Advertisement · 728 × 90
#
Hashtag
#awsiam
Advertisement · 728 × 90
AWS News Feed on 🦋
AWS News Feed on 🦋
@awsrecentnews.bsky.social
2 weeks ago
Preview
IAM Roles Anywhere now supports post-quantum digital certificates AWS Identity and Access Management (IAM) Roles Anywhere now supports the FIPS 204 Module-Lattice Digital Signature Standard (ML-DSA), a quantum-resistant digital signature algorithm standardized by the National Institute of Standards and Technology (NIST) to help protect against threat actors in possession of a large-scale quantum computer. ML-DSA is particularly valuable for IAM Roles Anywhere customers who authenticate workloads to AWS using X.509 certificates issued by certificate authorities, where a weakened signature algorithm could allow an unintended user to issue certificates and obtain unauthorized access. IAM Roles Anywhere enables workloads running outside of AWS to obtain temporary AWS credentials using X.509 certificates to access AWS resources. You establish trust between your AWS environment and your public key infrastructure (PKI) by creating a trust anchor, either by referencing your AWS Private Certificate Authority or registering your own certificate authorities (CAs) with IAM Roles Anywhere. You can now use ML-DSA-signed CA certificates as IAM Roles Anywhere trust anchors, and issue end entity certificates bound to ML-DSA keys. This feature is available in all AWS Regions where IAM Roles Anywhere is available, including the AWS GovCloud (US) Regions, AWS European Sovereign Cloud (Germany) Region, and China Regions. To learn more, see the IAM Roles Anywhere User Guide.

🆕 AWS IAM Roles Anywhere now supports post-quantum ML-DSA certificates for quantum-resistant signatures, letting workloads get temporary AWS credentials via X.509, boosting security against quantum threats. Available globally.

#AWS #AwsIdentityAndAccessManagement #AwsIam

0 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
2 weeks ago
IAM Roles Anywhere now supports post-quantum digital certificates https://aws.amazon.com/iam/roles-anywhere/ now supports the https://csrc.nist.gov/pubs/fips/204/final, a quantum-resistant digital signature algorithm standardized by the National Institute of Standards and Technology (NIST) to help protect against threat actors in possession of a large-scale quantum computer. ML-DSA is particularly valuable for IAM Roles Anywhere customers who authenticate workloads to AWS using X.509 certificates issued by certificate authorities, where a weakened signature algorithm could allow an unintended user to issue certificates and obtain unauthorized access. IAM Roles Anywhere enables workloads running outside of AWS to obtain temporary AWS credentials using X.509 certificates to access AWS resources. You establish trust between your AWS environment and your public key infrastructure (PKI) by creating a trust anchor, either by referencing your https://aws.amazon.com/private-ca/ or registering your own certificate authorities (CAs) with IAM Roles Anywhere. You can now use ML-DSA-signed CA certificates as IAM Roles Anywhere trust anchors, and issue end entity certificates bound to ML-DSA keys. This feature is available in all https://docs.aws.amazon.com/general/latest/gr/rolesanywhere.html where IAM Roles Anywhere is available, including the AWS GovCloud (US) Regions, AWS European Sovereign Cloud (Germany) Region, and China Regions. To learn more, see the https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-sign-process.html.

IAM Roles Anywhere now supports post-quantum digital certificates

https://aws.amazon.com/iam/roles-anywhere/ now supports the https://csrc.nist.gov/pubs/fips/204/final a quantum-resistant digital signature algorithm standardized by the National In...

#AWS #AwsIdentityAndAccessManagement #AwsIam

0 0 0 0
AWS News Feed on 🦋
AWS News Feed on 🦋
@awsrecentnews.bsky.social
3 weeks ago
Preview
AWS simplifies IAM role creation and setup in service workflows AWS Identity and Access Management (IAM) now makes it easier to create and configure IAM roles directly within service workflows, allowing you to customize role permissions without switching between browser tabs. Now, when you are performing console tasks that involve role configuration, a new panel will appear to set the permissions required. IAM roles enable secure AWS cross-service connections using temporary credentials, eliminating the need for hardcoded access keys. This launch integrates role creation capabilities with custom permissions directly into service workflows, allowing you to configure roles and permissions without navigating to the IAM console. You can use default policies or the simplified statement builder to customize your permissions, streamlining your resource setup while maintaining the full functionality of IAM role management. This feature is available when working with Amazon EC2, AWS Lambda, Amazon EKS, Amazon ECS, AWS Glue, AWS CloudFormation, AWS Database Migration Service, AWS Systems Manager, AWS Secrets Manager, Amazon Relational Database Service, and AWS IoT Core in the US East (N. Virginia) Region. The feature will gradually become available across additional AWS services and regions. To learn more, refer to individual service User Guide or IAM documentation.

