Category: AWS CloudFormation

In this blog post, I introduce IAM Policy Validator for AWS CloudFormation (cfn-policy-validator), an open source tool that extracts AWS Identity and Access Management (IAM) policies from an AWS CloudFormation template, and allows you to run existing IAM Access Analyzer policy validation APIs against the template. I also show you how to run the tool […]

Following the example of the EU in implementing the General Data Protection Regulation (GDPR), many countries are implementing similar data protection laws. In response, many companies are forming teams that are responsible for data protection. Considering the volume of information that companies maintain, it’s essential that these teams are alerted when sensitive data is at […]

March 24, 2021: We’ve corrected errors in the policy statements in steps 2 and 3 of the section “To create the IAM policy document.” AWS CloudFormation is a service that lets you create a collection of related Amazon Web Services and third-party resources and provision them in an orderly and predictable fashion. A typical access […]

September 28, 2022: In July 2022, we renamed AWS Single Sign-On to AWS IAM Identity Center. In this blog, you will notice that we preserved backward compatibility with API calls and CLI scripts by retaining the API and CLI namespaces that were used under AWS Single Sign-On. September 12, 2022: This blog post has been […]

In this post, I take you through the steps to deploy a public AWS Certificate Manager (ACM) certificate across multiple accounts and AWS Regions by using the functionality of AWS CloudFormation StackSets and AWS Lambda. ACM is a service offered by Amazon Web Services (AWS) that you can use to obtain x509 v3 SSL/TLS certificates. […]

The concept of infrastructure as code, by using pipelines for continuous integration and delivery, is fundamental for the development of cloud infrastructure. Including code quality and vulnerability scans in the pipeline is essential for the security of this infrastructure as code. In one of our previous posts, How to build a CI/CD pipeline for container […]

Last month, Amazon Web Services (AWS) introduced the ability to automate issuing and validating public and private certificates using AWS CloudFormation. To make this easier, AWS has introduced three new features that let you: Automate the steps to validate your domain with DNS validation and issue your public certificate. Use AWS CloudFormation templates to issue […]

August 10, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. June 24, 2020: We updated the first 3 paragraphs of this post to provide, and link to, more information. As organizations grow, they often […]

January 6, 2021: We updated this post to fix a bug related to allow listing noncompliant roles. January 6, 2020: We updated this post to reflect a valid STS session duration if configured to assume a role into other accounts. Developing in the cloud encourages you to iterate frequently as your applications and resources evolve. […]

As part of the AWS Online Tech Talks series, AWS will present Centralized AWS IAM Governance Using AWS CloudFormation StackSets and AWS Organizations on Thursday, December 14. This tech talk will start at 9:00 A.M. Pacific Time and end at 9:40 A.M. Pacific Time. With the introduction of AWS Organizations and AWS CloudFormation StackSets, you can create and manage […]