Don’t you love it when you delegate a task⁉️Well...having IAM Access Analyzer generate your policies just got better with action-level permissions for over 1⃣4⃣0⃣ services. Waa BAM! 🥳 (1/8) 🧵go.aws/3T6VNJI This is how policy generation works 🛠️🗜️ You ask Access Analyzer for a policy based on your role. We go and review your CloudTrail logs 🪵 and identify all the activity your role used. Then we convert it into a pretty IAM policy💄 (2/8)

Trick or Treat?🎃🍭 I say treat! You now have more tools to help you author the policies that control access to who can assume your roles, known as role trust policies. Here’s what is new. (1/10) 🧵
go.aws/3EhoSOt ✅We added policy validation checks for role trust policies. ✅These checks guide you to set secure and functional role trust policies. go.aws/3SzVIyo (2/10)

🏞️Soooo...remember when we pumped up Access Analyzer to generate policies based on access activity from CloudTrail? Well, now you can generate those same fine-grained policies using your organizational trail. 🏞️ (1/10) AWS Organizations is your go-to place for multi-account management. With orgs you can create a central organizational trail for a one stop shop for monitoring. 🤠 (2/10) @CaitShim is to thank for this one!

🐘Remember when Access Analyzer launched policy validation to help you author secure and functional policies? Today, we are rolling out seven more checks. 🐘(1/10) Conditions is the name of the game for these checks. You can use conditions in IAM policies to specify under which conditions the permission takes effect. (2/10)

This weekend was the first time I have had “Brigid Energy” in a long time. Here is my story about how I recharged, what I did for myself, and what we did as a team. (1/15) If you’ve interacted with me, you might assume I have unlimited passion, energy, and excitement. For the most part it is true.🥓Except over the past several weeks it wasn’t. I noticed that I was rather “crispy”, easily irritated, and unmotivated. 🥓(2/15)

🎂Y’all might have heard it’s IAM 10th Birthday. 🎂IAM is officially in the double digits. There are so many reasons to celebrate IAM on it’s special day. Here is my list. (1/11) 🚙The PARC model🚙The Principal, Action, Resource, and Condition model has enabled customers to set fine-grained permissions as AWS has grown it’s use cases. IAM didn’t “park” anything when it came to growing alongside AWS. (2/11)

🍪IAM Access Analyzer has a new treat for all you permission setters out there in #AWS land.🍪Now, Access Analyzer generates policies based on your CloudTrail activity. (1/11)
amzn.to/3wzIJlR We all know that when you starting building in development, you probably start with broader permissions since you may not know what you need...yet. But you need to shrink those permissions as you move to production. For this part, you can call on Access Analyzer! (2/11)

Authoring secure and functional policies just got a lot easier with over 100 policy checks from Access Analyzer. Here is why this launch 🚀is a game changer (1/12) The checks help you DURING policy authoring either in the IAM console or as part of your policy workflows with the API. (2/12)

🤠Y’all will want to check this new feature from Access Analyzer out. Here are my reasons why…(1/8)
amzn.to/3vbu5k3 You can now preview public and cross account findings BEFORE you deploy resource permissions. (2/8)

@AWSIdentity just supercharged🔌attribute-based access control (ABAC) by adding session tags😱. This is a powerful capability and here are all the reasons why (1/9) aws.amazon.com/blogs/aws/new-… @AWSIdentity Session tags enable you to pass attributes from your IdP to role sessions. This means your identity no longer goes “poof”🌬️when you federate into AWS (2/9)