AWS Security Blog

Category: AWS Identity and Access Management (IAM)

Another Way to Remove Unnecessary Permissions in Your IAM Policies by Using Service Last Accessed Data

In my previous post, I introduced service last accessed data, a new feature of the AWS Identity and Access Management (IAM) console that helps you define policies that adhere better to the principle of least privilege. As part of that post, I walked through a sample use case demonstrating how you can use service last […]

Read More

Remove Unnecessary Permissions in Your IAM Policies by Using Service Last Accessed Data

As a security best practice, AWS recommends writing AWS Identity and Access Management (IAM) policies that adhere to the principle of least privilege, which means granting only the permissions required to perform a specific task. However, verifying which permissions an application or user actually needs can be a challenge. To help you determine which permissions […]

Read More

How to Use a Single IAM User to Easily Access All Your Accounts by Using the AWS CLI

Many AWS customers keep their environments separated from each other: development resources do not interact with production, and vice versa. One way to achieve this separation is by using multiple AWS accounts. Though this approach does help with resource isolation, it can increase your user management because each AWS account can have its own AWS […]

Read More

AWS Releases Preview of SMS MFA for IAM Users

Today, AWS introduced the preview of Short Message Service (SMS) support for multi-factor authentication (MFA), making it easier for you to implement a security best practice. Until now, you could enable MFA for AWS Identity and Access Management (IAM) users only with hardware or virtual MFA tokens, but this new feature enables you to use […]

Read More

Test Resource-Level Permissions Using the IAM Policy Simulator

To make it easier for you to test, verify, and understand resource-level permissions in your account, the AWS Identity and Access Management (IAM) policy simulator will now automatically provide a list of resources and parameters required for each AWS action. These enhancements provide you with more accurate simulation results and help ensure that your policies […]

Read More

New Tabbed Organization of Your Resources in the IAM Console

Today, AWS Identity and Access Management (IAM) enhanced the IAM console user interface to make it easier to view details about your users, groups, roles, and policies (“IAM entities”). The detail pages for these IAM entities now are organized with tabs for easier browsing so that you can quickly switch between them with minimal scrolling. […]

Read More

Verify Resource-Based Permissions Using the IAM Policy Simulator

Today, AWS Identity and Access Management (IAM) made it easier to help you verify your permissions by adding support for resource-based policies in the IAM policy simulator. This extends the capabilities of the IAM policy simulator console and APIs to help you understand, test, and validate how your resource-based policies and IAM policies work together […]

Read More

AWS IAM Sessions at re:Invent 2015

As I said last week, the breakout sessions for the Security & Compliance track have been announced and are shown in the re:Invent 2015 session catalog. If you are going to re:Invent 2015, you can add these sessions to your schedule now. Today, I will highlight the AWS Identity and Access Management (IAM) sessions that […]

Read More

Introducing New APIs to Help Test Your Access Control Policies

AWS Identity and Access Management (IAM) has added two new APIs that enable you to automate validation and auditing of permissions for your IAM users, groups, and roles. Using these two APIs, you can call the IAM policy simulator using the AWS CLI or any of the AWS SDKs. Use the new iam:SimulatePrincipalPolicy API to […]

Read More