Security, Identity, & Compliance
Securely run your business with the most flexible and secure cloud computing environment available. Benefit from AWS data centers and a network architected to protect your information, applications, and devices. Meet core security requirements, such as data locality, protection, and confidentiality with our comprehensive services and features.
Recent questions
see all1 / 18
- Hi AWS Team and Community, I'm excited about the recent announcement (February 2026) that AWS STS now supports validation of select identity provider-specific claims for OIDC federation, including Gi...
- hello AWS People https://github.com/aws-samples/sample-aws-kr-enterprise/tree/main/ai-ml/claude-code-bedrock-enterprise-blueprint I would like to test the contents of this GitHub repository. Curren...
- hello aws people. I would like to deploy an AWS Network Firewall (NFW) in an environment that currently uses a NAT Gateway and an Application Load Balancer (ALB). I want to achieve the following traf...
- Service: Amazon Q Developer / Kiro Region: us-east-1 Account ID: 473688632013 Problem: Unable to assign Kiro subscriptions to users. The Kiro control plane rejects the request with AccessDeniedExce...
- Scenario: I built an event-driven AI pipeline on AWS with the following architecture: EventBridge → SQS → Lambda → Amazon Bedrock → Step Functions → DynamoDB Problem: Every service appeared healthy. ...
asked 4 days ago
- Installed AWS Security Agent and integrated with GitHub. On creation of a code review it consistently returns:"The pentest is not authorized to assume the service role" Steps taken: 1. Verified tru...
- I am seeing what appears to be a change in the Amazon Inspector2 EventBridge payload for enhanced ECR image scan completion events. We have an EventBridge rule that listens for Inspector2 scan comple...
- Since 2026-06-09, every CloudFormation create of a DNS-validated ACM certificate in eu-central-1 fails for us with: Resource handler returned message: "Connection pool shut down" (HandlerErrorCode:...
- I registered to use Amazon SES SMTP for my dental clinic's website, but they did not grant production access. We were only going to send appointment notification emails, that is, transactional emails....
- AWS Lambda added support for the python3.14 managed runtime in November 2025, but Amazon Inspector still does not scan Lambda functions using this runtime — for either standard scanning (package vulne...
- I have an expired ssl certificate for the domain beetlesmartphonesecurity.com i need to be guided on how to renew it on my aws server kindly
- I have a Lambda function whose Function URL is configured with AuthType = AWS_IAM (us-east-1). Behavior: - SigV4-signing a request to the Function URL as an IAM USER (which has lambda:InvokeFunctionU...
- I'm learning about CloudFront. I've set up a distribution using the free flat-rate plan. I've created an origin pointing to my EC2 instance and created a security group allowing access from the Clou...
- We are experiencing a complete outage of our AWS Client VPN endpoint. All users are unable to connect, and the AWS VPN Client shows "Waiting for identity..." indefinitely. The endpoint ID is cvpn-end...
- We have an AWS account where the only account available to us is an IAM user named DDI_ADMIN. We can log in successfully, but we receive Access Denied errors for billing, account settings, IAM functio...
- My IdP only supports the transient NameID format. However, I could not find any documentation or configuration option in AWS Cognito to support transient NameID. By default, Cognito appears to requir...
- I set up Security Hub and AWS Config across my AWS Organization a few years ago using the AWS-provided StackSets. Everything has been running fine with no changes on my end. Recently, Config.1 started...
- Hi AWS Community, I am seeking some advice regarding a pending charge waiver request. I am a final-year software engineering student, and I recently incurred an unexpected charge of $95.50 (including...
Recent Knowledge Center content
see all1 / 18
Recent articles
see all1 / 18
RodrigoSUPPORT ENGINEER
published 7 hours ago3 votes35 views
An open source command line interface (CLI) that uses CloudTrail and Athena to quantify your S3 bucket key efficiency.- AWS OFFICIALUpdated a day ago0 votes23 viewsThis article shows you how to respond to AWS Trust & Safety abuse notifications for Amazon Elastic Compute Cloud (Amazon EC2) resources and implement preventative measures to reduce future incidents.
