Why doesn't this policy work with this condition?
iam
A collection of 8 posts
Understanding the AWS zone of trust
Understanding the zone of trust is critical if you want to secure your AWS resources.
AWS IAM Access Analyzer Policy Validation Checks
While I found the recently announced list of checks that IAM Access Analyzer performs on your policies buried deep in the documentation, it wasn't as easy to navigate as I would've liked. Here's the
AWS IAM:PassRole explained
A common point of confusion when getting started with AWS IAM, and when trying to implement "least privileges" on IAM is the message "is not authorized to perform: iam:PassRole on resource". Usually this refers to
Effective Actions for AWS IAM
TL;DR I made Effective IAM Actions [https://bigorange.cloud/actions/], a small tool to expand wildcards "*"in IAM Policy Actions [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html] so that you can
Don't use Tags to Manage Permissions in AWS
The main problem is this: By using tags for authorisation, you have a multitude of completely new - per-service - actions that can be used to compromise your security posture.
Federated CodeCommit Access
CodeCommit access via federated credentials is the way to go. You're not using long-lived Access Keys are you? Bad engineer! Stop that! For better or worse, federated IAM access requires you to use the HTTPS endpoint with a
Using DynamoDb with Serverless
I've been playing a lot with the Serverless framework [https://serverless.com/] since they moved from v0.x to v1 (which is currently in beta). I really like the direction they've taken it, and have been