A while ago AWS introduced Permission Boundaries. You may have seen them when creating an IAM user or role through the console, and ignored them. That’s OK, since permission boundaries have no effect if they’re not configured. You may also have read about them and learned that your effective IAM permissions are the intersection between your permission boundaries and your IAM policies. So, if you don’t give too many permissions away in your IAM policies, permission boundaries don’t really add any value. Right? Right. If you are creating IAM users that are used as functional users, meaning that the AK/SK of that user is used in some sort of external… Read More
Continue Reading