Posted On: Feb 15, 2021

Amazon Identity and Access Management (IAM) now allows administrators to use tags to manage and secure access to Customer Managed Policies, Instance Profiles, OpenID Connect Providers, SAML Providers, Server Certificates and Virtual MFAs.  

Administrators can now use tags to easily identify, group, and control access to these IAM resources at scale. Administrators and developers can apply the tags using the IAM APIs, Amazon Web Services CLI (Command Line Interface), and IAM Console. For example, an administrator can grant their developer the permissions to create customer managed policies only when they apply their Amazon Web Services username as the Owner tag. This allows the administrator easily identify the owner of the customer managed policy. In addition, the administrators can use the Owner tag to grant their developers permissions to edit the customer managed policies if the value of the Owner tag matches the developer’s Amazon Web Services user name. 

To learn about tags and how to use them to control access for your IAM users and roles, visit the IAM Documentation