Dipesh PEXPERT
published a day ago0 votes38 views
I want to track my AWS DevOps Agent spending and set up alerts to avoid unexpected charges. How do I monitor usage and control costs?Jeongho KimSUPPORT ENGINEER
published 4 days ago0 votes27 views
After enabling IAM Identity Center authentication on an AMG workspace, you may find that users or groups cannot be found, or group assignment fails with a `Failed to associate identity, type: SSO_GROU...PraneethaEXPERT
published 6 days ago1 votes51 views
Amazon S3 Files requires two IAM roles for bidirectional sync. A common misconfiguration — using aws:SourceAccount instead of aws:ResourceAccount in the sync role's inline policy — causes files to sil...KinjanEXPERT
published 8 days ago0 votes72 views
This guide provides step-by-step instructions to enable **AWS Security Incident Response (SIR)** using the AWS Command Line Interface (CLI). AWS Security Incident Response helps you prepare for, respo...JohnTEXPERT
published 11 days ago0 votes56 views
Explains how TA (static best-practice checks) and DevOps Agent (incident-pattern analysis) complement each other for layered incident prevention.MassimilianoAWSEXPERT
published 11 days ago0 votes76 views
Many MCP server only support DCR to obtain the client id and secret required to create an AgentCore Indentity credential provider. This article guides you through the process to follow in order correc...Ashish JaiswalEXPERT
published 19 days ago2 votes190 views
This article shows how to automatically trigger an AWS DevOps Agent investigation when Amazon CloudWatch Network Flow Monitor (NFM) detects network degradation. When NFM identifies retransmission time...Heverin, StephenEXPERT
published 21 days ago0 votes77 views
Join our experts LIVE on Twitch to see how AI-powered DevOps agents can accelerate your infrastructure troubleshooting!SaurabhEXPERT
published 22 days ago3 votes194 views
This article demonstrates the common failure modes when you integrate AWS DevOps Agent with ServiceNow for bidirectional incident handling, along with their resolution steps.VenkataEXPERT
published 25 days ago0 votes95 views
Customers using Snowflake's Workload Identity Federation (WIF) with AWS Glue may encounter a "No AWS region was found" error because the Glue proxy layer blocks boto3's automatic region detection. Thi...Tyler_PEXPERT
published 25 days ago0 votes61 views
Step-by-step guide for converting RAM organization-based shares to account-ID shares before migrating accounts between AWS Organizations, preventing connectivity loss for shared resources like Transit...AlejandroEXPERT
published a month ago6 votes259 views
This article helps DevOps, support engineers, and solutions architects quickly understand the flat-rate plan tiers, identify how you can benefit most from them, and guide activation through the consol...Ram AchantaEXPERT
published a month ago1 votes383 views
As enterprises scale Kiro adoption across multiple business units, finance teams need to attribute subscription costs to the teams consuming them — without building custom infrastructure. This guide d...KeyurEXPERT
published a month ago0 votes68 views
AWS CodeArtifact repository deletion is permanent and cannot be undone. If a repository is accidentally deleted, all packages become permanently unavailable — blocking CI/CD pipelines and potentially ...VictorEXPERT
published a month ago3 votes233 views
UK Cyber Essentials+ certification is a growing requirement for organisations supplying to the UK government. The good news is that as an AWS Enterprise customer, much of the groundwork is already wit...Florian TurnwaldEXPERT
published a month ago12 votes111 views
This cheatsheet compiles real-world takeaways on FSxN encryption in transit to prevent silent vulnerabilities.
Recent selections
see all1 / 12
- AWS OFFICIALUpdated 2 months ago1 votes193 viewsAWS Official content is created by a team of technical experts, professional writers, and editors within AWS. They work together to make sure that the information is clear, comprehensive, and aligned ...
AWS OfficialMODERATOR
published 2 months ago0 votes179 views
This spotlight on AWS IAM equips you with skills and troubleshooting best practices to secure and manage access to your AWS resources effectively.AWS OfficialMODERATOR
published 8 months ago1 votes313 views
This spotlight on Amazon Cognito equips you with the skills and troubleshooting best practices to get the most out of this cost effective service.AWS OfficialEXPERT
published 2 years ago0 votes988 views
This spotlight on IAM equips you with the skills and troubleshooting tips to get the most out of a powerful service.- AWS OFFICIALUpdated a day ago11 votes32.6K viewsThe AWS Trust & Safety Center provides curated knowledge of AWS resources that can assist you in your cloud journey.
Osvaldo MarteEXPERT
published 2 years ago2 votes18.6K views
This selection focuses on the essential AWS networking services, providing a comprehensive overview of tools and technologies available to build and manage secure, scalable, and high-performing networ...Antonio LagrotteriaEXPERT
published 2 years ago4 votes28.3K views
A selection of architectural patterns and tips to leverage secure cross-account APIs, showing ingress, egress and inspection reference architecturesJonathan_DEXPERT
published 3 years ago4 votes12.3K views
Do you have critical workloads running in AWS? Review these handpicked resources to find ways to ensure your applications are resilient to failures.- AWS OFFICIALUpdated 3 years ago0 votes99 viewsThis selection includes content and solutions supporting FSI related compliance and requirements covering security, immutable storage, and general guidance.
- AWS OFFICIALUpdated 3 years ago0 votes239 viewsAs a best practice, AWS recommends that you use AWS Identity and Access Management (IAM) roles instead of IAM users with long-term credentials such as access keys.
- AWS OFFICIALUpdated 3 years ago0 votes57 viewsAccelerate your business transformation goals with a managed service that combines compute, network and storage capabilities in a fully supported, ready-to-run service from VMware and AWS.
- AWS OFFICIALUpdated 3 years ago0 votes8.2K viewsAre you getting 403 Access Denied errors with your Amazon Simple Storage Service (Amazon S3) operations? Review this list of handpicked resources to identify the root cause and troubleshooting instruc...
1 / 18
Riku_Kobayashi
EXPERTGary Mclean
EXPERTsecondabhi_aws
EXPERTOleksii Bebych
EXPERTGreg
EXPERTKidd Ip
EXPERTOsvaldo Marte
EXPERTBehrens, Isaac
EXPERTSedat SALMAN
EXPERTAdeleke Adebowale .J.
EXPERTFlorian Turnwald
EXPERTTushar Jagdale
EXPERTMatt Barbieri
EXPERTAWS-User-alantam
EXPERTIndranil Banerjee AWS
EXPERTTakahito Iwasa
EXPERTMassimilianoAWS
EXPERTGK
EXPERT
Learn AWS faster by following popular topics
1 / 6
