Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

262 questions
1
vote
1 answer

AWS Cloudformation: Invalid template resource property error

I am attempting to create a Cloudformation template to configure an IAM role. As far as I can tell my JSON is 100% valid but apparently I'm overlooking something else because it's not able to be validated: A client error (ValidationError) occurred…
deadf1sh
  • 11
  • 1
  • 2
  • 4
1
vote
1 answer

Routing AWS IAM user to its own Linux EC2 instance user

When I created my EC2 instance, I was given a .pem private key file. I did it as the root user for my account. Then I created an IAM user and associated that user with a full EC2 access. When I logged in as that user, I was able to see the instance…
amphibient
  • 111
  • 5
1
vote
1 answer

How can I create a role with specified name in AWS CloudFormation

I want to create a role with specified name in CloudFormation in AWS, but I don't know how to do it. Generally, the resources are created in CloudFormation with a name which has added a hash code at the end.
Angle Tom
  • 111
  • 1
1
vote
0 answers

Restrict RDS users to particular region

I am trying to create a policy where I can restrict users to access different region RDS. However I want to give them admin access to only one region i.e. ap-southeast-1. I have created some policies but they're not working for the Singapore region,…
Sanjay Dhodwar
  • 31
  • 2
1
vote
0 answers

Least privilege AWS IAM policy for Foreman / RH Satellite to fully manage an EC2 compute resource

First post, so I apologize in advance if I miss some conventions. I'm trying to discover the least privilege access required for Foreman/RH Satellite to be able to fully manage an EC2 compute resource with full functionality. So far, I've been…
doombird
  • 121
  • 6
1
vote
1 answer

Cross Account EC2 Role Access to Read S3 Bucket

I've been trying to get cross account ec2 role authorisation working for a while now but seem to be hitting a bit of a dead end. We currently have cross account user authentication which is working well, however expanding that to cross account ec2…
stu432
  • 51
  • 1
  • 5
1
vote
1 answer

AWS IAM User unable to create Elastic Beanstalk environment. Missing permissions

Permissions option is missing from user sub-accounts. How do I enable it for sub accounts? In the screenshot below I am logged in on the main account.
Julian
  • 119
  • 3
1
vote
0 answers

EC2 create-image vs. secure credentials

I'm trying to understand the security implications of granting access to the create-image EC2 action. The docs say that the create-image action does not support IAM resources so it seems like granting access to this action will allow anyone with…
bfallik
  • 121
  • 1
  • 2
1
vote
1 answer

Deploy to Elastic Beanstalk from S3 gives "You do not have permission" -- who is "You"?

I'm testing out AWS and Elastic Beanstalk and have Beanstalk running a version that was manually uploaded. When I try to update the version via the command line, the command line returns ok but Beanstalk shows an error…
Sam
  • 720
  • 2
  • 8
  • 19
1
vote
1 answer

Getting error : Malformed URL error in ec2

I am getting the error Malformed URL ec2-describe-instances instance_id xxx Malformed URL: 'ec2.ap-southeast-1.amazonaws.com' However, I am able to get access to the bucket through command line: s3cmd ls s3://edgeproductionlb-logs DIR …
Ashish Karpe
  • 277
  • 2
  • 5
  • 19
1
vote
1 answer

Can I use an IAM role to grant my Heroku app access to my Amazon S3 bucket?

Heroku: Using AWS S3 to Store Static Assets and File Uploads suggests using my AWS security credentials to enable my Heroku app to access my Amazon S3 bucket. However, isn't it better practice (as explained in IAM Roles: Providing access to third…
ma11hew28
  • 799
  • 2
  • 9
  • 17
1
vote
0 answers

Amazon AWS IAM Policy based in time of day

The IAM service is Amazon AWS permits the creation of policies based on date, as described here: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html#Condition This seems to refer to allowing/denying actions…
Garreth McDaid
  • 3,449
  • 1
  • 27
  • 42
1
vote
1 answer

Hard-copy (printed) MFA tokens for AWS

Is it possible to have hard-copy (i.e. printed out on paper) MFA tokens for AWS? For Google's MFA, you can print out around 10 numbers to use in a disaster-type situation (say you are using an MFA app on your phone and you lose your phone or can't…
Jordan Reiter
  • 1,290
  • 4
  • 20
  • 40
1
vote
0 answers

Grant CloudWatch Full Access to IAM role for specific namespace

Could not find this in the documentation anywhere — let's say I want to allow an IAM role to have full CloudWatch access but only for a single namespace of my choosing. Is this possible?
Jordan Reiter
  • 1,290
  • 4
  • 20
  • 40
1
vote
1 answer

AWS Record Set Creation in New Region

Our application submits AWS Route 53 record set changes so that we can create new subdomains programmatically. Up until this point, everything has been hosted in the US-West (Oregon) region, and is working fine. We recently created a new cluster…
jason.zissman
  • 121
  • 4
1 2 3
17 18