AWS Security Blog
1k followers 4 articles/week
Modern web application authentication and authorization with Amazon VPC Lattice

When building API-based web applications in the cloud, there are two main types of communication flow in which identity is an integral consideration: User-to-Service communication: Authenticate and authorize users to communicate with application services and APIs Service-to-Service communication: Authenticate and authorize application services to...

Fri Feb 23, 2024 19:04
AWS HITRUST Shared Responsibility Matrix for HITRUST CSF v11.2 now available

The latest version of the AWS HITRUST Shared Responsibility Matrix (SRM)—SRM version 1.4.2—is now available. To request a copy, choose SRM version 1.4.2 from the HITRUST website. SRM version 1.4.2 adds support for the HITRUST Common Security Framework (CSF) v11.2 assessments in addition to continued support for previous versions of HITRUST CSF assessments...

Fri Feb 23, 2024 01:16
AWS Customer Compliance Guides now publicly available

The AWS Global Security & Compliance Acceleration (GSCA) Program has released AWS Customer Compliance Guides (CCGs) on the AWS Compliance Resources page to help customers, AWS Partners, and assessors quickly understand how industry-leading compliance frameworks map to AWS service documentation and security best practices. CCGs offer security guidance...

Thu Feb 22, 2024 21:19
Detect Stripe keys in S3 buckets with Amazon Macie

Many customers building applications on Amazon Web Services (AWS) use Stripe global payment services to help get their product out faster and grow revenue, especially in the internet economy. It’s critical for customers to securely and properly handle the credentials used to authenticate with Stripe services. Much like your AWS API keys, which enable...

Mon Feb 19, 2024 21:22
How to automate rule management for AWS Network Firewall

AWS Network Firewall is a stateful managed network firewall and intrusion detection and prevention service designed for the Amazon Virtual Private Cloud (Amazon VPC). This post concentrates on automating rule updates in a central Network Firewall by using distributed firewall configurations. If you’re new to Network Firewall or seeking a technical background...

Fri Feb 16, 2024 21:14
SaaS access control using Amazon Verified Permissions with a per-tenant policy store

Access control is essential for multi-tenant software as a service (SaaS) applications. SaaS developers must manage permissions, fine-grained authorization, and isolation. In this post, we demonstrate how you can use Amazon Verified Permissions for access control in a multi-tenant document management SaaS application using a per-tenant policy store...

Tue Feb 13, 2024 19:51

Build your own newsfeed

Ready to give it a go?
Start a 14-day trial, no credit card required.

Create account