Exciting news! As of today, ParkMyCloud now includes AWS IAM role support as a method to connect to your AWS account, in addition to IAM user credentials.
This secure approach to 3rd party access to AWS has been requested by many of our users and, in fact, is the preferred approach by AWS.
That means that if your organization uses IAM roles, it’s a great day to start your 30-day free trial of ParkMyCloud! Watch the video below to learn how to connect an AWS account to ParkMyCloud using an IAM role:
While IAM roles provide a secure method of key exchange for access into AWS accounts, overall security for the sessions depends heavily upon the policies you put in place. At ParkMyCloud our philosophy has always been to use the “least privilege” approach to security – use the minimum set of permissions required to get the job done, or in this case the role, and no more.
Whether you use IAM roles or IAM user credentials, we recommend a limited set of permissions for the ParkMyCloud application to do its job: ec2:Describe*, ec2:StartInstances, ec2:StopInstances and iam:GetUser. We even provide some example policies, with and without resource tag constraints.
These types of policies, with the security of IAM roles, provide strong assurance that access to your AWS accounts is limited and secure.
If you’re an existing user, you can also convert existing IAM user credentials into IAM roles, without having to re-discover your environments. This ensures that all your hard work setting up parking schedules and sorting instances to your teams, was not in vain. Read this article to learn how.
For more information, please see the AWS documentation on IAM Roles.