AWS has launched global condition context keys to improve EC2 Security.
The technology aims to reduce the risk of having admin credentials stolen by threat actors.
IAM roles for EC2 are used to allow applications to make API requests by using temporary credentials.
- The two new keys that the company has launched are:
- aws:EC2InstanceSourceVPC
- aws:EC2InstanceSourcePrivateIPv4
- Developers had to hard-code the VPC IDs and/or IP addresses of the roles in the role policy or VPC Endpoint policy to restrict the network location where these credentials could be used.
- According to a statement from AWS officials, by using the two new credential-relative condition keys with the existing network path-relative aws:SourceVPC and aws:VpcSourceIP condition keys, SCPs can be created to help ensure that credentials for EC2 instances are only used from the EC2 instances to which they were issued.
