Category: AWS Identity and Access Management (IAM)

iam:PassRole is an AWS Identity and Access Management (IAM) permission that allows an IAM principal to delegate or pass permissions to an AWS service by configuring a resource such as an HAQM Elastic Compute Cloud (HAQM EC2) instance or AWS Lambda function with an IAM role. The service then uses that role to interact with […]

Starting in mid-2024, HAQM Web Services (AWS) will introduce a series of UI improvements to the AWS sign-in pages. Our primary focus is to revamp the UI, especially the root and AWS Identity and Access Management (IAM) user sign-in page and switch role page. With these design updates, we aim to facilitate smoother transitions and […]

Mar 25, 2024: We have fixed the JSON code examples which caused errors by replacing the curly quotes with straight quotes. November 14, 2023: We’ve updated this post to use IAM Identity Center and follow updated IAM best practices. In this post, we discuss the concept of folders in HAQM Simple Storage Service (HAQM S3) […]

Traditionally, applications or systems—defined as pieces of autonomous logic functioning without direct user interaction—have faced challenges associated with long-lived credentials such as access keys. In certain circumstances, long-lived credentials can increase operational overhead and the scope of impact in the event of an inadvertent disclosure. To help mitigate these risks and follow the best practice […]

When you build on HAQM Web Services (AWS) across accounts, you might use an AWS Identity and Access Management (IAM) role to allow an authenticated identity from outside your account—such as an IAM entity or a user from an external identity provider—to access the resources in your account. IAM roles have two types of policies […]

AWS Identity and Access Management Roles Anywhere allows you to use temporary HAQM Web Services (AWS) credentials outside of AWS by using X.509 Certificates issued by your certificate authority (CA). Faraz Angabini goes deep into using IAM Roles Anywhere in his blog post Extend AWS IAM roles to workloads outside of AWS with IAM Roles […]

AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles. You might already use Secrets Manager to store and manage secrets in your applications built on HAQM Web Services (AWS), but what about secrets for applications that are hosted in your on-premises data center, or hosted […]

AWS Certificate Manager (ACM) lets you provision, manage, and deploy public and private Transport Layer Security (TLS) certificates for use with AWS services and your internal connected resources. You probably have many users, applications, or accounts that request and use TLS certificates as part of your public key infrastructure (PKI); which means you might also need […]

June 10, 2024: In February 2024, the workload identity federation feature for Azure DevOps became generally available. This feature is a native way to manage authentication between Azure DevOps and your AWS accounts. October 3, 2023: We updated this post to include the requirement for AWS Toolkit for Azure DevOps in the walkthrough. Continuous integration […]

AWS Identity and Access Management (IAM) Roles Anywhere enables workloads that run outside of HAQM Web Services (AWS), such as servers, containers, and applications, to use X.509 digital certificates to obtain temporary AWS credentials and access AWS resources, the same way that you use IAM roles for workloads on AWS. Now, IAM Roles Anywhere allows […]