Tag: Identity

AWS IAM Identity Center is streamlining its AWS CloudTrail events by including only essential fields that are necessary for workflows like audit and incident response. This change simplifies user identification in CloudTrail, addressing customer feedback. It also enhances correlation between IAM Identity Center users and external directory services, such as Okta Universal Directory or Microsoft […]

October 28, 2024: We updated the text and figure for security objective 1 to show Amazon Route 53 Resolver DNS Firewall. Amazon Virtual Private Cloud (Amazon VPC) endpoints—powered by AWS PrivateLink—enable customers to establish private connectivity to supported AWS services, enterprise services, and third-party services by using private IP addresses. There are three types of […]

A data perimeter on Amazon Web Services (AWS) is a set of preventive controls you can use to help establish a boundary around your data in AWS Organizations. This boundary helps ensure that your data can be accessed only by trusted identities from within networks you expect and that the data cannot be transferred outside […]

AWS IAM Identity Center is the preferred way to provide workforce access to Amazon Web Services (AWS) accounts, and enables you to provide workforce access to many AWS managed applications, such as Amazon Q. As we continue to release more AWS managed applications, customers have told us they want to onboard to IAM Identity Center […]

Today, AWS Key Management Service (AWS KMS) is introducing faster options for automatic symmetric key rotation. We’re also introducing rotate on-demand, rotation visibility improvements, and a new limit on the price of all symmetric keys that have had two or more rotations (including existing keys). In this post, I discuss all those capabilities and changes. […]

For businesses, particularly those in highly regulated industries, managing user accounts isn’t just a matter of security but also a compliance necessity. In sectors such as finance, healthcare, and government, where regulations often mandate strict control over user access, disabling stale user accounts is a key compliance activity. In this post, we show you a […]

September 20, 2024: Updated with information on the v1.0 and v2.0 access tokens in the Microsoft identity platform and changes in the Audience value when v2.0 access tokens are used. Removed a note about obtaining access tokens from managed identities. Use of long-term access keys for authentication between cloud resources increases the risk of key […]

When building API-based web applications in the cloud, there are two main types of communication flow in which identity is an integral consideration: User-to-Service communication: Authenticate and authorize users to communicate with application services and APIs Service-to-Service communication: Authenticate and authorize application services to talk to each other To design an authentication and authorization solution for these […]

December 12, 2023: We’ve updated this post to clarify that you can use both sts:audit_context and sts:identity_context can be used to create an identity-enhanced session. AWS Identity and Access Management (IAM) roles are a powerful way to manage permissions to resources in the Amazon Web Services (AWS) Cloud. IAM roles are useful when granting permissions […]

AWS Security Hub offers over 75 third-party partner product integrations, such as Palo Alto Networks Prisma, Prowler, Qualys, Wiz, and more, that you can use to send, receive, or update findings in Security Hub. We recommend that you enable your corresponding Security Hub third-party partner product integrations when you use these partner solutions. By centralizing […]