Introducing a new console experience for Amazon WAF
You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see Working with the updated console experience.
Identity and Access Management for Amazon Shield network security director
Note
Amazon Shield network security director is in public preview release and is subject to change.
Amazon Identity and Access Management (IAM) is an Amazon Web Services service that helps an administrator securely control access to Amazon resources. IAM administrators control who can be authenticated (signed in) and authorized (have permissions) to use Amazon Shield network security director resources. IAM is an Amazon Web Services service that you can use with no additional charge.
Review the guidance in this section to understand how to use supported policies and roles for Amazon Shield network security director.
How Amazon Shield network security director works with IAM
This section explains how to use the features of IAM with Amazon Shield network security director.
Before you use IAM to manage access to network security director, learn what IAM features are available to use with network security director.
| IAM feature | Amazon Shield network security director support |
|---|---|
|
Yes |
|
|
Yes |
To get a high-level view of how network security director and other Amazon services work with most IAM features, see Amazon services that work with IAM in the IAM User Guide.
Identity-based policies for network security director
Supports identity-based policies: Yes
Identity-based policies are JSON permissions policy documents that you can attach to an identity, such as an IAM user, group of users, or role. These policies control what actions users and roles can perform, on which resources, and under what conditions. To learn how to create an identity-based policy, see Define custom IAM permissions with customer managed policies in the IAM User Guide.
With IAM identity-based policies, you can specify allowed or denied actions and resources as well as the conditions under which actions are allowed or denied. You can't specify the principal in an identity-based policy because it applies to the user or role to which it is attached. To learn about all of the elements that you can use in a JSON policy, see IAM JSON policy elements reference in the IAM User Guide.
To view examples of Amazon Shield network security director identity-based policies, see Identity-based policy examples for Amazon Shield network security director.
Service-linked roles for network security director
Supports service-linked roles: Yes
A service-linked role is a type of service role that is linked to an Amazon Web Services service. The service can assume the role to perform an action on your behalf. Service-linked roles appear in your Amazon Web Services account and are owned by the service. An IAM administrator can view, but not edit the permissions for service-linked roles.
For details about creating or managing network security director service-linked roles, see Using service-linked roles for Amazon Shield network security director.