Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

262 questions
2
votes
1 answer

IAM Policy + S3 bucket tag conditions

Attempting to use a tag at the bucket level to use in an IAM policy that would give individuals xyz access inside the bucket. Seems like it should be possible: AWS documentation. Here is the actual IAM policy: { "Version": "2012-10-17", …
duhaas
  • 235
  • 2
  • 8
2
votes
1 answer

Access to AWS console for third party using cross-account?

There are two companies: Client and Contractor. Both have AWS accounts. I'm looking for simple but secure way to get staff from contractor team access to client's AWS console. Yep, I'm on the Contractor's side. The ways I can remember so far:…
Putnik
  • 2,217
  • 4
  • 27
  • 43
2
votes
1 answer

Are AWS IAM user names case-sensitive?

As I'm creating users in AWS IAM, I want to know whether the user names are case-sensitive or not.
Flimm
  • 460
  • 5
  • 16
2
votes
3 answers

AWS - Allowing user to start and stop an EC2 instance

I'm in trouble creating an IAM policy to an specific user to grant privileges to start and stop EC2 instance. I had tried several ways but I cant find the errors. This is my policy: { "Version": "2012-10-17", "Statement": [ { "Sid":…
Carlos Sánchez
  • 43
  • 1
  • 7
2
votes
1 answer

Access S3 bucket from my EC2 instance using CF::Init via IAM role not working

I have a CloudFormation template I'm using to set up an ECS cluster and I am trying to drop some config files onto the box using CloudFormation::Init on the ASG and pulling them out of S3. "ECSASGLaunchConfiguration": { "Type":…
Ernest Mueller
  • 1,199
  • 2
  • 12
  • 25
2
votes
2 answers

Assigning name to IAM Role with cloudformation

how can we set/assign name of any IAM role while creating an IAM role with cloudformation. Say i want to create an IAM role with name NewRole, using cloudformation script, but i cant find any parameter in resource declaration for IAM role, where we…
Hardeep Singh
  • 384
  • 4
  • 11
2
votes
1 answer

What's a good way to use credentials returned by `aws sts assume-role` in current shell session?

aws sts assume-role returns credentials in Json-format. Is there an easy way (like putting them in environment variables) so that subsequent calls to aws can use them? Basically, I want something like sudo -i for AWS. Note: I am currently doing this…
Robert Jack Will
  • 121
  • 4
2
votes
1 answer

Create an AWS IAM policy that only allows resources to be created within a certain resource group?

In my AWS account we have 3 different applications, A, B, C. I want to create an IAM policy for the B team that allows them to create new EC2 instances, but limit it to be tagged within the B resource group, or some other constraint that can…
kenwarner
  • 265
  • 2
  • 5
  • 16
2
votes
1 answer

Change in IAM role for EC2 instance not affecting already running EC2 instance

I have an IAM role for EC2 instance (so called Instance Profile) with two policies attached, giving full access to SQS and S3. There is an EC2 instance running associated with this role. It runs several apps, that do use temporary credentials and…
Jacek Prucia
  • 470
  • 6
  • 11
2
votes
1 answer

Can I use IAM Roles for Ansible

Apparently the AWS Access Key and Secret Key are optional parameters for the AWS Cloud Modules, however the places where the ansible would pick up those values are from Environment variables. Can we completely remove the Access Keys business by…
Naveen Vijay
  • 390
  • 6
  • 18
2
votes
1 answer

What AWS services allow you to specify a path for the resource's ARN?

The AWS Documentation on Amazon Resource Names says Some services let you specify a path for the resource name. For example, in Amazon S3, the resource identifier is an object name that can include slashes (/) to form a path. Similarly, IAM user…
gene_wood
  • 533
  • 6
  • 15
2
votes
1 answer

AWS RDS CLI: AccessDenied on CreateDBSnapshot

I want to use the AWS RDS command line tool to create a snapshot of my database my-database using create-db-snapshot. I have created a special backup role in IAM with a policy that allows me to describe, copy and create snapshots. It looks like this…
Bas Peeters
  • 233
  • 1
  • 5
  • 11
2
votes
1 answer

How is CloudFormation metadata access controlled?

As I understand it, an instance needs to be granted access to cloudformation:* resources in order to do anything with CloudFormation. But when I run this on a Beanstalk web server instance: cfn-get-metadata -s awseb-e-xxxxxxxxx-stack -r…
Alex B
  • 1,714
  • 2
  • 18
  • 30
2
votes
1 answer

How do i fix terraform invalid JSON policy

I am trying to use a file which contains load balancer iam policy for my AWS in terraform. However when i run the terraform script, i get an error stating: Error: "policy" contains an invalid JSON policy │ │ with…
eagercoder
  • 123
  • 1
  • 4
2
votes
0 answers

Facilitating arbitrary code execution on AWS Lambda

I am developing a SaaS where a user will be able to upload a custom JavaScript function that runs when an event happens. In order to preserve the integrity of the system, I am using AWS Lambda to run these functions such that they can run in…
Nexuist
  • 121
  • 2
1 2 3
17 18