AWS Security Blog

Tag: Tags

Build an end-to-end attribute-based access control strategy with AWS SSO and Okta

This blog post discusses the benefits of using an attribute-based access control (ABAC) strategy and also describes how to use ABAC with AWS Single Sign-On (AWS SSO) when you’re using Okta as an identity provider (IdP). Over the past two years, Amazon Web Services (AWS) has invested heavily in making ABAC available across the majority […]

Read More

How to scale your authorization needs by using attribute-based access control with S3

August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. May 26, 2021: In the section “Secure your tags using an AWS Organizations service control […]

Read More

How to delegate management of identity in AWS Single Sign-On

In this blog post, I show how you can use AWS Single Sign-On (AWS SSO) to delegate administration of user identities. Delegation is the process of providing your teams permissions to manage accounts and identities associated with their teams. You can achieve this by using the existing integration that AWS SSO has with AWS Organizations, […]

Read More

Rely on employee attributes from your corporate directory to create fine-grained permissions in AWS

In my earlier post Simplify granting access to your AWS resources by using tags on AWS IAM users and roles, I explained how to implement attribute-based access control (ABAC) in AWS to simplify permissions management at scale. In that scenario, I talked about relying on attributes on your IAM users and roles for access control […]

Read More

Easily Tag Amazon EC2 Instances and Amazon EBS Volumes on Creation

In 2010, AWS launched resource tagging for Amazon EC2 instances and other EC2 resources. Since that launch, we have raised the allowable number of tags per resource from 10 to 50 and made tags more useful with the introduction of resource groups and Tag Editor. AWS customers use tags to track ownership, drive their cost accounting […]

Read More

In Case You Missed These: AWS Security Blog Posts from June, July, and August

In case you missed any AWS Security Blog posts from June, July, and August, they are summarized and linked to below. The posts are shown in reverse chronological order (most recent first), and the subject matter ranges from a tagging limit increase to recording SSH sessions established through a bastion host. August August 16: Updated […]

Read More

How to Automatically Tag Amazon EC2 Resources in Response to API Events

Note: As of March 28, 2017,  Amazon EC2 supports tagging on creation, enforced tag usage, AWS Identity and Access Management (IAM) resource-level permissions, and enforced volume encryption. See New – Tag EC2 Instances & EBS Volumes on Creation on the AWS Blog for more information. Access to manage Amazon EC2 instances can be controlled using […]

Read More