AWS Security Blog

Category: AWS Identity and Access Management (IAM)*

An Easier Way to Determine the Presence of AWS Account Access Keys

Last month, the AWS Security Blog encouraged you to adhere to AWS Identity and Access Management (IAM) best practices. One of these best practices is to lock away your AWS account (root) access keys and password, and not use them for day-to-day interaction with AWS. In fact, when it comes to your root account access […]

Read More

Make a New Year Resolution: Adhere to IAM Best Practices

As another new year begins, we want to encourage you to be familiar with recommended AWS Identity and Access Management (IAM) best practices. Following these best practices can help you maintain the security of your AWS account. You can learn more by watching the IAM Best Practices presentation that was given by Anders Samuelsson at […]

Read More

Enable a New Feature in the AWS Management Console: Cross-Account Access

Today, we made it possible for you to enable a user to switch roles directly in the AWS Management Console to access resources across multiple AWS accounts—while using only one set of credentials. Previously, as Anders discussed in his blog post, Delegating API Access to AWS Services Using IAM Roles, you could delegate access to […]

Read More

Coming March 2015: Upgrades to IAM Policy Validation

Several weeks ago, we released documentation for the AWS Identity and Access Management (IAM) policy grammar and published a back-to-school policy grammar blog post to let you know of common errors in policies. To help you ensure that your policies match your intentions, we are taking policy validation a step further. Starting March 2015, any new or updated policy must […]

Read More

How to Use External ID When Granting Access to Your AWS Resources

When you need to grant access to your AWS resources to a third party, we recommend you do so using an IAM role with external ID. In this post, Josh Bean, a programmer writer on the AWS Identity and Access Management (IAM) team, walks you through a scenario to show you how. At times, you […]

Read More

A Simple Way to Export Your IAM Settings

Do you analyze, audit, or monitor your AWS Identity and Access Management (IAM) settings? If so, you will be happy to hear we’ve simplified the way you can retrieve a snapshot of your IAM settings. Today we’re making it easier for you to build tools to analyze, monitor, and audit your IAM entities (i.e., users, […]

Read More

Federated Users Can Now Access the AWS Support Center

Recently, the AWS Support Center moved to the AWS Management Console. In addition to providing a better user experience, it enabled another important feature – federated access. Users in your company can now use their existing credentials to access the AWS Support Center for actions like creating a case, looking at the case history, or […]

Read More

Back to School: Understanding the IAM Policy Grammar

Have you ever had to create access policies for users, groups, roles, or resources and wished you could learn more about the policy language? If so, you’ve come to the right place. In this blog, I’ll describe the attributes and structure of the Identity and Access Management (IAM) policy language. I’ll also include examples that […]

Read More

New in the IAM Console: An At-a-Glance View of Last AWS Sign-In

Have you ever needed to quickly look up the last time one of your users signed in to your AWS account? Or have you been following security best practices and want verify that no one in your organization has been signing in using the AWS root account? If you use AWS CloudTrail, the information is […]

Read More

Easier Role Selection for SAML-Based Single Sign-On

At the end of 2013, we introduced single sign-on to the AWS Management Console using the Security Assertion Markup Language (SAML) 2.0. This enables you to use your organization’s existing identity system to sign in to the console without having to provide AWS credentials. Today we’re happy to announce that, in response to your feedback, […]

Read More