Security, Identity, & Compliance
Securely run your business with the most flexible and secure cloud computing environment available. Benefit from AWS data centers and a network architected to protect your information, applications, and devices. Meet core security requirements, such as data locality, protection, and confidentiality with our comprehensive services and features.
Recent questions
see all1 / 18
- hello aws people. I would like to deploy an AWS Network Firewall (NFW) in an environment that currently uses a NAT Gateway and an Application Load Balancer (ALB). I want to achieve the following traf...
- Service: Amazon Q Developer / Kiro Region: us-east-1 Account ID: 473688632013 Problem: Unable to assign Kiro subscriptions to users. The Kiro control plane rejects the request with AccessDeniedExce...
- Scenario: I built an event-driven AI pipeline on AWS with the following architecture: EventBridge → SQS → Lambda → Amazon Bedrock → Step Functions → DynamoDB Problem: Every service appeared healthy. ...
asked 3 days ago
- Installed AWS Security Agent and integrated with GitHub. On creation of a code review it consistently returns:"The pentest is not authorized to assume the service role" Steps taken: 1. Verified tru...
- I am seeing what appears to be a change in the Amazon Inspector2 EventBridge payload for enhanced ECR image scan completion events. We have an EventBridge rule that listens for Inspector2 scan comple...
- Since 2026-06-09, every CloudFormation create of a DNS-validated ACM certificate in eu-central-1 fails for us with: Resource handler returned message: "Connection pool shut down" (HandlerErrorCode:...
- I registered to use Amazon SES SMTP for my dental clinic's website, but they did not grant production access. We were only going to send appointment notification emails, that is, transactional emails....
- AWS Lambda added support for the python3.14 managed runtime in November 2025, but Amazon Inspector still does not scan Lambda functions using this runtime — for either standard scanning (package vulne...
- I have an expired ssl certificate for the domain beetlesmartphonesecurity.com i need to be guided on how to renew it on my aws server kindly
- I have a Lambda function whose Function URL is configured with AuthType = AWS_IAM (us-east-1). Behavior: - SigV4-signing a request to the Function URL as an IAM USER (which has lambda:InvokeFunctionU...
- I'm learning about CloudFront. I've set up a distribution using the free flat-rate plan. I've created an origin pointing to my EC2 instance and created a security group allowing access from the Clou...
- We are experiencing a complete outage of our AWS Client VPN endpoint. All users are unable to connect, and the AWS VPN Client shows "Waiting for identity..." indefinitely. The endpoint ID is cvpn-end...
- We have an AWS account where the only account available to us is an IAM user named DDI_ADMIN. We can log in successfully, but we receive Access Denied errors for billing, account settings, IAM functio...
- My IdP only supports the transient NameID format. However, I could not find any documentation or configuration option in AWS Cognito to support transient NameID. By default, Cognito appears to requir...
- I set up Security Hub and AWS Config across my AWS Organization a few years ago using the AWS-provided StackSets. Everything has been running fine with no changes on my end. Recently, Config.1 started...
- Hi AWS Community, I am seeking some advice regarding a pending charge waiver request. I am a final-year software engineering student, and I recently incurred an unexpected charge of $95.50 (including...
- Hello, Is there possible to add MFA authentication for an existing Cognito user, with a TOTP from an authenticator app such as Authy ? I tried from `Update MFA configuration` screen, but I got the ...
- ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "appsync:ListApiKeys", "chatbot:*", "codecommit:GetFile", "codecommit:GetCommit", "code...
asked 13 days ago
Recent Knowledge Center content
see all1 / 18
Recent articles
see all1 / 18
- AWS OFFICIALUpdated 4 hours ago0 votes14 viewsThis article shows you how to respond to AWS Trust & Safety abuse notifications for Amazon Elastic Compute Cloud (Amazon EC2) resources and implement preventative measures to reduce future incidents.
Dipesh PEXPERT
published 5 hours ago0 votes12 views
I want to track my AWS DevOps Agent spending and set up alerts to avoid unexpected charges. How do I monitor usage and control costs?
