AWS Security Blog

Tag: EC2

Adhere to IAM Best Practices in 2016

As another new year begins, we encourage you to review our recommended AWS Identity and Access Management (IAM) best practices. Following these best practices can help you maintain the security of your AWS resources. You can learn more by watching the IAM Best Practices to Live By presentation that Anders Samuelsson gave at AWS re:Invent […]

Read More

How to Help Lock Down a User’s Amazon EC2 Capabilities to a Single VPC

As a cloud support engineer, I am frequently asked this question: “How can I lock down my user’s Amazon EC2 access to a single VPC?” This blog post will answer the question and explain how you can help control this level of access through the use of AWS Identity and Access Management (IAM) policies and […]

Read More

Make a New Year Resolution: Adhere to IAM Best Practices

As another new year begins, we want to encourage you to be familiar with recommended AWS Identity and Access Management (IAM) best practices. Following these best practices can help you maintain the security of your AWS account. You can learn more by watching the IAM Best Practices presentation that was given by Anders Samuelsson at […]

Read More

Want Help with Securing Your AWS Account? Here Are Some Resources

Some customers have asked how they should be using AWS Identity and Access Management (IAM) to help limit their exposure to problems like those that have recently been in the news. In general, AWS recommends that you enable multi-factor authentication (MFA) for your AWS account and for IAM users who are allowed to perform sensitive […]

Read More

Granting Permission to Launch EC2 Instances with IAM Roles (PassRole Permission)

When you launch an Amazon EC2 instance, you can associate an AWS IAM role with the instance to give applications or CLI commands that run on the instance permissions that are defined by the role. When a role is associated with an instance, EC2 obtains temporary security credentials for the role you associated with the […]

Read More

Granting Users Permission to Work in the Amazon EC2 Console

This week, Kati Paizee, a technical writer on the Amazon EC2 team, takes an in-depth look at the permissions you need to give your users so that they can administer EC2 using the console. The Amazon EC2 console provides an easy-to-use interface that allows your users to carry out compute-based tasks without asking them to […]

Read More

Securely Connect to Linux Instances Running in a Private Amazon VPC

Important note: You should enable SSH agent forwarding with caution. When you set up agent forwarding, a socket file is created on the forwarding host, which is the mechanism by which the key can be forwarded to your destination. Another user on the system with the ability to modify files could potentially use this key […]

Read More

Demystifying EC2 Resource-Level Permissions

Note: As of March 28, 2017,  Amazon EC2 supports tagging on creation, enforced tag usage, AWS Identity and Access Management (IAM) resource-level permissions, and enforced volume encryption. See New – Tag EC2 Instances & EBS Volumes on Creation on the AWS Blog for more information. AWS announced initial support for Amazon EC2 resource-level permissions in July of […]

Read More

Amazon EC2 Resource-Level Permissions for RunInstances

Yesterday the EC2 team announced fine grained controls for managing RunInstances. This release enables you to set fine-grained controls over the AMIs, Snapshots, Subnets, and other resources that can be used when creating instances and the types of instances and volumes that users can create when using the RunInstances API. This is a major milestone […]

Read More

Announcement: Resource Permissions for additional EC2 API actions

Yesterday AWS announced that it now supports resource-level permissions for seven additional EC2 APIs, including: DeleteNetworkAcl DeleteNetworkAclEntry DeleteRoute DeleteRouteTable DeleteDhcpOptions DeleteInternetGateway DeleteCustomerGateway As with other EC2 API actions that support resource-level permissions, you can also construct policies based on the tags associated with the resources.  To learn more, go to either our recent post on […]

Read More