June 15, 2020: This blog is out of date. Please refer here for the updated info: https://aws.amazon.com/blogs/aws/new-enhanced-amazon-macie-now-available/ Amazon Macie is a security service that makes it easy for you to discover, classify, and protect sensitive data in Amazon Simple Storage Service (Amazon S3). Macie collects AWS CloudTrail events and Amazon S3 metadata such as permissions […]

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Introduced at AWS re:Invent 2017, Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. In an AWS Blog post, Jeff Barr shows you how to […]

January 20, 2020: Based on customer feedback, we rephrased the fourth goal in the “An example structure with nested OUs and SCPs” section to try to improve clarity. With AWS Organizations, you can centrally manage policies across multiple AWS accounts without having to use custom scripts and manual processes. For example, you can apply service […]

Use roles to grant an IAM user access through identity federation (authorization by an external service).

Almost a decade ago, my colleague Deepak Singh introduced the AWS Public Datasets in his post Paging Researchers, Analysts, and Developers. I’m happy to report that Deepak is still an important part of the AWS team and that the Public Datasets program is still going strong! Today we are announcing a new take on open […]

AWS Config enables continuous monitoring of your AWS resources, making it simple to assess, audit, and record resource configurations and changes. AWS Config does this through the use of rules that define the desired configuration state of your AWS resources. AWS Config provides a number of AWS managed rules that address a wide range of […]

May 23, 2022: This blog post is out of date. Please refer here for current info: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. Today, AWS made it easier to use […]

As I have discussed in the past, sophisticated AWS customers invariably control multiple AWS accounts. Some of these are the results of acquisitions or a holdover from bottom-up, departmental adoption of cloud computing. Others create multiple accounts in order to isolate developers, projects, or departments from each other. We strongly endorse this as a best […]

AWS has released a new whitepaper that has been requested by many AWS customers: AWS Policy Perspectives: Data Residency. Data residency is the requirement that all customer content processed and stored in an IT system must remain within a specific country’s borders, and it is one of the foremost concerns of governments that want to […]

Follow these best practices for using AWS Identity and Access Management (IAM) to help secure your AWS account and resources.

Sick of scrolling through junk results, AI-generated ads and links to lookalike products? The author and activist behind the term ‘enshittification’ explains what’s gone wrong with the internet – and what we can do about it

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. Today, AWS introduced AWS IAM Identity Center (AWS IAM Identity Center), a service that makes it easy for you to centrally manage IAM Identity […]

July 24, 2020: The number 9 item in this list, the Auditing Security Checklist, has been replaced by a Cloud Audit Academy course. The following list includes the ten most downloaded AWS security and compliance documents in 2017. Using this list, you can learn about what other AWS customers found most interesting about security and […]

Kuldeep Chowhan, Principle Engineer at Expedia, shows us how Expedia built a scalable CI/CD platform on AWS using Github, Jenkins, Amazon EC2 Container servi...

Define permissions on a resource in order to grant IAM users access to resources in other AWS accounts.

Note from June 5, 2019: The approach and architecture in this post is recommended if you prefer more control over DNS servers or prefer to use AWS Managed Active Directory for DNS resolution, however there are some limitations to this approach and we added a “Limitations and additional considerations” section to this post to describe […]

Feb 17, 2025: This blog post references AWS CloudHSM Client SDK 3, which is no longer the recommended version. AWS recommends that you use the latest version, AWS CloudHSM Client SDK 5, which provides updated functionality and commands. We are currently working on an updated blog post for CloudHSM Client SDK 5. See the AWS […]

As a security best practice, AWS Identity and Access Management (IAM) recommends that you use temporary security credentials from AWS Security Token Service (STS) when you access your AWS resources. Temporary credentials are short-term credentials generated dynamically and provided to the user upon request. Today, one of the most widely used mechanisms for requesting temporary […]