the latest version, AWS CloudHSM Client SDK 5, which provides updated functionality and commands. We are currently working on an updated blog post for CloudHSM Client SDK 5. See the AWS […]

amazon aws encryption hardware security modules security

Added 1 month ago

https://aws.amazon.com/blogs/security/visualizing-amazon-guardduty-findings/?sc_channel=sm&sc_campaign=AWS_Security&sc_publisher=TWITTER&sc_country=Security%20&%20Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_visualize_GuardDuty&linkId=56505852

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help protect your AWS accounts and workloads. Enable GuardDuty and it begins monitoring for: Anomalous API activity Potentially unauthorized deployments and compromised instances […]

aws security visualisation

Added 1 month ago

Data Driven Decisions - Amazon Web Services (AWS)

https://aws.amazon.com/campaigns/data-driven-decisions/

Make more informed decisions, improve operations, and differentiate with generative AI

aws data

Added 1 month ago