AWS Adds CloudFront Secure Access Management

Darryl K. Taft,

Amazon updates its cloud security with Identity and Access Management (IAM) for AWS CloudFront

Amazon Web Services (AWS) has added Identity and Access Management (IAM) support for Amazon CloudFront.

AWS Identity and Access Management enables developers to create multiple Users and manage the permissions for each of these Users within the developer’s AWS Account. A User is an identity (within the developer’s AWS Account) with unique security credentials that can be used to access AWS Services.

No Shared Passwords Or Keys

IAM eliminates the need to share passwords or access keys, and makes it easy to enable or disable a User’s access as appropriate, the company said. IAM offers developers greater flexibility, control and security when using AWS.

Amazon CloudFront is a web service for content delivery. It integrates with other Amazon Web Services to give developers and businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no commitments, AWS said. And Amazon CloudFront delivers a developer’s static and streaming content using a global network of edge locations.

According to a detail page on the AWS site, the AWS Identity and Access Management support enables developers to do the following:

  • Create User identities – Add Users (unique identities that can be used to interact with AWS services) to your AWS Account. A User can be an individual, system, or application requiring access to AWS services.
  • Assign and manage security credentials – Assign security credentials (such as access keys) to each User, and rotate and/or revoke these credentials as desired.
  • Organise Users in groups – Create groups to more easily manage permissions for multiple Users.
  • Centralised control of User access – Control which operations each User can perform, such as accessing specific AWS service APIs and resources.
  • Conditional User access – Add conditions to control how a User can use AWS, such as their originating IP address, time of day, or whether they are using SSL.
  • Single AWS bill – Receive a single bill for the activity of all Users within your AWS Account