ABAC policies for EC2 instances and SSM Session Manager

Introduction:

This workshop shows how to create and test an ABAC policy which will enable an IAM role with a principal tag to create and access EC2 instances that have matching tags. In this scenario, when a principal makes a request to AWS, their permissions are granted based on whether the principal and resource have matching tags. This identity strategy enables individuals to manage and remotely access EC2 instances based on the user attributes which they pass to AWS STS.

Key topics include:

Attribute-Based Access Control (ABAC) for more dynamic policy-crafting
Session Tags, enabling additional attributes to be passed on a session-by-session basis

Workshop:

AWS Worksthop Studio: https://catalog.workshops.aws/iam-abac-policies

Solution:

Author:

Rodrigo Ferroni, STAM - Security Specialist, AWS - Linkedin

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.md		README.md
abac-diagram.png		abac-diagram.png
builder-session-generate-console.py		builder-session-generate-console.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ABAC policies for EC2 instances and SSM Session Manager

About

Releases

Packages

Languages

rferroni/abac-policies-for-ec2-instances-and-ssm-session-manager

Folders and files

Latest commit

History

Repository files navigation

ABAC policies for EC2 instances and SSM Session Manager

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages