Gene Arnold’s Post

Check out our new AWS Partner Network (APN) blog about how the Alation Data Catalog plus AWS PrivateLink can securely connect to data assets to maintain compliance with security and regulatory requirements. https://lnkd.in/gEjaqEv8 #awscloud #apn #alation #datacatalog #datagovernance #datasecurity

Safeguarding Your Data with AWS Glue: Exploring Encryption Best Practices https://lnkd.in/dkzEWHNB Amazon Web Services (AWS) #aws #awslambda #businesscompassllc

"How can I securely connect my cloud or on-premises data assets to an enterprise data catalog?" 🤔 If you've ever asked yourself that question, then do we have the blog for you! Tamara Astakhova from AWS and Alation's Steve Hindman, Benjamin Ng, and Gene Arnold share how Alation & AWS PrivateLink can help you securely connect to data assets to maintain compliance with security and regulatory requirements. Some benefits of using these tools in tandem include: ⚡ Rapid implementation of cloud-based data intelligence platforms 🔒 Secure connections without metadata going over the public internet 📈 Improved network performance via private connector 🔌 Scale to many data sources and large number of users Learn more in this blog, and check out the link in the comments to uncover more about our partnership. https://lnkd.in/eJUwRDSn #AWSPartners #AWS #AlationPartners #DataCatalog #AlationCloudService

Using AWS Transit Gateway Flow Logs to chargeback data processing costs in a multi-account environment This post proposes a method for calculating chargebacks on data processing charges from a shared transit gateway attachment, allocating costs to spoke accounts that received the processed data. The approach outlined can be adapted for any attachment shared among multiple accounts on the transit gateway. By accurately attributing data processing costs, organizations can implement fair and transparent chargeback models, ensuring accountability and cost optimization across their AWS infrastructure. https://lnkd.in/eCkyRX-u #security #amazonwebservices

📊🚨📰Join the preview of attribute-based access control for Amazon DynamoDB by Esteban Serna Parra 🚀 Exciting news! Amazon DynamoDB introduces attribute-based access control for simplified permission management and segmentation of access control. Learn how ABAC can enhance your security posture and simplify your policy management tasks. #AmazonDynamoDB #ABAC #AWS #NoSQL 🚀 https://buff.ly/3z6erNK #aws #awsdatabase

In this post, we discuss how to use fine-grained access control (FGAC) implement least privilege access control to trusted IAM entities. We demonstrate how to configure FGAC with condition-based IAM polices on DynamoDB. We provide you sample AWS IAM Identity Center permission sets for fine-grained access control to DynamoDB based on attributes like AWS Regions and tags. We also show how to integrate DynamoDB with AWS CloudTrail to log DynamoDB control plane and data plane API actions. For example, you can log DeleteItem events in CloudTrail logs, create an Amazon CloudWatch metric filter, and create a CloudWatch alarm. We also provide a HashiCorp Terraform infrastructure as code (IaC) template that automates the creation of these resources. #AWS #AmazonWebServices #AWSBlogs #Cloud #CloudComputing #Serverless #DynamoDB

In this post, we discuss how to use fine-grained access control (FGAC) implement least privilege access control to trusted IAM entities. We demonstrate how to configure FGAC with condition-based IAM polices on DynamoDB. We provide you sample AWS IAM Identity Center permission sets for fine-grained access control to DynamoDB based on attributes like AWS Regions and tags. We also show how to integrate DynamoDB with AWS CloudTrail to log DynamoDB control plane and data plane API actions. For example, you can log DeleteItem events in CloudTrail logs, create an Amazon CloudWatch metric filter, and create a CloudWatch alarm. We also provide a HashiCorp Terraform infrastructure as code (IaC) template that automates the creation of these resources. #AWS #AmazonWebServices #AWSBlogs #Cloud #CloudComputing #Serverless #DynamoDB

I've been working with a number of customers who are increasingly adopting cloud-based SaaS models for their products. In this rapidly evolving landscape, ensuring the security and compliance of multi-tenant application environments is critical. Balancing robust data isolation, comprehensive access controls, and cost-effective management while maintaining a strong security posture can be a real challenge. In my experience, a layered, strategic approach is essential. One effective solution is to leverage Amazon S3 to partition tenant data across dedicated buckets, prefix-based structures, or database-driven mappings. This sets a solid foundation for strict access controls and isolation using IAM policies, S3 access points, and encryption key management. Of course, ensuring compliance is key for your customers. AWS Security Assurance Services can help you accelerate your journey with PCI, HIPAA, FedRAMP, and more. If you'd like to learn more about securing your multi-tenant SaaS environment, check out these helpful resources: AWS Security Assurance Services: https://lnkd.in/g2Y4q5ce Partitioning and Isolating Multi-Tenant SaaS Data with Amazon S3: https://lnkd.in/gdWpWWbH Easily Manage Shared Data Sets with Amazon S3 Access Points: https://lnkd.in/gqFNt6d2 Managing access with S3 Access Grants: https://lnkd.in/gzQ6grDz #AWS #SaaS #DataSecurity #CloudSecurity

In this post, we discuss how to use fine-grained access control (FGAC) implement least privilege access control to trusted IAM entities. We demonstrate how to configure FGAC with condition-based IAM polices on DynamoDB. We provide you sample AWS IAM Identity Center permission sets for fine-grained access control to DynamoDB based on attributes like AWS Regions and tags. We also show how to integrate DynamoDB with AWS CloudTrail to log DynamoDB control plane and data plane API actions. For example, you can log DeleteItem events in CloudTrail logs, create an Amazon CloudWatch metric filter, and create a CloudWatch alarm. We also provide a HashiCorp Terraform infrastructure as code (IaC) template that automates the creation of these resources. #AWS #AmazonWebServices #AWSBlogs #Cloud #CloudComputing #Serverless #DynamoDB

In this post, we discuss how to use fine-grained access control (FGAC) implement least privilege access control to trusted IAM entities. We demonstrate how to configure FGAC with condition-based IAM polices on DynamoDB. We provide you sample AWS IAM Identity Center permission sets for fine-grained access control to DynamoDB based on attributes like AWS Regions and tags. We also show how to integrate DynamoDB with AWS CloudTrail to log DynamoDB control plane and data plane API actions. For example, you can log DeleteItem events in CloudTrail logs, create an Amazon CloudWatch metric filter, and create a CloudWatch alarm. We also provide a HashiCorp Terraform infrastructure as code (IaC) template that automates the creation of these resources. #AWS #AmazonWebServices #AWSBlogs #Cloud #CloudComputing #Serverless #DynamoDB