Tag: EC2

The HAQM Elastic Compute Cloud (HAQM EC2) Instance Metadata Service (IMDS) helps customers build secure and scalable applications. IMDS solves a security challenge for cloud users by providing access to temporary and frequently-rotated credentials, and by removing the need to hardcode or distribute sensitive credentials to instances manually or programmatically. The Instance Metadata Service Version 2 (IMDSv2) […]

HAQM Inspector is an automated vulnerability management service that continually scans HAQM Web Services (AWS) workloads for software vulnerabilities and unintended network exposure. HAQM Inspector supports vulnerability reporting and deep inspection of HAQM Elastic Compute Cloud (HAQM EC2) instances, container images stored in HAQM Elastic Container Registry (HAQM ECR), and AWS Lambda functions. Operating system […]

January 13, 2025: This post was updated to state the limitations of AWS service permissions with VPC endpoints. April 5, 2023: A fix has been added to the Service Control Policy examples to allow EC2 instances to mount encrypted EBS volumes. March 7, 2023: We’ve added language clarifying the requirement around using VPC Endpoints, and […]

In this post, I show you how to use HAQM EC2 Instance Connect to use Secure Shell (SSH) to securely access your HAQM Elastic Compute Cloud (HAQM EC2) instances running on private subnets within an HAQM Virtual Private Cloud (HAQM VPC). EC2 Instance Connect provides a simple and secure way to connect to your EC2 […]

May 18, 2023:We’ve updated the syntax in the JSON policy document in the Create the policy setting for the source account section. August 31, 2021:AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some […]

August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. An HAQM Machine Image (AMI) provides the information that you need to launch an instance […]

August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. IPSec (IP Security) is a protocol for in-transit data protection between hosts. Configuration of site-to-site […]

HAQM GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. Given the many log types that HAQM GuardDuty analyzes (HAQM Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and DNS logs), you never know what it might discover in your […]

October 29, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. HAQM Elastic Block Store (EBS) offers an encryption solution for your HAQM EBS volumes so […]

As another new year begins, we encourage you to review our recommended AWS Identity and Access Management (IAM) best practices. Following these best practices can help you maintain the security of your AWS resources. You can learn more by watching the IAM Best Practices to Live By presentation that Anders Samuelsson gave at AWS re:Invent […]