AWS has launched global condition context keys to improve EC2 Security.
The technology aims to reduce the risk of having admin credentials stolen by threat actors.
- IAM roles for EC2 are used to allow applications to make API requests by using temporary credentials.
- The two new keys that the company has launched are:
- aws:EC2InstanceSourceVPC
- aws:EC2InstanceSourcePrivateIPv4
- Developers
had to hard-code the VPC IDs and/or IP addresses of the roles in the
role policy or VPC Endpoint policy to restrict the network location
where these credentials could be used.
- According to a statement
from AWS officials, by using the two new credential-relative condition
keys with the existing network
path-relative aws:SourceVPC and aws:VpcSourceIP condition keys, SCPs can
be created to help ensure that credentials for EC2 instances are only
used from the EC2 instances to which they were issued.
