AWS Security Blog

Tag: IAM roles

New AWS Compute Blog Post: Help Secure Container-Enabled Applications with IAM Roles for ECS Tasks

Amazon EC2 Container Service (ECS) now allows you to specify an IAM role that can be used by the containers in an ECS task, as a new AWS Compute Blog post explains. When an application makes use of the AWS SDK or CLI to make requests to the AWS API, it must sign each request with valid AWS access […]

Read More

How to Restrict Amazon S3 Bucket Access to a Specific IAM Role

I am a cloud support engineer here at AWS, and customers often ask me how they can limit Amazon S3 bucket access to a specific AWS Identity and Access Management (IAM) role. In general, they attempt to do this the same way that they would with an IAM user: use a bucket policy to explicitly […]

Read More

How to Detect and Automatically Revoke Unintended IAM Access with Amazon CloudWatch Events

Update on October 24, 2018: Note that if you do not author the Lambda function correctly, this setup can create an infinite loop (in this case, a rule that is fired repeatedly, which can impact your AWS resources and cause higher than expected charges to your account). The example Lambda function I provide in Step […]

Read More