Category: Intermediate (200)

AWS Network Firewall is a stateful managed network firewall and intrusion detection and prevention service designed for the HAQM Virtual Private Cloud (HAQM VPC). This post concentrates on automating rule updates in a central Network Firewall by using distributed firewall configurations. If you’re new to Network Firewall or seeking a technical background on rule management, […]

HAQM Inspector is an automated vulnerability management service that continually scans HAQM Web Services (AWS) workloads for software vulnerabilities and unintended network exposure. HAQM Inspector currently supports vulnerability reporting for HAQM Elastic Compute Cloud (HAQM EC2) instances, container images stored in HAQM Elastic Container Registry (HAQM ECR), and AWS Lambda. Java archive files (JAR, WAR, […]

May 20, 2024: This blog post has been updated with use case examples. The Optimize AWS administration with IAM paths blog post delves into the fundamental workings of the AWS Identity and Access Management (IAM) path feature. This post explores how you can use IAM paths to strike a balance between centralized IT and development […]

HAQM Inspector is an automated vulnerability management service that continually scans HAQM Web Services (AWS) workloads for software vulnerabilities and unintended network exposure. HAQM Inspector has expanded capability that allows customers to export a consolidated Software Bill of Materials (SBOM) for supported HAQM Inspector monitored resources, excluding Windows EC2 instances. Customers have asked us to […]

January 28, 2025: The following blog post highlights how to customize access tokens in HAQM Cognito user pools. With the introduction of new Cognito user pool feature tiers, the access token customization feature is now available as part of the default feature set for Essentials and Plus feature tier customers, so customers don’t need to […]

In this post, we show you how to apply attribute-based access control (ABAC) while you store and manage your HAQM Elastic Kubernetes Services (HAQM EKS) workload secrets in AWS Secrets Manager, and then retrieve them by integrating Secrets Manager with HAQM EKS using External Secrets Operator to define more fine-grained and dynamic AWS Identity and […]

Containerization technologies such as Docker and orchestration solutions such as HAQM Elastic Container Service (HAQM ECS) are popular with customers due to their portability and scalability advantages. Container runtime monitoring is essential for customers to monitor the health, performance, and security of containers. AWS services such as HAQM GuardDuty, HAQM Inspector, and AWS Security Hub […]

Organizations undergoing cloud migrations and business transformations often find themselves managing IT operations in hybrid or multicloud environments. This can make it more complex to safeguard workloads, applications, and data, and to securely handle identities and permissions across HAQM Web Services (AWS), hybrid, and multicloud setups. In this post, we show you how to assume […]

AWS Identity and Access Management (IAM) policies are at the core of access control on AWS. They enable the bundling of permissions, helping to provide effective and modular access control for AWS services. Service control policies (SCPs) complement IAM policies by helping organizations enforce permission guardrails at scale across their AWS accounts. The use of access control […]

AWS Identity and Access Management (IAM) Access Analyzer offers tools that help you set, verify, and refine permissions. You can use IAM Access Analyzer external access findings to continuously monitor your AWS Organizations organization and HAQM Web Services (AWS) accounts for public and cross-account access to your resources, and verify that only intended external access […]