Amazon Virtual Private Cloud (Amazon VPC) endpoints—powered by AWS PrivateLink—enable customers to establish private connectivity to supported AWS services, enterprise services, and third-party services by using private IP addresses. There are three types of VPC endpoints: interface endpoints, Gateway Load Balancer endpoints, and gateway endpoints. An interface VPC endpoint, in particular, allows customers to design […]
Read moreA data perimeter on Amazon Web Services (AWS) is a set of preventive controls you can use to help establish a boundary around your data in AWS Organizations. This boundary helps ensure that your data can be accessed only by trusted identities from within networks you expect and that the data cannot be transferred outside […]
Read moreAWS IAM Identity Center is the preferred way to provide workforce access to Amazon Web Services (AWS) accounts, and enables you to provide workforce access to many AWS managed applications, such as Amazon Q Developer (Formerly known as Code Whisperer). <p>As we continue to release more AWS managed applications, customers have told us they want […]
Read moreAWS IAM Identity Center is the preferred way to provide workforce access to Amazon Web Services (AWS) accounts, and enables you to provide workforce access to many AWS managed applications, such as Amazon Q Developer (Formerly known as Code Whisperer). <p>As we continue to release more AWS managed applications, customers have told us they want […]
Read moreMicrosoft Entra is not only the identity system for users; it’s also the identity and access management (IAM) system for Azure-based services, all internal infrastructure services at Microsoft, and our customers’ workload identities. This is why our 99.99% service-level promise extends to workload identity authentication, and why we continue to improve our service’s resilience through […]
Read moreToday, AWS Key Management Service (AWS KMS) is introducing faster options for automatic symmetric key rotation. We’re also introducing rotate on-demand, rotation visibility improvements, and a new limit on the price of all symmetric keys that have had two or more rotations (including existing keys). In this post, I discuss all those capabilities and changes. […]
Read moreFor businesses, particularly those in highly regulated industries, managing user accounts isn’t just a matter of security but also a compliance necessity. In sectors such as finance, healthcare, and government, where regulations often mandate strict control over user access, disabling stale user accounts is a key compliance activity. In this post, we show you a […]
Read moreLet’s say that, during the middle of a busy day, you receive what looks like a work-related email with a QR code. The email claims to come from a coworker, requesting your help in reviewing a document. You scan the QR code with your phone and it takes you to what looks like a Microsoft […]
Read moreWhen building API-based web applications in the cloud, there are two main types of communication flow in which identity is an integral consideration: <ul> <li><strong>User-to-Service communication</strong>: Authenticate and authorize users to communicate with application services and APIs</li> <li><strong>Service-to-Service communication</strong>: Authenticate and authorize application services to talk to each other</li> </ul> <p>To design an authentication and authorization solution […]
Read moreDecember 12, 2023: We’ve updated this post to clarify that you can use both sts:audit_context and sts:identity_context can be used to create an identity-enhanced session. <hr> <p><a href=”https://aws.amazon.com/iam” target=”_blank” rel=”noopener”>AWS Identity and Access Management (IAM)</a> roles are a powerful way to manage permissions to resources in the <a href=”https://aws.amazon.com” target=”_blank” rel=”noopener”>Amazon Web Services (AWS)</a> Cloud. […]
Read more
You must be logged in to post a comment.