Posted On: May 13, 2019

AWS Security Token Service (STS) now enables you to specify IAM managed policies as session policies to create fine-grained session permissions when a user assumes a role in AWS to create a session. With this launch, you have up to 10 full-sized policies to choose from that enable you to define more fine-grained session permissions.

A session policy is a permissions policy which you can optionally pass during an AssumeRole operation. This enables you to place further restrictions on a role's permissions for that session. With this launch, you can use AWS-managed or customer-managed policies as session policies. Additionally, when you use managed policies, you can now centrally store and manage session permissions. You can also apply the same session permissions for multiple sessions easily. To learn more, view documentation on session permissions.