IAM Condition Policies: The Most Underused Tool

Condition keys narrow IAM policies dramatically. The conditions that produce the highest security gain.

aws:SourceIp

Limit access to specific IP ranges. Effective for office-only roles.

Combined with VPN, satisfies most 'private access' requirements.

aws:SourceVpc

Limit access to specific VPCs. Catches cross-account access through unintended paths.

Especially useful for S3 buckets.

aws:MultiFactorAuthPresent

Require MFA for sensitive actions. Standard for admin roles.

MFA condition is one of the highest-leverage policy additions.