🤠Y’all will want to check this new feature from Access Analyzer out. Here are my reasons why…(1/8) amzn.to/3vbu5k3
You can now preview public and cross account findings BEFORE you deploy resource permissions. (2/8)
This validates your permissions changes, giving you confidence the change grants only intended access. (3/8)
Best part! You can now verify that your policy changes remediates any existing Access Analyzer findings. (4/8)
You can also verify you don’t introduce any🆕unintended public or cross-account access. (5/8)
🌅This moves permission analysis closer to policy authoring. Helping you catch and remediate unintended access earlier (6/8) 🌄
You can make a bucket policy change, preview access, and then rinse and repeat using the S3 console or APIs. This helps you understand how policy changes impact public and cross account access. (7/8) 🧐
Authoring secure and functional policies just got a lot easier with over 100 policy checks from Access Analyzer. Here is why this launch 🚀is a game changer (1/12)
The checks help you DURING policy authoring either in the IAM console or as part of your policy workflows with the API. (2/12)
There are 4⃣ types of checks including security warnings, errors, general warnings, and suggestions that guide your policy authoring. (3/12)
@AWSIdentity just supercharged🔌attribute-based access control (ABAC) by adding session tags😱. This is a powerful capability and here are all the reasons why (1/9) aws.amazon.com/blogs/aws/new-…
@AWSIdentity Session tags enable you to pass attributes from your IdP to role sessions. This means your identity no longer goes “poof”🌬️when you federate into AWS (2/9)
@AWSIdentity You can use session tags for access control and they act just like principal tags. This means your identity provider becomes the source of truth for access control in AWS (3/9)