Stack Overflow
Stack Overflow

Questions tagged [amazon-iam]

AWS Identity and Access Management (IAM) is an access control service for Amazon Web Services. Tag questions about using the AWS CLI, writing JSON for IAM, and using IAM SDKs.

IAM is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. Use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

5421 questions
49
votes
4 answers

Is there any way to specify --endpoint-url in aws cli config file

The aws command is aws s3 ls --endpoint-url http://s3.amazonaws.com can I load endpoint-url from any config file instead of passing it as a parameter?
Siddhivinayak Shanbhag
  • 762
  • 1
  • 6
  • 15
49
votes
1 answer

AWS IAM: Unable to create additional Access Key

I have two access keys in IAM: One active and one inactive. Since I have forgotten my Secret Access Key I want to create a new set of credentials, but the Create access key button is greyed out. I don't know how to make new or how to retrieve my…
Danacord
  • 511
  • 1
  • 4
  • 5
45
votes
3 answers

Find role being used on server from AWS CLI

I'm on an EC2 instance that has an IAM role attached to it, and would like to be able to verify that I am indeed using this role from the AWS CLI. I'm imagining being able to call something like this (but can't find anything like it in the CLI…
ryantuck
  • 6,146
  • 10
  • 57
  • 71
45
votes
4 answers

can AWS Lambda connect to RDS mySQL database and update the database?

I am trying to connect AWS Lambda function to RDS mysql database. I just wanted to update the database from my lambda function. Is it possible to access RDS by specifiying IAM Role and access Policy?. I can connect to mysql databse using mysql…
ARUNBALAN NV
  • 1,634
  • 4
  • 17
  • 39
44
votes
4 answers

using profile that assume role in aws-sdk (AWS JavaScript SDK)

Using the AWS SDK for JavaScript, I want to use a default profile that assumes the a role. This works perfectly with the AWS CLI. Using node.js with the SDK does not assume the role, but only uses credentials to the AWS account that the access key…
Anders Lundsgard
  • 747
  • 1
  • 7
  • 17
43
votes
4 answers

AWS IAM - Can you use multiple wildcards (*) in a value

In all of the IAM Policy examples, they mention using wildcards (*) as placeholders for "stuff". However, the examples always use them at the end, and/or only demonstrate with one wildcard (e.g. to list everything in folder "xyz" with .../xyz/*). I…
drzaus
  • 24,171
  • 16
  • 142
  • 201
40
votes
4 answers

How to assign IAM role to users or groups

I know how to create user, group and role in AWS IAM. I can also attach policies to each of them. For example, after selecting a group, you can go to permissions tab, and attach some policies to it. However, I don't know how to attach a role to a…
Alisa
  • 2,892
  • 3
  • 31
  • 44
40
votes
10 answers

Why is my access denied on s3 (using the aws-sdk for Node.js)?

I'm trying to read an existing file from my s3 bucket, but I keep getting "Access Denied" with no explanation or instructions on what to do about it. Here is the code I am using: 'use strict' var AWS = require('aws-sdk') const options = { …
Shawn
  • 10,931
  • 18
  • 81
  • 126
39
votes
3 answers

How do you add a comment to a json IAM policy?

IAM policy are complicated beasts. It would be nice to add a comment when crafting them. For example, { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1422979261000", "Effect": "Allow", "Action": [ …
seanmcl
  • 9,740
  • 3
  • 39
  • 45
39
votes
7 answers

Enforce MFA for AWS console login but not for API calls

I am looking to enforce all IAM users(local and remote) to enable and activate their MFA devices. I want them all to enable MFA to do their respective tasks. I am trying with the following policy { "Effect": "Allow", "Action": "*", …
user2131779
  • 391
  • 1
  • 3
  • 3
38
votes
3 answers

Understanding IAM Passrole

I couldn't understand the use of IAM Passrole. Can anyone explain with simple example? I am referring the page : https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html but couldn't make much sense out it.
Pratik Garg
  • 747
  • 2
  • 9
  • 21
38
votes
7 answers

InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials

I'm trying to deploy a GitHub project to a EC2 Instance using AWS CodeDeploy. After following 2 video tutorials an a bunch of Google answer, I'm still getting the following error: 2017-02-01 12:20:08 INFO [codedeploy-agent(1379)]: master 1379:…
David Gatti
  • 3,576
  • 3
  • 33
  • 64
36
votes
9 answers

I need an Amazon S3 user with full access to a single bucket

I have a user foo with the following privileges (it's not a member of any group): { "Statement": [ { "Sid": "Stmt1308813201865", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::bar" } ] } That user…
Kit Sunde
  • 35,972
  • 25
  • 125
  • 179
36
votes
3 answers

AWS Trust Policy Has prohibited field Principal

I'm trying to create an IAM role and assign it to an EC2 instance according to Attach an AWS IAM Role to an Existing Amazon EC2 Instance by Using the AWS CLI. The policy looks like below: { "Version": "2012-10-17", "Statement": [ { "Effect":…
Matrix
  • 2,399
  • 5
  • 28
  • 53
35
votes
6 answers

Nested Step Function in a Step Function: Unknown Error: "...not authorized to create managed-rule"

I have a Step Function (Parent) created in a SAM/CloudFormation template that, among other things, calls another Step Function (Child). I'm following the instructions on calling Child, from Parent, using the service integration pattern. But I'm…
Matt
  • 907
  • 1
  • 8
  • 17
1 2
3
99 100