Public cloud giant Amazon Web Services Inc. today unveiled a raft of new tools and services designed to bolster security and compliance on its infrastructure platforms.

The announcements came during a busy day at the AWS Summit in San Francisco, when Amazon.com Inc.’s cloud unit announced new customers, updated machine learning tools and other features.

“The thing that scares me the most is how complacent we’ve been about security and data breaches,” Amazon Chief Technology Officer Werner Vogels (pictured) said during a keynote address where he announced the new security features. “The pace of protection really needs to meet the pace of innovation.”

First up is AWS Secrets Manager, which is a new tool that allows developers to store and later retrieve “application secrets” such as database credentials, passwords and application programming interface keys. Designed for those using multiple distributed microservices, Secrets Manager allows these secrets to be stored and accessed via the AWS Command Line Interface or an API.

“As you grow and scale to many distributed microservices, it becomes a daunting task to securely store, distribute, rotate, and consume secrets,” Randall Hunt, senior technical evangelist at AWS, wrote in a blog post. “Previously, customers needed to provision and maintain additional infrastructure solely for secrets management which could incur costs and introduce unneeded complexity into systems.”

Amazon is also providing users with more centralized control over security policies with the advent of AWS Firewall Manager. The new service enables strict policy controls over individual accounts and software applications, Jeff Barr, Amazon’s senior evangelist, said in a second blog post. With AWS Firewall Manager, it becomes possible to identify applications and other resources that aren’t in compliance and fix them immediately, Barr said.

Meanwhile, the AWS Certificate Manager gets a new feature called Private Certification Authority, through which customers can more securely manage the lifecycle of pay-as-you-go private certificates. Developers can now provision private certificates via a couple of API calls and manage them through a central certificate authority console.

“Previously, if a customer wanted to use private certificates, they needed specialized infrastructure and security expertise that could be expensive to maintain and operate,” Hunt said in another post. “ACM Private CA builds on ACM’s existing certificate capabilities to help you easily and securely manage the lifecycle of your private certificates with pay as you go pricing.”

Lastly, Amazon announced an update to its Config Rules service for assessing, auditing and evaluating cloud resource configurations. With the update, it’s now possible for users to aggregate their compliance data across multiple AWS accounts and regions.

With reporting from Robert Hof

Image: Robert Hof/SiliconANGLE