Category: Expert (400)

April 9, 2025: We updated content about HAQM Bedrock Guardrails to cover the recently added condition key bedrock:GuardrailIdentifier. March 27, 2025: Two policies in this post were updated. Generative AI applications often involve a combination of various services and features—such as HAQM Bedrock and large language models (LLMs)—to generate content and to access potentially confidential […]

Establishing and maintaining an effective security and governance posture has never been more important for enterprises. This post explains how you, as a security administrator, can use HAQM Web Services (AWS) to enforce resource configurations in a manner that is designed to be secure, scalable, and primarily focused on feature gating. In this context, feature […]

HAQM Web Services (AWS) recently released AWS IAM Identity Center trusted identity propagation to create identity-enhanced IAM role sessions when requesting access to AWS services as well as to trusted token issuers. These two features can help customers build custom applications on top of AWS, which requires fine-grained access to data analytics-focused AWS services such […]

Externalized authorization for custom applications is a security approach where access control decisions are managed outside of the application logic. Instead of embedding authorization rules within the application’s code, these rules are defined as policies, which are evaluated by a separate system to make an authorization decision. This separation enhances an application’s security posture by […]

When building API-based web applications in the cloud, there are two main types of communication flow in which identity is an integral consideration: User-to-Service communication: Authenticate and authorize users to communicate with application services and APIs Service-to-Service communication: Authenticate and authorize application services to talk to each other To design an authentication and authorization solution for these […]

In part 1, we discussed how to use HAQM SageMaker Studio to analyze time-series data in HAQM Security Lake to identify critical areas and prioritize efforts to help increase your security posture. Security Lake provides additional visibility into your environment by consolidating and normalizing security data from both AWS and non-AWS sources. Security teams can […]

This blog post demonstrates how to help meet your security goals for a containerized process running outside of HAQM Web Services (AWS) as part of a hybrid cloud architecture. Managing credentials for such systems can be challenging, including when a workload needs to access cloud resources. IAM Roles Anywhere lets you exchange static AWS Identity […]

With HAQM Cognito user pools, you can add user sign-up and sign-in features and control access to your web and mobile applications. You can enable your users who already have accounts with other identity providers (IdPs) to skip the sign-up step and sign in to your application by using an existing account through SAML 2.0 […]

Customers face a number of challenges to quickly and effectively respond to a security event. To start, it can be difficult to standardize how to respond to a partic­ular security event, such as an HAQM GuardDuty finding. Additionally, silos can form with reliance on one security analyst who is designated to perform certain tasks, such […]

January 31, 2024: Updated IAM policy for use case 3 to allow the actions sso:CreateAccountAssignment and sso:ProvisionPermissionSet for resources of type permissionSet In this blog post, we look at how you can use AWS IAM Identity Center (successor to AWS Single Sign-On) to delegate the management of permission sets and account assignments. Delegating the day-to-day […]