AWS Identity and Access Management (IAM) Access Analyzer is an important tool in your journey towards least privilege access. You can use IAM Access Analyzer access previews to preview and validate public and cross-account access before deploying permissions changes in your environment. For the permissions already in place, one of IAM Access Analyzer’s capabilities is that […]| Amazon Web Services
Describes the Condition element of the IAM JSON policy language.| docs.aws.amazon.com
Lists all of the available actions, resources, and condition context keys that can be used in IAM policies to control access to AWS services.| docs.aws.amazon.com
Lists all of the available service-specific resources, actions, and condition keys that can be used in IAM policies to control access to Amazon S3.| docs.aws.amazon.com
Before you use IAM to manage access to Amazon S3, learn what IAM features are available to use with Amazon S3. Identity-based policies Yes Resource-based policies Yes Policy actions Yes Policy resources Yes Policy condition keys (service-specific)| docs.aws.amazon.com
Learn how to control user access to your Amazon EC2 resources.| docs.aws.amazon.com
Use the IAM policy simulator to test and troubleshoot IAM policies that are attached to users, IAM groups, roles, or resources.| docs.aws.amazon.com
Learn how policies can be used to set the permissions boundary for a user or role.| docs.aws.amazon.com
Describes the Principal element of the AWS JSON policy language.| docs.aws.amazon.com
Describes resource names (friendly names, identifiers, unique IDs, paths, and ARNs) for AWS Identity and Access Management (IAM) resources such as users, IAM groups, roles, policies, and certificates.| docs.aws.amazon.com
Describes each of the AWS global condition keys available to use in IAM policies.| docs.aws.amazon.com
How to deploy and set up a production-suitable lakeFS environment on AWS| lakeFS Documentation
An introduction to Amazon EC2 credentials When you assign an Identity and Access Management (IAM) role to an Amazon Elastic Compute Cloud (EC2) instance, the short-term credentials for the role are made available via a web service known as the Instance Metadata Service (IMDS). The IMDS provides an HTTP endpoint for retrieving instance metadata such as the instance IP address, AWS Region the instance is running in, the Amazon Machine Image used to launch the instance, and the access key, secre...| packetmischief.ca
A colleague of mine recently quiped, "'The perimeter' in AWS is actually defined by Identity and Access Management (IAM)." After some reflection, I think my colleague is spot on.| packetmischief.ca
June 20 2023: The wording in this post has been updated to avoid confusion around the use of wildcards in the principal element of an AWS Identity and Access Management (IAM) trust policy statement. November 3, 2022: We updated this post to fix some syntax errors in the policy statements and to add additional use […]| Amazon Web Services
Following on the heels of my previous post, Five Functional Facts about AWS Identity and Access Management, I wanted to dive into a separate, yet related way of enforcing access policies in AWS: Service Control Policies (SCPs). SCPs and IAM policies look very similar—both being JSON documents with the same sort of syntax—and it would be easy to mistake one for the other. However, they are used in different contexts and for different purposes. In this post, I'll explain the context where S...| packetmischief.ca
This post is part of an open-ended series I'm writing where I take a specific protocol, app, or whatever-I-feel-like and focus on five functional aspects of that thing in order to expose some of how that thing really works. The topic in this post is the AWS Identity and Access Management (IAM) service. The IAM service holds a unique position within AWS: it doesn't get the attention that the machine learning or AI services get, and doesn't come to mind when buzzwords like "serverless" or "cont...| packetmischief.ca
