AWS Security Blog

Tag: Permissions

Simplify granting access to your AWS resources by using tags on AWS IAM users and roles

Recently, AWS enabled tags on IAM principals (users and roles). The main benefit of this new feature is that you’ll be able to author a single policy to grant access to individual resources and you’ll no longer need to update your policies for each new resource that you add. In other words, you can now […]

Delegate permission management to developers by using IAM permissions boundaries

Today, AWS released a new IAM feature that makes it easier for you to delegate permissions management to trusted employees. As your organization grows, you might want to allow trusted employees to configure and manage IAM permissions to help your organization scale permission management and move workloads to AWS faster. For example, you might want […]

An easier way to control access to AWS resources by using the AWS organization of IAM principals

AWS Identity and Access Management (IAM) now makes it easier for you to control access to your AWS resources by using the AWS organization of IAM principals (users and roles). For some services, you grant permissions using resource-based policies to specify the accounts and principals that can access the resource and what actions they can […]

Security-logo

Easier way to control access to AWS regions using IAM policies

Update on February 20, 2019: We updated the policy example to remove the “iam:AttachRolePolicy” permission. We also added a reference to the permissions boundaries security blog post to show how to grant developers the permissions to create roles they can pass to AWS services. We made it easier for you to comply with regulatory standards […]

Use the New Visual Editor to Create and Modify Your AWS IAM Policies

AWS Identity and Access Management (IAM) has made it easier for you to create and modify your IAM policies by using a point-and-click visual editor in the IAM console. The new visual editor guides you through granting permissions using IAM policies without requiring you to write the policy in JSON (although you can still author and edit policies in JSON, if you prefer). This update to the IAM console makes it easier to grant least privilege permissions for the AWS service actions you select by listing all the supported resource types and request conditions you can specify. And, as with policy summaries, the visual editor also identifies and helps you correct unrecognized services and actions and permissions errors when you import existing policies. In this blog post, I give a brief overview of policy concepts and show you how to create a new policy by using the visual editor.

AWS IAM Policy Summaries Now Help You Identify Errors and Correct Permissions in Your IAM Policies

In March, we made it easier to view and understand the permissions in your AWS Identity and Access Management (IAM) policies by using IAM policy summaries. Today, we updated policy summaries to help you identify and correct errors in your IAM policies. When you set permissions using IAM policies, for each action you specify, you […]

Newly Updated: Example AWS IAM Policies for You to Use and Customize

To help you grant access to specific resources and conditions, the Example Policies page in the AWS Identity and Access Management (IAM) documentation now includes more than thirty policies for you to use or customize to meet your permissions requirements. The AWS Support team developed these policies from their experiences working with AWS customers over the years. […]

New Features for IAM Policy Summaries – An Easier Way to Detect Potential Typos in Your IAM Policies

Last month, we introduced policy summaries to make it easier for you to understand the permissions in your AWS Identity and Access Management (IAM) policies. On Thursday, May 25, I announced three new features that have been added to policy summaries and reviewed resource summaries. Yesterday, I reviewed the benefits of being able to view services […]

New Features for IAM Policy Summaries – Services and Actions Not Granted by a Policy

Last month, we introduced policy summaries to make it easier for you to understand the permissions in your AWS Identity and Access Management (IAM) policies. On Thursday, May 25, I announced three new features that have been added to policy summaries and reviewed one of those features: resource summaries. Tomorrow, I will discuss how policy […]