IAM Permission Boundaries

A while ago AWS introduced Permission Boundaries. You may have seen them when creating an IAM user or role through the console, and ignored them. That’s OK, since permission boundaries have no effect if they’re not configured. You may also have read about them and learned that your effective IAM permissions are the intersection between your permission boundaries and your IAM policies. So, if you don’t give too many permissions away in your IAM policies, permission boundaries don’t really add any value. Right? Right. If you are creating IAM users that are used as functional users, meaning that the AK/SK of that user is used in some sort of external… Read More

Continue Reading

Increase security with the click of a button!

Although at easytocloud we prefer to build serverless solutions wherever we can, we do have some EC2 instances and use a bastion host to access our – predominantly private – EC2 instances. In an earlier posting you could read how we use our EC2 scheduler to stop and start our persistent instances based on the time of the day. The cost-savings of running an instance only during office-hours is a whopping 75% compared to leaving instances on ‘all the time’. As for our bastion host, not only does it reduce costs, it also increases security. The bastion host being the only way into our AWS infra as (most) other instances do not even have… Read More

Continue Reading