Adding approval notifications to EC2 Image Builder before sharing AMIs

In this post, we explain how to enable approval notifications for an Image Builder pipeline before AMIs are shared to other accounts. This solution can be extended to share to more than one AWS account or even to an AWS organization. With this solution, you will be notified when new golden images are created, allowing you to verify the accuracy of their configuration before sharing them to for wider use. This reduces the possibility of sharing AMIs with misconfigurations that the written tests may not have identified.

#Architecture

Secure Connectivity from Public to Private: Introducing EC2 Instance Connect Endpoint

We launched Amazon EC2 Instance Connect (EIC) Endpoint, a new feature that allows you to connect securely to your instances and other VPC resources from the Internet. With EIC Endpoint, you no longer need an IGW in your VPC, a public IP address on your resource, a bastion host, or any agent to connect to your resources. EIC Endpoint combines identity-based and network-based access controls, providing the isolation, control, and logging needed to meet your organization’s security requirements.

#Architecture

Scale your workforce access management with AWS IAM Identity Center (previously known as AWS SSO)

AWS Single Sign-On (AWS SSO) is now AWS IAM Identity Center. Amazon Web Services (AWS) is changing the name to highlight the service’s foundation in AWS Identity and Access Management (IAM), to better reflect its full set of capabilities, and to reinforce its recommended role as the central place to manage access across AWS accounts and applications. Although the technical capabilities of the service haven’t changed with this announcement, we want to take the opportunity to walk through some of the important features that drive our recommendation to consider IAM Identity Center your front door into AWS.

#Architecture

How to use AWS Config and CloudTrail to find who made changes to a resource

In this blog post, we propose a sample solution to strengthen your detection and response to the root cause of the AWS Config resource Configuration Item (CI) change. Through the sample solution, you will learn how to programmatically lookup events related to CI changes in AWS CloudTrail, extract information such as the user principal who made the change from the event, and send the information to an AWS SNS topic as a remedation.

#Architecture

Using Amazon CloudFront with AWS Lambda as origin to accelerate your web applications

In this blog, you will learn how to use the Lambda Function URL feature to define a AWS Lambda Function as origin for Amazon CloudFront. Lambda Function URL capability provides a dedicated HTTPS endpoint for your Lambda function deployed in an AWS Region.

#Serverless

Optimizing your AWS Lambda costs

This blog post explains how Lambda pricing works and how right-sizing applications and tuning them for performance efficiency offers a more cost-efficient utilization model. The results can also reduce latency, creating a better experience for your end users.

#Serverless

Using Amazon CloudFront and Amazon S3 to build multi-Region active-active geo proximity applications

In this post, you’ll learn how to use Lambda@Edge to implement geo-proximity routing for delivering assets from an Amazon S3 origin that is closest to the end-user in your Amazon CloudFront distribution, and that has active-active Amazon S3 origins in different AWS Regions.

#Serverless

#Architecture

Implement step-up authentication with Amazon Cognito, Part 1: Solution overview

In this blog post, you’ll learn how to protect privileged business transactions that are exposed as APIs by using multi-factor authentication (MFA) or security challenges. These challenges have two components: what you know (such as passwords), and what you have (such as a one-time password token). By using these multi-factor security controls, you can implement step-up authentication to obtain a higher level of security when you perform critical transactions. In this post, we show you how you can use AWS services such as Amazon API Gateway, Amazon Cognito, Amazon DynamoDB, and AWS Lambda functions to implement step-up authentication by using a simple rule-based security model for your API resources.

#Security

Simplifying User Authentication and Authorization with AWS Cognito.

AWS Cognito simplifies the process of user authentication and authorization by providing a fully managed solution with powerful features like user directories, secure authentication, social identity providers, MFA, and fine-grained access control. It empowers developers to focus on building core functionalities, enhances security, and ensures scalability and performance. To explore more about AWS Cognito and start implementing user management in your applications.

#Security