// tag
#Security
6 posts
ACM ACME support turns certificate automation into a governance problem
AWS Certificate Manager now supports ACME for public certificates, giving teams a standard automation path while keeping domain control, audit, and policy centralized.
Faster S3 access log queries make storage security more usable
AWS shows how CloudWatch and S3 Tables can make S3 access logs easier to query, which helps builders turn storage audit data into operational and security signals.
Secure ML environments need productivity and exfiltration controls together
An AWS architecture using SageMaker AI, VPC endpoints, DNS controls, and WorkSpaces Secure Browser shows how ML teams can protect sensitive data without returning to expensive air-gapped workflows.
Restricting AWS Console access by network is a useful perimeter, not a complete identity strategy
AWS sign-in resource-based policies and resource control policies can restrict Management Console access to expected networks, adding a practical layer to data perimeter designs.
EKS control plane egress through your VPC closes a real private-cluster gap
Amazon EKS customer-routed control plane egress lets Kubernetes API server traffic use customer VPC routing, security controls, and private endpoints for webhooks and OIDC dependencies.
Lambda MicroVMs make isolated sandboxes a serverless design choice
AWS Lambda MicroVMs give builders a new option for running user-generated and AI-generated code with VM-level isolation, fast resume, and controlled lifecycle state.