Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

262 questions
4
votes
2 answers

How can I give an AWS IAM user permissions to manage his own security credentials?

Specifically, I want the user to be able to create/delete his own access keys ("Action": ["iam:*AccessKey*"]) in the AWS console, but without giving them a full user list view in the IAM dashboard. The instructions listed in the AWS documentation…
dorian
  • 427
  • 1
  • 8
  • 24
3
votes
2 answers

Securely storing AWS access credentials in an on-premise server

What is the best way to store AWS IAM access credentials in a physical/virtual server so services running in it can access it? This is a problem which was fixed long ago for EC2 instances through instance profiles but I don't know what the best…
scetoaux
  • 1,289
  • 2
  • 12
  • 26
3
votes
4 answers

AWS IAM: Restrict Console Access to only One Instance

I am trying to create an IAM user for the AWS Console with permission to list and perform action on only 1 instance. So I have a total of 6 Instances and I tried hiding 5 of them via IAM Policies by adding the below policy: Breakdown 1. First took…
ServerInsights
  • 51
  • 2
  • 6
3
votes
0 answers

IAM policy: Allow user to List only some instances/projects/resources

I created a new CodeStar project for a local user group activity and created some project members. Using the AWS CodeStar dashboard I created a member with the policy that allows them to be a Contributor. Unfortunately it appears that they need to…
Josh Withee
  • 209
  • 3
  • 7
3
votes
2 answers

Share IAM Policy across accounts in Organizations

While setting up my Organization in AWS I stumbled upon a problem. We plan to use AWS Organizations to separate different departments (Dev, Operations, IT, Projects) into different AWS Accounts and AWS SSO to Manage Cross-account access. In some…
Clemens Bergmann
  • 305
  • 1
  • 4
  • 13
3
votes
1 answer

MFA Authentication in AWS

What is the difference between two conditions below? This condition is being append to a customer managed policy which is attached to an user. The policy will enable the user to perform any operation on EC2 instance, but the user could…
Amit Baid
  • 41
  • 2
3
votes
3 answers

Separate resources and access per project on AWS?

Is it possible to separate resources (EC2 instances, S3 buckets, etc) by project, and have separate permissions per project? This way I can give admin permission of project A to user A, and admin permission of project B to user B, but user A nor…
zundi
  • 131
  • 3
3
votes
2 answers

How to use a AWS EC2 Iam role with Ansible

I am running Ansible on an EC2 instance with an assigned Iam role. I am running this playbook: $ cat s3.yaml --- - hosts: localhost remote_user: ec2-user tasks: - name: download ec2.py from s3 s3: bucket: mybucket …
M. Glatki
  • 1,964
  • 1
  • 17
  • 33
3
votes
1 answer

AWS - Cannot create ElastiCache-CacheCluster - 'CacheSecurityGroup not found error'

I have a cloud formation script shown below, I hope to create a Security Group and Elasti Cache. However I get an error shown below CREATE_FAILED AWS::ElastiCache::CacheCluster CacheSecurityGroup not found: elasticacheta.... I use…
user1811107
  • 131
  • 3
3
votes
1 answer

Terraform, ecs service creation fails when using a configured IAM policy

Using Terraform, ecs service creation fails when using a configured IAM policy. Error applying plan: 1 error(s) occurred: * aws_ecs_service.beatthemarket_service: InvalidParameterException: Unable to assume role and validate the listeners…
Frye
  • 253
  • 2
  • 3
  • 11
3
votes
2 answers

Using IAM roles to generate a dynamic inventory for Ansible

I'm looking at setting up a deploy server within our VPC and am trying to use an IAM role instead of keys for Ansibles dynamic ec2.py inventory script. An answer at Can I use IAM Roles for Ansible says it is possible, however it does not indicate…
hafichuk
  • 762
  • 2
  • 5
  • 18
3
votes
1 answer

Required IAM permissions for ec2.requestSpotInstances?

I'm trying to set permissions on an IAM role that will submit a new spot instance request if needed. It will be used by a Lambda function. The code does the following AWS API…
Zach Moshe
  • 151
  • 7
3
votes
1 answer

How to add SPECIFIC CloudFormation, EC2, RDS and S3 Access Restrictions in AWS - IAM

What I am trying to do is create a Group for an external team that requires access to their CloudFormation of which is in our account. I would like to set restrictions on their group so that they may only view and edit their own website without…
Lgalan90
  • 195
  • 1
  • 1
  • 10
3
votes
2 answers

How to allow IAM users to setup their own virtual MFA devices

I want to let my IAM users to setup their own MFA devices, through the console, is there a single policy that I can use to achieve this? So far I can achieve this through a number of IAM policies, letting them list all mfa devices and list users…
Ali
  • 255
  • 5
  • 13
3
votes
1 answer

Is there any way to 'describe-instances' for another AWS account from awscli?

I've added a role to allow another account to list instances, but there doesn't appear to be any option to choose which account I'm listing instances from. Is there some undocumented option to pass in to choose this foreign account? Edit: The…
Sergio
  • 566
  • 6
  • 7
1 2 3
17 18