AWS Partner Network (APN) Blog
Category: Security
How to Tokenize and De-Identify Your Data in Amazon RDS with Baffle
Baffle Data Protection Services (DPS) provides a data-centric protection layer allowing customers to tokenize, encrypt, and mask data in Amazon RDS at the column or row level, without any application code modifications while supporting a BYOK or HYOK model. Review the architecture for Baffle DPS, and walk through how to launch and test Baffle DPS from an AWS CloudFormation template with Amazon RDS databases to encrypt data at the column level.
Approaching Least Privilege – IAM Policies with Usage-Based Analytics
AWS customers are increasingly searching for new ways to manage access in a scalable way that maintains the benefits of an agile DevOps delivery model. However, the traditional and highly-manual processes for assessing and certifying access quickly demonstrates they cannot keep up with the speed of DevOps changes. Learn how PwC designs and implements baseline IAM roles for customers while leveraging usage-based analytics to identify overprivileged roles.
Using AWS CodeBuild and Bridgecrew to Prevent Misconfigurations in AWS CloudFormation and Terraform
Scanning for misconfigurations as part of your CI/CD pipeline helps maintain a solid security posture for all changed resources before provisioning them to a running environment. Learn how to integrate infrastructure as code security and compliance scanning using AWS CodeBuild and Bridgecrew, a cloud security platform for developers. Bridgecrew is generally used to find security misconfigurations and policy violations across Amazon Web Services (AWS) and in configuration frameworks.
Improving Security in the Cloud with Micro-Segmentation
Micro-segmentation is a building-block of the shared responsibility security model and makes your security measures more effective. Understanding of the shared responsibility security model is imperative for successful, secure cloud and digital transformation projects, as well as the future growth of public cloud infrastructure. Learn how implementing micro-segmentation as part of that process can help you maintain a more secure environment than simple traditional perimeter security.
How HeleCloud Used AWS Secrets Manager to Automate Credentials Rotation of MS SQL on Amazon EC2
HeleCloud combines AWS Secrets Manager and the AWS Systems Manager Run Command into a solution that automatically rotates secrets for databases running on Amazon EC2. In addition to automatically rotating your secrets, it allows you to access them in applications running on Amazon EKS. Learn about the HeleCloud solution and walk through the code snippets and steps required to set up automatic credentials rotation of MS SQL Server running on Amazon EC2.
AWS Managed Security Services Partners Can Help Implement, Test, and Manage Your Perimeter Security Protection
AWS Shield Advanced provides 24×7 access to the AWS DDoS Response Team (DRT) for real-time response to impacting events. For customers that lack the resources to maintain this optimal application security posture, AWS has launched a new Perimeter Protection Managed Security Services Provider (MSSP) program that enables AWS Partners to develop and deliver a fully managed Security Operations Center (SOC) for AWS Shield Advanced, AWS WAF, and AWS Firewall Manager.
How to Enhance the Security and Compliance of Cloud Architectures with Datacom and AWS Services
Security and compliance governance is one of the most challenging problems organizations face when managing their cloud infrastructure. After years of working with AWS, Datacom Group has observed that each client has their own industry-specific security and compliance requirements. What’s needed is a solution that is flexible enough to cater to diverse customer requirements. Datacom’s governance solution is flexible and can integrate with a number of AWS native services to offer enhanced capabilities.
Isolating SaaS Tenants with Dynamically Generated IAM Policies
Many SaaS organizations leverage AWS Identity and Access Management (IAM) to define a series of policies and roles that can be used to ensure tenants are not allowed to cross tenant boundaries when accessing resources. To make this work, you have to create separate policies for each tenant which can create an explosion of tenant policies that push the account limits of IAM. Learn how dynamic policy generation creates a more scalable and manageable isolation experience.
Deploying DevSecOps on Amazon EKS with Aqua Security – Part 2
Aqua Security was built to redefine security and help you address the security skills gap in a rapidly evolving cloud-native landscape, automating security controls at the speed of DevOps. Unlike traditional security, cloud-native security cannot adopt a one-size-fits-all approach. It has to be seamlessly integrated with the existing processes, organizational culture as well as the technology. Learn how to implement a DevSecOps pipeline using AWS CodePipeline and Aqua Platform.
Easily Delegate Responsibilities Using AWS Permissions Boundaries and Kion
Permissions boundaries allow admins to delegate permissions to users so they can create new AWS service roles without elevating their own permissions. This removes the need for admins to field requests for these role creations and promotes self-service for users. The ultimate goal is to remove blockers for enhanced productivity. Learn how to pair permissions boundaries with Kion for increased automation and delegation.