Search the Community
Showing results for tags 'iam'.
-
You can now use AWS Identity and Access Management (IAM) Roles Anywhere to obtain temporary security credentials for workloads that run outside of AWS that are valid for up to 12 hours. You can use those temporary security credentials to sign and authenticate any AWS request. Previously, the temporary security credentials vended by IAM Roles Anywhere were valid for up to 1 hour. Now, you have the ability to optimize the number of CreateSession requests made to IAM Roles Anywhere by extending the credentials validity for a longer duration to meet your business needs. The duration can range from 15 minutes to 12 hours, with a default value of 1 hour. View the full article
-
Today, AWS Identity and Access Management (IAM) Roles Anywhere released credential helper version 1.1.0 to include support for X.509 certificates and private keys that are stored in Public-Key Cryptography Standards (PKCS) #11 compatible security modules. IAM Roles Anywhere credential helper is a tool that manages the process of signing CreateSession API with the private key associated with an X.509 end-entity certificate and calls the endpoint to obtain temporary AWS credentials. With this release, you can use the credential helper to delegate signing operations to keys stored within PKCS #11 compatible security modules, without those keys ever leaving those stores; which can help improve your security posture. View the full article
-
AWS Single Sign-On (AWS SSO) is now AWS IAM Identity Center. It is where you create, or connect, your workforce users once and centrally manage their access to multiple AWS accounts and applications. You can create user identities directly in IAM Identity Center, or you can connect your existing identity source, including Microsoft Active Directory and standards-based identity providers, such as Okta Universal Directory or Azure AD. You can choose to manage access just to AWS accounts, just to cloud applications, or to both. Your users can utilize their existing credentials for one-click access to their assigned AWS accounts, AWS applications, like Amazon SageMaker Studio, and other standards-based cloud applications, like Salesforce, Box, and Microsoft 365. View the full article
-
AWS Lambda announces support for lambda:SourceFunctionArn. A new IAM condition key that can be used for IAM policy conditions that specify the ARN of the function from which a request is made. Starting today, when a function is invoked, Lambda will automatically add the new lambda:SourceFunctionArn condition key to the request context of all AWS API calls made by function code. You can use the Condition element in your IAM policy to compare the lambda:SourceFunctionArn condition key in the request context with values that you specify in your policy. View the full article
-
We are excited to launch two new features that help enforce access controls with Amazon EMR on EC2 clusters (EMR Clusters). These features are supported with jobs that are submitted to the cluster using the EMR Steps API. First is Runtime Role with EMR Steps. A Runtime Role is an AWS Identity and Access Management (IAM) role that you associate with an EMR Step. An EMR Step uses this role to access AWS resources. The second is integration with AWS Lake Formation to apply table and column-level access controls for Apache Spark and Apache Hive jobs with EMR Steps. View the full article
-
- iam
- lake formation
-
(and 7 more)
Tagged with:
-
AWS Single Sign-On (AWS SSO) now supports AWS Identity and Access Management (IAM) customer managed policies (CMPs) and permission boundary policies within AWS SSO permission sets. The new capability helps AWS SSO customers to improve their security posture by creating larger and finer-grained policies for least privilege access and by tailoring policies to reference the resources of the account to which they are applied. Using CMPs, AWS SSO customers can maintain the consistency of policies, as CMP changes apply automatically to all permission sets and roles that use the CMP. This enables customers to govern their CMPs and permissions boundaries centrally, and allows auditors to find, monitor, and review them. Customers, who have existing CMPs for roles they manage in AWS IAM, can reuse their CMPs without the need to create, review, and approve new in-line policies for permission sets. View the full article
-
Amazon Nimble Studio now supports seamless AWS Identity Access Management (IAM) profile access for studio components, and custom studio components, directly to workstation sessions, available immediately. This allows Nimble Studio admins to set up and control additional properties of their streaming workstations via seamless IAM role permissions, ensuring artists have the right level of access for the tasks they’re working on, without the need to switch profiles. Custom components use PowerShell scripts for Windows, and shell scripts for Linux instances. These configurations can then be added to Nimble Studio Launch Profiles for easy retrieval. With custom configurations, you can add resources to your workstations and run custom scripts on your instance, system, and user initialization with greater flexibility than before with seamless IAM role permissions. View the full article
-
AWS Identity and Access Management (IAM) now enables workloads that run outside of AWS to access AWS resources using IAM Roles Anywhere. IAM Roles Anywhere allows your workloads such as servers, containers, and applications to use X.509 digital certificates to obtain temporary AWS credentials and use the same IAM roles and policies that you have configured for your AWS workloads to access AWS resources. View the full article
-
You can now use AWS Application Migration Service (AWS MGN) for use cases that are subject to System and Organization Controls (SOC) reporting. You can also now install the AWS Application Migration Service agent on your source servers using AWS Identity and Access Management (IAM) temporary security credentials with limited permissions. AWS Application Migration Service allows you to quickly migrate and modernize applications on AWS. View the full article
-
