Author: Mike Pope

We’ve seen a question appear periodically on the IAM forum about granting IAM users access to the AWS Billing console. The question is this: even after an administrator sets appropriate permissions for an IAM user to access the console, the user can’t get to the console. Why not? Access to the console actually requires two […]

If you use AWS CloudTrail to log API calls in your account, you can share your log files with other AWS accounts, whether you own those accounts or not. In this post, Greg Pettibone, a technical writer on the CloudTrail team, walks through some cross-account scenarios to show you how. AWS CloudTrail captures information about […]

With the steady cadence of updates and enhancements for AWS services, it can sometimes be easy to miss announcements about features that relate to security. Here are some recent security-related updates in AWS services that we’re excited about and that you might not have heard about. AWS Trusted Advisor inspects your AWS environment and finds […]

Yesterday, Amazon CloudSearch released a new version that is fully integrated with AWS Identity and Access management (IAM) and enables you to control access to a domain’s document and search services. Jon Handler, an AWS Solution Architect who specializes in search, describes the new features. In March, we released a new Amazon CloudSearch API that […]

In this post, Graham Evans, a developer on the AWS Billing team, describes new security features that expand how you can secure access to billing information in your AWS account. My team—AWS Billing— recently released the new and improved Billing and Cost Management Console.  We’re now happy to introduce an improvement to the access and […]

One of the advantages of using the AWS SDKs for programmatic access to AWS is that the SDKs handle the task of signing requests. All you have to do is provide AWS credentials (access key id and secret access key), and when you invoke a method that makes a call to AWS, the SDK translates […]

AWS announced yesterday that Amazon Elastic MapReduce (EMR) added support for federated users. If you use Amazon EMR, you can now enable users to administer Amazon EMR clusters who are signed in to your corporate network using their corporate credentials—you no longer need to create IAM users for access to EMR. Up to now, federated […]

As one of our most active customers, Netflix has hundreds of administrators who need access to AWS daily. Therefore, by eliminating their need to use AWS credentials via identity federation, they saved time, money, and administrative effort almost immediately. They were able to use SAML and OneLogin, their existing identity management provider, to federate users […]

When you launch an Amazon EC2 instance, you can associate an AWS IAM role with the instance to give applications or CLI commands that run on the instance permissions that are defined by the role. When a role is associated with an instance, EC2 obtains temporary security credentials for the role you associated with the […]

The Elastic Load Balancing team announced on May 13, 2014 that they’ve added support for resource-level permissions. Not only can you specify which ELB actions a user can perform, you can specify which resources the user can perform those actions on. For more information about the new ELB permissions, see Controlling Access to Your Load […]