Stack Overflow
Stack Overflow

Questions tagged [amazon-iam]

AWS Identity and Access Management (IAM) is an access control service for Amazon Web Services. Tag questions about using the AWS CLI, writing JSON for IAM, and using IAM SDKs.

IAM is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. Use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

5421 questions
17
votes
3 answers

AmazonServiceException: User is not authorized to perform: dynamodb:DescribeTable Status Code: 400; Error Code: AccessDeniedException

I had originally thought that this issue was due to mismatching regions, but after changing the region, I'm still coming across the following error when trying out an Amazon AWS sample found here: DynamoDBMapper AmazonServiceException: User:…
Kurt Wagner
  • 3,295
  • 13
  • 44
  • 71
16
votes
1 answer

Within IAM, can I restrict a group of users to access/launch/terminate only certain EC2 AMIs or instances?

What the title says. Within the master AWS account, I have several personal accounts, i.e. AWS Identity and Access Management (IAM) users. I would like to assign certain IAM users to groups and prevent them from terminating certain Amazon EC2…
Florin Andrei
  • 1,067
  • 3
  • 11
  • 33
16
votes
5 answers

Is it possible to generate an AWS access key via IAM for use with the Product Advertising API?

I like using IAM (Identity and Access Management) to create users/groups with specific permissions for specific purposes. The Product Advertising API requires use of an access key (request param is AWSAccessKeyId) and IAM can generate access keys,…
Adam Monsen
  • 9,054
  • 6
  • 53
  • 82
16
votes
3 answers

looking for a sample code to read parameter value from aws parameter store

looking for a sample java code to read parameter store values like RDS connection string from aws parameter store. appreicate code or any reference links. thanks.
uman dev
  • 409
  • 1
  • 5
  • 12
16
votes
1 answer

Passing aws credentials to Docker

I have a docker container golang code which interacts with aws resources. In the testing environment, we use iam role. But How do I test locally. How to use aws credentials to run my docker locally.I am using docker file to build the docker image.
user846445
  • 221
  • 1
  • 3
  • 14
16
votes
5 answers

CloudFormation is not authorized to perform: iam:PassRole on resource

This is part of the code of my template.yml in Cloud9: Type: 'AWS::Serverless::Function' Properties: Handler: index.handler Runtime: nodejs6.10 CodeUri: . Description: Updates records in the AppConfig table. MemorySize: 128 Timeout: 3 …
Second Of Two
  • 469
  • 1
  • 5
  • 10
16
votes
3 answers

Accessing AWS RDS using IAM Authentication and Spring JDBC (DataSource and JdbcTemplace)

I am not able to figure out how to implement this. Any help and/or pointers will be greatly appreciated. Currently, my Java/Spring application backend is deployed on EC2 and accessing MySQL on RDS successfully using the regular Spring JDBC setup.…
Gauzy
  • 711
  • 3
  • 13
  • 26
16
votes
1 answer

DynamoDB multi-tenant IAM policy (sharing documents with other users)

I’m attempting to create a multi-tenant application with DynamoDB and Cognito. The documentation is pretty clear on how to implement fine-grained authorisation so that users can access only their own records, by adding a condition to the IAM access…
Harry
  • 4,660
  • 7
  • 37
  • 65
16
votes
1 answer

Can wildcard character (*) be used in the fine-grained access policy for dynamodb?

I have a Amazon dynamodb table with partition key composed of the user's id (from facebook or google) and other characters. I know wildcard can be used to specify the properties of a fine-grained access policy, but I couldn't get the wildcard in the…
Richard Wong
  • 3,498
  • 4
  • 19
  • 19
16
votes
5 answers

How to write an S3 bucket policy to *only* allow specific IAM role and Cloudfront Origin Access Identity?

My overall objective: I tried several things and read relevant AWS documentation but am unable to figure how to write an S3 bucket policy to allow access only to specific IAM role and Cloudfront Origin Access Identity(OAI), and deny everyone…
ktrace
  • 525
  • 1
  • 5
  • 17
16
votes
3 answers

Amazon API Gateway authorization AWS_IAM

What does it means AWS_IAM as Authorization model in Amazon API Gateway? If I test the Lambda inside the AWS console it works and prints "Hello World", but if I use the endpoint URL and open it inside another browser's tab it say…
BAD_SEED
  • 4,840
  • 11
  • 53
  • 110
16
votes
3 answers

AWS S3 IAM grant access to buckets based on tags

I'm trying to grant a group of users access to all s3-buckets with a certain tag, but no access to all others. The policy I've cobbled together looks like this: { "Version": "2012-10-17", "Statement": [ { "Sid":…
Hartwig Hauschild
  • 159
  • 1
  • 1
  • 6
16
votes
4 answers

IAM Role limit sts:AssumeRole to one AWS Lambda function

I am concerned about security. The creation of IAM Roles is a high security risk, and the fact that you can only specify to be AWS Lambda the one that can assume a role is not good enough IMO. There could be a privilege escalation if not treated…
txomon
  • 642
  • 1
  • 6
  • 21
16
votes
1 answer

CloudFormation IAM Role -- AssumeRolePolicyDocument

So I'm constructing a cf stack for a role in AWS and I don't know how to go about the AssumeRolePolicyDocument field when designing a role that is not resource-based. All the examples I've tried to look up each have a specific AWS resource…
Sam S.
  • 348
  • 1
  • 3
  • 15
16
votes
4 answers

Access AWS API Gateway with IAM roles from Python

I have an AWS API Gateway that I would like to secure using IAM Roles . I am looking for a package to help me accessing it using Python. I am trying to avoid implementing the entire Version 4 Signing Process. I am sure there must be some library I…
FelixEnescu
  • 4,664
  • 2
  • 33
  • 34
1 2 3
99 100