AWS Identity and Access Management (IAM) Adds Support for Variables in Access Control Policies

Posted on: Apr 3, 2013

We are excited to announce that we have extended the access policy language to include support for policy variables. This new feature allows you to define general purpose policies that include variables so you do not have to explicitly list all the components of the policy.

For example, you can now use variables such as ‘username’ to create policies that lock down users’ access to a specific S3 folder determined by their username, or allow users to manage their own access keys and assign the policy to a group instead of assigning an individual policy to each user. This will simplify your policy management by reducing the number of policies necessary to grant individualized access control to AWS resources.

For more information about the access control language and policy variables, please visit the Policy Variables section of the Using IAM guide. To get started please visit the AWS Management Console