Posted On: May 10, 2018
Application Load Balancers and Network Load Balancers now support resource- and tag-based permissions. This enables customers to implement fine-grained access controls on their load balancers using IAM policies.
Prior to this announcement, customers could only create user- or group-level policies to restrict API actions on the load balancers in their account. Customers were forced to give users all-or-nothing control over the resources. For instance, a user policy to allow DeleteLoadBalancer API would permit the user to delete any load balancer in the account.
With this release, policies can be applied on specific load balancer resources identified by their ARNs or tags. This is supported for all types of load-balancer resources i.e. load balancer, listener, rule and target groups.