AWS Security Blog
Category: AWS Identity and Access Management (IAM)
AWS SDK Blog Posts About IAM Roles
The .NET Developers Blog recently published two easy-to-read posts about access key management for .NET applications. The first one goes through some of the background of access key management, as well as the use of IAM roles for EC2. The second post goes deeper into creating and using IAM users and groups instead of using root […]
Announcing New IAM Policy Simulator
Check out the new IAM policy simulator, a tool that enables you to test the effects of IAM access control policies before committing them into production, making it easier to verify and troubleshoot permissions. Learn more at the AWS Blog. – Kai
Guidelines for When to Use Accounts, Users, and Groups
I often get asked when to use different AWS accounts to enforce separation of duties versus using IAM users and groups within a single account. While the complete answer depends on what AWS services you use, the general guidelines in this post will point you in the right direction. As context for the guidelines, consider […]
How to Rotate Access Keys for IAM Users
Changing access keys (which consist of an access key ID and a secret access key) on a regular schedule is a well-known security best practice because it shortens the period an access key is active and therefore reduces the business impact if they are compromised. Having an established process that is run regularly also ensures […]
Using IAM Roles to Distribute Non-AWS Credentials to Your EC2 Instances
Last week’s blog post explained how to distribute AWS credentials to EC2 instances using IAM roles. Will Kruse, Security Engineer on the AWS Identity and Access Management (IAM) team, is back again this week to discuss how roles can also be used to distribute arbitrary secrets to EC2 instances. As we discussed last week, Amazon EC2 Roles for Instances […]
Where’s My Secret Access Key?
March 12, 2019: You can now find and update your access keys from a single, central location in the AWS Management Console. Learn how in this post. In this blog post, I’ll discuss what you should do in case you’ve lost your secret access key or need a new one. This post assumes that you are […]
Generating IAM Policies in Code
If you’ve worked with AWS Identity and Access Management (IAM) policies, you know that they’re expressed as JSON documents. For example, here’s a policy that grants permission to perform some actions in our Amazon Glacier storage service: { “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “glacier:ListVaults”, “glacier:DescribeVault”, “glacier:GetVaultNotifications” ], “Effect”: “Allow”, “Resource”: “*” } ] } […]
Writing IAM Policies: How to Grant Access to an Amazon S3 Bucket
In this post, we’ll address a common question about how to write an AWS Identity and Access Management (IAM) policy to grant read-write access to an Amazon S3 bucket. Doing so helps you control who can access your data stored in Amazon S3. You can grant either programmatic access or AWS Management Console access to […]