Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

262 questions
1
vote
2 answers

How can I manage AWS VPC ssh access accounts and keys across multiple instances?

I am setting up a standard AWS VPC structure: a public subnet, some private subnets, hosts on each, ELB, etc. Operational network access will be via either an ssh bastion host or an openvpn instance. Once on the network (bastion or openvpn), admins…
deitch
  • 585
  • 1
  • 4
  • 15
1
vote
1 answer

unable to delegate ec2 instance management to group (IAM Policy)

we need to delegate management of several instances through AWS console to one of our clients. For this purpose we created a new IAM group. We need this group to only list and modify specific EC2 instances, e.g. using a tag. We tried using the…
sivann
  • 563
  • 5
  • 16
1
vote
1 answer

Is it possible to limit EC2 console access to machines within a specific VPC via IAM?

I would like to create a user that has full console access (API too) specifically to just one VPC in our AWS environment. The result should be such that when clicking on EC2 Instances, the user would only see machines in the specified VPC. I…
DefionsCode
  • 230
  • 3
  • 9
1
vote
1 answer

Using IAM to Share EC2 With Group

I need to share an education grant with a bunch of students. I've read up on IAM, but I can't figure out how to configure the group so that students can launch and control instances/security groups without allowing them to mess up my personal work.…
Hamy
  • 367
  • 3
  • 11
1
vote
1 answer

What are the steps needed to set up and use security for AWS command line tools?

I've been trying to set up the AWS command-line tools following Eric's most useful guide at http://alestic.com/2012/09/aws-command-line-tools. I can't seem to find a good how-to for how to generate the x509 certificate and private key, and how that…
chris
  • 3,993
  • 6
  • 28
  • 37
1
vote
0 answers

AWS API Gateway + Cognito + IAM

I'm working on an API for my company. I'm trying to restrict external users from accessing specific methods of a specific endpoint using IAM + Cognito. Currently I have a single Cognito user pool, with two groups (internal and external). There are…
Devin Gardner
  • 11
  • 2
1
vote
1 answer

AWS IAM: deny users from creating policies on specific resources

I want to be able to give my admin users the permission to create policies in IAM, but I want to make sure that they aren't able to create a policy that affects a specific resource. To be more specific, these admin users are currently in a user…
Jamie Forrest
  • 113
  • 3
1
vote
1 answer

EC2 instance won't recognize IAM role?

I'm trying to download ECR images on my EC2 instance without having to provide a credentials file. So I created a role with the policy AmazonEC2ContainerRegistryReadOnly and attached to my running instance. However, when I run aws ecr…
rodorgas
  • 81
  • 6
1
vote
1 answer

RDS PostgreSQL Import+Export to/from S3

Is it possible to enable both importing and exporting with an RDS PostgreSQL instance to an S3 bucket? I've been able to use the following pattern to enable one or the other with consistent success: rds-s3-io-role { "Version": "2012-10-17", …
Jerbot
  • 394
  • 2
  • 3
  • 12
1
vote
1 answer

How can I call "complete-lifecycle-action"?

There is an AWS EC2 instance which is launched by an auto-scaling-group. I wish to put this instance to Pending state during initialization. This is very easy with the lifecycle hooks: This hook will wait 3600 seconds before abandoning the…
Daniel
  • 191
  • 1
  • 2
  • 8
1
vote
1 answer

S3 access control based on bucket tags

i hope you can help me out. I have read a couple of docs now, and I am still unsure whether this actually works. I want to give access in different levels to AWS users based on S3 tags. Example: S3 bucket mybucket has tags {"access-team-dev":…
flypenguin
  • 203
  • 1
  • 2
  • 12
1
vote
1 answer

Quicksight Error: This user name already exists in this account

When I want to login to view my Quicksight dashboard I get this error: This user name already exists in this account. Contact your QuickSight administrator, and ask them to invite you with a unique name. I have searched this error online but there…
Fariman Kashani
  • 137
  • 11
1
vote
1 answer

Safely store AWS IAM User Keys (Access and Secret) created by IaC

I've the following setup: Infrastructure is setup using AWS CDK; I've one Stack/Environment (Production, Staging...); Each Stack has a different S3 Bucket (used for website hosting); I've a Stack that creates an IAM User (used by CI/CD); CI/CD in…
viniciuskneves
  • 21
  • 4
1
vote
1 answer

How do you set a self-destruct or maximum uptime in AWS?

Situation We have a sandbox AWS account for trying things out. It is not for production, purely just for playing around with all the toys that AWS provide. We want to encourage everyone to explore and learn. We have many AWS accounts in our estate,…
James Geddes
  • 131
  • 7
1
vote
1 answer

What is the new policy action needed to allow the new DescribeSecurityGroupRules

We have IAM policies in place that used to permit the roles to edit a security group rules { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ …
gsempe
  • 113
  • 3
1 2 3
17 18