AWS Security Blog

Amazon knows customers care deeply about privacy and data security, and we optimize our work to get these issues right for customers. With this post I’d like to provide a number of observations on our policies and positions: Amazon does not disclose customer information unless we’re required to do so to comply with a legally […]

Update: The on-demand recording and slides from this webinar are now available.   As part of the AWS Webinar Series, AWS will present Deep Dive: Protecting Your Data with AWS Encryption on Tuesday, June 16. This webinar will start at 9:00 A.M. and end at 10:00 A.M. Pacific Time (UTC-7). AWS Principal Product Manager Ken Beer […]

July 24, 2020: The whitepaper Auditing Security Checklist in the list of additional resources has been replaced by a Cloud Audit Academy course.   The security of personally identifiable information (PII) continues to be an important topic among all sectors, and education is no exception. Covered entities subject to FERPA are turning to cloud computing […]

Note from September 20, 2017: Based on customer feedback, we have moved the process outlined in this post to the official AWS documentation. AWS Identity and Access Management (IAM) has a list of best practices that you are encouraged to use. One of those best practices is to enable multi-factor authentication (MFA) for your AWS root […]

Feb 21 2023: This post is out of date. AWS now recommends using IAM Identity Center for federated identities accessing AWS by the CLI. Please see this post for more info: AWS CLI v2 Preview Now Supports AWS Single Sign-On Important note from July 18, 2019: The original version of this blog uses Python2.x scripts. […]

August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. In November 2014, AWS launched Key Management Service (KMS), a managed service that makes it […]

You can now use the AWS Identity and Access Management (IAM) policy simulator to test and validate your roles’ access control policies. The policy simulator is a tool to help you author and validate the policies that set permissions on your AWS resources. This tool provides a “playground” where you can iteratively author least privilege […]

We are now in our sixth year of regularly publishing comprehensive independent audit reports attesting to our alignment with globally accepted security best practices. We have just completed our thorough and extensive semiannual audit and are happy to announce that Amazon Simple Queue Service (SQS) and our newest region in Europe (Frankfurt) are now in-scope […]

As part of the AWS Webinar Series, AWS will present Getting Started with AWS Identity and Access Management on Friday, May 22. This webinar will start at 10:30 A.M. and end at 11:30 A.M. Pacific Time (UTC-7). AWS Security Solutions Architect Jonathan Desrocher will introduce the fundamental concepts of AWS Identity and Access Management (IAM) […]

Let’s face it—not all APIs were created equal. For example, you may be really interested in knowing when any of your Amazon EC2 instances are terminated (ec2:TerminateInstance), but less interested when an object is put in an Amazon S3 bucket (s3:PutObject). In this example, you can delete an object, but you can’t bring back that […]