AWS Security Blog
Category: Expert (400)
How to run AWS CloudHSM workloads on AWS Lambda
November 21, 2021: CloudHSM SDK3 does not support serverless environments, and we strongly recommend deploying SDK5. We are currently working on an updated blog post. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your […]
How to define least-privileged permissions for actions called by AWS services
August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. February 21, 2020: We fixed a missing comma in a policy example. March 3, 2020: […]
How to use KMS and IAM to enable independent security controls for encrypted data in S3
August 31, 2021:AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. Typically, when you protect data in Amazon Simple Storage Service (Amazon S3), you use a combination […]
How to BYOK (bring your own key) to AWS KMS for less than $15.00 a year using AWS CloudHSM
February 26, 2024: We’ve updated this post to replace the key_mgmt_util with cloudhsm-cli, which is part of the newer SDK 5. August 31, 2021:AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations […]