Tag: AWS Identity and Access Management (IAM)

This post is Part 2 of a two-part blog post series that will take you, an application developer, through the process of configuring and developing a data application that authenticates users with Microsoft Entra ID and then uses S3 Access Grants to access data on those users’ behalf. Part 1 of this series gave an […]

This is Part 1 of a two-part blog series: Configuring the application. Here is Part 2: Developing the application. When we at AWS talk to our customers about their data lakes, they usually describe a desired access pattern in which users and groups from a corporate directory are granted access to datasets in HAQM Simple […]

To adhere to the principle of least privilege, users define granular access to their HAQM Simple Storage Service (HAQM S3) data based on applications, personas, groups or organization units (OUs). This practice helps customers to mitigate the risk of unauthorized access, limiting potential damage in case of a security breach as employees only have access […]

SaaS providers with multi-tenant environments use cloud solutions to dynamically scale their workloads as customer demand increases. As their cloud footprint grows, having visibility into each end-customer’s storage consumption becomes important to distribute resources accordingly. An organization can use storage usage data per customer (tenant) to adjust its pricing model or better plan its budget. […]

Orca Security, an AWS Partner, is an independent cybersecurity software provider whose agent-less cloud security environment is trusted by hundreds of enterprises globally. Orca makes cloud security simple for enterprises moving to and scaling with AWS with its patented SideScanning™ technology and Unified Data Model. Orca’s customers use HAQM Elastic Block Store (HAQM EBS) volumes […]

Securely storing and authorizing access to data in the cloud is a top priority. One challenge faced by organizations is developing a consistent authorization experience to grant access to data for hybrid architectures. Workloads running on AWS can access data stored on services like HAQM Elastic File System (HAQM EFS) using AWS Identity and Access […]

1/11/2024: Updates made due to CloudShell migration to HAQM Linux 2023 (AL2023). Protecting sensitive data is not a novel idea. Customers in industries like financial services and healthcare regularly exchange files containing sensitive data, including Personal Identifiable Information (PII) and financial records with their users. Pretty Good Privacy (PGP) encryption of these files is often […]

Data is key to business, and securing it from unintended access is a critical business activity. As cloud usage increases, this can be a significant task to address. You want to verify that you aren’t unintentionally exposing or sharing data publicly. Under the Shared Responsibility Model, AWS is responsible for protecting the infrastructure that runs […]

Update April 8, 2024: As of February 27th, 2024, all AWS service API endpoints (including for HAQM S3) now require a minimum of TLS version 1.2. Therefore, the S3 bucket and S3 Access Point policy examples in this post that enforce minimum of TLS version 1.2 are no longer necessary as this is the default […]

Enterprises strive to make sure that business critical applications, workloads, and data remain available during planned and unplanned downtime. When using the cloud, organizations must make sure to apply the same approach to business continuity and disaster recovery as they would with on-premises infrastructure. Customers on the cloud can leverage AWS Elastic Disaster Recovery (AWS […]