Category: Advanced (300)

You can find an newer version of this solution that includes integration to AWS IoT Device Defender Detect on this IoT Blog AWS Security Hub provides a comprehensive view of the security alerts and security posture in your accounts. In this blog post, we show how you can import AWS IoT Device Defender audit findings […]

September 8, 2023: It’s important to know that if you activate user sign-up in your user pool, anyone on the internet can sign up for an account and sign in to your apps. Don’t enable self-registration in your user pool unless you want to open your app to allow users to sign up. June 5, […]

Certificates are vital to maintaining trust and providing encryption to internal or external facing infrastructure and applications. AWS Certificate Manager (ACM) provides certificate services to any workload that requires them. Although ACM provides managed renewals that automatically renew certificates in most cases, there are exceptions, such as imported certs, where an automatic renewal isn’t possible. […]

Amazon Web Services (AWS) recently released PCKS #11 Library version 5.0 for AWS CloudHSM. This blog post describes the changes implemented in the new library. We also cover a simple encryption example with the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), dockerized, running on AWS Fargate. The primary change from the previous SDK […]

January 2, 2024: We’ve updated this post to include the new failover Region feature. April 29, 2021: We’ve updated the order of the commands in Step 1. April 23, 2021: We’ve updated the commands in Steps 1 and 5 and in the “Additional Features” section. Using AWS Secrets Manager, you can more securely retrieve secrets […]

October 4, 2024: This post has been updated to cover the following changes: FIPS 140-2 Level 3 validation of AWS Key Management Service (AWS KMS), the addition of the external key store service to AWS KMS, and FIPS 140-3 validation of AWS CloudHSM. As you prepare to build or migrate your workload on Amazon Web […]

Containment is a crucial part of an overall Incident Response Strategy, as this practice allows time for responders to perform forensics, eradication and recovery during an Incident. There are many different approaches to containment. In this post, we will be focusing on isolation—the ability to keep multiple targets separated so that each target only sees […]

AWS Security Hub provides a comprehensive view of your security posture in Amazon Web Services (AWS) and helps you check your environment against security standards and best practices. In this post, we’ll show you how to set up weekly email notifications using Security Hub to provide account owners with a summary of the existing security […]

In this blog post, we’ll demonstrate how you can use Amazon Detective’s new role session analysis feature to investigate security findings that are tied to the usage of an AWS Identity and Access Management (IAM) role. You’ll learn about how you can use this new role session analysis feature to determine which Amazon Web Services […]

In this blog post, I show you how to deploy an automated solution that helps you fully automate the Active Directory join and unjoin process for Amazon Elastic Compute Cloud (Amazon EC2) instances that don’t have internet access. Managing Active Directory domain membership for EC2 instances in Amazon Web Services (AWS) Cloud is a typical […]