AWS Security Blog
Category: AWS Identity and Access Management (IAM)
How to use AWS Certificate Manager to enforce certificate issuance controls
AWS Certificate Manager (ACM) lets you provision, manage, and deploy public and private Transport Layer Security (TLS) certificates for use with AWS services and your internal connected resources. You probably have many users, applications, or accounts that request and use TLS certificates as part of your public key infrastructure (PKI); which means you might also need […]
Enable external pipeline deployments to AWS Cloud by using IAM Roles Anywhere
June 10, 2024: In February 2024, the workload identity federation feature for Azure DevOps became generally available. This feature is a native way to manage authentication between Azure DevOps and your AWS accounts. October 3, 2023: We updated this post to include the requirement for AWS Toolkit for Azure DevOps in the walkthrough. Continuous integration […]
How to implement cryptographic modules to secure private keys used with IAM Roles Anywhere
AWS Identity and Access Management (IAM) Roles Anywhere enables workloads that run outside of Amazon Web Services (AWS), such as servers, containers, and applications, to use X.509 digital certificates to obtain temporary AWS credentials and access AWS resources, the same way that you use IAM roles for workloads on AWS. Now, IAM Roles Anywhere allows […]
How to receive alerts when your IAM configuration changes
June 12, 2024: Update: This post has been updated to deploy the solution in the North Virginia (us-east-1) AWS Region. August 21, 2023: This post had been updated to change from wildcard pattern matching to using “prefixes” for EventBridge pattern rules. July 27, 2023: This post was originally published February 5, 2015, and received a […]
Migrating your secrets to AWS Secrets Manager, Part 2: Implementation
In Part 1 of this series, we provided guidance on how to discover and classify secrets and design a migration solution for customers who plan to migrate secrets to AWS Secrets Manager. We also mentioned steps that you can take to enable preventative and detective controls for Secrets Manager. In this post, we discuss how […]
IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)
September 11, 2023: This post has been updated. Updated on July 6, 2023: This post has been updated to reflect the current guidance around the usage of S3 ACL and to include S3 Access Points and the Block Public Access for accounts and S3 buckets. Updated on April 27, 2023: Amazon S3 now automatically enables […]
Temporary elevated access management with IAM Identity Center
AWS recommends using automation where possible to keep people away from systems—yet not every action can be automated in practice, and some operations might require access by human users. Depending on their scope and potential impact, some human operations might require special treatment. One such treatment is temporary elevated access, also known as just-in-time access. […]
A sneak peek at the identity and access management sessions for AWS re:Inforce 2023
A full conference pass is $1,099. Register today with the code secure150off to receive a limited time $150 discount, while supplies last. AWS re:Inforce 2023 is fast approaching, and this post can help you plan your agenda with a look at the sessions in the identity and access management track. AWS re:Inforce is a learning […]
How to monitor and query IAM resources at scale – Part 2
In this post, we continue with our recommendations for using AWS Identity and Access Management (IAM) APIs. In part 1 of this two-part series, we described how you could create IAM resources and use them soon after for authorization decisions. We also described options for monitoring and responding to IAM resource changes for entire accounts. […]
How to monitor and query IAM resources at scale – Part 1
March 7, 2023: We’ve fixed a typo in the blog post. In this two-part blog post, we’ll provide recommendations for using AWS Identity and Access Management (IAM) APIs, and we’ll share useful details on how IAM works so that you can use it more effectively. For example, you might be creating new IAM resources such as roles […]