Managing access with IAM
You can manage controlled access to SWF resources using IAM. Using IAM, you can create users in your AWS account and provide them respective permissions. Each IAM user has a separate set of IAM keys. These IAM keys provide users with access to respective resources on AWS. An IAM policy can be attached to a user that controls what resources a user can access. Using IAM policies, you can control access at the granular level, such as allow or deny access to a specific set of SWF domains.
SWF uses the following principles for access control:
- Access to various SWF resources is controlled only on the basis of IAM policies.
- IAM uses denying by default policy. That means, if you do not explicitly allow any access, by default, access is denied.
- You need to attach IAM policies to the actors of the workflow for controlling access to the SWF resources.
- You can specify resource permissions only for domains.
- You can use conditions in the permission to further restrict the permission...
