Login
    Contents x
    AWS Block Removal Of Boundary Policy From Roles
    • 10 Sep 2024
    • 2 Minutes to read
    • Print
    Contents

    AWS Block Removal Of Boundary Policy From Roles

    • Updated on 10 Sep 2024
    • 2 Minutes to read
    • Print
    Article summary

    Amazon Web Services (AWS) allows you to block the removal of boundary policies from roles within your AWS Subscription. This will strengthen the security of your lab environment. This also ensure that lab users cannot remove critical policies and end up with different permission roles.

    Policies

    Secondary Resource Protection (Protect Roles Policy)

    We have introduced a secondary resource protection mechanism that safeguards roles and policies from being modified by lab users. This protection mechanism is designed to prevent the removal of boundary policies from roles.

    LabSecureAccess Policy

    As part of the secondary resource protection, we have added the LabSecureAccess policy as an item on the protected resource list. This policy ensures that the boundary policy of a role remains intact, preserving the intended permission boundaries and preventing unauthorized elevation of privileges.

    Enhanced Policy Logic

    The implementation of this feature involves modifying the policy logic to identify and block any attempts to remove boundary policies from roles. This ensures that the security and access controls defined within your AWS subscription remain intact and enforceable.

    Lab Developer Policy Protection

    In addition to protecting boundary policies, we have also extended the resource protection mechanism to safeguard the Lab Developer policy. This policy, which grants lab authors specific permissions, cannot be removed by lab users, ensuring the stability and integrity of your lab environment.

    We believe that these enhancements will significantly strengthen the security of your lab infrastructure by preventing accidental removal of critical policies. By maintaining the integrity of the permission boundaries, you can have peace of mind that your lab users will not have elevated permissions beyond what is intended.

    Please note that these enhancements are designed to work seamlessly within your existing lab environment. No additional configuration or action is required on your part. Our goal is to provide you with a secure and reliable lab platform, and we are committed to continuously improving our services to meet your needs.

    If you have any questions, concerns, or feedback regarding this update, please don't hesitate to reach out to our support team. We value your input and are dedicated to providing you with the best possible experience.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout