Category: AWS Identity and Access Management (IAM)

As an administrator that grants access to AWS, you might want to enable your developers to get started with AWS quickly by granting them broad access. However, as your developers gain experience and your applications stabilize, you want to limit permissions to only what they need. To do this, access advisor will determine the permissions […]

Recently, AWS enabled tags on IAM principals (users and roles). The main benefit of this new feature is that you’ll be able to author a single policy to grant access to individual resources and you’ll no longer need to update your policies for each new resource that you add. In other words, you can now […]

We made it easier for you to manage your AWS Identity and Access Management (IAM) resources by enabling you to add tags to your IAM users and roles (also known as IAM principals). Tags enable you to add customizable key-value pairs to resources, and many AWS services support tagging of AWS resources. Now, you can […]

April 25, 2023: We’ve updated this blog post to include more security learning resources. Update on October 8, 2018: After we launched support for security devices manufactured by Yubico on September 25, 2018, we received feedback from customers to support other U2F security key providers, as well. Starting October 8, 2018, you can now enable […]

AWS Organizations, the service for centrally managing multiple AWS accounts, enables you to invite existing accounts to join your organization. To provide additional assurance about your organization’s identity to AWS accounts that you invite, AWS Organizations is adding a new feature. Beginning on September 27, 2018, you’ll need to verify the email address associated with […]

Today, AWS released a new IAM feature that makes it easier for you to delegate permissions management to trusted employees. As your organization grows, you might want to allow trusted employees to configure and manage IAM permissions to help your organization scale permission management and move workloads to AWS faster. For example, you might want […]

You can now use AWS Secrets Manager with HAQM Virtual Private Cloud (HAQM VPC) endpoints powered by AWS Privatelink and keep traffic between your VPC and Secrets Manager within the AWS network. AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables […]

October 29, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. You can use AWS Secrets Manager to rotate, manage, and retrieve secrets such as database […]

AWS Identity and Access Management (IAM) now makes it easier for you to control access to your AWS resources by using the AWS organization of IAM principals (users and roles). For some services, you grant permissions using resource-based policies to specify the accounts and principals that can access the resource and what actions they can […]

Update on February 20, 2019: We updated the policy example to remove the “iam:AttachRolePolicy” permission. We also added a reference to the permissions boundaries security blog post to show how to grant developers the permissions to create roles they can pass to AWS services. We made it easier for you to comply with regulatory standards […]