Tag: authorization

AWS Identity and Access Management (IAM) Roles Anywhere enables workloads that run outside of Amazon Web Services (AWS), such as servers, containers, and applications, to use X.509 digital certificates to obtain temporary AWS credentials and access AWS resources, the same way that you use IAM roles for workloads on AWS. Now, IAM Roles Anywhere allows […]

In this post, we continue with our recommendations for using AWS Identity and Access Management (IAM) APIs. In part 1 of this two-part series, we described how you could create IAM resources and use them soon after for authorization decisions. We also described options for monitoring and responding to IAM resource changes for entire accounts. […]

March 7, 2023: We’ve fixed a typo in the blog post. In this two-part blog post, we’ll provide recommendations for using AWS Identity and Access Management (IAM) APIs, and we’ll share useful details on how IAM works so that you can use it more effectively. For example, you might be creating new IAM resources such as roles […]

AWS Identity and Access Management (IAM) has now made it easier for you to use IAM roles for your workloads that are running outside of AWS, with the release of IAM Roles Anywhere. This feature extends the capabilities of IAM roles to workloads outside of AWS. You can use IAM Roles Anywhere to provide a […]

August 2, 2023: Amazon Verified Permissions now offers a direct integration with Amazon Cognito to add fine-grained authorization within your applications. Learn more. With Amazon Cognito, you can quickly add user sign-up, sign-in, and access control to your web and mobile applications. After a user signs in successfully, Cognito generates an identity token for user […]

As an AWS customer, if you use multiple Amazon Elastic Container Service (Amazon ECS) services/tasks to achieve better isolation, you often have the challenge of how to manage access to these containers. In such cases, using tags can enable you to categorize these services in different ways, such as by owner or environment. This blog […]

This blog post demonstrates how you can secure Amazon API Gateway HTTP endpoints with JSON web token (JWT) authorizers. Amazon API Gateway helps developers create, publish, and maintain secure APIs at any scale, helping manage thousands of API calls. There are no minimum fees, and you only pay for the API calls you receive. Based […]

August 9, 2022: This post has been updated to correct the references on RDS documentation. February 22, 2022: This post has been updated to clarify details of the example KMS grants provided in this blog. AWS Key Management Service (AWS KMS) helps customers to use encryption to secure their data. When creating a new encrypted […]

September 8, 2023: It’s important to know that if you activate user sign-up in your user pool, anyone on the internet can sign up for an account and sign in to your apps. Don’t enable self-registration in your user pool unless you want to open your app to allow users to sign up. June 5, […]

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. I’m excited to share that the Defense Information Systems Agency (DISA) has authorized three additional Amazon Web Services (AWS) services at Impact Level (IL) 4 and IL 5 in the AWS GovCloud (US) Regions, as well as five additional AWS […]