AWS Security Blog

Category: AWS Identity and Access Management (IAM)

Now Available: Get Even More Details from Service Last Accessed Data

In December, AWS Identity and Access Management (IAM) released service last accessed data, which shows the time when an IAM entity (a user, group, or role) last accessed an AWS service. This provided a powerful tool to help you grant least privilege permissions. Starting today, it’s easier to identify where you can reduce permissions based […]

Read More

Introducing Improved User Search Functionality in the IAM Console

We are happy to announce that we recently launched improved search functionality on the Users page in the AWS Identity and Access Management (IAM) console. For starters, we have enabled you to find an IAM user by their access key ID. Simply paste an access key ID in the Filter box on the Users page. If […]

Read More

How to Control Access to Your Amazon Elasticsearch Service Domain

With the recent release of Amazon Elasticsearch Service (Amazon ES), you now can build applications without setting up and maintaining your own search cluster on Amazon EC2. One of the key benefits of using Amazon ES is that you can leverage AWS Identity and Access Management (IAM) to grant or deny access to your search […]

Read More

How to Detect and Automatically Revoke Unintended IAM Access with Amazon CloudWatch Events

AWS Identity and Access Management (IAM) enables you to create IAM users and roles in your account, each with a specific set of permissions. For example, you can create administrative users who have access to all AWS APIs (also called actions), and you can create other users who have access to only a specific subset […]

Read More

Register for and Attend This March 30 Webinar—Best Practices for Managing Security Operations in AWS

Update: The video and slides from the webinar are now available. As part of the AWS Webinar Series, AWS will present Best Practices for Managing Security Operations in AWS on Wednesday, March 30. This webinar will start at 10:30 A.M. and end at 11:30 A.M. Pacific Time (UTC-7). AWS Security Solutions Architect Henrik Johansson will share […]

Read More

How to Automate Restricting Access to a VPC by Using AWS IAM and AWS CloudFormation

Back in September, I wrote about How to Help Lock Down a User’s Amazon EC2 Capabilities to a Single VPC. In that blog post, I highlighted what I have found to be an effective approach to the virtual private cloud (VPC) lockdown scenario. Since that time, I have worked on making the related information easier […]

Read More

New AWS Partner Network Blog Post: Securely Accessing Customers’ AWS Accounts with Cross-Account IAM Roles

On the AWS Security Blog, we have talked regularly about following AWS security best practices. For example, we published Adhere to IAM Best Practices in 2016 in January. Best practices can help you keep your AWS resources as secure as possible, and should be applied when you grant access inside and outside your organization. Building off AWS […]

Read More

How to Record and Govern Your IAM Resource Configurations Using AWS Config

AWS Config recently added the ability to record changes to the configuration of your AWS Identity and Access Management (IAM) users, groups, and roles (collectively referred to as IAM entities) and the policies associated with them. Using this feature, you can record configuration details for these IAM entities, including details about which policies are associated […]

Read More

The IAM Console Now Helps Prevent You from Accidentally Deleting In-Use Resources

Deleting unused resources can help to improve the security of your AWS account and make your account easier to manage. However, if you have ever been unsure of whether an AWS Identity and Access Management (IAM) user or role was being used actively, you probably erred on the side of caution and kept it. Starting […]

Read More

Adhere to IAM Best Practices in 2016

As another new year begins, we encourage you to review our recommended AWS Identity and Access Management (IAM) best practices. Following these best practices can help you maintain the security of your AWS resources. You can learn more by watching the IAM Best Practices to Live By presentation that Anders Samuelsson gave at AWS re:Invent […]

Read More