Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

262 questions
0
votes
1 answer

Can't access AWS billing data although I have full permissions

In my AWS account I created a user and gave it full permissions using the AdministratorAccess policy. That's the document for the policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*", …
Avi
  • 123
  • 1
  • 4
0
votes
1 answer

How to require users in IAM groups to add a fixed tag when creating resources?

Why? Because I want these users to be able to create resources at will on my AWS account, but only be able to see and use the resources created by their own group. I know it's possible to restrict the seeing / using / managing part per group by…
Gui Prá
  • 121
  • 6
0
votes
1 answer

How do you configure Confidant to use the Access Key Id/Secret Access Key for its IAM user?

I've read through the documentation a couple of times now and it's really clear about how to set up an IAM user for Confidant and what permissions to assign to it. But I can't seem to figure out how to get Confidant the credentials for the user I…
Bill.Brower
  • 101
  • 4
0
votes
1 answer

Export IAM user accounts (with passwords) into LDAP

I have a blank LDAP account and want to import all the IAM user accounts to LDAP and keep the LDAP in sync with IAM (not the other way around using federation). Is this possible? I need a LDIF file with IAM username and passwords to import into…
user5095359
  • 1
  • 1
0
votes
1 answer

Create AWS S3 bucket upload policy

I want to be able to let AWS upload billing CSV to S3. This requires an IAM policy. I have one IAM user that I gave AmazonS3FullAccess. In the bucket properties I can add a policy. Then a policy editor pops up, with a link to a policy generator.…
SPRBRN
  • 571
  • 4
  • 12
  • 28
0
votes
1 answer

How to restrict IAM policy to not allow stop/terminate an EC2 instance but can create new instances?

I want to create IAM policy which will restrict group or users to stop/terminate two used EC2 instances but they can create their own EC2 instances. I used following policy statement for this: { "Sid": "Stmt1449662318000", "Effect":…
Deepali
  • 1
  • 2
0
votes
1 answer

Amazon S3 putObject bucket policy

I am trying to create a User who only has access to PutObject to an S3 bucket called "desking". In IAM I have created a User, and applied this policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowPut", …
kwh
  • 111
  • 2
0
votes
1 answer

Is possible to change path to server certificate in AWS IAM

I have a problem to use my server certificate in CloudFront of AWS. When I added my server certificate I didn't know that if I'm going to use it in the CloudFront, I needed to add the param --path /cloudfront/. Is it possible change only this…
t321
  • 3
  • 1
0
votes
0 answers

How to securely allow web apps to read/write to S3? (the new way with IAM)

I've been banging my head against a wall on this for two hours. It's frustrating that Amazon has made this so complicated when it doesn't need to be. Let's say I have a bucket called "test," and a new IAM user "bob" with its own key ID and secret…
CaptSaltyJack
  • 638
  • 2
  • 13
  • 36
0
votes
1 answer

AWS IAM Administrator and Developer

Creating an Administrators Group Using the Console advises not to grant an access key to the IAM user I create for myself, intending, I'm guessing, to grant least privilege. However, in addition to being an "Administrator," I also want to be a…
ma11hew28
  • 799
  • 2
  • 9
  • 17
0
votes
1 answer

Limit my S3 bucket read access to EC2 instances run by others?

For instance, if I store data in US Standard, the S3 Pricing Page indicates that it is $0.00 per GB transferred out to Amazon EC2 in the Northern Virginia Region. And it looks like GET requests are $0.004 per 10,000 requests. So, it looks to me like…
Matt Cruikshank
  • 101
  • 2
0
votes
1 answer

Lotus Domino as Amazon IAM Identity Provider

I am looking for the way to configure our corporate Lotus Domino server as an Idenity Provider of Amazon IAM service. Amazon supports SAML and OpenID Provider Types. Can I configure Domino server that way? Otherwise, are there other ways to…
Moisei
  • 101
  • 2
0
votes
2 answers

directorylevel permission through amazon IAM

i have amazon ec2 instance running, i read about amazon IAM but not able to figure out how can i achieve this thing. My problem is i have many directory created in my ec2 instance, so let's say i want to create IAM user and i want to give permission…
Working Hard..
  • 91
  • 3
0
votes
2 answers

Pass sensitive data to EC2 instance

What would be the best way to pass sensitive data to EC2 instance (on boot or otherwise) that only root can access? I cannot use UserData, because anyone can read it. I cannot use private S3 buckets for the same reason (metadata and hence…
Alex B
  • 1,714
  • 2
  • 18
  • 30
0
votes
1 answer

Limit a user to one instance in stack on Opsworks

I have multiple instances on a stack on opsworks. I also have IAM for the devs using the stack. Now, if I want to limit one user to use only his instance and not have control on any other instance, is there a way to do it?
Shrinath
  • 297
  • 1
  • 3
  • 18
1 2 3
17 18