🆕 AWS now lets you create and configure IAM roles directly within service workflows, simplifying role setup and permissions customization without switching tabs. Available in US East (N. Virginia) for several services, this feature will roll out globally.

#AWS #AwsIam

0 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
3 weeks ago
AWS simplifies IAM role creation and setup in service workflows https://aws.amazon.com/iam/ now makes it easier to create and configure IAM roles directly within service workflows, allowing you to customize role permissions without switching between browser tabs. Now, when you are performing console tasks that involve role configuration, a new panel will appear to set the permissions required. IAM roles enable secure AWS cross-service connections using temporary credentials, eliminating the need for hardcoded access keys. This launch integrates role creation capabilities with custom permissions directly into service workflows, allowing you to configure roles and permissions without navigating to the IAM console. You can use default policies or the simplified statement builder to customize your permissions, streamlining your resource setup while maintaining the full functionality of IAM role management. This feature is available when working with Amazon EC2, AWS Lambda, Amazon EKS, Amazon ECS, AWS Glue, AWS CloudFormation, AWS Database Migration Service, AWS Systems Manager, AWS Secrets Manager, Amazon Relational Database Service, and AWS IoT Core in the US East (N. Virginia) Region. The feature will gradually become available across additional AWS services and regions. To learn more, refer to individual service User Guide or https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html.

AWS simplifies IAM role creation and setup in service workflows

https://aws.amazon.com/iam/ now makes it easier to create and configure IAM roles directly within service workflows, allowing you to customize role permissions without switching between browser tabs. Now, when you ar...

#AWS #AwsIam

0 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
1 month ago
AWS STS now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and OCI AWS Security Token Service (STS) now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and Oracle Cloud Infrastructure in IAM role trust policies and resource control policies for OpenID Connect (OIDC) federation into AWS via the AssumeRoleWithWebIdentity API. With this new capability, you can reference these custom claims as condition keys in IAM role trust policies and resource control policies, expanding your ability to implement fine-grained access control for federated identities and help you establish your data perimeters. This enhancement builds upon IAM's existing OIDC federation capabilities, which allow you to grant temporary AWS credentials to users authenticated through external OIDC-compatible identity providers.

AWS STS now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and OCI

AWS Security Token Service (STS) now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and Oracle Cloud Infrastructure in ...

#AWS #AwsIam

0 0 0 0
AWS News Feed on 🦋
AWS News Feed on 🦋
@awsrecentnews.bsky.social
1 month ago
Preview
AWS STS now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and OCI AWS Security Token Service (STS) now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and Oracle Cloud Infrastructure in IAM role trust policies and resource control policies for OpenID Connect (OIDC) federation into AWS via the AssumeRoleWithWebIdentity API. With this new capability, you can reference these custom claims as condition keys in IAM role trust policies and resource control policies, expanding your ability to implement fine-grained access control for federated identities and help you establish your data perimeters. This enhancement builds upon IAM's existing OIDC federation capabilities, which allow you to grant temporary AWS credentials to users authenticated through external OIDC-compatible identity providers.

🆕 AWS STS now supports validating specific claims from Google, GitHub, CircleCI, and OCI for fine-grained access control in IAM role trust policies via AssumeRoleWithWebIdentity API, enhancing OpenID Connect federation capabilities.

