AWS Security Blog
Tag: API
Streamlining evidence collection with AWS Audit Manager
In this post, we will show you how to deploy a solution into your Amazon Web Services (AWS) account that enables you to simply attach manual evidence to controls using AWS Audit Manager. Making evidence-collection as seamless as possible minimizes audit fatigue and helps you maintain a strong compliance posture. As an AWS customer, you […]
Building fine-grained authorization using Amazon Cognito, API Gateway, and IAM
September 8, 2023: It’s important to know that if you activate user sign-up in your user pool, anyone on the internet can sign up for an account and sign in to your apps. Don’t enable self-registration in your user pool unless you want to open your app to allow users to sign up. June 5, […]
New Cloud Directory API Makes It Easier to Query Data Along Multiple Dimensions
Amazon Cloud Directory enables you to build flexible, cloud-native directories for organizing hierarchies of data along multiple dimensions. For example, you can create an organizational structure that you can navigate through multiple hierarchies for reporting structure, location, and cost center. With Cloud Directory, you can create directories for a variety of use cases, such as […]
How to Automatically Tag Amazon EC2 Resources in Response to API Events
Note: As of March 28, 2017, Amazon EC2 supports tagging on creation, enforced tag usage, AWS Identity and Access Management (IAM) resource-level permissions, and enforced volume encryption. See New – Tag EC2 Instances & EBS Volumes on Creation on the AWS Blog for more information. Access to manage Amazon EC2 instances can be controlled using […]
How to Set Up Federated API Access to AWS by Using Windows PowerShell
When accessing AWS resources in an organization, we recommend that you have a standard and repeatable authentication method for purposes of security, auditability, compliance, and the capability to support role and account separation. As part of my AWS Professional Services engagements, I have helped AWS customers establish such an authentication mechanism via federated access to […]
How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0
Important note from July 18, 2019: The original version of this blog uses Python2.x scripts. We now have Python3.x scripts that you can download here: Form-based authentication version of the Python3.x script AD FS 3.0-specific version of the Python3.x script Note from May 24, 2019: The features and services described in this post have changed since […]
How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS
Feb 21 2023: This post is out of date. AWS now recommends using IAM Identity Center for federated identities accessing AWS by the CLI. Please see this post for more info: AWS CLI v2 Preview Now Supports AWS Single Sign-On Important note from July 18, 2019: The original version of this blog uses Python2.x scripts. […]