Tag: HAQM EC2

In 2019, AWS Identity and Access Management (IAM) Access Analyzer was launched to help you remove unintended public and cross account access by analyzing your existing permissions. In March 2021, IAM Access Analyzer added policy validation to help you set secure and functional permissions during policy authoring. Now, IAM Access Analyzer takes that a step […]

September 9, 2021: HAQM Elasticsearch Service has been renamed to HAQM OpenSearch Service. See details. HAQM GuardDuty is an automated threat detection service that continuously monitors for suspicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in HAQM S3. In this post, I’ll share how you can use GuardDuty with […]

In this blog post, I show you how to deploy an automated solution that helps you fully automate the Active Directory join and unjoin process for HAQM Elastic Compute Cloud (HAQM EC2) instances that don’t have internet access. Managing Active Directory domain membership for EC2 instances in HAQM Web Services (AWS) Cloud is a typical […]

June 21, 2023: This blog post is out of date. You should now use the new managed prefix list for CloudFront in your Security Group instead of this custom Lambda solution. Please refer to this blog post for detailed info. HAQM CloudFront is a content delivery network that can help you increase the performance of […]

One of the security epics core to the AWS Cloud Adoption Framework (AWS CAF) is a focus on incident response and preparedness to address unauthorized activity. Multiple methods exist in HAQM Web Services (AWS) for automating classic incident response techniques, and the AWS Security Incident Response Guide outlines many of these methods. This post demonstrates […]

In this post, we discuss how to implement the operating system security requirements defined by the Defence Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs). As an HAQM Web Services (AWS) customer, you can use HAQM Machine Images (AMIs) published by AWS or APN partners. These AMIs, which are owned and published by AWS, […]

July 27, 2021: We’ve updated the link to the 2019 re:Invent session on this topic. Since it first launched over 10 years ago, the HAQM EC2 Instance Metadata Service (IMDS) has helped customers build secure and scalable applications. The IMDS solved a big security headache for cloud users by providing access to temporary, frequently rotated […]

September 9, 2021: HAQM Elasticsearch Service has been renamed to HAQM OpenSearch Service. See details. The following 10 posts were the most viewed AWS Security Blog posts that we published during 2017. You can use this list as a guide to catch up on your AWS Security Blog reading or read a post again that […]

Starting today, AWS Shield Advanced can help protect your HAQM EC2 instances and Network Load Balancers against infrastructure-layer Distributed Denial of Service (DDoS) attacks. Enable AWS Shield Advanced on an AWS Elastic IP address and attach the address to an internet-facing EC2 instance or Network Load Balancer. AWS Shield Advanced automatically detects the type of AWS resource behind the […]

The Defense Information Systems Agency (DISA) has granted the AWS GovCloud (US) Region an Impact Level 5 (IL5) Department of Defense (DoD) Cloud Computing Security Requirements Guide (CC SRG) Provisional Authorization (PA) for six core services. This means that AWS’s DoD customers and partners can now deploy workloads for Controlled Unclassified Information (CUI) exceeding IL4 […]