AWS Identity and Access Management (IAM) now supports policy conditions to help manage permissions for AWS services that access your resources. Many AWS services require access to your internal resources to perform tasks, and they often use their own service identity called a service principal to achieve this. Using the new service principal conditions, it is simple to author rules that enforces a rule for all your service principals, or excludes service principals from certain permission rules that are intended only for your own identities.

Categories: AWS