AWS Security Blog

Category: Intermediate (200)

AWS FIPS Lock

AWS KMS is now FIPS 140-2 Security Level 3. What does this mean for you?

AWS Key Management Service (AWS KMS) recently announced that its hardware security modules (HSMs) were given Federal Information Processing Standards (FIPS) 140-2 Security Level 3 certification from the U.S. National Institute of Standards and Technology (NIST). For organizations that rely on AWS cryptographic services, this higher security level validation has several benefits, including simpler set up and operation. In […]

Aggregating, searching, and visualizing log data from distributed sources with Amazon Athena and Amazon QuickSight

Aggregating, searching, and visualizing log data from distributed sources with Amazon Athena and Amazon QuickSight

Part 1 of a 3-part series Part 2 – How to visualize Amazon Security Lake findings with Amazon QuickSight Part 3 – How to share security telemetry per Organizational Unit using Amazon Security Lake and AWS Lake Formation Customers using Amazon Web Services (AWS) can use a range of native and third-party tools to build […]

Amazon Security Lake logo

How to visualize Amazon Security Lake findings with Amazon QuickSight

Part 2 of a 3-part series Part 1 – Aggregating, searching, and visualizing log data from distributed sources with Amazon Athena and Amazon QuickSight Part 3 – How to share security telemetry per Organizational Unit using Amazon Security Lake and AWS Lake Formation In this post, we expand on the earlier blog post Ingest, transform, […]

circuit board

Refine permissions for externally accessible roles using IAM Access Analyzer and IAM action last accessed

When you build on Amazon Web Services (AWS) across accounts, you might use an AWS Identity and Access Management (IAM) role to allow an authenticated identity from outside your account—such as an IAM entity or a user from an external identity provider—to access the resources in your account. IAM roles have two types of policies […]

Security considerations for running containers on Amazon ECS

January 11, 2024: We’ve updated this post to include information about Amazon GuardDuty Runtime Monitoring for Amazon ECS clusters. If you’re looking to enhance the security of your containers on Amazon Elastic Container Service (Amazon ECS), you can begin with the six tips that we’ll cover in this blog post. These curated best practices are […]

PCI Serverless Blog Image

Transforming transactions: Streamlining PCI compliance using AWS serverless architecture

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is critical for organizations that handle cardholder data. Achieving and maintaining PCI DSS compliance can be a complex and challenging endeavor. Serverless technology has transformed application development, offering agility, performance, cost, and security. In this blog post, we examine the benefits of using AWS […]

Logo der Schweizerischen Eidgenossenschaft

Prepare your AWS workloads for the “Operational risks and resilience – banks” FINMA Circular

In December 2022, FINMA, the Swiss Financial Market Supervisory Authority, announced a fully revised circular called Operational risks and resilience – banks that will take effect on January 1, 2024. The circular will replace the Swiss Bankers Association’s Recommendations for Business Continuity Management (BCM), which is currently recognized as a minimum standard. The new circular […]

Scaling national identity schemes with itsme and Amazon Cognito

In this post, we demonstrate how you can use identity federation and integration between the identity provider itsme® and Amazon Cognito to quickly consume and build digital services for citizens on Amazon Web Services (AWS) using available national digital identities. We also provide code examples and integration proofs of concept to get you started quickly. […]

snow covered mountain under blue sky during daytime

Evolving cyber threats demand new security approaches – The benefits of a unified and global IT/OT SOC

In this blog post, we discuss some of the benefits and considerations organizations should think through when looking at a unified and global information technology and operational technology (IT/OT) security operations center (SOC). Although this post focuses on the IT/OT convergence within the SOC, you can use the concepts and ideas discussed here when thinking […]

Mask and redact sensitive data published to Amazon SNS using managed and custom data identifiers

Today, we’re announcing a new capability for Amazon Simple Notification Service (Amazon SNS) message data protection. In this post, we show you how you can use this new capability to create custom data identifiers to detect and protect domain-specific sensitive data, such as your company’s employee IDs. Previously, you could only use managed data identifiers […]