#AWS #AwsIam

0 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
2 months ago
AWS introduces additional policy details to access denied error messages AWS now includes the https://aws.amazon.com/iam/ and https://docs.aws.amazon.com/organizations/ policy’s Amazon Resource Name (ARN) in access denied error messages in same account and same organization scenarios. This allows you to quickly identify the exact policy responsible for the denied access and take action to troubleshoot the issue. Before this launch, customers had to identify the root cause of access denied errors based only on the policy type in the  error message. This launch expedites troubleshooting when you have multiple policies of the same type, as you can  directly see which policy to address for explicit deny cases. The error message now includes the policy ARN for Service Control Policies (SCP), Resource Control Policies (RCP), identity-based policies, session policies, and permission boundaries. This additional context will gradually become available across AWS services in all AWS regions. To learn more, refer to https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html.

AWS introduces additional policy details to access denied error messages

AWS now includes the https://aws.amazon.com/iam/ and https://docs.aws.amazon.com/organizations/ policy’s Amazon Resource Name (ARN) in access denied error messages in same account and ...

#AWS #AwsIam #AwsOrganizations

0 0 0 0
AWS News Feed on 🦋
AWS News Feed on 🦋
@awsrecentnews.bsky.social
2 months ago
Preview
AWS introduces additional policy details to access denied error messages AWS now includes the AWS Identity and Access Management (IAM) and AWS Organizations policy’s Amazon Resource Name (ARN) in access denied error messages in same account and same organization scenarios. This allows you to quickly identify the exact policy responsible for the denied access and take action to troubleshoot the issue. Before this launch, customers had to identify the root cause of access denied errors based only on the policy type in the  error message. This launch expedites troubleshooting when you have multiple policies of the same type, as you can  directly see which policy to address for explicit deny cases. The error message now includes the policy ARN for Service Control Policies (SCP), Resource Control Policies (RCP), identity-based policies, session policies, and permission boundaries. This additional context will gradually become available across AWS services in all AWS regions. To learn more, refer to IAM documentation.

🆕 AWS now lists IAM and Organizations policy ARNs in access denied messages to quickly identify and troubleshoot policy denials, especially with multiple similar policies. This update rolls out globally across AWS services. For more, check IAM documentation.

#AWS #AwsIam #AwsOrganizations

0 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
3 months ago
AWS announces IAM Policy Autopilot to help builders generate IAM policies from code AWS Identity and Access Management (IAM) announces IAM Policy Autopilot, an open source Model Context Protocol (MCP) server and command-line tool that helps your AI coding assistants quickly create baseline IAM policies that you can refine as your application evolves, so you can build faster. IAM Policy Autopilot analyzes your application code locally to create identity-based policies to control access for application roles, reducing the time you spend on writing IAM policies and troubleshooting access issues. IAM Policy Autopilot integrates with AI coding assistants like Kiro, Claude Code, and Cursor, and supports Python, TypeScript, and Go applications. It stays up to date with the latest AWS services and features so that builders and coding assistants have access to the latest AWS IAM permissions knowledge. IAM Policy Autopilot is available at no additional cost and can be used from your own machine. To start using IAM Policy Autopilot, visit the GitHub repository and follow the setup instructions for MCP server. You can also learn more about IAM Policy Autopilot by visiting AWS News Blog. 

AWS announces IAM Policy Autopilot to help builders generate IAM policies from code

AWS Identity and Access Management (IAM) announces IAM Policy Autopilot, an open source Model Context Protocol (MCP) server and command-line tool that helps your AI coding assistants quickly creat...

#AWS #AwsIam

0 0 0 0
Mark Jack
Mark Jack
@markjackmilian.bsky.social
4 months ago

Create seamless infrastructure with Terraform by importing AWS IAM roles efficiently. Enhance automation and manage IAM resources effortlessly. Dive into best practices for a smoother deployment! #Terraform #AWSIAM

0 0 0 0
Elizabeth Fuentes L
Elizabeth Fuentes L
@elizabethfue12.bsky.social
4 months ago
Preview
Simplify access to external services using AWS IAM Outbound Identity Federation | Amazon Web Services AWS IAM now enables outbound identity federation, allowing developers to securely authenticate AWS workloads with external services using short-lived JSON Web Tokens instead of storing long-term credentials...

📰🚨 Simplify access to external services using AWS IAM Outbound Identity Federation

#AWSIAM #CloudSecurity #JWT #IdentityFederation #DevOps

1 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
4 months ago
AWS IAM enables identity federation to external services using JSON Web Tokens (JWTs) AWS Identity and Access Management (IAM) announces outbound identity federation, enabling customers to securely federate their AWS identities to external services using short-lived JSON Web Tokens (JWTs). This allows customers to securely authenticate their AWS workloads with third-party cloud providers, SaaS providers, and self-hosted applications without using long-term credentials or implementing complex workarounds. Customers can now exchange their AWS IAM credentials for cryptographically signed, short-lived JSON Web Tokens (JWTs), providing a simple and secure mechanism for AWS workloads to access external services. These tokens contain rich context about the AWS workloads, enabling external services to implement fine-grained access control. Administrators can control access to token generation and enforce token properties (such as lifetime, audience and signing algorithms) using IAM policies and audit token usage using CloudTrail logs, allowing them to meet their organization’s security and compliance requirements. This capability is available in all AWS commercial Regions, AWS GovCloud (US) Regions, and China Regions. To get started, visit the list of resources below: Read the https://aws.amazon.com/blogs/aws/simplify-access-to-external-services-using-aws-iam-outbound-identity-federation Visit https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_outbound.html

AWS IAM enables identity federation to external services using JSON Web Tokens (JWTs)

AWS Identity and Access Management (IAM) announces outbound identity federation, enabling customers to securely federate their AWS identities to external services using short-lived JSON Web Toke...

#AWS #AwsIam

1 0 0 0
AWS News Feed on 🦋
AWS News Feed on 🦋
@awsrecentnews.bsky.social
4 months ago
Preview
AWS IAM enables identity federation to external services using JSON Web Tokens (JWTs) AWS Identity and Access Management (IAM) announces outbound identity federation, enabling customers to securely federate their AWS identities to external services using short-lived JSON Web Tokens (JWTs). This allows customers to securely authenticate their AWS workloads with third-party cloud providers, SaaS providers, and self-hosted applications without using long-term credentials or implementing complex workarounds. Customers can now exchange their AWS IAM credentials for cryptographically signed, short-lived JSON Web Tokens (JWTs), providing a simple and secure mechanism for AWS workloads to access external services. These tokens contain rich context about the AWS workloads, enabling external services to implement fine-grained access control. Administrators can control access to token generation and enforce token properties (such as lifetime, audience and signing algorithms) using IAM policies and audit token usage using CloudTrail logs, allowing them to meet their organization’s security and compliance requirements. This capability is available in all AWS commercial Regions, AWS GovCloud (US) Regions, and China Regions. To get started, visit the list of resources below: Read the AWS News Blog Post Visit IAM Documentation

🆕 AWS IAM now supports outbound identity federation via JWTs, enabling secure access to external services for AWS workloads without long-term credentials. Available in all regions, it uses cryptographically signed tokens for fine-grained access control.

#AWS #AwsIam

0 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
4 months ago
AWS IAM launches aws:SourceVpcArn condition key for region-based access control AWS Identity and Access Management (IAM) now supports a new global condition key, aws:SourceVpcArn, that enables customers to enforce region-based access controls for resources accessed through https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html. This condition key returns the ARN of the VPC where the VPC endpoint is attached, allowing customers to verify whether requests travel through a specific VPC and implement controls on private access to their resources in same-region or cross-region scenarios. Customers can use aws:SourceVpcArn in policies to ensure resources are only accessible from VPC endpoints in specific regions, helping enforce data residency requirements. For example, you can attach a policy to an Amazon S3 bucket that restricts access to requests made through VPC endpoints in designated regions only. The aws:SourceVpcArn condition key is available in all commercial AWS Regions. For a complete list of supported AWS services and to learn more, please refer to the https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-network-properties

AWS IAM launches aws:SourceVpcArn condition key for region-based access control

AWS Identity and Access Management (IAM) now supports a new global condition key, aws:SourceVpcArn, that enables customers to enforce region-based access controls for resources accessed through https:...

