Posted On: Jun 13, 2022
Amazon Web Services (AWS) Service Catalog now supports Attributed Based Access Controls (ABAC), allowing customers the ability to use tags to easily manage access and permissions to AWS resources in Service Catalog. Now, Service Catalog administrators have the ability to define their AWS Identity and Access Management (IAM) policies to grant access and specify finer-grained permissions based on tags shared between AWS resource(s) and IAM users or roles. For example, based on a matching set of tags, an IAM entity (e.g., user or role) may be allowed or denied to create resources in their Service Catalog account.
ABAC is helpful to enterprises and organizations that are growing rapidly and helps with situations where policy management becomes cumbersome. With an ABAC policy in place, Service Catalog customers can set granular level of permission controls for certain users to help alleviate the administrative burden of managing all resources in a multi-account environment. These policies scale with innovation by supporting the enterprise as the number of users, accounts, and resources grow.