Stack Overflow
Stack Overflow

Questions tagged [amazon-iam]

AWS Identity and Access Management (IAM) is an access control service for Amazon Web Services. Tag questions about using the AWS CLI, writing JSON for IAM, and using IAM SDKs.

IAM is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. Use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

5421 questions
88
votes
1 answer

How to assume an AWS role from another AWS role?

I have two AWS account - lets say A and B. In account B, I have a role defined that allow access to another role from account A. Lets call it Role-B { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { …
Prashant
  • 3,823
  • 3
  • 25
  • 40
87
votes
11 answers

User is not authorized to perform: cloudformation:CreateStack

I'm trying out Serverless to create AWS Lambdas and while creating a project using the command serverless project create I'm getting the following error. AccessDenied: User: arn:aws:iam::XXXXXXXXX:user/XXXXXXXXX is not authorized to perform:…
Milindu Sanoj Kumarage
  • 2,714
  • 2
  • 31
  • 54
80
votes
16 answers

aws lambda function getting access denied when getObject from s3

I am getting an acccess denied error from S3 AWS service on my Lambda function. This is the code: // dependencies var async = require('async'); var AWS = require('aws-sdk'); var gm = require('gm').subClass({ imageMagick: true }); // Enable…
cyberdantes
  • 1,342
  • 3
  • 16
  • 28
77
votes
3 answers

What is exactly "Assume" a role in AWS?

Question What does exactly "Assume" a role mean in AWS and where is the definitive definition provided? Background Assuming a role is frequently used and trying to understand the definition and what it actually means. I suppose when a principal (IAM…
mon
  • 18,789
  • 22
  • 112
  • 205
76
votes
20 answers

Signature expired: is now earlier than error : InvalidSignatureException

I am trying a small example with AWS API Gateway and IAM authorization. The AWS API Gateway generated the below Endpoint : https://xyz1234.execute-api.us-east-2.amazonaws.com/Users/users with POST action and no parameters. Initially I had turned…
j10
  • 2,009
  • 3
  • 27
  • 44
76
votes
2 answers

AWS create role - Has prohibited field

I am trying out a simple example suggested by AWS documentation to create a role using a policy json file http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html And I get the error A client error (MalformedPolicyDocument)…
Chenna V
  • 10,185
  • 11
  • 77
  • 104
75
votes
8 answers

Difference between IAM role and IAM user in AWS

What is the difference between an IAM role and an IAM user? The IAM FAQ has an entry explaining it, but it was vague and not very clear: An IAM user has permanent long-term credentials and is used to directly interact with AWS services. An IAM role…
sashoalm
  • 75,001
  • 122
  • 434
  • 781
68
votes
7 answers

How to attach multiple IAM policies to IAM roles using Terraform?

I want to attach multiple IAM Policy ARNs to a single IAM Role. One method is to create a new policy with privileges of all the policies (multiple policies). But in AWS, we have some predefined IAM policies like AmazonEC2FullAccess,…
Pranshu Verma
  • 1,482
  • 1
  • 12
  • 12
66
votes
12 answers

The policy failed legacy parsing

I am trying to create IAM Role in AWS, but while I am creating I am facing error "We encountered the following errors while processing your request: Problem in attaching permission to role. Role will be created without permission. The policy…
Mani Teja
  • 669
  • 1
  • 5
  • 9
65
votes
4 answers

How can I allow a Group to assume a Role?

How can I allow all members of a Group to assume a Role in AWS IAM? I tried Using the following statement but as specified in AWS IAM Principal Element, a Group can not be a Principal. I want to achieve something like below: { "Version":…
Rentrop
  • 20,979
  • 10
  • 72
  • 100
57
votes
3 answers

AWS lambda invoke not calling another lambda function - Node.js

After giving all the rights to invoke function. My Lambda function is not able to invoke another function . Every time I am getting timeout having 30 seconds timeout issue. It looks like lambda is not able to get another lambda function My lambdas…
Arpit Vaishnav
  • 4,739
  • 6
  • 39
  • 57
55
votes
4 answers

Terraform: Error creating IAM Role. MalformedPolicyDocument: Has prohibited field Resource

My TF code is giving me an error: /* * Policy: AmazonEC2ReadOnlyAccess */ assume_role_policy = <
Snowcrash
  • 80,579
  • 89
  • 266
  • 376
52
votes
5 answers

What IAM permissions are needed to use CDK Deploy?

My team has a pipeline which runs under an execution IAM role. We want to deploy code to AWS through CloudFormation or the CDK. In the past, we would upload some artifacts to S3 buckets before creating/updating our CloudFormation stack, using the…
Alan Kay
  • 655
  • 1
  • 5
  • 7
51
votes
3 answers

How do I log in to AWS Console with an IAM user account?

I have created an IAM user account. Now I want to connect with this user to the AWS console. AWS says: For Users who need access to the AWS Management Console, create a password in the Users panel after completing this wizard. I have created one…
Gabriel Petrovay
  • 20,476
  • 22
  • 97
  • 168
50
votes
1 answer

In AWS IAM, What is the Purpose/Use of the "Path" Variable?

In IAM, what is the purpose/use of the "Path" variable when creating an IAM User via the CLI or API?
Plane Wryter
  • 1,299
  • 1
  • 11
  • 14
1
2
3
99 100