Stack Overflow
Stack Overflow

Questions tagged [amazon-iam]

AWS Identity and Access Management (IAM) is an access control service for Amazon Web Services. Tag questions about using the AWS CLI, writing JSON for IAM, and using IAM SDKs.

IAM is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. Use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

5421 questions
2
votes
2 answers

AWS Lambda Python S3 Read File Error

Trying to read a file from a bucket in s3. The bucket has a trigger wired to a python lambda function. This then runs when a new file is put in the bucket. I keep getting an error. This the code: Download the file from S3 to the local…
Red
  • 45
  • 1
  • 3
2
votes
2 answers

How do I create an IAM policy to control access to Amazon EC2 resources based on the subnet name tag?

I need to restrict a specific user role from performing any EC2 instance actions in public subnets across any VPC. Is there a way to achieve this by leveraging subnet tags? I know how to use EC2 Resource Tags to control access to EC2 resources like…
gbaz
  • 409
  • 1
  • 6
  • 15
2
votes
2 answers

How to manage permissions of EC2 instance profile?

when deploying java app on EC2 i can just use new ProfileCredentialsProvider() to inject some instance credentials. but which IAM user will it be? how can i manage permissions of that user? for example to limit his rights to some specific S3…
piotrek
  • 13,982
  • 13
  • 79
  • 165
2
votes
1 answer

EC2 instances with same instance profile share credentials?

Do EC2 instances which use the same instance profile also use the same metadata credentials? Put another way, are EC2 metadata credentials unique to the EC2 instance or to the EC2 instance profile? For example, say I have an IAM role called my-role…
GreenRaccoon23
  • 3,603
  • 7
  • 32
  • 46
2
votes
1 answer

AWS.IAM is not a constructor JavaScript SDK

I'm using the AWS JavaScript SDK. Both - var s3 = new AWS.S3(); var dynamodb = new AWS.DynamoDB(); Works fine. When I try - var iam = new AWS.IAM(); I am presented with: TypeError: AWS.IAM is not a constructor
Cameron Wilcox
  • 51
  • 1
  • 4
2
votes
2 answers

IAM policy to grant access only to Amazon aliased keys

In KMS there are the amazon aliased keys (e.g./alias/aws/s3) and Customer Master Keys (CMKs). For each development team, I have a few CMKs with aliases (e.g. /alias/team1/default, /alias/team1/confidential) I'd like to allow access to the aws…
maafk
  • 6,176
  • 5
  • 35
  • 58
2
votes
1 answer

Let Cognito users manage access to "own" S3 folders

I'm actually going to sneak in two questions here: 1) I'm trying to figure out if there is a way to let Cognito users manage access to their own folders. Let's say user Dave wants to share his protected file with user Anne. How would I go about to…
2famous.TV
  • 460
  • 1
  • 6
  • 23
2
votes
4 answers

Get AWS IAM policy Access Advisor records from CLI or SDK

I'm reviewing IAM policies and roles that haven't been used in the last N number of days. In the console I can easily view recent usage under Access Advisor. I'd like to get the same in an automated way, but I can't find any documentation on getting…
maafk
  • 6,176
  • 5
  • 35
  • 58
2
votes
1 answer

DynamoDB fine-grained access control by group membership

By using IAM policies and cognito, you can limit access to data in dynamo tables based on the authenticated user. It's called fine grained access. Is there any way to do this based on membership to cognito group or perhaps membership to an IAM role?
vangorra
  • 1,631
  • 19
  • 24
2
votes
3 answers

I am supposed to use boto3 to write to an S3 bucket with only IAM instance profile, but how?

I have a boto3 script that successfully uploads files to an S3 bucket, using my account's AccessKeyId and SecretAccessKey. This works fine. But I'm supposed to remove my credentials from this instance and only use the IAM role attached to the…
Mark McWiggins
  • 621
  • 6
  • 20
2
votes
2 answers

iam:PutRolePolicy User: xxx is not authorized to perform: iam:PutRolePolicy on resource: role yyy

I have a cloudformation stack to create my codepipeline/codebuild resources etc. When I try to run it, I get: iam:PutRolePolicy User: arn:aws:sts::0000000000:assumed-role/aaaaaaaaaa/AWSCloudFormation is not authorized to perform: iam:PutRolePolicy…
Jiew Meng
  • 84,767
  • 185
  • 495
  • 805
2
votes
2 answers

AWS deny access to VPC

We have a few users which basically have access to everything using the following policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" } …
kev
  • 8,928
  • 14
  • 61
  • 103
2
votes
3 answers

Is there a way to add a description for IAM users in AWS?

I have users that have been added by other admins in my AWS account. I am afraid that these users might get deleted by other people. Is there a way to add a description to an IAM user?
Muhammad Lukman Low
  • 8,177
  • 11
  • 44
  • 54
2
votes
1 answer

How to use AWS principal in reference parameter in cloudformation

I have to automate this line "AWS": "arn:aws:iam::684821578293:user/jenkins" on my cloudformation template but while using join it will not working can somebody help me in this. Working template is below you can use following snap to parameters list…
Rohan Khanolkar
  • 85
  • 3
  • 12
2
votes
1 answer

Datadog AWS integration for multiple aws account

I have two AWS account , I was able to set AWS integration for the first account using Terraform, but when I try to create AWS integration for my second account I am having an error. I have created a role with in-line policy and we do not have a…
user6826691
  • 1,813
  • 9
  • 37
  • 74
1 2 3
99
100