#AWS #AwsIam

1 0 0 0
AWS News Feed on 🦋
AWS News Feed on 🦋
@awsrecentnews.bsky.social
4 months ago
Preview
AWS IAM launches aws:SourceVpcArn condition key for region-based access control AWS Identity and Access Management (IAM) now supports a new global condition key, aws:SourceVpcArn, that enables customers to enforce region-based access controls for resources accessed through AWS PrivateLink. This condition key returns the ARN of the VPC where the VPC endpoint is attached, allowing customers to verify whether requests travel through a specific VPC and implement controls on private access to their resources in same-region or cross-region scenarios. Customers can use aws:SourceVpcArn in policies to ensure resources are only accessible from VPC endpoints in specific regions, helping enforce data residency requirements. For example, you can attach a policy to an Amazon S3 bucket that restricts access to requests made through VPC endpoints in designated regions only. The aws:SourceVpcArn condition key is available in all commercial AWS Regions. For a complete list of supported AWS services and to learn more, please refer to the IAM User Guide.

🆕 AWS IAM introduces aws:SourceVpcArn for region-based access control via AWS PrivateLink, enabling customers to enforce data residency by restricting resource access to specific VPC endpoints in designated regions. Available in all commercial AWS Regions.

#AWS #AwsIam

1 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
4 months ago
Streamline integration with Amazon and AWS Partner products using AWS IAM temporary delegation AWS Identity and Access Management (IAM) is launching temporary delegation, a new capability that helps you accelerate onboarding and simplify management for products from Amazon and AWS Partners that integrate with your AWS accounts. With today’s launch, you can safely delegate limited, temporary access to these product providers to perform initial deployments, ad-hoc maintenance, or feature upgrades on your behalf. This approach provides a more secure and streamlined experience by eliminating the need for you to create persistent IAM roles for such tasks, or perform them manually. It reduces your setup time and lowers your operational burden, while giving you complete control and auditability over delegated access and actions. This feature is available in all AWS commercial Regions. Amazon products and AWS Partners such as Amazon Leo (coming soon), Archera, Aviatrix, CrowdStrike (coming soon), Databricks, HashiCorp, Qumulo, Rapid7, and SentinelOne are already implementing AWS IAM temporary delegation. To get started, Customers: See the https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-temporary-delegation.html or https://aws.amazon.com/blogs/apn/streamline-customer-onboarding-and-accelerate-time-to-value-with-aws-iam-temporary-delegation/ AWS Partners: Refer to the https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-temporary-delegation-partner-guide.html for onboarding details

Streamline integration with Amazon and AWS Partner products using AWS IAM temporary delegation

AWS Identity and Access Management (IAM) is launching temporary delegation, a new capability that helps you accelerate onboarding and simplify management for products from Amazon and AW...

#AWS #AwsIam

1 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
4 months ago
AWS Service Reference Information now supports SDK Operation to Action mapping AWS is expanding service reference information to include which operations are supported by AWS services and which IAM permissions are needed to call a given operation. This will help you answer questions such as “I want to call a specific AWS service operation, which IAM permissions do I need?” You can automate the retrieval of service reference information, eliminating manual effort and ensuring your policies align with the latest service updates. You can also incorporate this service reference information directly into your policy management tools and processes for a seamless integration. This feature is offered at no additional cost. To get started, refer to the documentation on https://docs.aws.amazon.com/service-authorization/latest/reference/service-reference.html.

AWS Service Reference Information now supports SDK Operation to Action mapping

AWS is expanding service reference information to include which operations are supported by AWS services and which IAM permissions are needed to call a given operation. ...

#AWS #AwsIam #AwsIdentityAndAccessManagement

1 0 0 0
AWS News Feed on 🦋
AWS News Feed on 🦋
@awsrecentnews.bsky.social
4 months ago
Preview
AWS Service Reference Information now supports SDK Operation to Action mapping AWS is expanding service reference information to include which operations are supported by AWS services and which IAM permissions are needed to call a given operation. This will help you answer questions such as “I want to call a specific AWS service operation, which IAM permissions do I need?” You can automate the retrieval of service reference information, eliminating manual effort and ensuring your policies align with the latest service updates. You can also incorporate this service reference information directly into your policy management tools and processes for a seamless integration. This feature is offered at no additional cost. To get started, refer to the documentation on programmatic service reference information.

🆕 AWS offers SDK operation mapping in service reference info to help determine IAM permissions. Automate policy updates and integrate seamlessly at no extra cost. See the programmatic service reference for details.

