Stack Overflow
Stack Overflow

Questions tagged [amazon-policy]

Amazon policy - is a document that formally states one or more permissions.

To assign permissions to a user, group, role, or resource, you create a policy, which is a document that explicitly lists permissions. In its most basic sense, a policy lets you specify the following:

Actions: what actions you will allow. Each AWS service has its own set of actions. For example, you might allow a user to use the Amazon S3 ListBucket action, which returns information about the items in a bucket. Any actions that you don't explicitly allow are denied.

Resources: which resources you allow the action on. For example, what specific Amazon S3 buckets will you allow the user to perform the ListBucket action on? Users cannot access any resources that you have not explicitly granted permissions to.

Effect: what the effect will be when the user requests access—either allow or deny. Because the default is that resources are denied to users, you typically specify that you will allow users access to resource.

For more see here

86 questions
0
votes
1 answer

AWS InsufficientPrivilegesException for UpdateEnvironment but I have setup relevant permissions

I want to setup a CI/CD using GitHub Actions that creates a new application version in AWS Elastic Beanstalk whenever new code is committed and pushed. Here's the workflow .yml: name: Build Frontend and Deploy on: push: branches: [ master…
Fawwaz Yusran
  • 1,260
  • 2
  • 19
  • 36
0
votes
1 answer

Does allowing access to a bucket automatically imply access to everything inside?

For a policy to allow access to a bucket and everything inside it, does the 'Any' box next to object need to be checked (or does simply allowing access to a bucket imply access to its contents)? There are two reasons I ask i) so that the policy has…
stevec
  • 41,291
  • 27
  • 223
  • 311
0
votes
1 answer

Restrict AWS Developer Power User access by specifying date condition (DateGreaterThan, DateLessThan)

I have this managed policy for AWS Developer Power User, which gives the user access to all AWS resources and actions except IAM and Organization (Just one level below Admin role). AssumeRolePolicyDocument: Version: 2012-10-17 Statement: …
DM_Darko
  • 1
  • 2
0
votes
1 answer

SNS subscription receives message even without filter policy

A SNS topic has 2 subscriptions. one with filter policy (lets call this A) and other without (lets call this B). When a message is published to the SNS topic with filter attributes matching subscription with filter policy(subscription A), it…
missing-semi-colon
  • 63
  • 1
  • 4
0
votes
3 answers

Passing IAM roles from one EC2 to another Ec2

I have an ec2 instance (say ec2-1) which has an IAM role attached. This IAM role is having policies for launching new ec2 instances, new security groups, listing various security groups, copying file from S3 etc. Now I want to launch another ec2…
Naxi
  • 1,504
  • 5
  • 33
  • 72
0
votes
1 answer

How can i have s3 policy that denies access to all buckets except the ones that start with string "xyz"?

I want to have policy that deny access to all buckets except the one that start with a certain naming convention i.e if they start with "xyz". How can i write a policy to do that? The one below works but it throws various warning : "You choose…
toing
  • 466
  • 1
  • 3
  • 19
0
votes
0 answers

Can we set AWS IAM account password policy for set of users?

I am looking for a way to set a IAM account password policy to only set of users in the account, is this possible with IAM? For example, I want developers to have minimum 10 letters password, I want testes to have minimum 12 letters…
karthikeayan
  • 4,291
  • 7
  • 37
  • 75
0
votes
1 answer

aws iam policy for denying users creating new roles only with my boundary policy

I want to create a policy where the user is restricted from creating a role without my permission boundary! i tried using iam:AttachRolePolicy and Iam:putRolePermissionBoundary but not working still!
Kranthi Kumar Basaraju
  • 3
  • 1
0
votes
1 answer

How to write AWS Bucket Policy with SES principal and IAM role principal

I originally setup SES to receive emails and during the process I created a bucket policy which allowed the service to put emails in S3. I now have a lambda function that should be able to use STS to assume a role and access the same bucket.…
weirded
  • 21
  • 5
0
votes
1 answer

AWS S3 Trying to understand permission given to a Policy

I'm trying to create a policy to be used by an application deployed in a ECS, to getObject/Put/Delete some files inside the bucket. The policy i'm creating looks like this: { "Sid": "VisualEditor1", "Effect": "Allow", …
Luis Miguel
  • 495
  • 8
  • 22
0
votes
2 answers

AWS IAM Policy: Restrict Bucket/Folder Access By User/Role?

I'm trying to restrict Users by role to access only particular folders within an S3 bucket. The bucket is configured as "mock mountable" so to speak so that we can use it for file sharing as if it were a more traditional server. Each user is using…
Claz
  • 21
  • 6
0
votes
0 answers

Glacier policy for IAM to have full access to only vaults they've created?

There are similar questions around but none seem to quite answer me directly (or I'm too new with AWS to connect the dots myself.) Apologies if this was easily searchable. I've been trying for many days now. I want to create a policy that I can…
JoelAZ
  • 3,875
  • 1
  • 11
  • 15
0
votes
1 answer

How to write an AWS policy which can be assumed by other accounts but gives different permissions depending on which account is assuming the role?

I have 2 AWS accounts with ID 111111 and 222222 and I am trying to attempt the following Both accounts should access AWS by assuming the same role The assumed role gives each access to read/write an s3 bucket on account 111111 Account 111111 can…
Alexandre Thenorio
  • 2,288
  • 3
  • 31
  • 50
0
votes
0 answers

aws cloudfront permissions

I'm trying to allow a group i defined to have invalidation privliges I defined a policy on the group that looks like this { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1511787279000", "Effect":…
w--
  • 6,427
  • 12
  • 54
  • 92
0
votes
1 answer

Restrict the AWS ElasticSearch access to an auto scaling group

I have an AutoScaling group who must have the access to the AWS ElasticSearch Service, But as you know, using IP address as access policies will not work in this case (The ip change every time). I wonder if there is a way to use IAM Roles or…
MrGildarts
  • 833
  • 1
  • 10
  • 25
1 2 3 4
5
6