Category: How-To

One of the most important and critical concepts in AWS Key Management Service (KMS) for advanced and secure data usage is EncryptionContext. Using EncryptionContext properly can help significantly improve the security of your applications. In this blog post, I will show the importance of EncryptionContext and will provide a simple example showing how you can […]

HAQM WorkDocs (formerly HAQM Zocalo) is a fully managed, secure enterprise storage and sharing service that incorporates feedback capabilities to improve user productivity. You can comment on files, send them to others for feedback, and upload new versions without having to resort to emailing multiple versions of files as attachments. WorkDocs includes security features such […]

As a cloud support engineer, I am frequently asked this question: “How can I lock down my user’s HAQM EC2 access to a single VPC?” This blog post will answer the question and explain how you can help control this level of access through the use of AWS Identity and Access Management (IAM) policies and […]

October 12, 2023: This blog is out of date. Please refer to this post instead: How to restrict HAQM S3 bucket access to a specific IAM role When it comes to securing access to your HAQM S3 buckets, AWS provides various options. You can utilize access control lists (ACLs), AWS Identity and Access Management (IAM) […]

Distributed denial of service (DDoS) attacks are sometimes used by malicious actors in an attempt to flood a network, system, or application with more traffic, connections, or requests than it can handle. Not surprisingly, customers often ask us how we can help them protect their applications against these types of attacks. To help you optimize […]

As I said in yesterday’s blog post, How to Migrate Your Microsoft Active Directory Users to Simple AD, AWS Directory Service allows you to create a standalone, highly available AWS-managed directory called Simple AD in a matter of minutes. With Simple AD, you can centrally manage user accounts and group memberships for HAQM EC2 instances […]

July 21, 2020: We’ve updated this post to include AWS Managed Microsoft AD, as well as Simple AD. AWS Directory Service allows you to create a standalone, highly available AWS-managed directory called Simple AD in a matter of minutes. With Simple AD, you can centrally manage user accounts and group memberships for HAQM EC2 instances […]

Important note from July 18, 2019: The original version of this blog uses Python2.x scripts. We now have Python3.x scripts that you can download here: Form-based authentication version of the Python3.x script AD FS 3.0-specific version of the Python3.x script Note from May 24, 2019: The features and services described in this post have changed since […]

The PCI requirements for encryption for data in transit are different for private networks than they are for public networks. When correctly designed, HAQM Virtual Private Cloud (HAQM VPC), a logically isolated portion of the AWS infrastructure that allows you to extend your existing data center network to the cloud, can be considered a private network, […]

AWS Identity and Access Management (IAM) best practices recommend using IAM users or roles to access your AWS resources, instead of using your root credentials. If you follow this best practice, though, how can you monitor for root activity and take action if such activity occurs? AWS CloudTrail and HAQM CloudWatch provide the solution. In […]