#AWS #AwsIam #AwsIdentityAndAccessManagement

1 0 0 0
C.Ellyson-tech career blueprint
C.Ellyson-tech career blueprint
@techwithellyson.bsky.social
6 months ago

Securing serverless? AWS Lambda uses IAM execution roles to grant precise permissions—e.g., only s3:GetObject, not s3:*. Audit with IAM Access Analyzer to catch over-permissions. New in 2025: Code signing now in GovCloud for extra trust! #CloudSecurity #AWSIAM #AWSServerless

0 0 0 0
Karen Haberkorn
Karen Haberkorn
@khaberkorn.bsky.social
6 months ago
Preview
Unlock new possibilities: AWS Organizations service control policy now supports full IAM language | Amazon Web Services Amazon Web Service (AWS) recently announced that AWS Organizations now offers full AWS Identity and Access Management (IAM) policy language support for service control policies (SCPs). With this featu...

Friday treat for fans of #AWSIAM : you can now author service control policies with all IAM language constructs, eliminating previous sharp edges such as only being able to use NotAction in Deny statements: aws.amazon.com/blogs/securi...

1 0 1 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
7 months ago
AWS IAM launches new VPC endpoint condition keys for network perimeter controls AWS Identity and Access Management (IAM) now offers three new global condition keys that will make it easier for you to establish a network perimeter. The new condition keys - aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID - help you ensure that requests to your AWS resources or by your identities are made through your VPC endpoints. The condition keys provide you with varied levels of granularity, enabling you to implement your network perimeter controls at an account, organization path, and entire organization level. The controls automatically scale with your VPC usage, eliminating the need to enumerate VPC endpoints or update policies as you add or remove them. You can use these condition keys with both new and existing service control policies (SCPs), resource control policies (RCPs), resource-based policies, and identity-based policies. The condition keys are supported for a https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html and are available in all commercial AWS Regions where those services support AWS PrivateLink. To learn more about these new condition keys and supported services, please visit the https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html and https://aws.amazon.com/blogs/security/use-scalable-controls-to-help-prevent-access-from-unexpected-networks/

AWS IAM launches new VPC endpoint condition keys for network perimeter controls

AWS Identity and Access Management (IAM) now offers three new global condition keys that will make it easier for you to establish a network perimeter. The new condition keys - aws:VpceAccount, aws:Vpc...

#AWS #AwsIam

1 0 0 0
AWS News Feed on 🦋
AWS News Feed on 🦋
@awsrecentnews.bsky.social
7 months ago
Preview
AWS IAM launches new VPC endpoint condition keys for network perimeter controls AWS Identity and Access Management (IAM) now offers three new global condition keys that will make it easier for you to establish a network perimeter. The new condition keys - aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID - help you ensure that requests to your AWS resources or by your identities are made through your VPC endpoints. The condition keys provide you with varied levels of granularity, enabling you to implement your network perimeter controls at an account, organization path, and entire organization level. The controls automatically scale with your VPC usage, eliminating the need to enumerate VPC endpoints or update policies as you add or remove them. You can use these condition keys with both new and existing service control policies (SCPs), resource control policies (RCPs), resource-based policies, and identity-based policies. The condition keys are supported for a select set of AWS services and are available in all commercial AWS Regions where those services support AWS PrivateLink. To learn more about these new condition keys and supported services, please visit the AWS IAM documentation and AWS blog.

🆕 AWS IAM introduces new VPC endpoint condition keys for network perimeter controls, enabling granular access management at account, organization path, and organization levels, scaling automatically with VPC usage. Supported in all commercial regions for select services.

#AWS #AwsIam

1 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
9 months ago
AWS Service Reference Information now supports annotations for service actions AWS is expanding service reference information to include annotations for service actions, starting with action properties. Action properties provide context to indicate what an action is capable of, such as write or list capabilities, when you use it in a policy. Service reference information streamlines automation of policy management workflows, helping you retrieve available actions across AWS services from machine-readable files. Whether you are a security administrator establishing guardrails for workloads or a developer ensuring appropriate access to applications, you can now more easily identify the scope for each AWS service. You can automate the retrieval of service reference information, eliminating manual effort and ensuring your policies align with the latest service updates. You can also incorporate this service reference directly into your policy management tools and processes for a seamless integration. This feature is offered at no additional cost. To get started, refer to the documentation on https://docs.aws.amazon.com/service-authorization/latest/reference/service-reference.html.  

