Brien walks through the process of creating an IAM role for the AWS Fault Injection Simulator in order to find out what happens when an EC2 spot instance is interrupted.

The AWS cloud's interface for creating IAM policies has always left a little bit to be desired. Although the interface works, it's a little bit messy and I have heard more than one person say that it ...

When threat actors gain a foothold in AWS, they don't just move fast ... Request parameters include action-specific details, like usernames, IAM policies, or specific resources, that provide insight ...

First, always use AWS Identity and Access Management (IAM) to control who can administer your EFS file systems. IAM allows you to create users and groups, assign permissions, and manage roles.

In one interesting twist, the threat actors behind EleKtra-Leak were found to blacklist AWS accounts that habitually expose IAM credentials.

AWS recently added support for detecting unused access granted to IAM roles and users within their AWS IAM Access Analyzer tool. The new analyzer can identify unused roles, unused IAM user access ...

AWS recently introduced IAM Identity Center APIs to create users and groups at scale. Administrators can use these new APIs to manage identities programmatically and gain visibility into users in ...

IT admins use group policies to manage user access via Active Directory, but AWS takes a subtly different approach, which can be exploited.

AWS has addressed a vulnerability that could have been leveraged to bypass Trusted Advisor’s S3 bucket permissions check.

IAM is a set of processes, policies, and tools for controlling user access to critical information within an organization.