Security, Identity, & Compliance
Securely run your business with the most flexible and secure cloud computing environment available. Benefit from AWS data centers and a network architected to protect your information, applications, and devices. Meet core security requirements, such as data locality, protection, and confidentiality with our comprehensive services and features.
Recent questions
see all1 / 18
- ## Question We have two `AWS::GuardDuty::MalwareProtectionPlan` resources in separate member accounts under an AWS Organization. Both plans report `Status: ACTIVE` with empty `StatusReasons`, but nei...
- Hey there I am attempting to deploy STNO [AWS Transit Network Orchestrator] via LZA. This is another AWS solution provided here: https://docs.aws.amazon.com/solutions/latest/network-orchestration-aws...
- I have set up an EC2 instance in the public segment to serve as a jump server. For the jump server, I have configured the VPC endpoints for singIn and console to enable private access to the Managemen...
- I am creating an AWS Managed Microsoft AD Hybrid Edition directory assessment for a self-managed AD domain. The assessment fails only at DC Diagnostic Test. The failed SSM command invocation is: Co...
- I've had Bedrock Batch execution running fine with a role that has trust policy similar to what is specified here: https://docs.aws.amazon.com/bedrock/latest/userguide/batch-iam-sr.html Only distinct...
- I need to understand how amazon kiro setup works with the root and child IAM Identity center. I have a root IAM Identity center and when configuring Kiro in the child AWS account it creates IAM IC in ...
- I am trying to build a React Native app which uses Amplify via the direct integration method, by which I mean it connects directly to my pre-configured user pool, which I supply using amplify_outputs....
- In QuickSight, when accessing: Manage account → AWS resources I receive the following error: "Something went wrong. For more information see Set IAM policy" I already tried all the permissions sug...
- We are experiencing a recurring and intermittent authentication failure when using Amazon Cognito Hosted UI. Behavior When users attempt to log in via the Hosted UI /login endpoint, authentication som...
- I'm trying to import an external AES-256 KEK into AWS Payment Cryptography using DiffieHellmanTr31KeyBlock in ap-southeast-1. Every attempt returns: ValidationException: KeyBlock data in the importe...
- as anyone else seen `ICEBERG_CURSOR_ERROR: Failed to read Parquet file` from Athena engine v3 against Apache Iceberg tables managed by Amazon Security Lake (the OCSF v2.0 source tables in `amazon_secu...
- Lambda AccessDeniedException Issue - Problem Summary Problem Description User experiencing AccessDeniedException when attempting to update Lambda function code via AWS CLI, despite having multiple pol...
- Describe the bug Secrets Store CSI Driver fails to retrieve secrets from AWS Secrets Manager when using EKS Pod Identity on EKS Auto Mode nodes. The driver is unable to obtain AWS credentials, causin...
- Below is my steps 1. go to the AWS Management Console 2. click "Sign in using root user email" 3. select "root user", enter my email in "Email address" and click "Next" 4. enter my password in "Passw...
- Need some assistance from anyone on how to get AWS to let you out of the SES Sandbox. I'm setting up a new account with a small app. The app uses Cognito for user authentication. I would like the ap...
- When signing in to AWS and being prompted to change an expired (or expiring) password due to the account's password rotation policy, the password change form returns the following error if the new pas...
- We are new to AWS WAF and trying to design a simple but effective rate-limiting strategy. Our scenario is a bit tricky: Our users access the application from both: * Corporate networks (shar...
- AmazonGuardDuty-RuntimeMonitoringSsmPlugin 1.15.0 (published 2026-04-29) ships a .deb whose postinst calls /opt/aws/amazon-guardduty-agent/scripts/configure.sh. That script sed -is three placeholders ...
Recent Knowledge Center content
see all1 / 18
Recent articles
see all1 / 18
Kiran PrakashEXPERTpublished 4 days ago0 votes34 viewsThis article helps users who are integrating Grafana with AWS DevOps Agent via webhooks and receiving a `400 Bad Request` error when alerts fire from the Grafana UI, despite the webhook working correc...- AWS OFFICIALUpdated 4 days ago0 votes30 viewsThis article shows you how to respond to AWS Trust & Safety abuse notifications for Amazon Elastic Compute Cloud (Amazon EC2) resources and implement preventative measures to reduce future incidents.
- Heverin, StephenEXPERTpublished 5 days ago0 votes30 viewsJoin our experts LIVE on Twitch to learn how to extend your on-premises Active Directory to AWS without trust relationships!
- Dennis_OEXPERTpublished 7 days ago2 votes67 viewsFor sensitive caller inputs (PAN, CVV, authentication codes), post-call redaction is not enough PCI DSS v4.0 requires CVV is never stored after authorization and PAN only stored encrypted. This articl...
- Dennis_OEXPERTpublished 7 days ago1 votes78 viewsContact centers regularly capture PII (names, addresses, SSNs, credit card numbers) in call audio and transcripts. To meet PCI DSS, GDPR, and HIPAA controls, this data must be removed from artifacts b...
- Dennis_OEXPERTpublished 7 days ago1 votes53 viewsConnect encrypts customer content at rest by default with a service-managed KMS key, but customers in regulated industries (PCI DSS v4.0, GDPR, HIPAA) typically need full key control — independent rot...
- Heverin, StephenEXPERTpublished 7 days ago0 votes68 viewsJoin our experts LIVE on Twitch to learn how AWS DevOps Agent can act as your always-on operational troubleshooting peer!
- AWS OFFICIALUpdated 5 days ago0 votes69 viewsThis guide provides current Amazon Simple Email Service (Amazon SES) customers best practices for onboarding new clients to existing Amazon SES infrastructure while protecting their account reputation...
