All news with #aws iam tag

Amazon OpenSearch Serverless Adds ABAC and RCP Support

🔐 Amazon announced that OpenSearch Serverless now supports attribute-based authorization (ABAC) for Data Plane APIs, enabling identity policies in AWS IAM to control data read and write operations on collections. The release also introduces resource control policy (RCP), a new AWS Organizations–managed policy type that enforces organization-wide preventative controls centrally. Customers should check regional availability and consult the documentation for implementation guidance.

AWS Console Adds Account Color Settings for Quick ID

🎨 Today AWS announced general availability of account color settings in the AWS Management Console across all Public Regions. Account administrators can assign a persistent color (for example, red for production or yellow for testing) that appears in the Console navigation bar for all authorized users, enabling quick visual identification of accounts. The default color is grey; viewing the color requires AWSManagementConsoleBasicUserAccess or the custom permission uxc:getaccountcolor.

Malware Analysis on AWS: Building Secure Isolated Sandboxes

🔒 This AWS blog explains how security teams can run malware analysis in the cloud while complying with AWS policies and minimizing risk. It recommends an architecture that uses an isolated VPC with no internet egress, ephemeral EC2 detonation hosts accessed via AWS Systems Manager Session Manager, and secure S3 storage via VPC gateway endpoints with encryption. The post emphasizes strong IAM and SCP guardrails, immutable hosts, automated teardown, centralized logging, and monitoring with CloudTrail and GuardDuty to maintain visibility and lifecycle control.

Implementing Defense-in-Depth for AWS CodeBuild Pipelines

🔒 This guide consolidates practical recommendations for securing AWS CodeBuild CI/CD pipelines, emphasizing webhook configuration, trust boundaries, and least-privilege access. It warns against automatic pull request builds from untrusted contributors and prescribes push-based, branch-based, and contributor-filtered webhook patterns, plus staged rollout using Infrastructure as Code. Additional safeguards include scoped GitHub tokens, per-build IAM roles, isolated build environments, CloudTrail logging, and manual approval gates for sensitive deployments.

Secure File Sharing in AWS: Security and Cost Guide

🔒 This second part of the guide examines three AWS file‑sharing mechanisms — CloudFront signed URLs, an Amazon VPC endpoint service backed by a custom application, and S3 Access Points — contrasting their security, cost, protocol, and operational trade‑offs. It highlights CloudFront’s edge caching and WAF/Shield integration for low‑latency public delivery, PrivateLink for fully private TCP connectivity, and Access Points for scalable IAM‑based S3 access control. The post emphasizes choosing or combining solutions based on access patterns, compliance, and budget.

Automate Disabling AD Users from GuardDuty Findings

🔐 This AWS Security Blog post explains how to use Amazon GuardDuty to detect suspicious activity and automatically disable accounts in AWS Managed Microsoft AD. It walks through deploying a managed directory and a directory-administration EC2 instance, configuring AWS Systems Manager Run Command documents, and orchestrating those actions with AWS Step Functions triggered by Amazon EventBridge. The guide includes required permissions, testing steps using GuardDuty’s test domains, and notes on extending the automation to reset passwords or send notifications.

AWS Security Incident Response: Accelerating IR Lifecycle

🛡️ AWS Security Incident Response is a Tier 1, AWS-native service launched in December 2024 to accelerate detection, triage, and containment of security incidents. It integrates with Amazon GuardDuty, AWS Security Hub, and AWS Systems Manager, supports partner integrations, and enables escalation to AWS CIRT. The service centralizes findings, automates monitoring and intelligent triage to reduce false positives, and offers prebuilt containment playbooks and APIs to compress MTTR and coordinate cross-account response.