Category: Security, Identity, & Compliance

When starting out in the cloud, a customer’s storage requirements might consist of a handful of S3 buckets, but as they grow, migrate more applications and realize the power of the cloud, things can become more complicated. A customer may have tens or even hundreds of accounts and have multiple S3 buckets across numerous AWS […]

Our customers want to have a high availability, scalable firewall service to protect their virtual networks in the cloud. Security is the number one priority of AWS, which has provided various firewall capabilities on AWS that address specific security needs, like Security Groups to protect HAQM Elastic Compute Cloud (HAQM EC2) instances, Network ACLs to […]

Many customers I speak to use Active Directory to manage centralized user authentication and authorization for a variety of applications and services. For these customers, Active Directory is a critical piece of their IT Jigsaws. At AWS, we offer the AWS Directory Service for Microsoft Active Directory that provides our customers with a highly available […]

As we anticipated in this post, the anomaly and threat detection for HAQM Simple Storage Service (HAQM S3) activities that was previously available in HAQM Macie has now been enhanced and reduced in cost by over 80% as part of HAQM GuardDuty. This expands GuardDuty threat detection coverage beyond workloads and AWS accounts to also help you protect […]

Update (May 2023) – Updated the final CLI example. Enterprises adopting the AWS Cloud want to effectively manage identities. Having one central place to manage identities makes it easier to enforce policies, to manage access permissions, and to reduce the overhead by removing the need to duplicate users and user permissions across multiple identity silos. […]

HAQM Macie is a fully managed service that helps you discover and protect your sensitive data, using machine learning to automatically spot and classify data for you. Over time, Macie customers told us what they like, and what they didn’t. The service team has worked hard to address this feedback, and today I am very happy […]

Almost five years ago, I blogged about a solution that automatically analyzes AWS CloudTrail data to generate alerts upon sensitive API usage. It was a simple and basic solution for security analysis and automation. But demanding AWS customers have multiple AWS accounts, collect data from multiple sources, and simple searches based on regular expressions are […]

Last year at AWS re:Invent 2019, we released AWS Identity and Access Management (IAM) Access Analyzer that helps you understand who can access resources by analyzing permissions granted using policies for HAQM Simple Storage Service (S3) buckets, IAM roles, AWS Key Management Service (KMS) keys, AWS Lambda functions, and HAQM Simple Queue Service (SQS) queues. […]