Category: Intermediate (200)

Least privilege is an important security topic for HAQM Web Services (AWS) customers. In previous blog posts, we’ve provided tactical advice on how to write least privilege policies, which we would encourage you to review. You might feel comfortable writing a few least privilege policies for yourself, but to scale this up to thousands of […]

AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks across your HAQM Web Services (AWS) accounts and AWS Regions, aggregates alerts, and enables automated remediation. Security Hub is designed to simplify and streamline the management of security-related data from various AWS services and third-party tools. It provides […]

February 25, 2025: The FAQ in this post was updated to indicate that AWS services also use certificates from ACM, and users relying on the certificate chain used by such services could be impacted. October 18, 2024: We’ve updated the rollout timeline, description for certificate pinning, and FAQ to reflect the latest third-party platforms that […]

July 16, 2024: We updated the code in this post and some of the CloudFormation parameters. HAQM Elastic Kubernetes Service (HAQM EKS) offers a powerful, Kubernetes-certified service to build, secure, operate, and maintain Kubernetes clusters on HAQM Web Services (AWS). It integrates seamlessly with key AWS services such as HAQM CloudWatch, HAQM EC2 Auto Scaling, […]

HAQM Web Services (AWS) provides tools that simplify automation and monitoring for compliance with security standards, such as the NIST SP 800-53 Rev. 5 Operational Best Practices. Organizations can set preventative and proactive controls to help ensure that noncompliant resources aren’t deployed. Detective and responsive controls notify stakeholders of misconfigurations immediately and automate fixes, thus […]

You might have security or compliance standards that prevent a database user from changing their own credentials and from having multiple users with identical permissions. AWS Secrets Manager offers two rotation strategies for secrets that contain HAQM Relational Database Service (HAQM RDS) credentials: single-user and alternating-user. In the preceding scenario, neither single-user rotation nor alternating-user rotation would […]

In this post, we discuss how to architect Zero Trust based remote connectivity to your applications hosted within HAQM Web Services (AWS). Specifically, we show you how to integrate AWS Verified Access with Jamf as a device trust provider. This post is an extension of our previous post explaining how to integrate AWS Verified Access […]

According to the MITRE ATT&CK framework, lateral movement consists of techniques that threat actors use to enter and control remote systems on a network. In HAQM Web Services (AWS) environments, threat actors equipped with illegitimately obtained credentials could potentially use APIs to interact with infrastructures and services directly, and they might even be able to use […]

August 9, 2024: This post has been updated to reflect a new feature in HAQM Verified Permissions that supports OpenID Connect (OIDC) compliant identity providers as identity source Externalizing authorization logic for application APIs can yield multiple benefits for HAQM Web Services (AWS) customers. These benefits can include freeing up development teams to focus on […]

In the evolving landscape of network security, safeguarding data as it exits your virtual environment is as crucial as protecting incoming traffic. In a previous post, we highlighted the significance of ingress TLS inspection in enhancing security within HAQM Web Services (AWS) environments. Building on that foundation, I focus on egress TLS inspection in this […]