AWS Security Blog
Category: How-To
How to Use a Single IAM User to Easily Access All Your Accounts by Using the AWS CLI
Many AWS customers keep their environments separated from each other: development resources do not interact with production, and vice versa. One way to achieve this separation is by using multiple AWS accounts. Though this approach does help with resource isolation, it can increase your user management because each AWS account can have its own AWS […]
How to Protect the Integrity of Your Encrypted Data by Using AWS Key Management Service and EncryptionContext
One of the most important and critical concepts in AWS Key Management Service (KMS) for advanced and secure data usage is EncryptionContext. Using EncryptionContext properly can help significantly improve the security of your applications. In this blog post, I will show the importance of EncryptionContext and will provide a simple example showing how you can […]
How to Configure Security Settings in Amazon WorkDocs
Amazon WorkDocs (formerly Amazon Zocalo) is a fully managed, secure enterprise storage and sharing service that incorporates feedback capabilities to improve user productivity. You can comment on files, send them to others for feedback, and upload new versions without having to resort to emailing multiple versions of files as attachments. WorkDocs includes security features such […]
How to Help Lock Down a User’s Amazon EC2 Capabilities to a Single VPC
As a cloud support engineer, I am frequently asked this question: “How can I lock down my user’s Amazon EC2 access to a single VPC?” This blog post will answer the question and explain how you can help control this level of access through the use of AWS Identity and Access Management (IAM) policies and […]
How to create a policy that provides selective access to sensitive Amazon S3 buckets
October 12, 2023: This blog is out of date. Please refer to this post instead: How to restrict Amazon S3 bucket access to a specific IAM role When it comes to securing access to your Amazon S3 buckets, AWS provides various options. You can utilize access control lists (ACLs), AWS Identity and Access Management (IAM) […]
How to Help Prepare for DDoS Attacks by Reducing Your Attack Surface
Distributed denial of service (DDoS) attacks are sometimes used by malicious actors in an attempt to flood a network, system, or application with more traffic, connections, or requests than it can handle. Not surprisingly, customers often ask us how we can help them protect their applications against these types of attacks. To help you optimize […]
How to Manage Identities in Simple AD Directories
As I said in yesterday’s blog post, How to Migrate Your Microsoft Active Directory Users to Simple AD, AWS Directory Service allows you to create a standalone, highly available AWS-managed directory called Simple AD in a matter of minutes. With Simple AD, you can centrally manage user accounts and group memberships for Amazon EC2 instances […]
How to Migrate Your Microsoft Active Directory Users to Simple AD or AWS Managed Microsoft AD
July 21, 2020: We’ve updated this post to include AWS Managed Microsoft AD, as well as Simple AD. AWS Directory Service allows you to create a standalone, highly available AWS-managed directory called Simple AD in a matter of minutes. With Simple AD, you can centrally manage user accounts and group memberships for Amazon EC2 instances […]
How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0
Important note from July 18, 2019: The original version of this blog uses Python2.x scripts. We now have Python3.x scripts that you can download here: Form-based authentication version of the Python3.x script AD FS 3.0-specific version of the Python3.x script Note from May 24, 2019: The features and services described in this post have changed since […]
How to Address the PCI DSS Requirements for Data Encryption in Transit Using Amazon VPC
The PCI requirements for encryption for data in transit are different for private networks than they are for public networks. When correctly designed, Amazon Virtual Private Cloud (Amazon VPC), a logically isolated portion of the AWS infrastructure that allows you to extend your existing data center network to the cloud, can be considered a private network, […]