Can I do that with policy? Understanding the AWS Service Authorization Reference
Understanding what AWS Identity and Access Management (IAM) policies can control helps you build better security controls and avoid spending time on approach...
AWS Security Blog
10 articles
Protecting your secrets from tomorrow’s quantum risks
As outlined in the AWS post-quantum cryptography (PQC) migration plan, addressing the risk of harvest now, decrypt later (HNDL) attack is an important part o...
A technical walkthrough of multicloud full-stack security using AWS Security Hub Extended
Building on our recent announcement of AWS Security Hub Extended —our full-stack enterprise security offering — we want to show you how we’re simplifying sec...
Winter 2025 SOC 1 report is now available with 184 services in scope
Amazon Web Services (AWS) is pleased to announce that the Winter 2025 System and Organization Controls (SOC) 1 report is now available. The report covers 184...
How to clone an AWS CloudHSM cluster across Regions
Important: As of January 1, 2025, Client SDK 3 tools (CMU and KMU) are no longer supported. This guide has been updated to use Client SDK 5 commands exclusiv...
Transform security logs into OCSF format using a configuration-driven ETL solution
Security logs capture essential security-related activities, such as user sign-ins, file access, network traffic, and application usage. These logs are impor...
Secure AI agent access patterns to AWS resources using Model Context Protocol
AI agents and coding assistants interact with AWS resources through the Model Context Protocol (MCP). Unlike traditional applications with deterministic code...
A framework for securely collecting forensic artifacts into S3 buckets
When customers experience a security incident, they need to acquire forensic artifacts to identify root cause, extract indicators of compromise (IoCs), and v...
Building AI defenses at scale: Before the threats emerge
At AWS, we’ve spent decades developing processes and tools that enable us to defend millions of customers simultaneously, wherever they operate around the wo...
Introducing the Landing Zone Accelerator on AWS Universal Configuration and LZA Compliance Workbook
November 20, 2025: Original publication date of this post. This post has been updated to reference the most recent version of the LZA Compliance Workbook pub...