AWS Security Blog

Tag: HAQM S3

Remove Unnecessary Permissions in Your IAM Policies by Using Service Last Accessed Data

As a security best practice, AWS recommends writing AWS Identity and Access Management (IAM) policies that adhere to the principle of least privilege, which means granting only the permissions required to perform a specific task. However, verifying which permissions an application or user actually needs can be a challenge. To help you determine which permissions […]

How to create a policy that provides selective access to sensitive HAQM S3 buckets

October 12, 2023: This blog is out of date. Please refer to this post instead: How to restrict HAQM S3 bucket access to a specific IAM role When it comes to securing access to your HAQM S3 buckets, AWS provides various options. You can utilize access control lists (ACLs), AWS Identity and Access Management (IAM) […]

How to Receive Alerts When Specific APIs Are Called by Using AWS CloudTrail, HAQM SNS, and AWS Lambda

Let’s face it—not all APIs were created equal. For example, you may be really interested in knowing when any of your HAQM EC2 instances are terminated (ec2:TerminateInstance), but less interested when an object is put in an HAQM S3 bucket (s3:PutObject). In this example, you can delete an object, but you can’t bring back that […]

Newer posts →