Tag: Security

Dynamic AWS IAM Policies

We maintain a CloudFormation custom resource provider for Amazon Connect. The provider has grown organically, and as new features were added, the default role policy has become large. The provider can

AWS Athena SAM Policies

AWS Athena provides SQL queries over S3 data. The service depends on S3, Glue, and Athena itself so getting permissions set up can be tricky. Here is what worked for me.

Assume Role with MFA

CLI Assume Role with MFA (assume-role-mfa.sh)This script will assume a cross-account role using your MFA device and output the credentials into a named profile. 1234567891011121314151617181920212223#!

Assume Cross Account AWS Role

Unlike an embarrassing Facebook post, developers can’t simply say “That wasn’t me, I got hacked” and expect it all to go away… Sarcasm aside, security without passwords is not only convenient, it keeps the password from landing in the wrong hands.