Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

262 questions
0
votes
1 answer

IAM policy for managing EKS pods for users

Does anyone know what resources need to be granted to a user in order to run kubectl commands on an EKS cluster? At the moment, we have a couple of users who are associated with AdministratorAccess (which obviously gives them full access), but I…
Trent
  • 101
  • 1
0
votes
1 answer

What permissions are required to run AWS TransferUtility?

Using the AWS .NET SDK's TransferUtility, I can download files using an access key ID for myself, but when I set up a restricted user with read-only access, I get "The remote server returned an error: (403) Forbidden" errors. I've set up the user to…
Douglas
  • 91
  • 5
0
votes
0 answers

AWS AssumeRole keeps returning access denied

I created a new policy { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "sts:AssumeRole", "sts:AssumeRoleWithSAML", "sts:AssumeRoleWithWebIdentity" …
wasp256
  • 101
0
votes
1 answer

On AWS, how to filter which services are using a role?

On AWS, I want to review all permissions grant or revoked to our services and redefine them when necessary. Considering a specific role set on AWS IAM. How can I filter which services, instances or lambda functions assumed this role? I tried to…
Andre Pastore
  • 163
  • 1
  • 12
0
votes
1 answer

How to limit the permissions AWS IAM RoleA can grant to a role (Role B) it creates

In order to allow my developers to use the Serverless Framework to deploy new AWS Lambda functions, they have to be able to create roles. I'd like to give them permissions to create roles that can only do a limited number of things. For example s3:,…
Bruno Bronosky
  • 4,529
  • 3
  • 26
  • 34
0
votes
3 answers

how to show an IAM user's roles with 'aws iam'?

If I run $ aws iam get-user --user-name anthony, I get result like this { "User": { "Path": "/", "UserName": "anthony", "UserId": "E2S4XZIL9NRNSBIDBI5U6", "Arn": "arn:aws:iam::123456:user/anthony", …
Anthony Kong
  • 3,288
  • 11
  • 57
  • 96
0
votes
1 answer

AWS RDS Cannot modify database instance due to IAM DB Authentication

I have a MySQL 8.0.13 instance running on AWS RDS. AWS documentation says that MySQL 8.0.* does not support IAM DB Authentication. This seems to be true, however my DB somehow has IAM DB authentication enabled. Image showing IAM db authentication…
bapin93
  • 1
  • 1
  • 2
0
votes
1 answer

Can I use existing AWS IAM role to create S3 bucket via Cloudformation template?

I want to create a S3 Bucket via CloudFormation template. I found there is a way to do it for EC2 instance on this link. Do we have a way to create S3 bucket using existing IAM role via cloudformation?
Chandan Kumar
  • 1
0
votes
1 answer

How can I create Cloudtrail trail to log events of only a specific user/resource

How can we monitor API usage only a specific user in Amazon-Web-Services. I tried creating Cloudtrail trail but it logs events of all users' all activity to the s3 bucket I configured to log it to. I want only events (all activity) for a particular…
Rayclank
  • 101
0
votes
1 answer

Ssh key management in AWS like gcp

Google Cloud really Nails the SSH Key Management thing out of the box and AWS leaves it all up to you. In gcp your gcp login credentials are also used for SSH access. gcp automatically creates SSH keys on your user's behalf and uploads them to the…
red888
  • 4,183
  • 18
  • 64
  • 111
0
votes
0 answers

Allowing non-technical users to spin up EC2 instances

I'm looking for a simple (hopefully existing) solution to allow my sales guys to spin up EC2 instances for sales demos. I have an AMI setup, so the mechanics are in place. However, the AWS console is a little too complicated for my guys, even if I…
Hank
  • 1
0
votes
1 answer

IAM policy for ansible dynamic inventory in ec2

So, I am using the ec2.py script (provisioned by Ansible) for generating dynamic inventories. I have created the following IAM policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action":…
Simon Ernesto Cardenas Zarate
  • 251
  • 1
  • 3
  • 12
0
votes
1 answer

AWS Lambda Policy - Allow to edit lambda functions depending on the user

When creating AWS Policies, is there a way to create a policy that Allow to view, edit and create lambda functions depending on the user that create that function before? I'm trying to do that, but I can't find information about the condition or…
Juan Sebastián Vargas
  • 103
  • 3
0
votes
2 answers

AWS access token for user assuming role

How to have access token per user assuming a role in another account? I have users which have an Access Token on the root account. They have access to another account (dev) through assumed role. I'm stuck now because on the dev account, I don't have…
Kaymaz
  • 241
  • 3
  • 11
0
votes
1 answer

IAM user policy to RW to specific folders

I am trying out CloudBerry Drive tool to attach S3 buckets as my network drive. I have a bucket and 2 folders inside that, assuming the bucket name as environment and 2 folders as dev and prod. I have 3 sets of users who would use this - Admin, Dev…
serverstackqns
  • 764
  • 3
  • 16
  • 42
1 2 3
17 18