All news with #aws kms tag

SageMaker HyperPod Supports EBS CSI Driver for Storage

🔧 Amazon SageMaker HyperPod now supports the Amazon Elastic Block Store (EBS) Container Storage Interface (CSI) driver, enabling dynamic provisioning and lifecycle management of persistent EBS volumes for machine learning workloads on HyperPod EKS clusters. Through standard Kubernetes persistent volume claims and storage classes, teams can create, attach, resize, snapshot, and encrypt volumes (including customer-managed KMS keys), and volumes persist across pod restarts and node replacements. Install the EBS CSI driver as an EKS add-on to get started; the capability is available in all regions where HyperPod EKS clusters are supported.

AWS IoT Core Adds Customer-Managed KMS Keys Support

🔐 AWS IoT Core now supports customer-managed keys (CMK) via AWS KMS, enabling encryption of data stored in IoT Core with customer-controlled keys. When CMK is selected, AWS automatically re-encrypts existing stored data and manages the transition to avoid operational disruption. The feature is available in all Regions where IoT Core is supported and enhances control over key lifecycle — creation, rotation, monitoring, and deletion.

Amazon MSF for Apache Flink Adds Customer Managed Keys

🔐 Amazon Managed Service for Apache Flink now supports Amazon KMS Customer Managed Keys (CMK), giving customers the option to use their own keys instead of AWS-owned keys. This provides greater control over encryption at rest, key rotation, and access policies for data stored in MSF. The update helps address compliance and governance requirements and is available by region; refer to the documentation for implementation details.

Malware Analysis on AWS: Building Secure Isolated Sandboxes

🔒 This AWS blog explains how security teams can run malware analysis in the cloud while complying with AWS policies and minimizing risk. It recommends an architecture that uses an isolated VPC with no internet egress, ephemeral EC2 detonation hosts accessed via AWS Systems Manager Session Manager, and secure S3 storage via VPC gateway endpoints with encryption. The post emphasizes strong IAM and SCP guardrails, immutable hosts, automated teardown, centralized logging, and monitoring with CloudTrail and GuardDuty to maintain visibility and lifecycle control.

Secure File Sharing in AWS: Security and Cost Guide

🔒 This second part of the guide examines three AWS file‑sharing mechanisms — CloudFront signed URLs, an Amazon VPC endpoint service backed by a custom application, and S3 Access Points — contrasting their security, cost, protocol, and operational trade‑offs. It highlights CloudFront’s edge caching and WAF/Shield integration for low‑latency public delivery, PrivateLink for fully private TCP connectivity, and Access Points for scalable IAM‑based S3 access control. The post emphasizes choosing or combining solutions based on access patterns, compliance, and budget.

CLOUD Act Explained: Provider Obligations and Protections

🔒 AWS clarifies five key points about the CLOUD Act, stressing it does not grant automatic or unfettered access to customer content and that U.S. law requires judicial process for compelled disclosures. AWS reports no disclosure of enterprise or government customer content stored outside the U.S. since 2020. The company notes the Act applies to any provider with a U.S. presence and aligns with international law, while technical controls like AWS Nitro and AWS KMS limit operator access.

Accenture Cloud Buckets Exposed Sensitive Credentials

🔓 UpGuard disclosed that Accenture left four Amazon S3 buckets publicly accessible, exposing sensitive Accenture Cloud Platform data including API keys, certificates, plaintext passwords, and private keys. The buckets — labeled acp-deployment, acpcollector, acp-software, and acp-ssl — contained credentials, VPN keys, logs, and large database dumps that included client information. After discovery on September 17, 2017, UpGuard notified Accenture and the buckets were secured the following day. This incident underscores how misconfigured cloud storage can endanger both vendors and their customers.