Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

262 questions
0
votes
0 answers

How can I restrict IAM credentials to a specific server role?

I'd like to create a user that is "effectively root" AWS wise (meaning too many service:* perms), but only allow this user to operate from servers with a specific role. The reason I don't want to give the servers the role themselves is I'd like to…
xenoterracide
  • 1,496
  • 2
  • 13
  • 26
0
votes
1 answer

IAM policy doesn't let me start instances

I've attached the following policy to a user, so that they can start and stop one specific instance. { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action":…
user31415629
  • 311
  • 2
  • 12
0
votes
1 answer

How to allow another AWS account to list my AWS IAM roles?

I have an AWS account. Let's say my AWS account number is 123456789012. I have created these IAM roles:…
user35042
  • 2,681
  • 12
  • 34
  • 60
0
votes
1 answer

Cloudformation list IAM Policies

Can you dynamically list IAM Polices as a drop down menu within the Cloudformation options? The usual use case for this is adding instance types to a drop down. This is written manually though in all examples I have seen and is not dynamically…
the_frank
  • 55
  • 1
  • 1
  • 4
0
votes
2 answers

How can my client give me access to his AWS account?

I'm a contract web developer, and my client doesn't know anything about managing AWS, but wants to control the billing for the account. So, he wants to give me full access to set up EC2, S3, SES,and RDS. I told him to create an IAM role for me (IAM…
Ben Davis
  • 280
  • 1
  • 6
  • 18
0
votes
0 answers

How to grant cross-acount permissions in AWS for a domain hosted in Route53?

I have an old aws account with one hosted external domain. I have a new aws account, and I should manage the domain as a user of the new domain via cli/Terrafrom. How to setup suitable cross-account permissions? There are a lot of documentation…
whip
  • 53
  • 1
  • 4
0
votes
1 answer

What is the 'response time' of aws cloud trail and google appengine log?

I am searching for documentation or information regarding these two logging systems' 'response time'. I am sorry for the use of an imprecise term, but its meaning should be made clear in the following passage. In aws, Cloudtrail can capture events…
Anthony Kong
  • 3,288
  • 11
  • 57
  • 96
0
votes
2 answers

Generating an `All Action` AWS Policy stub?

As we all know, clicking a drop box is annoying. I've been trying to get a general policy stub (a stub that contains all Actions, not just globs) so I can quickly run through and allow / deny for our group policies. I've looked through the CLI…
ehime
  • 597
  • 2
  • 7
  • 15
0
votes
1 answer

AWS IAM Groups: Designing for Least Privilege - Deny Or Allow

I am trying to create the appropriate AWS IAM Groups to implement Least Privilege. Is it best to create groups explicitly denying specific actions and allowing everything else, or creating groups that allow only the specific actions needed? AWS's…
flyingcars34
  • 147
  • 1
  • 2
  • 9
0
votes
0 answers

How to make this AWS IAM group policy valid?

This is my policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1493711257000", "Effect": "Allow", "Action": [ "sqs:DeleteMessage", …
Anthony Kong
  • 3,288
  • 11
  • 57
  • 96
0
votes
0 answers

AWS IAM login 400 Bad Request

I'm logging into a range of AWS accounts, most of them with an IAM user. One of these accounts is on https://888526203171.signin.aws.amazon.com/console When I log into this screen and submit I get an error page: 400 Bad request However, I have…
jdog
  • 121
  • 7
  • 29
0
votes
1 answer

AWS describe-instances limiting to tagged

With the following policy in AWS IAM: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstances" ], "Condition": { …
t988GF
  • 111
  • 3
0
votes
1 answer

can I attach IAM role to instance after launching it?

Getting error : root@omp_affiliate_backend ~]# s3cmd get s3://admarvel-noc/all-users/nrpe-plugins.tar.gz . s3://admarvel-noc/all-users/nrpe-plugins.tar.gz -> ./nrpe-plugins.tar.gz [1 of 1] ERROR: S3 error: 403 (Forbidden): Is it due to iam role ?…
Ashish Karpe
  • 277
  • 2
  • 5
  • 19
0
votes
0 answers

How to not conflict between policies on AWS?

I'm trying to make my AWS environment safer. So, I just created a bucket, no modifications at all, on S3, and want to give a minimal set of permission to my application users. So, I have created an user called keeper, he can, basically, only assume…
Valter Silva
  • 190
  • 10
0
votes
2 answers

AWS LoadBalancer IAM Readonly Rule Error

I have created custom IAM policy to have a read access to loadbalancer. But I am getting error as... An error occurred fetching load balancer data: User: arn:aws:iam::000000000000:user/xxxxxxxx is not authorized to perform:…
Sreekanth Sagar
  • 49
  • 1
  • 14
1 2 3
17 18