Stack Overflow
Stack Overflow

Questions tagged [amazon-iam]

AWS Identity and Access Management (IAM) is an access control service for Amazon Web Services. Tag questions about using the AWS CLI, writing JSON for IAM, and using IAM SDKs.

IAM is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. Use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

5421 questions
19
votes
1 answer

AWS Amazon IAM user Policy to access ONLY one EC2 instance on EU-WEST-1 region

I have read the AWS documentation and it wasn't helpful... at least not for me. I have read about IAM and the user policy on the EC2. I want to make users have full access/(or just some actions allowed) only on ONE ec2 instance. The region I'm using…
Tedi Çela
  • 544
  • 1
  • 8
  • 20
18
votes
1 answer

Allow multiple conditions for IAM Federated OIDC providers for GitHub Actions

Similar to this policy question, is it possible to define multiple ForAnyValue:StringLike values in the same federed OIDC provider policy statement condition? Specifically, I am trying to allow multiple subjects from GitHub Actions OIDC, to allow…
danialk
  • 1,195
  • 11
  • 32
18
votes
1 answer

Adding lambda target role to AWS Eventbridge rule in Cloudformation fails

I am trying to create an AWS Eventbridge rule with a Lambda function as a target. I can add the rule and target fine but when I try to set the lambda permissions via RoleArn the Cloudformation stack deployment fails with: RoleArn is not supported…
kiwichris
  • 319
  • 1
  • 3
  • 10
18
votes
3 answers

Need to make an identical copy of AWS IAM role (including policies and trust relationship it has)

I have a IAM role (with many policies and a trust relationship in it). I used this in building a AWS Cognito User Pool. However, this IAM role will be deleted soon. Making a copy manually will be a chore and also not repeatable. I would like to…
Mamun
  • 2,322
  • 4
  • 27
  • 41
18
votes
5 answers

AWS Cloudformation Role is not authorized to perform AssumeRole on Role

I am trying to execute a cloudformation stack which contains the following resources: Codebuild project Codepipeline pipeline Roles needed While trying to execute the stack, it fails with the following error:…
Juan Rivillas
  • 897
  • 2
  • 9
  • 23
18
votes
2 answers

An error occurred: Policy document should not specify a principal

I am trying to create the policy as per the document in amazon doc. But I am facing this error as "An error occurred: Policy document should not specify a principal" Doc…
thulasi39
  • 521
  • 2
  • 5
  • 19
18
votes
8 answers

Is there a way to programmatically list all of the available actions for an AWS service?

I am looking for a way to list all of the actions that can be used in a AWS IAM policy. This is an example policy that uses IAM actions: { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1457442845000", …
Istvan
  • 7,500
  • 9
  • 59
  • 109
18
votes
2 answers

AWS API Gateway: How to pass IAM identity to Lambda function?

I've successfully configured IAM-authenticated access to my Lambda function with AWS API Gateway front-end, but unable to find how to pass IAM user identity to my Lambda function. I need exactly IAM user identity and can not run Lambda function…
AlexeyVMP
  • 2,386
  • 3
  • 24
  • 31
18
votes
1 answer

Minimal IAM policy for ec2:RunInstances

I'm trying to narrow down the minimal policy to run a predefined machine image. The image is based on two snapshots and I only want "m1.medium" instance types to be launched. Based on that and with the help of this page and this article, I worked…
Ja͢ck
  • 170,779
  • 38
  • 263
  • 309
17
votes
2 answers

How do I supply different conditions based on a parameter in an IAM Role CloudFormation Template

I'm writing a CloudFormation template for an IAM role that I will assume through STS. I need to add a condition where a key equals a value, where both the key and value depends on a "Stage" parameter. The value I've been able to programmatically…
jaxreiff
  • 503
  • 1
  • 4
  • 14
17
votes
2 answers

How to configure this Spring-Boot app to use IAM Role instead of keys and secrets?

I have a Spring Boot app which communicates with S3 and SQS. It worked fine using AWS secret keys and secrets, but I found out I have a restriction in that I cannot use those credentials, but must instead authenticate using an IAM Instance…
jjones
  • 609
  • 2
  • 6
  • 10
17
votes
4 answers

How do I grant a rotation Lambda access to AWS Secrets Manager

Using the serverless framework, I am trying to build a Lambda function that periodically rotates a secret stored in AWS Secrets Manager. I am having trouble configuring the roles needed for the Secret Manager to execute the Lambda. In my…
m90
  • 11,434
  • 13
  • 62
  • 112
17
votes
3 answers

Invoke an AWS lambda across regions

I have three lambda functions: boss, worker1, worker2. When using boto3.client.invoke I am able to call worker1 from boss. These two are in the same region. worker2 is in a separate region. When attempting to call worker2 from boss the following…
Sawyer Merchant
  • 1,243
  • 2
  • 12
  • 21
17
votes
2 answers

How to use IAM role with AWS Java SDK

My use case is as follows: I need to push some data into AWS SQS queue using JAVA SDK and by help of IAM role (not using credential provider implementation). Is there any way to do that? Thanks for help in advance.
Lovey
  • 880
  • 3
  • 15
  • 31
17
votes
1 answer

Cross account role for an AWS Lambda function

I have two AWS account (A and B). On my account A, I have a lambda function which need to access to resources of account B. Precisely, my lambda on my account A, need to update a record in a Route53 zone hosted on my account B. Contrary to S3, I…
Olivier
  • 834
  • 2
  • 7
  • 12
1 2 3
99 100