Happy 10th Birthday – AWS Identity and Access Management

Amazon S3 turned 15 earlier this year, and Amazon EC2 will do the same in a couple of months. Today we are celebrating the tenth birthday of AWS Identity and Access Management (IAM). The First Decade Let’s take a walk through the last decade and revisit some of the most significant IAM launches: May 2011 Read more about Happy 10th Birthday – AWS Identity and Access Management[…]

New – Attribute-Based Access Control with AWS Single Sign-On

Starting today, you can pass user attributes in the AWS session when your workforce sign-in into the cloud using AWS Single Sign-On. This gives you the centralized account access management of AWS Single Sign-On and ABAC, with the flexibility to use AWS SSO, Active Directory, or an external identity provider as your identity source. To Read more about New – Attribute-Based Access Control with AWS Single Sign-On[…]

AWS Network Firewall – New Managed Firewall Service in VPC

Our customers want to have a high availability, scalable firewall service to protect their virtual networks in the cloud. Security is the number one priority of AWS, which has provided various firewall capabilities on AWS that address specific security needs, like Security Groups to protect Amazon Elastic Compute Cloud (EC2) instances, Network ACLs to protect Read more about AWS Network Firewall – New Managed Firewall Service in VPC[…]

New – Using Amazon GuardDuty to Protect Your S3 Buckets

As we anticipated in this post, the anomaly and threat detection for Amazon Simple Storage Service (S3) activities that was previously available in Amazon Macie has now been enhanced and reduced in cost by over 80% as part of Amazon GuardDuty. This expands GuardDuty threat detection coverage beyond workloads and AWS accounts to also help you protect your Read more about New – Using Amazon GuardDuty to Protect Your S3 Buckets[…]

Single Sign-On between Okta Universal Directory and AWS

Enterprises adopting the AWS Cloud want to effectively manage identities. Having one central place to manage identities makes it easier to enforce policies, to manage access permissions, and to reduce the overhead by removing the need to duplicate users and user permissions across multiple identity silos. Having a unique identity also simplifies access for all Read more about Single Sign-On between Okta Universal Directory and AWS[…]

New – Enhanced Amazon Macie Now Available with Substantially Reduced Pricing

Amazon Macie is a fully managed service that helps you discover and protect your sensitive data, using machine learning to automatically spot and classify data for you. Over time, Macie customers told us what they like, and what they didn’t. The service team has worked hard to address this feedback, and today I am very happy Read more about New – Enhanced Amazon Macie Now Available with Substantially Reduced Pricing[…]

Amazon Detective – Rapid Security Investigation and Analysis

Almost five years ago, I blogged about a solution that automatically analyzes AWS CloudTrail data to generate alerts upon sensitive API usage. It was a simple and basic solution for security analysis and automation. But demanding AWS customers have multiple AWS accounts, collect data from multiple sources, and simple searches based on regular expressions are Read more about Amazon Detective – Rapid Security Investigation and Analysis[…]

Identify Unintended Resource Access with AWS Identity and Access Management (IAM) Access Analyzer

Today I get to share my favorite kind of announcement. It’s the sort of thing that will improve security for just about everyone that builds on AWS, it can be turned on with almost no configuration, and it costs nothing to use. We’re launching a new, first-of-its-kind capability called AWS Identity and Access Management (IAM) Read more about Identify Unintended Resource Access with AWS Identity and Access Management (IAM) Access Analyzer[…]

Announcing AWS Managed Rules for AWS WAF

Building and deploying secure applications is critical work, and the threat landscape is always shifting. We’re constantly working to reduce the pain of maintaining a strong cloud security posture. Today we’re launching a new capability called AWS Managed Rules for AWS WAF that helps you protect your applications without needing to create or manage the Read more about Announcing AWS Managed Rules for AWS WAF[…]

New for Identity Federation – Use Employee Attributes for Access Control in AWS

When you manage access to resources on AWS or many other systems, you most probably use Role-Based Access Control (RBAC). When you use RBAC, you define access permissions to resources, group these permissions in policies, assign policies to roles, assign roles to entities such as a person, a group of persons, a server, an application, Read more about New for Identity Federation – Use Employee Attributes for Access Control in AWS[…]