- Anil KukkunuruEXPERTpublished 10 days ago3 votes57 viewsThe article addresses a common operational challenge — when AWS Backup jobs (backup, restore, or cross-account copy) fail, the root cause typically spans multiple AWS services (IAM, KMS, Backup vault ...
- AWS OFFICIALUpdated 10 days ago1 votes441 viewsThis article guides you on how to estimate usage for AWS DevOps Agent, understand AWS Support plan credits, and forecast costs across your organization.
- MikeLimEXPERTpublished 15 days ago1 votes106 viewsHow to retrieve AWS WAF Bot Control (ABC) rule group labels
- Naveen JagathesanEXPERTpublished 17 days ago0 votes94 viewsRunning Spark on EMR with KMS-encrypted S3 data? Every object read triggers a kms:Decrypt API call — and at scale, those costs add up fast. If your compliance requirements prevent switching to S3 Buck...
- Heverin, StephenEXPERTpublished 17 days ago0 votes68 viewsJoin our experts LIVE on Twitch to learn how AWS Security Agent embeds security validation across every phase of your SDLC — from design to deployment!
Jeongho KimSUPPORT ENGINEERpublished 18 days ago0 votes49 viewsThis article explains when the MSK Connect service execution role is actually used, why worker log delivery does not use this role, and how to accurately determine whether the role is in use.- AWS OFFICIALUpdated 19 days ago0 votes292 viewsWhen AWS becomes aware of exposed or potentially exposed customer credentials, we act swiftly to protect customer accounts while maintaining operational continuity. This article explains the automated...
- Ed GummettEXPERTpublished 21 days ago0 votes90 viewsA detective rule that detects non-compliant FSx filesystems within minutes and quarantines them without deleting data.
- JLT_WEXPERTpublished 23 days ago0 votes163 viewsThis article explains how to configure a dedicated IAM role for the Amazon EFS CSI driver node component `efs-csi-node-sa` in Amazon EKS using Pod Identity, enabling least-privilege access to EFS file...
- Ramu VaranasiEXPERTpublished 24 days ago0 votes90 viewsOrganizations using Amazon Aurora MySQL with RDS Proxy often rely on init_connect stored procedures for compliance auditing. This creates a fragile dependency — proxy maintenance can revoke rdsproxyad...
Recent selections
see all1 / 12
- AWS OFFICIALUpdated 25 days ago1 votes144 viewsAWS Official content is created by a team of technical experts, professional writers, and editors within AWS. They work together to make sure that the information is clear, comprehensive, and aligned ...
- AWS OfficialMODERATORpublished a month ago0 votes151 viewsThis spotlight on AWS IAM equips you with skills and troubleshooting best practices to secure and manage access to your AWS resources effectively.
- AWS OfficialMODERATORpublished 8 months ago1 votes296 viewsThis spotlight on Amazon Cognito equips you with the skills and troubleshooting best practices to get the most out of this cost effective service.
- AWS OfficialEXPERTpublished 2 years ago0 votes984 viewsThis spotlight on IAM equips you with the skills and troubleshooting tips to get the most out of a powerful service.
- AWS OFFICIALUpdated 4 days ago10 votes30.5K viewsThe AWS Trust & Safety Center provides curated knowledge of AWS resources that can assist you in your cloud journey.
- Osvaldo MarteEXPERTpublished 2 years ago2 votes18.6K viewsThis selection focuses on the essential AWS networking services, providing a comprehensive overview of tools and technologies available to build and manage secure, scalable, and high-performing networ...
- Antonio LagrotteriaEXPERTpublished 2 years ago4 votes28.2K viewsA selection of architectural patterns and tips to leverage secure cross-account APIs, showing ingress, egress and inspection reference architectures
- Jonathan_DEXPERTpublished 3 years ago4 votes12.2K viewsDo you have critical workloads running in AWS? Review these handpicked resources to find ways to ensure your applications are resilient to failures.
- AWS OFFICIALUpdated 2 years ago0 votes95 viewsThis selection includes content and solutions supporting FSI related compliance and requirements covering security, immutable storage, and general guidance.
- AWS OFFICIALUpdated 2 years ago0 votes211 viewsAs a best practice, AWS recommends that you use AWS Identity and Access Management (IAM) roles instead of IAM users with long-term credentials such as access keys.
- AWS OFFICIALUpdated 2 years ago0 votes46 viewsAccelerate your business transformation goals with a managed service that combines compute, network and storage capabilities in a fully supported, ready-to-run service from VMware and AWS.
- AWS OFFICIALUpdated 3 years ago0 votes8.1K viewsAre you getting 403 Access Denied errors with your Amazon Simple Storage Service (Amazon S3) operations? Review this list of handpicked resources to identify the root cause and troubleshooting instruc...
1 / 18
Riku_Kobayashi
EXPERTGary Mclean
EXPERTsecondabhi_aws
EXPERTOleksii Bebych
EXPERTGreg
EXPERTKidd Ip
EXPERTOsvaldo Marte
EXPERTSedat SALMAN
EXPERTBehrens, Isaac
EXPERTAdeleke Adebowale .J.
EXPERTTushar Jagdale
EXPERTMatt Barbieri
EXPERTAWS-User-alantam
EXPERTIndranil Banerjee AWS
EXPERTTakahito Iwasa
EXPERTFlorian Turnwald
EXPERTMassimilianoAWS
EXPERTGK
EXPERT
Learn AWS faster by following popular topics
1 / 5
