AWS Security Blog

Tag: Access Control

Masking field values with Amazon Elasticsearch Service

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. Amazon Elasticsearch Service (Amazon ES) is a fully managed service that you can use to deploy, secure, and run Elasticsearch cost-effectively at scale. The service provides support for open-source Elasticsearch APIs, managed Kibana, and integration with Logstash and other AWS […]

Read More

Automate domain join for Amazon EC2 instances from multiple AWS accounts and Regions

As organizations scale up their Amazon Web Services (AWS) presence, they are faced with the challenge of administering user identities and controlling access across multiple accounts and Regions. As this presence grows, managing user access to cloud resources such as Amazon Elastic Compute Cloud (Amazon EC2) becomes increasingly complex. AWS Directory Service for Microsoft Active […]

Read More

Aligning IAM policies to user personas for AWS Security Hub

October 3, 2021: In the section “Step 3: Create the role for the sysadmin persona,” we’ve corrected step 1 to indicate that sign in occurs through the administrator account, rather than the member account. AWS Security Hub provides you with a comprehensive view of your security posture across your accounts in Amazon Web Services (AWS) […]

Read More

How to use KMS and IAM to enable independent security controls for encrypted data in S3

August 31, 2021:AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. Typically, when you protect data in Amazon Simple Storage Service (Amazon S3), you use a combination […]

Read More

Delegate permission management to developers by using IAM permissions boundaries

Today, AWS released a new IAM feature that makes it easier for you to delegate permissions management to trusted employees. As your organization grows, you might want to allow trusted employees to configure and manage IAM permissions to help your organization scale permission management and move workloads to AWS faster. For example, you might want […]

Read More

Back to School: Understanding the IAM Policy Grammar

Have you ever had to create access policies for users, groups, roles, or resources and wished you could learn more about the policy language? If so, you’ve come to the right place. In this blog, I’ll describe the attributes and structure of the Identity and Access Management (IAM) policy language. I’ll also include examples that […]

Read More

IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)

Updated on January 8, 2019: Based on customer feedback, we updated the third paragraph in the “What about S3 ACLs?” section to clarify permission management. In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 folders. This week we’ll discuss […]

Read More