Stack Overflow
Stack Overflow

Questions tagged [amazon-iam]

AWS Identity and Access Management (IAM) is an access control service for Amazon Web Services. Tag questions about using the AWS CLI, writing JSON for IAM, and using IAM SDKs.

IAM is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. Use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

5421 questions
2
votes
1 answer

what is the significance of having an member account in AWS Organization?

What is the real use of having member account to be attached with particular Organizational unit? We can still manage the permission by attaching it to OUs.
Agnel Amodia
  • 765
  • 8
  • 18
2
votes
1 answer

Parsing boto3 output JSON

i'm using this code to get IAM user: #!/usr/bin/env python import boto3 import json client = boto3.client('iam') response = client.list_users( ) print response and getting: {u'Users': [{u'UserName': 'ja', u'Path':…
Milister
  • 648
  • 1
  • 15
  • 33
2
votes
0 answers

Attempts at writing the Terraform code for AWS KMS

Goal : I am trying to create the following things A terraform template to create KMS keys This template should create the key and two IAM roles. The roles would be one for admin functions and one that allows encrypt/decrypt I have…
Akshay Yeluru
  • 31
  • 7
2
votes
2 answers

IAM Policy to prevent DynamoDB from creating records for UpdateItem

My application allows users direct access to DynamoDB from their browser. They can view and edit any record for which they know the partition key (a UUID). My problem is that users can create new records by 'editing' a non-existant partition key. Is…
Jesse Barnum
  • 6,507
  • 6
  • 40
  • 69
2
votes
2 answers

Getting Access Denied for pulling object from S3 bucket from ECS using IAM Role

I am trying to get some encrypted connection parameter from s3 bucket in my sample Spring application. Here is the method I am using to run inside a container: public void encryptionOnly_KmsManagedKey() throws NoSuchAlgorithmException { …
amiivas
  • 31
  • 1
  • 5
2
votes
1 answer

Boto is unable to access bucket inside ECS container which have correct IAM roles (but Boto3 can)

I have ECS container and I have attached an IAM policy like below: { "Version": "2012-10-17", "Statement": [ { "Sid": "1", "Effect": "Allow", "Action": [ "s3:List*", …
Hussain Bohra
  • 985
  • 9
  • 15
2
votes
3 answers

Why does AWS IAM allow limiting a user to only programmatic access or only web console access?

Amazon Web Service's IAM service allows administrators to create user accounts with different permissions, groups etc. When an administrator creates a new user, he has the option of specifying whether this user will be limited to either programmatic…
CodyBugstein
  • 21,984
  • 61
  • 207
  • 363
2
votes
1 answer

How to configure APIs in API Gateway to accept traffic only from specified EC2 instances

I changed the Authorization Type for API to AWS_IAM, then I created an user with the following policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ …
Sagar Ajmire
  • 333
  • 3
  • 13
2
votes
2 answers

How do I apply an Ansible task to multiple hosts from within a playbook?

I am writing an ansible playbook to rotate IAM access keys. It runs on my localhost to create a new IAM Access Key on AWS. I want to push that key to multiple other hosts' ~/.aws/credentials files. --- - name: Roll IAM access keys hosts:…
TreverW
  • 440
  • 7
  • 16
2
votes
1 answer

How to configure AWS lambda execution role to be able to list batch jobs?

I'm having issues getting my Lambda configured correctly to be able to run batch jobs. The code looks like this: client = boto3.client('batch') _job_queue = os.environ['JOB_QUEUE'] _job_definition = os.environ['JOB_DEFINITION'] _job_name =…
Nate Reed
  • 6,761
  • 12
  • 53
  • 67
2
votes
2 answers

Find out which IAM user created a given resource

I have multiple IAM users under my account. Is there a way to know which IAM user created a particular resource, such as an EC2 instance or an Elastic Search Cluster?
sashoalm
  • 75,001
  • 122
  • 434
  • 781
2
votes
1 answer

Athena queries between tables in different accounts

I can individually access two different Athena tables using two different IAM roles because each lie in different accounts. Is there a way to run a single query that pulls from both (ie. INNER JOIN)?
user3002273
2
votes
1 answer

Create Policy in Cloudformation Granting Access to s3 Buckets From Separate AWS Account

I have read the "Specifying Principals in a Policy" doc: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-bucket-user-policy-specifying-principal-intro.html, and am inferring some behaviors from there and other SO (like aws lambda function getting…
zachd1_618
  • 4,210
  • 6
  • 34
  • 47
2
votes
2 answers

Is it possible to restrict access to S3 data from EMR (zeppelin) by IAM roles?

I have set up an EMR cluster with Zeppelin installed on it. I configured Zeppelin with Active Directory authentication and I have associated those AD users with IAM roles. I was hoping to restrict access to specific resources on S3 after logging…
Leyth G
  • 1,103
  • 2
  • 15
  • 38
2
votes
0 answers

InvalidClientTokenId when using IAM user

I'm having trouble implementing GetCallerIdentity with AWS within my application. When I try to generate temporary credentials, the server console returns the error InvalidClientTokenId: The security token included in the request is invalid. I've…
bp123
  • 3,217
  • 8
  • 35
  • 74
1 2 3
99 100