AWS Security Blog

Tag: Policies

Test Your Managed Policies by Using the Identity and Access Management Policy Simulator

Recently, AWS launched managed policies, which simplify policy management by enabling you to attach a single policy to multiple AWS Identity and Access Management (IAM) entities such as users, groups, and roles. When you update a managed policy, the permissions in that policy apply to every entity to which the managed policy is attached. We […]

Read More

An Easier Way to Manage Your Policies

AWS recently announced a new feature of AWS Identity and Access Management (IAM): managed policies. Managed policies enable you to attach a single policy to multiple IAM users, groups, and roles (in this blog post referred to collectively as “IAM entities”). When you update a managed policy, the permissions in that policy apply to every […]

Read More

Coming March 2015: Upgrades to IAM Policy Validation

Several weeks ago, we released documentation for the AWS Identity and Access Management (IAM) policy grammar and published a back-to-school policy grammar blog post to let you know of common errors in policies. To help you ensure that your policies match your intentions, we are taking policy validation a step further. Starting March 2015, any new or updated policy must […]

Read More

Back to School: Understanding the IAM Policy Grammar

Have you ever had to create access policies for users, groups, roles, or resources and wished you could learn more about the policy language? If so, you’ve come to the right place. In this blog, I’ll describe the attributes and structure of the Identity and Access Management (IAM) policy language. I’ll also include examples that […]

Read More

With New ELB Permissions, Support for IAM in AWS Is Going Strong

The Elastic Load Balancing team announced on May 13, 2014 that they’ve added support for resource-level permissions. Not only can you specify which ELB actions a user can perform, you can specify which resources the user can perform those actions on. For more information about the new ELB permissions, see Controlling Access to Your Load […]

Read More

Generating IAM Policies in Code

If you’ve worked with AWS Identity and Access Management (IAM) policies, you know that they’re expressed as JSON documents. For example, here’s a policy that grants permission to perform some actions in our Amazon Glacier storage service: { “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “glacier:ListVaults”, “glacier:DescribeVault”, “glacier:GetVaultNotifications” ], “Effect”: “Allow”, “Resource”: “*” } ] } […]

Read More