Category: Advanced (300)

Certificates are vital to maintaining trust and providing encryption to internal or external facing infrastructure and applications. AWS Certificate Manager (ACM) provides certificate services to any workload that requires them. Although ACM provides managed renewals that automatically renew certificates in most cases, there are exceptions, such as imported certs, where an automatic renewal isn’t possible. […]

HAQM Web Services (AWS) recently released PCKS #11 Library version 5.0 for AWS CloudHSM. This blog post describes the changes implemented in the new library. We also cover a simple encryption example with the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), dockerized, running on AWS Fargate. The primary change from the previous SDK […]

January 2, 2024: We’ve updated this post to include the new failover Region feature. April 29, 2021: We’ve updated the order of the commands in Step 1. April 23, 2021: We’ve updated the commands in Steps 1 and 5 and in the “Additional Features” section. Using AWS Secrets Manager, you can more securely retrieve secrets […]

October 4, 2024: This post has been updated to cover the following changes: FIPS 140-2 Level 3 validation of AWS Key Management Service (AWS KMS), the addition of the external key store service to AWS KMS, and FIPS 140-3 validation of AWS CloudHSM. As you prepare to build or migrate your workload on HAQM Web […]

Containment is a crucial part of an overall Incident Response Strategy, as this practice allows time for responders to perform forensics, eradication and recovery during an Incident. There are many different approaches to containment. In this post, we will be focusing on isolation—the ability to keep multiple targets separated so that each target only sees […]

January 13, 2025: This post was updated to include code to create Security Hub custom insights through the use of CloudFormation. AWS Security Hub provides a comprehensive view of your security posture in HAQM Web Services (AWS) and helps you check your environment against security standards and best practices. In this post, we’ll show you […]

In this blog post, we’ll demonstrate how you can use HAQM Detective’s new role session analysis feature to investigate security findings that are tied to the usage of an AWS Identity and Access Management (IAM) role. You’ll learn about how you can use this new role session analysis feature to determine which HAQM Web Services […]

In this blog post, I show you how to deploy an automated solution that helps you fully automate the Active Directory join and unjoin process for HAQM Elastic Compute Cloud (HAQM EC2) instances that don’t have internet access. Managing Active Directory domain membership for EC2 instances in HAQM Web Services (AWS) Cloud is a typical […]

AWS Identity and Access Management (IAM) now enables HAQM Web Services (AWS) administrators to use tags to manage and secure access to more types of IAM resources, such as customer managed IAM policies, Security Assertion Markup Language (SAML) providers, and virtual multi-factor authentication (MFA) devices. A tag is an attribute that consists of a key […]

November 9, 2023: We updated this blog post to correct a typo in the policy. HAQM Web Services (AWS) recently released Code Signing for AWS Lambda. By using this feature, you can help enforce the integrity of your code artifacts and make sure that only trusted developers can deploy code to your AWS Lambda functions. […]