On the AWS Security Blog, we have talked regularly about following AWS security best practices. For example, we published Adhere to IAM Best Practices in 2016 in January. Best practices can help you keep your AWS resources as secure as possible, and should be applied when you grant access inside and outside your organization.
Building off AWS Identity and Access Management (IAM) best practices, the AWS Partner Network (APN) Blog this week published a blog post called, Securely Accessing Customer AWS Accounts with Cross-Account IAM Roles. Written by AWS Partner Solutions Architect David Rocamora, this post addresses how best practices can be applied when working with APN Partners, and describes the potential drawbacks with APN Partners having access to their customers' AWS resources. Rocamora explains some of the risks of sharing IAM keys, how you can implement cross-account IAM roles, and how cross-account IAM roles mitigate risks for customers and for APN Partners, particularly those who are software as a service (SaaS) providers.
Read the full blog post to learn more about AWS security best practices as implemented by APN Partners.