Posted On: Feb 11, 2021

AWS Identity and Access Management (IAM) now allows administrators to use tags to manage and secure access to Customer Managed Policies, Instance Profiles, OpenID Connect Providers, SAML Providers, Server Certificates, and Virtual MFAs.  

Administrators can now use tags to easily identify, group, and control access to these IAM resources at scale. "Administrators and developers can apply the tags using the IAM APIs, AWS CLI (Command Line Interface), and IAM Console, with support for AWS CloudFormation coming soon. For example, an administrator can grant their developer the permissions to create customer managed policies only when they apply their AWS username as the Owner tag. This allows the administrator easily identify the owner of the customer managed policy. In addition, the administrators can use the Owner tag to grant their developers permissions to edit the customer managed policies if the value of the Owner tag matches the developer’s AWS user name. 

To learn about tags and how to use them to control access for your IAM users and roles, visit the IAM Documentation.