Stack Overflow
Stack Overflow

Questions tagged [amazon-policy]

Amazon policy - is a document that formally states one or more permissions.

To assign permissions to a user, group, role, or resource, you create a policy, which is a document that explicitly lists permissions. In its most basic sense, a policy lets you specify the following:

Actions: what actions you will allow. Each AWS service has its own set of actions. For example, you might allow a user to use the Amazon S3 ListBucket action, which returns information about the items in a bucket. Any actions that you don't explicitly allow are denied.

Resources: which resources you allow the action on. For example, what specific Amazon S3 buckets will you allow the user to perform the ListBucket action on? Users cannot access any resources that you have not explicitly granted permissions to.

Effect: what the effect will be when the user requests access—either allow or deny. Because the default is that resources are denied to users, you typically specify that you will allow users access to resource.

For more see here

86 questions
1
vote
0 answers

AWS restrict access to S3 bucket to single Amazon Cognito user

I'd like to implement the following: a specific Cognito (authenticated) user must have access to a single S3 bucket. What is the best way to achieve the above? I have tried the following: Create Cognito User Pool with App integration Create Cognito…
Andrej
  • 121
  • 10
1
vote
1 answer

Validate AWS IAM Policy programmatically

Is there a way by which I could check if an IAM User with some permissions satisfy a given policy set ? Example. I want to check if a user could trigger all the actions mentioned in the below policy. That too via some api calls or using the amazon…
Manuj Narang
  • 11
  • 1
1
vote
1 answer

AWS: IAM Policy to Add User To specific Group

I'm trying to set up a policy for a Group ("TheGroup") that when attached to a User would allow that user to Create new Users AND assign them to another specific group ("TheSubGroup"). I believe I have the CreateUser part mostly done but I'm not…
Meltemi
  • 37,979
  • 50
  • 195
  • 293
1
vote
2 answers

Translate is not authorized to assume role

When I enter the example code from here https://docs.aws.amazon.com/de_de/translate/latest/dg/async.html $ aws translate start-text-translation-job --job-name batch-test \ --source-language-code en \ --target-language-codes fr \ --input-data-config…
Rene B.
  • 6,557
  • 7
  • 46
  • 72
1
vote
1 answer

Configure AWS Role to switch between Organization Accounts

I'm trying to follow the instructions in How can I allow a Group to assume a Role?, but run into the following error when I try to switch roles: Invalid information in one or more fields. Check your information or contact your administrator. In…
KyleMit
  • 30,350
  • 66
  • 462
  • 664
1
vote
2 answers

Give S3 Full access cross account

I have two amazon accounts Account-A and Account-B. I want to give Account-B full control to all S3 related operations in Account-A for example Account-B can create/delete/list buckets belonging to Account-A. Can you point me to how it's done? So…
user1918858
  • 1,202
  • 1
  • 20
  • 29
1
vote
3 answers

What are the required AWS IAM policy permissions to create security group and adding inbound/outbound rules?

I am writing an IAM Policy to deploy EC2 Instances along with creating Security Groups using Terraform, I don't want to give EC2 full access. Following principle of least privilege, what are the permissions required to create Security groups also…
mellifluous
  • 2,345
  • 2
  • 29
  • 45
1
vote
1 answer

What are the required AWS IAM policy permissions to provision EC2 Instances from the CLI?

I am writing an IAM Policy to deploy EC2 Instances from the CLI, I don't want to give EC2 full access. Following principle of least privilege, what are the permissions required to provision EC2 Instances
mellifluous
  • 2,345
  • 2
  • 29
  • 45
1
vote
0 answers

S3 Cross Account Notification from any bucket owned by account

I'm providing cross-account services to my client, who has their own AWS account. I'd like them to be able to configure any S3 bucket that they own so that any ObjectCreated event is logged to my SQS queue. I'd also like to prevent any other party…
Andrew Rueckert
  • 4,858
  • 1
  • 33
  • 44
1
vote
1 answer

Why uploading image to s3 give me AuthorizationQuery error?

I try to upload jpeg image to the s3 bucket, I get Pre-sign URL successfully without any error but I always get the errors when I try to upload an image using that URL. Errors: AuthorizationQueryParametersError Error…
MohammadTofi
  • 365
  • 1
  • 7
  • 22
1
vote
1 answer

How do i list only accessible S3 bucket objects for a user, instead of explicitly asking for certain 'prefix'?

This is how we make, S3 Bucket object listing request. final ListObjectsV2Request req = new ListObjectsV2Request().withBucketName(bucketName) Suppose we have attached the inline policy to the user, who is requesting the resource, { "Sid":…
Siddartha Jangid
  • 13
  • 2
1
vote
1 answer

AWS IAM applicable policies and attached entities

After asking this question I did some digging and found a couple of policies with: { "Effect":"Allow", "Action":"*", "Resource":"*" } in them. Reading through the policies evaluation logic page again the second step stands out to…
superstienos
  • 124
  • 11
1
vote
1 answer

Restrict access to S3 hosted website without whitelisting ips

We have a website hosted on AWS S3 that we intend to be accessed only by a limited group of people. Right now, we are white listing the allowed IPs, as described in Restrict access to website hosted on S3. However, some of the people that must have…
redwulf
  • 1,317
  • 3
  • 13
  • 35
1
vote
1 answer

S3 Policy not working when resource is specified

I have a rails app set up to upload files to S3 I have an IAM user with an inline policy attached to the user. When I use the following policy everything works just fine: { "Version": "2012-10-17", "Statement": [ { "Sid":…
Justin
  • 122
  • 9
1
vote
2 answers

Exclude Permissions from an Admin AWS Account?

I want to create a user who has AdministratorAccess and manage everything except for example deny Delete and Update actions in IAM I tried to do this Create Admin User Create a policy that denies Delete and Update Operations in IAM Attach that…
Eltorrooo
  • 157
  • 2
  • 15
1 2
3
4 5 6