AWS Security Blog

Category: Security, Identity, & Compliance

How to implement relationship-based access control with Amazon Verified Permissions and Amazon Neptune

How to implement relationship-based access control with Amazon Verified Permissions and Amazon Neptune

Externalized authorization for custom applications is a security approach where access control decisions are managed outside of the application logic. Instead of embedding authorization rules within the application’s code, these rules are defined as policies, which are evaluated by a separate system to make an authorization decision. This separation enhances an application’s security posture by […]

How to migrate 3DES keys from a FIPS to a non-FIPS AWS CloudHSM cluster

On August 20, 2024, we announced the general availability of the new AWS CloudHSM hardware security module (HSM) instance type hsm2m.medium, referred to in this post as hsm2. This new type comes with additional features compared to the previous CloudHSM instance type hsm1.medium (hsm1). The new features include the following: Support for Federal Information Processing […]

Managing identity source transition for AWS IAM Identity Center

AWS IAM Identity Center manages user access to Amazon Web Services (AWS) resources, including both AWS accounts and applications. You can use IAM Identity Center to create and manage user identities within the Identity Center identity store or to connect seamlessly to other identity sources. Organizations might change the configuration of their identity source in […]

2024 H1 IRAP report is now available on AWS Artifact for Australian customers

Amazon Web Services (AWS) is excited to announce that a new Information Security Registered Assessors Program (IRAP) report (2024 H1) is now available through AWS Artifact. An independent Australian Signals Directorate (ASD) certified IRAP assessor completed the IRAP assessment of AWS in August 2024. The new IRAP report includes an additional seven AWS services that are now assessed at the […]

How AWS WAF threat intelligence features help protect the player experience for betting and gaming customers

The betting and gaming industry has grown into a data-rich landscape that presents an enticing target for sophisticated bots. The sensitive personally identifiable information (PII) that is collected and the financial data involved in betting and in-game economies is especially valuable. Microtransactions and in-game purchases are frequently  targeted, making them an ideal case for safeguarding […]

AWS Transfer Family

Six tips to improve the security of your AWS Transfer Family server

AWS Transfer Family is a secure transfer service that lets you transfer files directly into and out of Amazon Web Services (AWS) storage services using popular protocols such as AS2, SFTP, FTPS, and FTP. When you launch a Transfer Family server, there are multiple options that you can choose depending on what you need to […]

Automate detection and response to website defacement with Amazon CloudWatch Synthetics

Website defacement occurs when threat actors gain unauthorized access to a website, most commonly a public website, and replace content on the site with their own messages. In this blog post, we show you how to detect website defacement, and then automate both defacement verification and your defacement response by using Amazon CloudWatch Synthetics visual […]

GNS logo

AWS renews its GNS Portugal certification for classified information with 66 services

Amazon Web Services (AWS) announces that it has successfully renewed the Portuguese GNS (Gabinete Nacional de Segurança, National Security Cabinet) certification in the AWS Regions and edge locations in the European Union. This accreditation confirms that AWS cloud infrastructure, security controls, and operational processes adhere to the stringent requirements set forth by the Portuguese government […]

Refine unused access using IAM Access Analyzer recommendations

As a security team lead, your goal is to manage security for your organization at scale and ensure that your team follows AWS Identity and Access Management (IAM) security best practices, such as the principle of least privilege. As your developers build on AWS, you need visibility across your organization to make sure that teams […]

Using Amazon Detective for IAM investigations

Uncovering  AWS Identity and Access Management (IAM) users and roles potentially involved in a security event can be a complex task, requiring security analysts to gather and analyze data from various sources, and determine the full scope of affected resources. Amazon Detective includes Detective Investigation, a feature that you can use to investigate IAM users […]