Dilbert Learns to Set Up Temporary Credentials

It seems that the topic of using temporary security credentials has been coming up at lot recently. Several weeks ago Rich Mogull expressed his chagrin for not using temporary credentials in his post titled, “My $500 Cloud Security Screw-up”. And over the weekend Scott Adams published a Dilbert comic poking fun of Dilbert not understanding how to setup temporary credentials. While funny, it’s actually an important security issue. Although the comic doesn’t explicitly mention AWS, the message is directly applicable to IAM roles and the AWS Security Token Service.

The AWS Security Blog has published nine posts over the past four months that describe some great use cases for IAM roles and temporary security credentials, including roles for EC2, delegated API access, and setting up ADFS with SAML.

To help understand temporary security credentials I’ve included a number of recent blog posts, our documentation and code samples:

AWS Security Blog posts related to temporary credentials

IAM documentation

Assuming a Role (IAM User Guide)
Granting Applications that Run on Amazon EC2 Instances Access to AWS Resources (IAM User Guide)
Video: http://www.youtube.com/watch?v=C4AyfV3Z3xs (IAM website)
Scenarios for Granting Temporary Access (STS User Guide)
Creating Temporary Security Credentials (STS User Guide)
Using Temporary Security Credentials (STS User Guide)

Code samples

I hope these links help you (and Dilbert) better understand AWS temporary security credentials. As always, click the Comment button if you’d like to see more.

-Ben

AWS Security Blog

Dilbert Learns to Set Up Temporary Credentials

AWS Security Blog posts related to temporary credentials

IAM documentation

Code samples

Resources

Follow