AWS Security Blog
Tag: Access management
Now Use AWS IAM to Delete a Service-Linked Role When You No Longer Require an AWS Service to Perform Actions on Your Behalf
Earlier this year, AWS Identity and Access Management (IAM) introduced service-linked roles, which provide you an easy and secure way to delegate permissions to AWS services. Each service-linked role delegates permissions to an AWS service, which is called its linked service. Service-linked roles help with monitoring and auditing requirements by providing a transparent way to […]
Reset Your AWS Root Account’s Lost MFA Device Faster by Using the AWS Management Console
March 12, 2024: We updated step 7 of this post. August 8, 2022: We made minor updates to some of the steps and images for resetting a lost MFA device. To help secure your AWS resources, AWS recommends that you follow the AWS Identity and Access Management (IAM) best practice of enabling multi-factor authentication (MFA) […]
Introducing an Easier Way to Delegate Permissions to AWS Services: Service-Linked Roles
Some AWS services create and manage AWS resources on your behalf. To do this, these services require you to delegate permissions to them by using AWS Identity and Access Management (IAM) roles. Today, AWS IAM introduces service-linked roles, which give you an easier and more secure way to delegate permissions to AWS services. To start, […]
How to Enable MFA Protection on Your AWS API Calls
Multi-factor authentication (MFA) provides an additional layer of security for sensitive API calls, such as terminating Amazon EC2 instances or deleting important objects stored in an Amazon S3 bucket. In some cases, you may want to require users to authenticate with an MFA code before performing specific API requests, and by using AWS Identity and […]
IAM Service Last Accessed Data Now Available for the Asia Pacific (Mumbai) Region
In December, AWS Identity and Access Management (IAM) released service last accessed data, which helps you identify overly permissive policies attached to an IAM entity (a user, group, or role). Today, we have extended service last accessed data to support the recently launched Asia Pacific (Mumbai) Region. With this release, you can now view the […]
AWS IAM Service Last Accessed Data Now Available for South America (Sao Paulo) and Asia Pacific (Seoul) Regions
In December, AWS Identity and Access Management (IAM) released service last accessed data, which helps you identify overly permissive policies attached to an IAM entity (a user, group, or role). Today, we have extended service last accessed data to support two additional regions: South America (Sao Paulo) and Asia Pacific (Seoul). With this release, you […]
The IAM Console Now Helps Prevent You from Accidentally Deleting In-Use Resources
Deleting unused resources can help to improve the security of your AWS account and make your account easier to manage. However, if you have ever been unsure of whether an AWS Identity and Access Management (IAM) user or role was being used actively, you probably erred on the side of caution and kept it. Starting […]
Another Way to Remove Unnecessary Permissions in Your IAM Policies by Using Service Last Accessed Data
In my previous post, I introduced service last accessed data, a new feature of the AWS Identity and Access Management (IAM) console that helps you define policies that adhere better to the principle of least privilege. As part of that post, I walked through a sample use case demonstrating how you can use service last […]
Remove Unnecessary Permissions in Your IAM Policies by Using Service Last Accessed Data
As a security best practice, AWS recommends writing AWS Identity and Access Management (IAM) policies that adhere to the principle of least privilege, which means granting only the permissions required to perform a specific task. However, verifying which permissions an application or user actually needs can be a challenge. To help you determine which permissions […]