AWS Security Blog

Spain’s ENS High certification logo

AWS achieves Spain’s ENS High 311/2022 certification across 172 services

Amazon Web Services (AWS) has recently renewed the Esquema Nacional de Seguridad (ENS) High certification, upgrading to the latest version regulated under Royal Decree 311/2022. The ENS establishes security standards that apply to government agencies and public organizations in Spain and service providers on which Spanish public services depend. This security framework has gone through […]

BIO logo

AWS is issued a renewed certificate for the BIO Thema-uitwerking Clouddiensten with increased scope

We’re pleased to announce that Amazon Web Services (AWS) demonstrated continuous compliance with the Baseline Informatiebeveiliging Overheid (BIO) Thema-uitwerking Clouddiensten while increasing the AWS services and AWS Regions in scope. This alignment with the BIO Thema-uitwerking Clouddiensten requirements demonstrates our commitment to adhere to the heightened expectations for cloud service providers. AWS customers across the Dutch public sector can […]

Figure 10: Architecture diagram after deployment

Authorize API Gateway APIs using Amazon Verified Permissions with Amazon Cognito or bring your own identity provider

August 9, 2024: This post has been updated to reflect a new feature in Amazon Verified Permissions that supports OpenID Connect (OIDC) compliant identity providers as identity source Externalizing authorization logic for application APIs can yield multiple benefits for Amazon Web Services (AWS) customers. These benefits can include freeing up development teams to focus on […]

smart home

Using Amazon Verified Permissions to manage authorization for AWS IoT smart home applications

This blog post introduces how manufacturers and smart appliance consumers can use Amazon Verified Permissions to centrally manage permissions and fine-grained authorizations. Developers can offer more intuitive, user-friendly experiences by designing interfaces that align with user personas and multi-tenancy authorization strategies, which can lead to higher user satisfaction and adoption. Traditionally, implementing authorization logic using […]

AWS Logo

2023 ISO 27001 certificate available in Spanish and French, and 2023 ISO 22301 certificate available in Spanish

French » Spanish » Amazon Web Services (AWS) is pleased to announce that a translated version of our 2023 ISO 27001 and 2023 ISO 22301 certifications are now available: The 2023 ISO 27001 certificate is available in Spanish and French. The 2023 ISO 22301 certificate is available in Spanish. Translated certificates are available to customers […]

Integrate Kubernetes policy-as-code solutions into Security Hub

Integrate Kubernetes policy-as-code solutions into Security Hub

Using Kubernetes policy-as-code (PaC) solutions, administrators and security professionals can enforce organization policies to Kubernetes resources. There are several publicly available PAC solutions that are available for Kubernetes, such as Gatekeeper, Polaris, and Kyverno. PaC solutions usually implement two features: Use Kubernetes admission controllers to validate or modify objects before they’re created to help enforce configuration best […]

How the unique culture of security at AWS makes a difference

How the unique culture of security at AWS makes a difference

Our customers depend on Amazon Web Services (AWS) for their mission-critical applications and most sensitive data. Every day, the world’s fastest-growing startups, largest enterprises, and most trusted governmental organizations are choosing AWS as the place to run their technology infrastructure. They choose us because security has been our top priority from day one. We designed […]

AIPCA SOC logo

Winter 2023 SOC 1 report now available in Japanese, Korean, and Spanish

Japanese | Korean | Spanish We continue to listen to our customers, regulators, and stakeholders to understand their needs regarding audit, assurance, certification, and attestation programs at Amazon Web Services (AWS). We are pleased to announce that for the first time an AWS System and Organization Controls (SOC) 1 report is now available in Japanese […]

Accelerate security automation using Amazon CodeWhisperer

In an ever-changing security landscape, teams must be able to quickly remediate security risks. Many organizations look for ways to automate the remediation of security findings that are currently handled manually. Amazon CodeWhisperer is an artificial intelligence (AI) coding companion that generates real-time, single-line or full-function code suggestions in your integrated development environment (IDE) to […]

The curious case of faster AWS KMS symmetric key rotation

Today, AWS Key Management Service (AWS KMS) is introducing faster options for automatic symmetric key rotation. We’re also introducing rotate on-demand, rotation visibility improvements, and a new limit on the price of all symmetric keys that have had two or more rotations (including existing keys). In this post, I discuss all those capabilities and changes. […]