Abstract: Techniques are described for providing software developers with secure software project development environments via cloud-based or locally installed integrated development environments (IDEs). A cloud provider network provides a project development environment policy service that enables users to configure project development environment policies associated with various software projects and to deploy configured policies to users' project development environments as appropriate. A project development environment policy can include rules related to monitoring and controlling version control system actions, monitoring the content of project source code pushed to version control repositories, among other software project governance-related configurations.

Abstract: A processing device receives security data from a plurality of web services associated with an organization and stores the security data separately in an unstructured data storage. The processing device generates one or more purpose built databases from the security data in the unstructured data storage, the one or more purpose built databases merging the security data from the plurality of web services. The processing device further receives, from a requestor, an analysis request pertaining to the plurality of web services, executes an analysis using the one or more purpose built databases to generate a response to the analysis request, and provides the response to the analysis request to the requestor.

Abstract: Users are authorized to access tagged metadata in a provider network. A revision control and binding mechanism may be applied to tagged metadata that is added or modified by the user. A recommendation pertaining to security and compliance for the computing resource may be determined based on an analysis of the computing resource, scoring criteria, and data pertaining to customer and system data.

Abstract: A quorum-based access mechanism can require multiple entities to provide credentials over a determined period of time in order to obtain access to one or more resources in an electronic environment. This can include receiving a request that is signed by multiple signatories, or receiving multiple requests within a determined period that are each signed by a respective and authorized signatory. In some embodiments the receiving of a primary request causes notifications to be sent to other potential signatories, and a specified or minimum number must respond timely with a signed request to have the access granted. The quorum-based access mechanism can function as an additional authorization layer sitting in front of more conventional authorization and authentication mechanisms. In some embodiments a quorum token can be passed with the request, whereby resources in the environment can make access determinations based on the information in the token.

Abstract: A technology is provided for security appliance provisioning. In one example, a method includes providing a variety of types of physical security appliances in a service provider environment. A selection may be received identifying a selected security appliance from among the variety of types of physical security appliances for use in a customer virtual infrastructure within the service provider environment. The selected security appliance may be provisioned for use at an edge location of the customer virtual infrastructure. The selected security appliance may be configured to enforce a security policy defined for the customer virtual infrastructure.

Abstract: A quorum-based access mechanism can require multiple entities to provide credentials over a determined period of time in order to obtain access to one or more resources in an electronic environment. This can include receiving a request that is signed by multiple signatories, or receiving multiple requests within a determined period that are each signed by a respective and authorized signatory. In some embodiments the receiving of a primary request causes notifications to be sent to other potential signatories, and a specified or minimum number must respond timely with a signed request to have the access granted. The quorum-based access mechanism can function as an additional authorization layer sitting in front of more conventional authorization and authentication mechanisms. In some embodiments a quorum token can be passed with the request, whereby resources in the environment can make access determinations based on the information in the token.

Abstract: A lineage-based trust for machine images that are derived from another may be established to validate a machine within the lineage before it is used to launch a virtual machine. An offspring machine image may be derived from a parent machine image through modifications made to the parent machine. Further, an integrity metric may be computed for each such modification and a data structure may be provided through which the parent and offspring machine images can be linked. When a customer of a provider network requests a virtual machine to be launched using a specified machine image, the specified machine image is loaded on to a host computer and validated using the associated integrity metrics before the virtual machine is launched.

Abstract: Users are authorized to access tagged metadata in a provider network. A revision control and binding mechanism may be applied to tagged metadata that is added or modified by the user. A recommendation pertaining to security and compliance for the computing resource may be determined based on an analysis of the computing resource, scoring criteria, and data pertaining to customer and system data.

Abstract: A quorum-based access mechanism can require multiple entities to provide credentials over a determined period of time in order to obtain access to one or more resources in an electronic environment. This can include receiving a request that is signed by multiple signatories, or receiving multiple requests within a determined period that are each signed by a respective and authorized signatory. In some embodiments the receiving of a primary request causes notifications to be sent to other potential signatories, and a specified or minimum number must respond timely with a signed request to have the access granted. The quorum-based access mechanism can function as an additional authorization layer sitting in front of more conventional authorization and authentication mechanisms. In some embodiments a quorum token can be passed with the request, whereby resources in the environment can make access determinations based on the information in the token.

Abstract: Technology is described for auto scaling computing resources in response to a cyber-attack in a service provider environment. The computing resources in the service provider environment may be detected as being exposed to the cyber-attack. A security scaling action may be performed in the service provider environment that mitigates the cyber-attack. The security scaling action to be performed may be determined by a security threat mitigation service that operates in the service provider environment. A performance of the security scaling action in the service provider environment may be initiated.

Abstract: Technology is described for supplying regulatory compliance evidence for a virtual computing service provider. A request is received for providing regulatory compliance evidence for a service provided by a virtual computing service provider. A statistical analysis of subject matter relating to the request using machine learning is provided. The subject matter associated with the request is categorized. The categorized subject matter is mapped to a control list, maintained for compliance regulations, that is mapped to the regulatory compliance evidence. A confidence level for the regulatory compliance evidence is developed according to historical data relating to previously provided regulatory compliance evidence. A response, having both the regulatory compliance evidence associated with the request and the regulatory confidence level, is provided with a set of digital signatures.

Abstract: Users are authorized to access tagged metadata in a provider network. A revision control and binding mechanism may be applied to tagged metadata that is added or modified by the user. A recommendation pertaining to security and compliance for the computing resource may be determined based on an analysis of the computing resource, scoring criteria, and data pertaining to customer and system data.

Abstract: Users are authorized to access tagged metadata in a provider network. A revision control and binding mechanism may be applied to tagged metadata that is added or modified by the user. A recommendation pertaining to security and compliance for the computing resource may be determined based on an analysis of the computing resource, scoring criteria, and data pertaining to customer and system data.