AWS, the public cloud giant, rolled out a number of new services and tools, which are aimed at improving compliance and security of its infrastructure platforms.
Announced at the AWS Summit at San Francisco, the new services include AWS Secrets Manager, AWS Firewall Manager, Private Certificate Authority, and updates to existing services.
- AWS Secrets Manager
The Secrets Manager is a new tool used to easily and securely store, manage and retrieve ‘application secrets’ like database credentials, and API keys throughout their lifecycle.
Previously, the secrets management needed users to maintain some additional infrastructure, which increased the costs and complexity into systems.
It will especially be helpful for the developers who use multiple distributed microservices. They can store and access the secrets through AWS Command Line Interface (CLI) or an API.
“As you grow and scale to many distributed microservices, it becomes a daunting task to securely store, distribute, rotate, and consume secrets,” wrote Randall Hunt, senior technical evangelist at AWS, in a blog post.
The secrets are rotated using custom AWS Lambda functions, which allow users to define completely custom workflows for credentials.
- AWS Firewall Manager
The Firewall Manager is aimed at providing a more centralized control over security policies. It enables customers to use and manage multiple AWS accounts, and host applications, especially in larger organizations. The Firewall Manager, being a central model, can offer an accurate level of oversight for global initiatives and challenges that span users and teams.
“With automated policy enforcement across accounts & applications, your security team can be confident that new and existing applications comply with organization-wide security policies when they use Firewall Manager. They can find applications and AWS resources that don’t measure up, and bring them into compliance in minutes,” wrote Jeff Barr, Amazon’s senior evangelist, in a separate blog post.
- Private Certificate Authority
AWS had added a new feature called Private Certificate Authority (CA) to AWS Certificate Manager (ACM). It will enable developers to provision private certificates through API calls and manage them using a CA console.
Previously, the customers needed to have standalone specialized infrastructure and security expertise to use private certificates. This increased the costs of operation and maintenance. To address this problem, Private CA allows customers to more securely manage lifecycle of their private certificates with pay-as-you-go pricing.
Lastly, AWS updated its Config Rules with an ability to aggregate the compliance data across multiple AWS accounts and regions. Users can view the aggregated data in a dashboard, an easier way to improve governance and compliance.