AWS Security Blog

Category: AWS Identity and Access Management (IAM)

Organize Your Permissions by Using Separate Managed Policies

This year we released managed policies to enable you to create a set of stand-alone policies that you can attach to multiple IAM entities (users, groups, and roles) in your AWS account. Since that release, we have heard from many of you that you’d prefer to mix and match policies instead of just using one universal […]

Read More

How to Receive Notifications When Your AWS Account’s Root Access Keys Are Used

AWS Identity and Access Management (IAM) best practices recommend using IAM users or roles to access your AWS resources, instead of using your root credentials. If you follow this best practice, though, how can you monitor for root activity and take action if such activity occurs? AWS CloudTrail and Amazon CloudWatch provide the solution. In […]

Read More

How to Delegate Management of Multi-Factor Authentication to AWS IAM Users

Note from September 20, 2017: Based on customer feedback, we have moved the process outlined in this post to the official AWS documentation. AWS Identity and Access Management (IAM) has a list of best practices that you are encouraged to use. One of those best practices is to enable multi-factor authentication (MFA) for your AWS root […]

Read More

How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS

Note 1: On August 12, 2015, I published a follow-up to this post, which is called How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0. Be sure to see that post if you want to implement a general federation solution (not specific to AD FS). Note 2: This post focuses on NTLM authentication, […]

Read More

Test Your Roles’ Access Policies Using the AWS Identity and Access Management Policy Simulator

You can now use the AWS Identity and Access Management (IAM) policy simulator to test and validate your roles’ access control policies. The policy simulator is a tool to help you author and validate the policies that set permissions on your AWS resources. This tool provides a “playground” where you can iteratively author least privilege […]

Read More

Register for and Attend This May 22 Webinar: Getting Started with AWS Identity and Access Management

As part of the AWS Webinar Series, AWS will present Getting Started with AWS Identity and Access Management on Friday, May 22. This webinar will start at 10:30 A.M. and end at 11:30 A.M. Pacific Time (UTC-7). AWS Security Solutions Architect Jonathan Desrocher will introduce the fundamental concepts of AWS Identity and Access Management (IAM) […]

Read More

New in IAM: Quickly Identify When an Access Key Was Last Used

Rotate access keys regularly and remove inactive users. You’ve probably heard us mention these as two AWS Identity and Access Management (IAM) security best practices. But how do you know when access keys (for an IAM user or the root account) are no longer in use and safe to delete? To help you answer this […]

Read More

How to Create a Limited IAM Administrator by Using Managed Policies

AWS Identity and Access Management (IAM) recently launched managed policies, which enable you to attach a single access control policy to multiple entities (IAM users, groups, and roles). Managed policies also give you precise, fine-grained control over how your users can manage policies and permissions for other entities. For example, you can control which managed […]

Read More

Newly Upgraded: Identity and Access Management Policy Validation

Earlier this month, we let you know that AWS Identity and Access Management (IAM) would be upgrading policy validation today (March 25, 2015) to help you ensure that your IAM policies match your intentions. This upgrade is now in effect for all IAM policies. Starting today, to save changes to your IAM policies, you must […]

Read More

Coming March 25, 2015: Upgrades to IAM Policy Validation

On March 25, 2015, we will upgrade the Identity and Access Management (IAM) policy validation to help ensure that your policies reflect your intentions. Starting on this day, to save changes to policies, you must first ensure that your policies comply with the IAM policy grammar. Your existing policies will continue to work as they […]

Read More