Category: Intermediate (200)

Sept 12, 2024: We’ve updated this post to include recently added Security Lake data sources for HAQM EKS and AWS WAF log files. You can use HAQM Security Lake to simplify log data collection and retention for HAQM Web Services (AWS) and non-AWS data sources. To make sure that you get the most out of […]

The management of security services across organizations has evolved over the years, and can vary depending on the size of your organization, the type of industry, the number of services to be administered, and compliance regulations and legislation. When compliance standards require you to set up scoped administrative control of event monitoring and auditing, we […]

April 18, 2025: AWS has made changes to the AWS Security Token Service (AWS STS) global endpoint (sts.amazonaws.com) in Regions enabled by default to enhance its resiliency and performance. AWS STS requests to the global endpoint are automatically served in the same AWS Region as your workloads. These changes will not be deployed to opt-in […]

AWS Network Firewall is a stateful managed network firewall and intrusion detection and prevention service designed for the HAQM Virtual Private Cloud (HAQM VPC). This post concentrates on automating rule updates in a central Network Firewall by using distributed firewall configurations. If you’re new to Network Firewall or seeking a technical background on rule management, […]

HAQM Inspector is an automated vulnerability management service that continually scans HAQM Web Services (AWS) workloads for software vulnerabilities and unintended network exposure. HAQM Inspector currently supports vulnerability reporting for HAQM Elastic Compute Cloud (HAQM EC2) instances, container images stored in HAQM Elastic Container Registry (HAQM ECR), and AWS Lambda. Java archive files (JAR, WAR, […]

May 20, 2024: This blog post has been updated with use case examples. The Optimize AWS administration with IAM paths blog post delves into the fundamental workings of the AWS Identity and Access Management (IAM) path feature. This post explores how you can use IAM paths to strike a balance between centralized IT and development […]

HAQM Inspector is an automated vulnerability management service that continually scans HAQM Web Services (AWS) workloads for software vulnerabilities and unintended network exposure. HAQM Inspector has expanded capability that allows customers to export a consolidated Software Bill of Materials (SBOM) for supported HAQM Inspector monitored resources, excluding Windows EC2 instances. Customers have asked us to […]

January 28, 2025: The following blog post highlights how to customize access tokens in HAQM Cognito user pools. With the introduction of new Cognito user pool feature tiers, the access token customization feature is now available as part of the default feature set for Essentials and Plus feature tier customers, so customers don’t need to […]

In this post, we show you how to apply attribute-based access control (ABAC) while you store and manage your HAQM Elastic Kubernetes Services (HAQM EKS) workload secrets in AWS Secrets Manager, and then retrieve them by integrating Secrets Manager with HAQM EKS using External Secrets Operator to define more fine-grained and dynamic AWS Identity and […]

Containerization technologies such as Docker and orchestration solutions such as HAQM Elastic Container Service (HAQM ECS) are popular with customers due to their portability and scalability advantages. Container runtime monitoring is essential for customers to monitor the health, performance, and security of containers. AWS services such as HAQM GuardDuty, HAQM Inspector, and AWS Security Hub […]