Tag: IAM

Note: As of March 28, 2017,  Amazon EC2 supports tagging on creation, enforced tag usage, AWS Identity and Access Management (IAM) resource-level permissions, and enforced volume encryption. See New – Tag EC2 Instances & EBS Volumes on Creation on the AWS Blog for more information. We are happy to announce that we launched resource-level permissions […]

If you’ve worked with AWS Identity and Access Management (IAM) policies, you know that they’re expressed as JSON documents. For example, here’s a policy that grants permission to perform some actions in our Amazon Glacier storage service: { “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “glacier:ListVaults”, “glacier:DescribeVault”, “glacier:GetVaultNotifications” ], “Effect”: “Allow”, “Resource”: “*” } ] } […]

Log into Facebook or Google, then access AWS resources? Impossible (well, perhaps difficult…) you say – until now. On 5/28 the AWS Identity and Access Management (IAM) team launched web identity federation. This new feature expands existing AWS identity federation capabilities to include support for public identity providers such as Facebook, Google, or the newly […]

Thinking about building a secure delegation solution to grant temporary access to your AWS account?  This week’s guest blogger Kai Zhao, Product Manager on our AWS Identity and Access Management (IAM) team, will discuss some considerations when deciding on an approach: Introduction Using temporary security credentials (“sessions”) enables you to securely delegate access to your AWS environment […]

AWS is pleased to announce the immediate availability of the AWS Service Organization Control (SOC) 3 report, which you can freely distribute. This report on AWS security practices enables you and your stakeholders to validate that AWS has obtained independent auditor assurance, which attests to our alignment with the American Institute of Certified Public Accountants […]

In this post, we’ll address a common question about how to write an AWS Identity and Access Management (IAM) policy to grant read-write access to an Amazon S3 bucket.  Doing so helps you control who can access your data stored in Amazon S3. You can grant either programmatic access or AWS Management Console access to […]