Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

262 questions
5
votes
1 answer

AWS Permissions: Lambda access Denied to S3

I have created a Lambda Python function through AWS Cloud 9 but have hit an issue when trying to write to an S3 bucket from the Lambda Function. When I test in Cloud 9 the Python codes runs fine and writes to the S3 bucket perfectly. When I push…
W. Walford
  • 53
  • 1
  • 5
5
votes
1 answer

ElasticBeanstalk permissions needed to deploy new version via AWS CLI

I have an IAM policy setup that I thought provided the right permissions to deploy a new version to an Elastic Beanstalk application. I'm still getting InsufficientPrivilegesException, specifically: aws elasticbeanstalk update-environment…
Sam
  • 720
  • 2
  • 8
  • 19
5
votes
1 answer

How can I tell where an Amazon AWS key is being used?

I have inherited an Amazon AWS environment in which the Root account key has been widely distributed for the purposes of making backups to S3 buckets. I need to track down where the key is being used, so that I can replace it with a key with limited…
Garreth McDaid
  • 3,449
  • 1
  • 27
  • 42
5
votes
1 answer

IAM Action for `Get-EC2Instance` command in Powershell SDK

Calling Get-EC2Instance from EC2 instance and getting Get-EC2Instance : You are not authorized to perform this operation. Which IAM action do I need to add to my policy?
jaywayco
  • 151
  • 2
5
votes
1 answer

How can I chain AWS IAM AssumeRole API calls?

There are a number of AWS accounts which I don't control. I've had the account owners deploy an IAM Role, TrustingSecurityAuditor, into their accounts which grants the right to assume the TrustingSecurityAuditor role to a different IAM role in my…
gene_wood
  • 533
  • 6
  • 15
5
votes
2 answers

Getting files from an s3 bucket using IAM role credentials

I am trying to retrieve some files from a private s3 bucket to a filesystem location elastic beanstalk ec2 instance, but with no success. I've created a bucket named dev-config containing a file named local.properties. I've created a IAM policy…
diffa
  • 141
  • 1
  • 10
5
votes
3 answers

IAM policy to restrict access to one VPC

I am trying to restrict users to a single VPC. I went through Controlling Access to Amazon VPC Resources and came up with the following policy but it does not work. Can someone point out the errors in it? I should mention that IAM Policy Simulator…
Satie Sharma
  • 53
  • 1
  • 1
  • 4
5
votes
1 answer

In AWS IAM, how do you write a policy to allow all actions?

I've read the AWS IAM example policies but don't see an example for allowing a group to do everything. I'm trying: { "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" } ] } But it's not working. Any…
greggles
  • 181
  • 1
  • 12
5
votes
3 answers

Getting "Fargate requires task definition to have execution role ARN to support ECR images." when creating Fargate task but the role is defined

I am trying to deploy a very simple web application to AWS Fargate. I have pushed a docker image of the backend of the application to ECR and I am trying to setup a Fargate task definition for the container. I have all of the properties of the task…
Brandon
  • 171
  • 1
  • 5
5
votes
1 answer

Impossible to delete AWS backup vault, backup plans?

I swear, I've read all the docs I can find, and have tried everything including the AWS policy generator UI and manually editing policy JSON, but no matter what I try, when I try to delete any of these resources, I just get the big red header with…
Tom Wilson
  • 151
  • 1
  • 4
4
votes
2 answers

Restrict access to S3 bucket folders to specific website users? (not using IAM Users)

I have a website where users need to log in. They can upload and delete their own pictures BUT these pictures are supposed to be private so images are not set to public that anyone can view. I know that we can use IAM policies to restrict access to…
Dora
  • 341
  • 1
  • 5
  • 15
4
votes
2 answers

Failed registering Scalable Target when defining auto scale option for ECS

But I am getting this error: Failed registering Scalable Target Scalable Target could not register scalable target: 1 validation error detected: Value '' at 'roleARN' failed to satisfy constraint: Member must have length greater than or …
Anthony Kong
  • 3,288
  • 11
  • 57
  • 96
4
votes
5 answers

Ansible AWS dynamic inventory: `./ec2.py --list` unauthorized

I'm trying to use Ansible's ./ec2.py --list --refresh-cache to list my AWS EC2 instances. Via documentation, I've run through this checklist: AWS (docs via Amazon's Controlling Access to Amazon EC2 Resources & Error Codes) Create an IAM User and…
Morgan Delaney
  • 141
  • 1
  • 5
4
votes
4 answers

Creating temporary access keys for federeated IAM users

We have set up IAM roles that allow federated users that are authenticated with Okta to gain access to the AWS Console. Some of the users need temporary AWS access keys to use the AWS command line tools locally. Is there any way for those users to…
thesamet
  • 317
  • 1
  • 2
  • 7
4
votes
1 answer

How can I use IAM pollicies to restrict a user to only launch instances with a specific set of AMIs?

I have the AMIs I want to allow tagged with the "type" tag. Here's the policy I tried: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:StartInstances" ], …
fields
  • 690
  • 1
  • 10
  • 21
1 2
3
17 18