Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

262 questions
0
votes
1 answer

Why can't the root IAM account view stuff created by IAM user?

I'm having problems with AWS, that I guess is somehow related to IAM. I'm afraid I might be missing something obvious here, but I can't find it anywhere. Here's what I did: logged into the AWS console with the root account created an IAM group with…
Jeff Terrell Ph.D.
  • 103
  • 3
0
votes
0 answers

Can IAM roles affect services on an EC2 instance

I recently created an ec2 server using some user-data to install various modules. This was a standalone instance without an associated IAM role and with a bog standard security group (allow port 80), everything about this instance worked fine. Using…
TommyBs
  • 179
  • 3
  • 10
0
votes
1 answer

AWS IAM policy issue: unable to permit all but RunInstances

We are struggling to create an IAM policy that permits all EC2 actions EXCEPT RunInstances. This is to prevent an API key compromise from launching unauthorized instances. We tried it both with and without the EC2 allow * because I'm not clear if…
neal
  • 161
  • 1
  • 4
0
votes
3 answers

Can I limit user access to AWS S3 buckets?

I'm working on a site that is probably destined for AWS hosting. This leads to a question about access rights to stuff that would be stored in S3 buckets: I set up an EC2 server for the site, and an S3 bucket to hold some of the site's…
Jim Miller
  • 713
  • 2
  • 11
  • 23
0
votes
0 answers

DynamoDB Auto-Scaling, Application Auto-Scaling

I'm trying to setup a set of boto3 python AWS scripts which can create new users and dynamoDB tables, so that the web app I'm working on can add new users with properly scoped permissions. I'm having trouble getting the scripts to add auto-scaling…
Devin Ceartas
  • 1,478
  • 9
  • 12
0
votes
1 answer

Cross Account SSM session: AccessDeniedException

I have two AWS accounts and one role in each account: Account-A have RoleA and Account-B have RoleB. RoleA will assume the RoleB to be able to connect in an EC2 instance in Account-B through ssm start-session. Using the RoleA, I'm able to assume the…
Arrow Root
  • 102
  • 11
0
votes
0 answers

Restrict connection to RDS database based on IAM Role and RDS tag

G'day! I have IAM Authentication turned on for my RDS databases. I can successfully connect using an authorised role and am denied when using an unauthorised role. However, I have a role that I would like to be able to connect to some databases but…
Line Noise
  • 1
  • 1
0
votes
2 answers

How can I set up AWS Client VPN using IAM roles for authentication?

Context: I am trying to set up Postgres RDS in a private_isolated subnet of a VPC. I want to use pgAdmin to do work on it, which means I either need a bastion or a VPN connection. A bastion requires a long-running EC2 instance, and I currently don't…
Adam A
  • 151
  • 1
  • 7
0
votes
0 answers

How to fix permission error of Ebs volume using Amazon Data lifecycle manager?

I applied the terraform code in this link, which contains code to apply the specific roles and permission s to service dlm lifecycle for ebs volumes. But still I am getting access errors. Please share any suggestions on how to fix this. Few more…
Meghana d
  • 1
  • 1
0
votes
0 answers

the policy type identity_policy does not support the principal element, how to fix that?

I am trying to create this policy through AWS web console instead of terraform. But getting error as in below screen. Please suggest
Mysterio
  • 26
  • 1
0
votes
0 answers

Switch to a different AWS accounts in the UI

I currently have AWS configuration set up with my access key id and secret access key (i.e. I see this when going to 'aws configure' in the CLI). I then login through my company's OKTA to then access the AWS UI. I've just been given access to a new…
KristiLuna
  • 101
  • 1
0
votes
0 answers

Mimic user permissions on AWS EC2 instances using IAM roles

I'm setting up an AWS account with several users. Each of these users has policies attached that restrict their access to specific S3 buckets/objects and the EC2 instance types / Autoscaling Groups they can launch. Users can launch multiple…
Marcelo Villa-Piñeros
  • 101
  • 1
0
votes
1 answer

Is it impossible to access rds and elasticache redis in AWS fargate only by setting a role?

I tried to access the aws service rds and elasticache redis through fargate's task role. I connected the full access of the service to the task role, but it was not connected, so I allowed the subnet with the security group setting, and the…
john_smith
  • 3
  • 3
0
votes
1 answer

Limit what kind of policies and roles an admin role can create in AWS

Is there a way in AWS to limit what kind of roles and policies another role can create? In my setup, I have two kinds of admin roles: AccountAdmin and InfraAdmin. The AccountAdmin one having more rights while the InfraAdmin having only the needed…
mikoni
  • 103
  • 2
0
votes
0 answers

How to assign an IAM role having the same permission set as the IPs have?

How to update the IAM policy below so that the IAM role, arn:aws:iam::7574333677569:role/dev-abc-webserver, also have permissions? { "Version": "2012-10-17", "Id": "Policy1517260196123", "Statement": [ { "Sid":…
sam23
  • 49
  • 1
  • 5
1 2 3
17 18