Category: Security, Identity, & Compliance

Introduction The AWS WAF Bot Control rule group includes rules for detecting and managing bot threats. These threats range from easily identified common bots through to coordinated targeted bots that evade detection by operating across multiple hosts. Like any other security controls, Amazon Web Services (AWS) WAF Bot Control for Targeted Bots rules can also […]

Introduction Unlike traditional VPN-based approaches, AWS Verified Access evaluates multiple dimensions of access, including user identity, device posture, and application-specific policies. This means organizations can ensure that only fully authenticated and authorized users can access sensitive resources, regardless of their physical network location. The result is a more flexible, secure, and manageable approach to enterprise […]

Information security practitioners use internet protocol (IP) address-based security controls such as block lists and rate-based rules to block malicious traffic. However, blocking malicious traffic solely based on an IP address can unintentionally block legitimate users, resulting in false positives. This is because many users share an IP address behind a network address translation (NAT) […]

Connecting securely to RDS databases AWS Verified Access (AVA) now extends beyond HTTP apps to provide VPN-less, secure access to non-HTTP resources like RDS databases, enabling improved security and enhanced user experience for both web applications and database connections. AVA is built based on Zero Trust principles and allows administrators to define fine-grained access policies, […]

This post was co-authored by: George Oakes, Senior Specialist Solutions Architect; Wafa Adeel, Senior Product Manager; and Devin Taylor, Senior Software Engineer Overview AWS PrivateLink offers a secure and simple way of sharing and accessing services across VPCs and accounts. All traffic stays on AWS network without going over the public internet. Until now the […]

For cloud users, evaluating data transfer services can be complex, especially when the internal engineering that manages security and delivers high availability and low latency is often abstracted. We are starting a series of posts intended to demystify AWS Data Transfer services and to clarify exactly what Amazon Web Services (AWS) users get when they […]

PartyRock is an intuitive, hands-on generative AI app-building playground based on Amazon Bedrock. It allows users to experiment with generative AI technologies and build fun applications without coding, such as quiz generators or resume optimizers. Although providing a free generative AI playground online offers immense value to builders, it also presents significant security challenges. In […]

DNS is a key component of modern computing, a phone book for IP addresses. It is distinct from other protocols in the application stack. Because it is queried early in the request by a client, DNS is well suited to relay application-specific information back to a client as early as possible. This additional data can […]

AWS WAF Bot Control uses CAPTCHA and Challenge actions to undertake a browser interaction before permitting requests to protected resources. These actions can result in a poor user experience because of application errors or unexpected CAPTCHA completion when AWS WAF unexpectedly blocks requests. The AWS WAF JavaScript integrations give you the ability to control these […]

Introduction Defining and provisioning standardized virtual private cloud (VPC) patterns across an enterprise poses several challenges for many customers. These challenges include ensuring self-service capabilities, meeting security and compliance requirements, and maintaining adherence to those requirements. Traditionally, when an application team wants to provision a VPC in their workload account, it is requested through a […]