AWS announces Secrets Manager, more tools for security
How major cloud vendors stack up in 2018
Amazon Web Services on Wednesday announced AWS Secrets Manager, one of multiple new tools and services for security and compliance.
Secrets Manager enables customers to store and retrieve application secrets via API or the AWS Command Line Interface (CLI) and rotate credentials with built in or custom AWS Lambda functions.
Also: AWS Sumerian: A bet that enterprise AR and VR will be browser-based
The sort of secrets one would manage include database credentials, passwords, or API Keys. The Secrets Manager makes it easier to do so when using multiple distributed microservices, without relying on additional infrastructure.
"You never, ever again have to put a secret in your code," Amazon CTO Werner Vogels said at an AWS Summit. Secrets Manager, he said, "allows us to build systems that are way more secure than we could ever do in the past."
AWS also launched Firewall Manager, giving customers centralized control over organization-wide security policies, over multiple accounts and multiple applications. Security teams can use it to find applications and AWS resources that aren't in compliance and bring them up to speed within minutes.
Next, AWS launched a new feature for AWS Certificate Manager (ACM) called Private Certificate Authority (CA). This lets customers securely manage the lifecycle of private certificates with pay-as-you-go pricing. Previously, private certificates required expensive, specialized infrastructure and security expertise. The new feature lets developers provision private certificates with a few API calls, and it gives administrators a central CA management console and fine-grained access control through IAM policies.
"There's no reason to not use certificates and encryption at this moment," Vogels said Wednesday. "Because security is all of our jobs. If something happens at your company, it's your doing as well, it's not just the security team."
Meanwhile, AWS is also updating its Config Rules, giving users the ability to aggregate compliance data produced by their rules across multiple AWS accounts and/or regions.