Latest Posts

Programmatic AWS Action List!

It's happened. It's finally here. No, I'm not talking about the next iPhone. I'm talking about programmatic access to the AWS IAM action list! Wait, what do you mean "I'

External ID policy review

Granting 3rd parties access to your AWS resources via roles should always use external ID condition. If a vendor asks you to provision an IAM user with access + secret key in 2023, they're doing it wrong. External IDs

Deny all external principals assume role

This interesting policy question on re:Post about how you can prevent principals outside of an AWS organization from assuming a role in your organization. The asker originally requests an SCP to do this, but SCPs cannot apply to principals

AWS SAM policy templates

A feature I think everyone (including myself!) should use more is AWS Serverless Application Model (SAM) policy templates. This approach is a great example of "syntactic sugar" that characterises the AWS SAM approach. As an example, a frequent