Press Release

<< Back
Amazon Web Services Announces New Services for Enterprise Security and Governance

AWS Key Management Service gives customers centralized, secure control over the encryption keys used to protect their data; available today

AWS Config provides AWS resource visibility, configuration history, and configuration change notifications to enable security and governance; preview starting today

AWS Service Catalog enables enterprise administrators to create curated catalogs of cloud offerings and make them accessible to select company employees via a self-service portal; available in early 2015

SEATTLE--(BUSINESS WIRE)--Nov. 12, 2014-- Today at AWS re:Invent, Amazon Web Services, Inc. (AWS), an company (NASDAQ: AMZN), announced three new services to make it even easier for enterprises to maintain security, governance, and compliance of their resources in the AWS Cloud. AWS Key Management Service is a fully managed service that makes it easy for customers to create and control the encryption keys used to encrypt their data on the AWS Cloud. AWS Config is a fully managed service that provides customers with full visibility into their AWS resources and associated relationships, lets them audit resource configuration history, and notifies them of resource configuration changes. AWS Service Catalog allows enterprise administrators to select what AWS resources they want their employees deploying, in what configurations, who has access to each of these options, and then makes them discoverable to their employees via a personalized portal. To learn more about AWS Key Management Service, AWS Config, and AWS Service Catalog, visit

Enterprises are increasingly moving the majority of their applications to the cloud, and need visibility and control over their resources in order to have the requisite governance and compliance abilities. AWS CloudTrail (API logging service), Amazon CloudWatch (fine-grained monitoring and alarming service), and AWS Trusted Advisor (proactive help for customers on how they can be better optimized on AWS) provide customers with visibility and control capabilities; but enterprises want easier ways to manage encryption, more details on configurations, and methods to govern employees’ use of IT resources. Today, enterprises have to invest a lot of time, effort, and budget into maintaining this security, governance, and compliance, taking attention away from their core business. With AWS Key Management Service, AWS Config, and AWS Service Catalog, enterprise customers have new AWS Cloud services to easily and cost-effectively manage their infrastructure.

“As our customers move larger portions of their applications to the AWS Cloud, they need more than just robust, highly secure infrastructure services. They’ve asked us for tools to help them fortify the landscape around their core services and ensure that they are deploying what they intend, governing their resources, and implementing security best-practices,” said Scott Wiltamuth, Vice President, Developer Productivity and Tools, Amazon Web Services. “To address these needs, AWS Key Management Service, AWS Config, and AWS Service Catalog help customers manage encryption and compliance efforts so they can understand, control, and audit how their resources are being deployed, who is accessing them, and what activities and usage is happening within their environments.”

  • Encryption made easy with AWS Key Management Service

    AWS Key Management Service lets developers encrypt data with one click in the AWS Management Console, or by using the AWS SDK to add encryption to their application code. It provides a single place for administrators to create, disable, and view keys, allowing them to define usage policies and set up automatic enforced key rotation. AWS Key Management Service logs all key usage information, feeding an audit trail into AWS CloudTrail for customers to use in meeting compliance and regulatory requirements. AWS Key Management Service provides seamless integration with services like Amazon Simple Storage Service (Amazon S3), Amazon Elastic Block Store (Amazon EBS), Amazon Relational Database Service (Amazon RDS), and Amazon Redshift, along with a simple SDK for integration into a customer’s own applications. It uses Hardware Security Modules (HSMs) to protect the security of customer keys.
  • Visibility into AWS resources with AWS Config

    AWS Config provides customers with full visibility into all of their AWS resources, and the relationships between application infrastructure components, so they can understand and evaluate the impact of changes to their environment. AWS Config continuously records changes to the configuration attributes of a customer’s AWS resources, such as security group settings, or the value tags on Amazon EC2 instances. Administrators get this information in a continuous stream, and they can view a full history and review configuration change impact across resources to support security analysis, compliance auditing, and troubleshooting efforts. AWS Config is available in preview today.
  • AWS Service Catalog

    AWS Service Catalog will enable administrators to create and share catalogs of customized “products” that incorporate company-approved standard architectures and configurations. Administrators can employ access controls by individual, group, department, or cost center, giving them fine-grained control over who is allowed to use a given application. With AWS Service Catalog, administrators can set policies to help them meet their requirements, such as limiting how many times an application can be used in order to maintain licensing compliance. Administrators make these catalogs of approved products available to employees via a self-service Web portal. AWS Service Catalog logs all usage in AWS CloudTrail so that administrators can review, report, and confirm compliance. AWS Service Catalog will be available in early 2015.

Informatica is a leading provider of enterprise data integration software. “Maintaining the security of Informatica’s customers’ data is critical for us,” said Nitin Agarwal, Information Security Architect, Informatica. “AWS Key Management Service makes it easy for Informatica to implement good security practices around data protection, no matter where it resides. The AWS solution helps to provide secure data integration service for Informatica products and our customers.”

MobileIron is the leader in Enterprise Mobility Management and provides the foundation for companies around the world to secure mobile applications, content, and devices. “More enterprises are moving data to the cloud and they expect the same degree of security as if data were on premises,” said Ojas Rege, Vice President Strategy, MobileIron. “AWS Key Management Service provides protection for and management of encryption keys which allows us to develop a cloud services architecture that assures corporate data remains safeguarded as securely as in an on-premises, TPM-protected environment.”

Medidata delivers a cloud platform with innovative technology and data analytics that is transforming clinical development. “We wanted more detailed visibility into resource configurations and how these configurations change so we can detect misconfigurations quickly, yet maintain developer productivity in the cloud,” said Mike Capone, Chief Operating Officer, Medidata Solutions. “AWS Config addresses these needs for us. The visibility we get with AWS Config improves our overall governance and compliance posture on AWS.”

Customers can access AWS Key Management Service using the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDKs. AWS Key Management Service is initially available in the US East (N. Virginia), US West (Oregon), US West (N. California), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), and South America (São Paulo) Regions. To learn more about AWS Key Management Service, AWS Config, and AWS Service Catalog, visit

About Amazon Web Services

Launched in 2006, Amazon Web Services offers a robust, fully featured technology infrastructure platform in the cloud comprised of a broad set of compute, storage, database, analytics, application, and deployment services from data center locations in the U. S., Australia, Brazil, China, Germany, Ireland, Japan, and Singapore. More than a million customers, including fast-growing startups, large enterprises, and government agencies across 190 countries, rely on AWS services to innovate quickly, lower IT costs and scale applications globally. To learn more about AWS, visit

About Amazon opened on the World Wide Web in July 1995. The company is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. Customer reviews, 1-Click shopping, personalized recommendations, Prime, Fulfillment by Amazon, AWS, Kindle Direct Publishing, Kindle, Fire phone, Fire tablets, and Fire TV are some of the products and services pioneered by Amazon.

Source: Amazon Web Services, Inc., Inc.
Media Hotline, 206-266-7180

Contact Amazon PR

For Non-media Inquiries:
Amazon Customer Service
For Kindle Marketing/Brand Inquiries:
Kindle Brand Use Guidelines