AWS Compute Blog

Category: AWS Identity and Access Management (IAM)

Serverless application shared responsibility

Building AWS Lambda governance and guardrails

When building serverless applications using AWS Lambda, there are a number of considerations regarding security, governance, and compliance. This post highlights how Lambda, as a serverless service, simplifies cloud security and compliance so you can concentrate on your business logic. It covers controls that you can implement for your Lambda workloads to ensure that your […]

Read More
Organization and Cost Center tags

Scaling AWS Lambda permissions with Attribute-Based Access Control (ABAC)

This blog post is written by Chris McPeek, Principal Solutions Architect. AWS Lambda now supports attribute-based access control (ABAC), allowing you to control access to Lambda functions within AWS Identity and Access Management (IAM) using tags. With ABAC, you can scale an access control strategy by setting granular permissions with tags without requiring permissions updates […]

Read More

Using organization IDs as principals in Lambda resource policies

This post is written by Rahul Popat, Specialist SA, Serverless and Dhiraj Mahapatro, Sr. Specialist SA, Serverless AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. These events may include changes in state or an update, such as a user […]

Read More
Secrets Manager password change

Building well-architected serverless applications: Implementing application workload security – part 2

This series of blog posts uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the introduction post for a table of contents and explanation of the example application. Security question SEC3: […]

Read More
IAM last used

Building well-architected serverless applications: Managing application security boundaries – part 2

This series uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the nine serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the introduction post for a table of contents and explanation of the example application. Security question SEC2: How do […]

Read More
Lambda resource policy document

Building well-architected serverless applications: Managing application security boundaries – part 1

This series of blog posts uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the introduction post for a table of contents and explanation of the example application. Security question SEC2: […]

Read More

Getting started with serverless for developers part 5: Sandbox developer account

This is part 5 of the Getting started with serverless series. In part 4, you learn how the developer workflow for building serverless applications differs to a traditional developer workflow. You see how to test business logic locally before deploying to an AWS account. In this post, you learn how to secure and manage access […]

Read More
Create and attach HTTP API authorizer

Introducing IAM and Lambda authorizers for Amazon API Gateway HTTP APIs

Amazon API Gateway HTTP APIs enable you to create RESTful APIs with lower latency and lower cost than API Gateway REST APIs. The API Gateway team is continuing work to improve and migrate popular REST API features to HTTP APIs. We are adding two of the most requested features, AWS Identity and Access Management (IAM) […]

Read More
AWS Lambda service VPC with VPC-to-VPT NAT to customer VPC

Using AWS Lambda IAM condition keys for VPC settings

You can now control the Amazon Virtual Private Cloud (VPC) settings for your AWS Lambda functions using AWS Identity and Access Management (IAM) condition keys. IAM condition keys enable you to further refine the conditions under which an IAM policy statement applies. You can use the new condition keys in IAM policies when granting permissions […]

Read More