Yesterday, Amazon Web Services (AWS) announced that they are launching new tools and services for improving user security. The tools will help customers to use private certificates, manage their firewalls, and safely store credentials.
One of the new services is called Private Certificate Authority (CA). It is part of the AWS Certificate Manager (ACM) and allows the AWS customers to use private certificates without the need for specialized infrastructure.
Now the developers can provide private certificates with just a few API calls, while the administrators are provided central management and auditing capabilities, including certificate revocation lists (CRLs) and certificate creation reports. The Private CA is based on a pay-as-you-go pricing model.
The AWS Secrets Manager is created to make it easier for users to store, distribute and rotate their secrets, including credentials, passwords and API keys. The storage and retrieval of secrets can be done via the API or the AWS Command Line Interface (CLI), while built-in or custom AWS Lambda functions provide the capabilities for rotating credentials.
“Previously, customers needed to provision and maintain additional infrastructure solely for secrets management which could incur costs and introduce unneeded complexity into systems,” the Senior Technical Evangelist at AWS, Randall Hunt, said.
The AWS Secrets Manager is available in the US East and West, Canada, South America, and most of the EU and Asia Pacific regions. It costs $0.40 per month per secret, and $0.05 per 10,000 API calls.
The AWS Firewall Manager is created to simplify administration of AWS WAF web application firewalls across multiple accounts and resources. The administrators can create policies and set up firewall rules and they are automatically applied to all applications, no matter which is the region they are hosted in.
“Developers can develop and innovators can innovate, while the security team gains the ability to respond quickly, uniformly, and globally to potential threats and actual attacks,” the Chief Evangelist for AWS, Jeff Barr, stated.
The customers of AWS Shield Advanced can get the new Firewall Manager at no extra cost, while the other users will be charged a monthly fee for each policy in each region.
In addition, Amazon has added support for encrypting data in transit for the Amazon Elastic File System (EFS) – a file system created for cloud applications which require shared access to file-based storage. The support for encrypting data at rest has already been released.
By launching the new EFS mount helper tool, Amazon has made it easier for users to implement data encryption in transit.
