AWS Security Blog

In Case You Missed These: Some Recent AWS-Related Security Articles

With the steady stream of updates and enhancements for AWS services, it can be easy to miss important information about features related to security. Here are some recent security-related updates and announcements about AWS services that you might not have heard about yet.

Customizable security groups and multiple task instances now available for Amazon EMR

You can now control the security rules for your EMR cluster by specifying your own Amazon EC2 security groups. By customizing the security groups for EMR, you can prevent communication between clusters, grant an external application access to one cluster but not another, and apply multiple security groups to a given cluster. To learn more, see Configure Security Groups for Amazon EMR.

You also can provision multiple task instance groups for your cluster, with the option of having up to 48 task instance groups per cluster. See Instance Groups for more information about task instance groups. 

Amazon Elastic Transcoder now supports AES-128 encryption for HLS content

Amazon Elastic Transcoder lets you convert media files into versions that will play on smartphones, tablets, PCs, and smart TVs. A number of important improvements have been made to Elastic Transcoder in the last couple of months, including:

  • Media File Encryption – In November, we announced AWS Key Management Service (KMS) support for Elastic Transcoder. This release allows you to ensure the confidentiality of media assets (mezzanine files, thumbnails, captions, and watermarks) as they move between your application and the Elastic Transcoder service. You control who can decrypt your content, and you can use AWS CloudTrail to create an audit report of all encryption and decryption operations.
  • Advanced Encryption Standard-128 (AES-128) encryption to protect HLS content – You can now use AES-128 encryption to protect the transcoded files (which are broken down by HTTPS Live Streaming [HLS] into smaller pieces commonly known as media segments), while still making use of generic content delivery mechanisms. When you enable this feature, each media segment is encrypted using AES-128 and a single encryption key.

To learn more about important improvements to Elastic Transcoder, see Elastic Transcoder Update – AES-128 Encryption for HLS Content on the AWS Blog and Amazon Elastic Transcoder Now Supports AES-128 Encryption for HLS Content on the AWS Security Blog.

New encryption options for Amazon RDS

Amazon RDS recently made it easier to encrypt stored data (often referred to as “data at rest”) in database instances running MySQL, PostgreSQL, and Oracle Database. Previously, you had these two options for encrypting data at rest:

  • RDS for Oracle Database – AWS-managed keys for Oracle Enterprise Edition (EE).
  • RDS for SQL Server – AWS-managed keys for SQL Server EE.

In addition to these options, Amazon RDS added the following options:

  • RDS for MySQL – Customer-managed keys using AWS KMS.
  • RDS for PostgreSQL – Customer-managed keys using AWS KMS.
  • RDS for Oracle Database – Customer-managed keys for Oracle EE using AWS CloudHSM.

For more details, see Data Encryption Made Easier – New Encryption Options for Amazon RDS on the AWS Blog and Amazon RDS Now Supports Encryption via AWS Key Management Service on the AWS Security Blog.

Whitepaper: Architecting for Genomic Data Security and Compliance in AWS

The Architecting for Genomic Data Security and Compliance in AWS whitepaper was recently published and explains how researchers working with genomic sequence data use AWS to meet security and compliance guidelines set by government and grant-funding agencies. Among the security measures discussed is the use of AWS Identity and Access Management (IAM) to manage user access by relying on the principle of least privilege.

AWS achieves ISO 9001 certification

AWS has achieved ISO 9001 certification. This certification allows you to run your quality-controlled IT workloads in the AWS cloud. Achieving certification signifies that AWS has undergone a systematic, independent examination of its quality system, which was found to have been implemented effectively.

For more information, see AWS Certification Update – ISO 9001 and More, which includes additional AWS compliance news and resources.

 

And that’s not even to mention a number of recent AWS security topics we’ve discussed on the AWS Security Blog, including the release of the Criminal Justice Information Services (CJIS) Workbook, a review of IAM best practices, the release of cross-account access, and a recap of the AWS Security Blog in 2014.

As always, if you have questions about these features or AWS services, visit the AWS forums.

– Craig