Blog Image

Secure Connectivity from Public to Private: Introducing EC2 Instance Connect Endpoint

We launched Amazon EC2 Instance Connect (EIC) Endpoint, a new feature that allows you to connect securely to your instances and other VPC resources from the Internet. With EIC Endpoint, you no longer need an IGW in your VPC, a public IP address on your resource, a bastion host, or any agent to connect to your resources. EIC Endpoint combines identity-based and network-based access controls, providing the isolation, control, and logging needed to meet your organization’s security requirements.

Read More
#Architecture
Blog Image

Scale your workforce access management with AWS IAM Identity Center (previously known as AWS SSO)

AWS Single Sign-On (AWS SSO) is now AWS IAM Identity Center. Amazon Web Services (AWS) is changing the name to highlight the service’s foundation in AWS Identity and Access Management (IAM), to better reflect its full set of capabilities, and to reinforce its recommended role as the central place to manage access across AWS accounts and applications. Although the technical capabilities of the service haven’t changed with this announcement, we want to take the opportunity to walk through some of the important features that drive our recommendation to consider IAM Identity Center your front door into AWS.

Read More
#Architecture
Blog Image

How to use AWS Config and CloudTrail to find who made changes to a resource

In this blog post, we propose a sample solution to strengthen your detection and response to the root cause of the AWS Config resource Configuration Item (CI) change. Through the sample solution, you will learn how to programmatically lookup events related to CI changes in AWS CloudTrail, extract information such as the user principal who made the change from the event, and send the information to an AWS SNS topic as a remedation.

Read More
#Architecture
Blog Image

Adding approval notifications to EC2 Image Builder before sharing AMIs

In this post, we explain how to enable approval notifications for an Image Builder pipeline before AMIs are shared to other accounts. This solution can be extended to share to more than one AWS account or even to an AWS organization. With this solution, you will be notified when new golden images are created, allowing you to verify the accuracy of their configuration before sharing them to for wider use. This reduces the possibility of sharing AMIs with misconfigurations that the written tests may not have identified.

Read More
#Architecture