AWS Service Reference Information now supports annotations for service actions

AWS is expanding service reference information to include annotations for service actions, starting with action properties. Action properties provide context to indicate what an action is capable of, s...

#AWS #AwsIam

1 0 0 0
AWS News Feed on 🦋
AWS News Feed on 🦋
@awsrecentnews.bsky.social
9 months ago
Preview
AWS Service Reference Information now supports annotations for service actions AWS is expanding service reference information to include annotations for service actions, starting with action properties. Action properties provide context to indicate what an action is capable of, such as write or list capabilities, when you use it in a policy. Service reference information streamlines automation of policy management workflows, helping you retrieve available actions across AWS services from machine-readable files. Whether you are a security administrator establishing guardrails for workloads or a developer ensuring appropriate access to applications, you can now more easily identify the scope for each AWS service. You can automate the retrieval of service reference information, eliminating manual effort and ensuring your policies align with the latest service updates. You can also incorporate this service reference directly into your policy management tools and processes for a seamless integration. This feature is offered at no additional cost. To get started, refer to the documentation on programmatic service reference information.

🆕 AWS adds annotations for service actions in reference info, aiding policy management. Action properties clarify capabilities, streamlining automation and integration into tools. No extra cost; start with documentation for programmatic service reference.

#AWS #AwsIam

1 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
9 months ago
AWS expands resource control policies (RCPs) support to two additional services AWS is expanding resource control policies (RCPs) support to include two additional services: Amazon Elastic Container Registry and Amazon OpenSearch Serverless. This expansion enhances your ability to centrally establish a https://aws.amazon.com/identity/data-perimeters-on-aws/ across a wider range of AWS resources in your organization. RCPs are available in all AWS commercial Regions and AWS GovCloud (US) Regions. To learn more about RCPs and view the full list of supported AWS services, visit the https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps.html in the AWS Organizations User Guide.  

AWS expands resource control policies (RCPs) support to two additional services

AWS is expanding resource control policies (RCPs) support to include two additional services: Amazon Elastic Container Registry and Amazon OpenSearch Serverless. This expansion enhances...

#AWS #AwsIam #AwsGovcloudUs

0 0 0 0
AWS News Feed on 🦋
AWS News Feed on 🦋
@awsrecentnews.bsky.social
9 months ago
Preview
AWS expands resource control policies (RCPs) support to two additional services AWS is expanding resource control policies (RCPs) support to include two additional services: Amazon Elastic Container Registry and Amazon OpenSearch Serverless. This expansion enhances your ability to centrally establish a data perimeter across a wider range of AWS resources in your organization. RCPs are available in all AWS commercial Regions and AWS GovCloud (US) Regions. To learn more about RCPs and view the full list of supported AWS services, visit the Resource control policies (RCPs) documentation in the AWS Organizations User Guide.

🆕 AWS adds RCPs support for Amazon ECR and OpenSearch Serverless, expanding centralized data perimeter control across more services. Available in all commercial and GovCloud regions. For details, see the RCPs documentation.

#AWS #AwsIam #AwsGovcloudUs

0 0 0 0
Elizabeth Fuentes L
Elizabeth Fuentes L
@elizabethfue12.bsky.social
9 months ago
Preview
Verify internal access to critical AWS resources with new IAM Access Analyzer capabilities | Amazon Web Services A new capability in IAM Access Analyzer helps security teams verify which principals within their AWS organization have access to critical resources like S3 buckets, DynamoDB tables, and RDS snapshots...

📰🚨Verify internal access to critical AWS resources with new IAM Access Analyzer capabilities by Micah Walter

