Stack Overflow
Stack Overflow

Questions tagged [amazon-iam]

AWS Identity and Access Management (IAM) is an access control service for Amazon Web Services. Tag questions about using the AWS CLI, writing JSON for IAM, and using IAM SDKs.

IAM is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. Use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

5421 questions
21
votes
2 answers

Deployment group's ECS service must be configured for a CODE_DEPLOY deployment controller

I've encountered following error when I'm trying to create Deployment Group for ECS Cluster in Code Deploy. I've created IAM that based on CodeDeploy ECS and its policy: { "Version": "2012-10-17", "Statement": [ { …
PPShein
  • 13,309
  • 42
  • 142
  • 227
21
votes
3 answers

Unable to find .aws directory

By default python 2.75 is installed in my machine and I installed boto3 and awcli using pip install awscli boto3 -U --ignore-installed six command. And it got installed fine, I checked,but there I can't find .aws directory in my home directory. I…
Kosmos Nagios
  • 311
  • 1
  • 2
  • 10
21
votes
3 answers

How to provide multiple StringNotEquals conditions in AWS policy?

I am trying to write AWS S3 bucket policy that denies all traffic except when it comes from two VPCs. The policy I'm trying to write looks like the one below, with a logical AND between the two StringNotEquals (except it's an invalid policy): { …
ikh
  • 2,336
  • 2
  • 19
  • 28
21
votes
2 answers

From AWS SDK, how to I get the current logged in username (or IAM user)?

I'm using the Ruby SDK (V2), but I guess my question is more general than the specific implementation as I couldn't find an answer in any of the SDKs. How do I get the username (and/or IAM user) that my session currently belongs to? I let the SDK…
Zach Moshe
  • 2,782
  • 4
  • 24
  • 40
20
votes
7 answers

Your current user or role does not have access to Kubernetes objects on this EKS cluster

Don't know if this is an error from AWS or something. I created an IAM user and gave it full admin policies. I then used this user to create an EKS cluster using the eksctl CLI but when I logging to AWS console with the root user I got the below…
benyusouf
  • 325
  • 2
  • 6
  • 17
20
votes
1 answer

Difference between aws_iam_policy and aws_iam_role_policy

I have a aws_iam_role which I want to add a policy to. Typically, I would create a policy with aws_iam_role and attach it to the role with aws_iam_role_policy_attachment. However, I've seen some documentation which uses aws_iam_role_policy which, to…
Matt W
  • 11,753
  • 25
  • 118
  • 215
20
votes
6 answers

Unable to assume role and validate the specified targetGroupArn

I'd like to create and deploy a cluster using terraform ecs_service, but am unable to do so. My terraform applys always fail around IAM roles, which I don't clearly understand. Specifically, the error message is: InvalidParametersException: Unable…
Jefftopia
  • 2,105
  • 1
  • 26
  • 45
20
votes
4 answers

EC2 instance with a cross account IAM role

I've created a cross account IAM role in one of my accounts(say account A) and would like to attach that role to an ec2 instance in another account(account B). I tried creating a new role in account B with sts:AssumeRole pointing to the role in A…
ebnius
  • 910
  • 2
  • 8
  • 14
20
votes
2 answers

Lambda and DynamoDB : is not authorized to perform: dynamodb:Scan

I've created my API with serverless, after I deployed my API into lambda, and we I try to test the endpoint via the "Test" button in the GatewayAPI, I get the error: "User:…
GuillaumeC
  • 535
  • 1
  • 8
  • 18
20
votes
2 answers

How do I use Boto3 to launch an EC2 instance with an IAM role?

I can not figure out how to launch an EC2 instance in Boto3 with a specified IAM role. Here is some sampe code of how I have been able to successfully create an instance so far: import boto3 ec2 = boto3.resource('ec2',…
Gerk
  • 303
  • 1
  • 2
  • 5
20
votes
2 answers

How to setup IAM policy for AWS Lambda in VPC to resolve error "You are not authorized to perform: CreateNetworkInterface."

I am trying to setup my Lambda to access my Mongo server on one of the EC2 instances in VPC. After selecting all the subnets and security groups, I get the following error when saving "You are not authorized to perform: CreateNetworkInterface." I…
Chenna V
  • 10,185
  • 11
  • 77
  • 104
20
votes
2 answers

Which user launched EC2 instance?

I have some EC2 instances that I don't really know who launched them. Is there a way to know who launched a specific instance?
Vame
  • 2,033
  • 2
  • 18
  • 29
19
votes
4 answers

Terraform unable to assume roles with MFA enabled

I'm having a terrible time getting Terraform to assume an IAM role with another account with MFA required. Here's my setup AWS Config [default] region = us-west-2 output = json [profile GEHC-000] region = us-west-2 output = json .... [profile…
ehime
  • 8,025
  • 14
  • 51
  • 110
19
votes
2 answers

AWS - IAM Roles and Trust Relationships

I am new to AWS and IAM and trying to understand roles and trust relationship. I fully understand why roles are used, how to create them, and their use case. What I don't get is the trust relationship step. In almost all the cases I have seen it is…
MangoGuy
  • 206
  • 1
  • 2
  • 4
19
votes
2 answers

CloudFront policy to invalidate only specific distrubution

I'm using S3 bucket to store files and CloudFront to distribute them. I have a tool that handles synchronization automatically and it works great. However, I want to be able to also create CloudFront invalidations programmatically. What statement do…
Slava Fomin II
  • 26,865
  • 29
  • 124
  • 202
1 2 3
99 100