We are pleased to announce that HashiCorp Consul on Amazon Elastic Container Service (ECS) 0.5 is now generally available. This release adds support for authenticating services and clients using AWS Identity and Access Management (IAM) identities. The new release also adds support for mesh gateways, which enable services to communicate across multiple runtimes and clouds and reduces risk for organizations by enforcing consistent end-to-end security for service communication. View the full article
-
You can now use Identity and Access Management (IAM) condition keys to specify which resource types are permitted in the retention rules created for Recycle Bin. With Recycle Bin, you can retain deleted EBS snapshots and EBS-backed AMIs for a period of time so that you can recover them in the event of an accidental deletion. You can enable Recycle Bin for all or a subset of the Snapshots or AMIs in your account by creating one or more retention rule. Each rule also specifies a retention time period. A deleted EBS snapshot or de-registered AMI can be recovered from the Recycle Bin before the expiration of the retention period. View the full article
-
- recycle bin
- ebs
- (and 4 more)
-
AWS Identity and Access Management (IAM) now supports the Web Authentication (WebAuthn) standard for strong and phishing-resistant authentication across all supported browsers. WebAuthn is part of the FIDO2 set of specifications that succeed FIDO U2F API, enabling secure multi-factor authentication with security keys based on public key cryptography. View the full article
-
IAM helps customers with capabilities to analyze access and achieve least privilege. When you are working on new permissions for your teams, you can use IAM Access Analyzer policy generation to create a policy based on your access activity and set fine-grained permissions. To analyze and refine existing permissions, you can use last accessed information to identify unused actions in your IAM policies and reduce access. When we launched action last accessed in 2020, we started with S3 management actions to help you restrict access to your critical business data. Now, IAM is increasing visibility into access history by extending last accessed information to Amazon EC2, AWS IAM, and AWS Lambda actions. This makes it easier for you to analyze access and reduce EC2, IAM, and Lambda permissions by providing the latest timestamp when an IAM user or role used an action. Using last accessed information, you can identify unused actions in your IAM policies and tighten permissions confidently. View the full article
- 2 replies
-
- iam
- amazon ec2
-
(and 1 more)
Tagged with:
-
AWS Systems Manager now supports Amazon Virtual Private Cloud (Amazon VPC) endpoint policies, which allow you to configure access to the Systems Manager API. When you create Amazon VPC endpoints for Systems Manager, you can attach AWS Identity and Access Management (IAM) resource policies that restrict user access to Systems Manager API operations, when these operations are accessed via the Amazon VPC endpoint. For example, you can limit certain users to only be able to list Systems Manager Run Command invocations but not to send any command invocations. You can also restrict specific users’ ability to start a Systems Manager Session Manager session. View the full article
- 1 reply
-
- aws
- systems manager
-
(and 3 more)
Tagged with:
-
This new on-demand digital course provides a deep dive into AWS IAM and best practices for using IAM policies. The advanced course is designed for security professionals with a working knowledge of AWS and it includes five learning modules, video demonstrations, assessments, and three optional self-paced labs. View the full article
-
This new on-demand digital course provides a deep dive into AWS IAM and best practices for using IAM policies. The one-day advanced course is designed for security professionals with a working knowledge of AWS and it includes five learning modules, video demonstrations, assessments, and three optional self-paced labs. View the full article
-
Amazon CloudFront announces that you can now manage public keys used for signed URLs and signed cookies through Amazon Identity and Access Management (IAM) based user permission, without requiring the AWS root account. With the IAM user permissions based public key management, you get more flexibility and API access to manage your public keys. View the full article
-
- aws
- cloudfront
-
(and 1 more)
Tagged with:
-
AWS Identity and Access Management (IAM) Access Analyzer now supports archive rules that allow you to retroactively mark existing findings as intended. Archive rules automatically archive new findings for public and cross-account access that meet the criteria you define. Now, you can apply the rules retroactively to mark existing findings as intended. For example, you can create a rule to archive all findings for a specific S3 bucket that you regularly grant read access to. This lets you focus on remediating findings that help you reduce broad access. View the full article
-
AWS Identity and Access Management (IAM) Access Analyzer makes it easier for customers to author secure and functional permissions by providing over 100 policy checks with actionable recommendations during policy authoring. Now, IAM Access Analyzer extended policy validation by adding new policy checks that validate conditions included in IAM policies. These checks analyze the condition block in your policy statement and report security warnings, errors, and suggestions along with actionable recommendations. These checks help you set fine-grained permissions by guiding you to apply conditions in a secure and functional way. For example, IAM Access Analyzer validates that policies that specify tagging conditions include the required tag information in the condition. View the full article
- 1 reply
-
- iam
- policy management
-
(and 1 more)
Tagged with:
-
AWS Amplify CLI now supports IAM permission boundaries to limit Amplify-generated IAM roles. The AWS Amplify CLI is a command line toolchain that helps frontend developers create app backends in the cloud that include IAM roles controlling access to AWS resources. With IAM permissions boundaries, Amplify-generated IAM roles can perform only the actions that are allowed by both the roles’ policies and permissions boundary. View the full article
-
Forum Statistics
67.4k
Total Topics65.3k
Total Posts