AWS Security Blog
Tag: AWS Identity and Access Management
Use tags to manage and secure access to additional types of IAM resources
AWS Identity and Access Management (IAM) now enables Amazon Web Services (AWS) administrators to use tags to manage and secure access to more types of IAM resources, such as customer managed IAM policies, Security Assertion Markup Language (SAML) providers, and virtual multi-factor authentication (MFA) devices. A tag is an attribute that consists of a key […]
How to automatically archive expected IAM Access Analyzer findings
AWS Identity and Access Management (IAM) Access Analyzer continuously monitors your Amazon Web Services (AWS) resource-based policies for changes in order to identify resources that grant public or cross-account access from outside your AWS account or organization. Access Analyzer findings include detailed information that you can use to make an informed decision about whether access […]
Introducing the AWS Best Practices for Security, Identity, & Compliance Webpage and Customer Polling Feature
The AWS Security team has made it easier for you to find information and guidance on best practices for your cloud architecture. We’re pleased to share the Best Practices for Security, Identity, & Compliance webpage of the new AWS Architecture Center. Here you’ll find top recommendations for security design principles, workshops, and educational materials, and […]
Updates to the security pillar of the AWS Well-Architected Framework
We have updated the security pillar of the AWS Well-Architected Framework, based on customer feedback and new best practices. In this post, I’ll take you through the highlights of the updates to the security information in the Security Pillar whitepaper and the AWS Well-Architected Tool, and explain the new best practices and guidance. AWS developed […]
How to define least-privileged permissions for actions called by AWS services
August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. February 21, 2020: We fixed a missing comma in a policy example. March 3, 2020: […]
Use attribute-based access control with AD FS to simplify IAM permissions management
June 19, 2020: The Prerequisites section of this post has been updated to include the prerequisite to enable Sts:tagSession to the role trust policy. AWS Identity and Access Management (IAM) allows customers to provide granular access control to resources in AWS. One approach to granting access to resources is to use attribute-based access control (ABAC) […]
Use IAM to share your AWS resources with groups of AWS accounts in AWS Organizations
September 19, 2023: This post has been update to correct an explanation of multivalued condition keys. You can now reference Organizational Units (OUs), which are groups of AWS accounts in AWS Organizations, in AWS Identity and Access Management (IAM) policies, making it easier to define access for your IAM principals (users and roles) to the […]
AWS Security Profiles: Greg McConnel, Senior Manager, Security Specialists Team
In the weeks leading up to re:Invent 2019, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do in your current […]
AWS Security Profile: Ron Cully, Principal Product Manager, AWS Identity
September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so […]
How to use service control policies to set permission guardrails across accounts in your AWS Organization
AWS Organizations provides central governance and management for multiple accounts. Central security administrators use service control policies (SCPs) with AWS Organizations to establish controls that all IAM principals (users and roles) adhere to. Now, you can use SCPs to set permission guardrails with the fine-grained control supported in the AWS Identity and Access Management (IAM) […]