Use IAM to share your AWS resources with groups of AWS accounts in AWS Organizations

You can now reference Organizational Units (OUs), which are groups of AWS accounts in AWS Organizations, in AWS Identity and Access Management (IAM) policies, making it easier to define access for your IAM principals (users and roles) to the AWS resources in your organization. AWS Organizations lets you organize your accounts into OUs to align them with your business or security purposes. Now, you can use a new condition key,…

November 21, 2019
Read More >>

Continuously monitor unused IAM roles with AWS Config

Developing in the cloud encourages you to iterate frequently as your applications and resources evolve. You should also apply this iterative approach to the AWS Identity and Access Management (IAM) roles you create. Periodically ensuring that all the resources you’ve created are still being used can reduce operational complexity by eliminating the need to track unnecessary resources. It also improves security: identifying unused IAM roles helps reduce the potential for…

November 20, 2019
Read More >>

AWS Security Profiles: Sarah Cecchetti, Principal Product Manager, Amazon Cognito

In the weeks leading up to re:Invent 2019, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. What do you do in your current role at AWS? I’m an identity nerd! I think most login experiences are terrible today, especially passwords. The login experience is very important….

November 20, 2019
Read More >>

Identify unused IAM roles and remove them confidently with the last used timestamp

As you build on AWS, you create AWS Identity and Access Management (IAM) roles to enable teams and applications to use AWS services. As those teams and applications evolve, you might only rely on a sub-set of your original roles to meet your needs. This can leave unused roles in your AWS account. To help you identify these unused roles, IAM now reports the last-used timestamp that represents when a…

November 20, 2019
Read More >>

Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service

Since it first launched over 10 years ago, the Amazon EC2 Instance Metadata Service (IMDS) has helped customers build secure and scalable applications. The IMDS solved a big security headache for cloud users by providing access to temporary, frequently rotated credentials, removing the need to hardcode or distribute sensitive credentials to instances manually or programatically. Attached locally to every EC2 instance, the IMDS runs on a special “link local” IP…

November 20, 2019
Read More >>

Fall 2019 SOC 2 Type I Privacy report now available

We understand that the protection of personal data that is uploaded to AWS is critical for many of our customers, and the SOC2 Type 1 Privacy report provides the information you need to understand how your content is protected at AWS. The Fall 2019 SOC 2 Type I Privacy report provides you with a third-party attestation of our systems and the suitability of the design of our privacy controls. The…

November 19, 2019
Read More >>

New guidance to help you navigate Australian Prudential Regulation Authority requirements

There have been two noteworthy 2019 updates for Australian Prudential Regulation Authority (APRA) regulated entities such as banks, insurance companies, credit unions, deposit takers, and the superannuation industry. On June 25, APRA released an updated version of the Prudential Practice Guide CPG 234 Information Security, which provides guidance on how to implement the revised Prudential Standard CPS 234 Information Security. The new Prudential Practice Guide has been expanded significantly compared…

November 19, 2019
Read More >>

Fall 2019 SOC reports now available with 116 services in scope

We’re excited to announce the addition of 12 new services in scope under our latest System and Organizational Controls (SOC) audit cycle, for a total of 116 total services in scope. In addition to the new services, AWS has also expanded the list of controls covered within the reports to include more controls over employee screening procedures and new Region risk assessments. These SOC reports are now available in the…

November 15, 2019
Read More >>

AWS Security Profiles: Avni Rambhia, Senior Product Manager, CloudHSM

In the weeks leading up to re:Invent 2019, we’ll share conversations we’e had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do enjoy most in your current role? It’s been two and a half years already! Time has flown. I’m…

November 13, 2019
Read More >>