AWS Security Blog

Category: How-To

How to Enable Multi-Factor Authentication for AWS Services by Using AWS Microsoft AD and On-Premises Credentials

You can now enable multi-factor authentication (MFA) for users of AWS services such as HAQM WorkSpaces and HAQM QuickSight and their on-premises credentials by using your AWS Directory Service for Microsoft Active Directory directory, also known as AWS Microsoft AD. MFA adds an extra layer of protection to a user name and password (the first “factor”) […]

How to Create an Organizational Chart with Separate Hierarchies by Using HAQM Cloud Directory

HAQM Cloud Directory enables you to create directories for a variety of use cases, such as organizational charts, course catalogs, and device registries. Cloud Directory offers you the flexibility to create directories with hierarchies that span multiple dimensions. For example, you can create an organizational chart that you can navigate through separate hierarchies for reporting […]

How to Easily Log On to AWS Services by Using Your On-Premises Active Directory

AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as Microsoft AD, now enables your users to log on with just their on-premises Active Directory (AD) user name—no domain name is required. This new domainless logon feature makes it easier to set up connections to your on-premises AD for use with applications such […]

How to Simplify Security Assessment Setup Using HAQM EC2 Systems Manager and HAQM Inspector

August 15, 2021: This blog post is under construction. Please refer back to this post in a day or two for the most accurate and helpful information. In a July 2016 AWS Blog post, I discussed how to integrate HAQM Inspector with third-party ticketing systems by using HAQM Simple Notification Service (SNS) and AWS Lambda. […]

How to Detect and Automatically Remediate Unintended Permissions in HAQM S3 Object ACLs with CloudWatch Events

Update on October 24, 2018: Note that if you do not author the Lambda function correctly, this setup can create an infinite loop (in this case, a rule that is fired repeatedly, which can impact your AWS resources and cause higher than expected charges to your account). The example Lambda function I provide in Step […]

AWS Directory Service logo

How to Move More Custom Applications to the AWS Cloud with AWS Directory Service

Some Active Directory (AD) integrated applications require custom changes to the directory schema. Today, we have added the ability for an administrator to extend the schema of AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as Microsoft AD. Specifically, you can modify the AD schema and enable many more applications. This feature […]

How to Assign Permissions Using New AWS Managed Policies for Job Functions

Today, AWS Identity and Access Management (IAM) made 10 AWS managed policies available that align with common job functions. AWS managed policies enable you to set permissions using policies that AWS creates and manages, and with a single AWS managed policy for job functions, you can grant the permissions necessary for network or database administrators, […]