The Elastic Load Balancing team announced on May 13, 2014 that they’ve added support for resource-level permissions. Not only can you specify which ELB actions a user can perform, you can specify which resources the user can perform those actions on. For more information about the new ELB permissions, see Controlling Access to Your Load Balancer.
This is another step forward in enabling you to place greater control over your AWS resources. Nearly every AWS service now supports IAM to allow you to control access to actions. With most services you can also use temporary security credentials, meaning that you can take advantage of cross-account access and identity federation. And in the last year, many existing services have added support for resource-level permissions, including Amazon EC2, Amazon RDS, and AWS OpsWorks. Meanwhile, new services like Amazon Kinesis and AWS CloudTrail launched with the ability to set resource-level permissions.
You can always find an up-to-date list of services that support IAM in the IAM documentation. To learn more about resource-level permissions, check out the following AWS Security Blog entries:
- Resource-level Permissions for EC2 – Controlling Management Access on Specific Instances
- Announcement: Resource Permissions for additional EC2 API actions
- Demystifying EC2 Resource-Level Permissions
- A primer on RDS resource-level permissions
- Announcing resource-level permissions for AWS OpsWorks