AWS Security Blog
Tag: IAM
Resource-Level Permissions for EC2–Controlling Management Access on Specific Instances
Note: As of March 28, 2017, Amazon EC2 supports tagging on creation, enforced tag usage, AWS Identity and Access Management (IAM) resource-level permissions, and enforced volume encryption. See New – Tag EC2 Instances & EBS Volumes on Creation on the AWS Blog for more information. We are happy to announce that we launched resource-level permissions […]
Generating IAM Policies in Code
If you’ve worked with AWS Identity and Access Management (IAM) policies, you know that they’re expressed as JSON documents. For example, here’s a policy that grants permission to perform some actions in our Amazon Glacier storage service: { “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “glacier:ListVaults”, “glacier:DescribeVault”, “glacier:GetVaultNotifications” ], “Effect”: “Allow”, “Resource”: “*” } ] } […]
New AWS Web Identity Federation Supports Amazon.com, Facebook, and Google identities
Log into Facebook or Google, then access AWS resources? Impossible (well, perhaps difficult…) you say – until now. On 5/28 the AWS Identity and Access Management (IAM) team launched web identity federation. This new feature expands existing AWS identity federation capabilities to include support for public identity providers such as Facebook, Google, or the newly […]
Understanding the API Options for Securely Delegating Access to Your AWS Account
Thinking about building a secure delegation solution to grant temporary access to your AWS account? This week’s guest blogger Kai Zhao, Product Manager on our AWS Identity and Access Management (IAM) team, will discuss some considerations when deciding on an approach: Introduction Using temporary security credentials (“sessions”) enables you to securely delegate access to your AWS environment […]
Two Big Announcements from AWS Compliance: SOC 3 Report Now Available and All SOC Reports Include New Services and New Region in Scope
AWS is pleased to announce the immediate availability of the AWS Service Organization Control (SOC) 3 report, which you can freely distribute. This report on AWS security practices enables you and your stakeholders to validate that AWS has obtained independent auditor assurance, which attests to our alignment with the American Institute of Certified Public Accountants […]
Writing IAM Policies: How to Grant Access to an Amazon S3 Bucket
In this post, we’ll address a common question about how to write an AWS Identity and Access Management (IAM) policy to grant read-write access to an Amazon S3 bucket. Doing so helps you control who can access your data stored in Amazon S3. You can grant either programmatic access or AWS Management Console access to […]