Jeongho KimSUPPORT ENGINEER
published 4 days ago0 votes23 views
After enabling IAM Identity Center authentication on an AMG workspace, you may find that users or groups cannot be found, or group assignment fails with a `Failed to associate identity, type: SSO_GROU...PraneethaEXPERT
published 5 days ago1 votes45 views
Amazon S3 Files requires two IAM roles for bidirectional sync. A common misconfiguration — using aws:SourceAccount instead of aws:ResourceAccount in the sync role's inline policy — causes files to sil...KinjanEXPERT
published 8 days ago0 votes70 views
This guide provides step-by-step instructions to enable **AWS Security Incident Response (SIR)** using the AWS Command Line Interface (CLI). AWS Security Incident Response helps you prepare for, respo...JohnTEXPERT
published 10 days ago0 votes54 views
Explains how TA (static best-practice checks) and DevOps Agent (incident-pattern analysis) complement each other for layered incident prevention.MassimilianoAWSEXPERT
published 10 days ago0 votes73 views
Many MCP server only support DCR to obtain the client id and secret required to create an AgentCore Indentity credential provider. This article guides you through the process to follow in order correc...Ashish JaiswalEXPERT
published 18 days ago2 votes190 views
This article shows how to automatically trigger an AWS DevOps Agent investigation when Amazon CloudWatch Network Flow Monitor (NFM) detects network degradation. When NFM identifies retransmission time...Heverin, StephenEXPERT
published 20 days ago0 votes77 views
Join our experts LIVE on Twitch to see how AI-powered DevOps agents can accelerate your infrastructure troubleshooting!SaurabhEXPERT
published 21 days ago3 votes187 views
This article demonstrates the common failure modes when you integrate AWS DevOps Agent with ServiceNow for bidirectional incident handling, along with their resolution steps.VenkataEXPERT
published 24 days ago0 votes95 views
Customers using Snowflake's Workload Identity Federation (WIF) with AWS Glue may encounter a "No AWS region was found" error because the Glue proxy layer blocks boto3's automatic region detection. Thi...Tyler_PEXPERT
published 24 days ago0 votes61 views
Step-by-step guide for converting RAM organization-based shares to account-ID shares before migrating accounts between AWS Organizations, preventing connectivity loss for shared resources like Transit...AlejandroEXPERT
published 25 days ago6 votes257 views
This article helps DevOps, support engineers, and solutions architects quickly understand the flat-rate plan tiers, identify how you can benefit most from them, and guide activation through the consol...Ram AchantaEXPERT
published a month ago1 votes374 views
As enterprises scale Kiro adoption across multiple business units, finance teams need to attribute subscription costs to the teams consuming them — without building custom infrastructure. This guide d...KeyurEXPERT
published a month ago0 votes67 views
AWS CodeArtifact repository deletion is permanent and cannot be undone. If a repository is accidentally deleted, all packages become permanently unavailable — blocking CI/CD pipelines and potentially ...VictorEXPERT
published a month ago3 votes233 views
UK Cyber Essentials+ certification is a growing requirement for organisations supplying to the UK government. The good news is that as an AWS Enterprise customer, much of the groundwork is already wit...Florian TurnwaldEXPERT
published a month ago12 votes109 views
This cheatsheet compiles real-world takeaways on FSxN encryption in transit to prevent silent vulnerabilities.Florian TurnwaldEXPERT
published a month ago14 votes123 views
Provides a step-by-step guide to deploying ONTAP's machine-learning protection to detect and mitigate file-level ransomware threats in real time.
Recent selections
see all1 / 12
- AWS OFFICIALUpdated 2 months ago1 votes193 viewsAWS Official content is created by a team of technical experts, professional writers, and editors within AWS. They work together to make sure that the information is clear, comprehensive, and aligned ...
AWS OfficialMODERATOR
published 2 months ago0 votes178 views
This spotlight on AWS IAM equips you with skills and troubleshooting best practices to secure and manage access to your AWS resources effectively.AWS OfficialMODERATOR
published 8 months ago1 votes313 views
This spotlight on Amazon Cognito equips you with the skills and troubleshooting best practices to get the most out of this cost effective service.AWS OfficialEXPERT
published 2 years ago0 votes988 views
This spotlight on IAM equips you with the skills and troubleshooting tips to get the most out of a powerful service.- AWS OFFICIALUpdated 4 hours ago11 votes32.5K viewsThe AWS Trust & Safety Center provides curated knowledge of AWS resources that can assist you in your cloud journey.
Osvaldo MarteEXPERT
published 2 years ago2 votes18.6K views
This selection focuses on the essential AWS networking services, providing a comprehensive overview of tools and technologies available to build and manage secure, scalable, and high-performing networ...Antonio LagrotteriaEXPERT
published 2 years ago4 votes28.3K views
A selection of architectural patterns and tips to leverage secure cross-account APIs, showing ingress, egress and inspection reference architecturesJonathan_DEXPERT
published 3 years ago4 votes12.3K views
Do you have critical workloads running in AWS? Review these handpicked resources to find ways to ensure your applications are resilient to failures.- AWS OFFICIALUpdated 3 years ago0 votes99 viewsThis selection includes content and solutions supporting FSI related compliance and requirements covering security, immutable storage, and general guidance.
- AWS OFFICIALUpdated 3 years ago0 votes239 viewsAs a best practice, AWS recommends that you use AWS Identity and Access Management (IAM) roles instead of IAM users with long-term credentials such as access keys.
- AWS OFFICIALUpdated 3 years ago0 votes57 viewsAccelerate your business transformation goals with a managed service that combines compute, network and storage capabilities in a fully supported, ready-to-run service from VMware and AWS.
- AWS OFFICIALUpdated 3 years ago0 votes8.2K viewsAre you getting 403 Access Denied errors with your Amazon Simple Storage Service (Amazon S3) operations? Review this list of handpicked resources to identify the root cause and troubleshooting instruc...
1 / 18
Riku_Kobayashi
EXPERTGary Mclean
EXPERTsecondabhi_aws
EXPERTOleksii Bebych
EXPERTGreg
EXPERTKidd Ip
EXPERTOsvaldo Marte
EXPERTBehrens, Isaac
EXPERTSedat SALMAN
EXPERTAdeleke Adebowale .J.
EXPERTTushar Jagdale
EXPERTFlorian Turnwald
EXPERTMatt Barbieri
EXPERTAWS-User-alantam
EXPERTIndranil Banerjee AWS
EXPERTTakahito Iwasa
EXPERTMassimilianoAWS
EXPERTGK
EXPERT
Learn AWS faster by following popular topics
1 / 6