#AWSIAM #AccessAnalyzer #CloudSecurity #DataProtection #Compliance

0 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
9 months ago
AWS IAM now enforces MFA for root users across all account types Today AWS Identity and Access Management (IAM) announced comprehensive multi-factor authentication (MFA) requirements for root users across all account types, with the expansion to member accounts. The new MFA enforcement marks a significant milestone in our ongoing commitment of secure by design principles, setting a high bar for our customers' default security posture and building upon our previous security enhancements. Our security journey began with requiring MFA for AWS Organizations management account root users in May 2024, followed by expanding MFA requirements to standalone account root users in June 2024, and introducing centralized root access management for AWS Organizations in November 2024. IAM helps you securely manage identities and control access to AWS services and resources. MFA is a security best practice in IAM that requires a second authentication factor in addition to the user name and password sign-in credentials. MFA is available at no additional cost and prevents over 99% of password-related attacks. You can use a range of supported IAM MFA methods, including FIDO-certified security keys to harden access to your AWS accounts. AWS supports FIDO2 passkeys for a user-friendly MFA implementation and allows customers to register up to 8 MFA devices per root and IAM user. For AWS Organizations customers, we recommend centralizing access account management through the management account and removing root user credentials from member accounts, which represents an even stronger security posture. To learn more: https://docs.aws.amazon.com/IAM/latest/UserGuide/enable-mfa-for-root.html https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management

AWS IAM now enforces MFA for root users across all account types

Today AWS Identity and Access Management (IAM) announced comprehensive multi-factor authentication (MFA) requirements for root users across all account types, with the expansion to member accounts. The new MFA enfor...

#AWS #AwsIam

0 0 0 0
AWS News Feed on 🦋
AWS News Feed on 🦋
@awsrecentnews.bsky.social
9 months ago
Preview
AWS IAM now enforces MFA for root users across all account types Today AWS Identity and Access Management (IAM) announced comprehensive multi-factor authentication (MFA) requirements for root users across all account types, with the expansion to member accounts. The new MFA enforcement marks a significant milestone in our ongoing commitment of secure by design principles, setting a high bar for our customers' default security posture and building upon our previous security enhancements. Our security journey began with requiring MFA for AWS Organizations management account root users in May 2024, followed by expanding MFA requirements to standalone account root users in June 2024, and introducing centralized root access management for AWS Organizations in November 2024. IAM helps you securely manage identities and control access to AWS services and resources. MFA is a security best practice in IAM that requires a second authentication factor in addition to the user name and password sign-in credentials. MFA is available at no additional cost and prevents over 99% of password-related attacks. You can use a range of supported IAM MFA methods, including FIDO-certified security keys to harden access to your AWS accounts. AWS supports FIDO2 passkeys for a user-friendly MFA implementation and allows customers to register up to 8 MFA devices per root and IAM user. For AWS Organizations customers, we recommend centralizing access account management through the management account and removing root user credentials from member accounts, which represents an even stronger security posture. To learn more: Root user MFA guide Centrailzed root access

🆕 AWS IAM enforces MFA for root users, adding a second authentication factor at no cost, significantly boosting security and aligning with AWS's secure by design approach, following previous MFA requirements for management accounts.

#AWS #AwsIam

0 0 0 0
AWS News(Unofficial)
AWS News(Unofficial)
@awsnews.bsky.social
9 months ago
Amazon EKS Pod Identity simplifies the experience for cross-account access https://aws.amazon.com/blogs/containers/amazon-eks-pod-identity-a-new-way-for-applications-on-eks-to-obtain-iam-credentials/ now provides a simplified experience for configuring application permissions to access AWS resources in separate accounts. With enhancements to EKS Pod Identity APIs, you can now seamlessly configure access to resources across AWS accounts by providing the resource account’s IAM details during the creation of the Pod Identity association. Your applications running in the EKS cluster automatically receive the required AWS credentials during runtime without requiring any code changes. EKS Pod Identity enables applications in your EKS cluster to access AWS resources across accounts through a process called https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html. When creating a Pod Identity association, you can provide two IAM roles — an https://docs.aws.amazon.com/eks/latest/userguide/pod-id-role.html in the same account as your EKS cluster and a target IAM role from the account containing your AWS resources (like S3 buckets or DynamoDB tables). When your application pod needs to access AWS resources, it requests credentials from the EKS Pod Identity, which automatically assumes the roles through IAM role chaining to provide your pod with the necessary cross-account temporary credentials. This feature is available in all AWS Regions where Amazon EKS is available. To learn more, see https://docs.aws.amazon.com/eks/latest/userguide/assign-target-role.html.

Amazon EKS Pod Identity simplifies the experience for cross-account access

aws.amazon.com/blogs/containers/amazon-... now provides a simplified experience for configuring a...

#AWS #AwsGovcloudUs #AmazonEks #AwsIam

1 0 0 0