All about the AWS Identity & Access Management service
While I found the recently announced list of checks that IAM Access Analyzer performs on your policies buried deep in the documentation, it wasn't as easy to navigate as I would've liked. Here's the full list of the check names, since most of them are pretty self explanatory: Error – ARN account not allowed Error – ARN...
A common point of confusion when getting started with AWS IAM, and when trying to implement "least privileges" on IAM is the message "is not...
TL;DR I made Effective IAM Actions [https://bigorange.cloud/actions/], a small tool to expand wildcards "*"in IAM Policy Actions [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html] so that you can see explicitly what permissions are granted by a policy. It supports multiple statements in each policy, Allow...
The main problem is this: By using tags for authorisation, you have a multitude of completely new - per-service - actions that can be used to compromise your security posture....
CodeCommit access via federated credentials is the way to go. You're not using long-lived Access Keys are you? Bad engineer! Stop that! For better or worse, federated IAM access requires you to use the HTTPS endpoint with a git credential helper. Adding the following to your ~/.gitconfig file (obviously set the region value as appropriate)...
I've been playing a lot with the Serverless framework [https://serverless.com/] since they moved from v0.x to v1 (which is currently in beta). I really like the direction they've taken it, and have been using it for my own projects. One of the first things I wanted to do was hook my functions...