AWS Security Blog

Tag: Data perimeters

Get the full benefits of IMDSv2 and disable IMDSv1 across your AWS infrastructure

The Amazon Elastic Compute Cloud (Amazon EC2) Instance Metadata Service (IMDS) helps customers build secure and scalable applications. IMDS solves a security challenge for cloud users by providing access to temporary and frequently-rotated credentials, and by removing the need to hardcode or distribute sensitive credentials to instances manually or programmatically. The Instance Metadata Service Version 2 (IMDSv2) […]

How to use policies to restrict where EC2 instance credentials can be used from

April 5, 2023: A fix has been added to the Service Control Policy examples to allow EC2 instances to mount encrypted EBS volumes. March 7, 2023: We’ve added language clarifying the requirement around using VPC Endpoints, and we’ve corrected a typo in the S3 bucket policy example. Today AWS launched two new global condition context […]

IAM makes it easier for you to manage permissions for AWS services accessing your resources

November 24, 2023: This post has been updated to show the differences between accessing data by way of an AWS service over public endpoints and over AWS PrivateLink (data access pattern 2). July 7, 2023: This post had been updated to use Amazon S3 Replication as an example in Data access pattern 3b section. Amazon […]