Questions tagged [amazon-policy]

Amazon policy - is a document that formally states one or more permissions.

To assign permissions to a user, group, role, or resource, you create a policy, which is a document that explicitly lists permissions. In its most basic sense, a policy lets you specify the following:

Actions: what actions you will allow. Each AWS service has its own set of actions. For example, you might allow a user to use the Amazon S3 ListBucket action, which returns information about the items in a bucket. Any actions that you don't explicitly allow are denied.

Resources: which resources you allow the action on. For example, what specific Amazon S3 buckets will you allow the user to perform the ListBucket action on? Users cannot access any resources that you have not explicitly granted permissions to.

Effect: what the effect will be when the user requests access—either allow or deny. Because the default is that resources are denied to users, you typically specify that you will allow users access to resource.

For more see here

86 questions

votes

2 answers

IAM CloudFormation Templates AWS Roles

So if I were to create a federated developer role for developers (duh) and push it to AWS in the form of a cf template, the role's name is simply what I named it. But for some reason, if the role is designed for AWS services/resources to assume…

asked Feb 01 '17 at 15:30

Sam S.

votes

1 answer

Can I specify an aws policy based on a specific cognito field?

Can I apply a policy (for example to an AWS DynamoDB table) but restrict it based on a specific field of the Cognito user (other than the Cognito id)? What I'm tring to implement: I've got multiple Cognito users that belongs to one specific group.…

amazon-web-services amazon-cognito amazon-policy

asked Jan 31 '17 at 21:29

Stéphane

1,528
14
21

votes

1 answer

AWS Route 53 traffic policy adding SSL

I'm managing a domain at AWS Route 53 and I have a service exposed as an api on 3 servers spreaded across 3 main zones: us, asia, eu. I created a traffic policy to redirect clients based on latency to the appropriate zone(s). So client comes in via…

amazon-web-services amazon-route53 amazon-policy

asked Jan 26 '17 at 00:15

Romeo Mihalcea

9,714
12
50
102

votes

0 answers

Cloudfront access to Amazon S3 objects

I have setup cloudfront through AWS console. Somehow cloudfront is not able to access the Amazon S3 objects and throws 403 response error. I believe this is a s3 bucket policy issue. Below is my current bucket ploicy { "Version": "2012-10-17", …

amazon-web-services amazon-s3 amazon-policy

asked Nov 22 '16 at 11:25

Manish Kumar

1,419
3
17
36

votes

0 answers

Inconsistent upload/PUT access to Amazon AWS S3 with custom permissions

I have an application that uploads videos to an S3 bucket, and then creates a custom policy to allow another user (for the Zencoder service) to grab the files, and upload the transcoded files back into the bucket. Below is the current custom policy…

amazon-web-services amazon-s3 amazon-iam zencoder amazon-policy

asked Jul 20 '16 at 22:10

mnd

2,709
3
27
48

votes

1 answer

AWS IAM Group Policy to limit visibility & access to only one signle S3 bucket

I created a bucket which host some web small web page and a few docs which should only be read accessible by users which have a certain login in IAM. These users should only have (read) access to this specific bucket and no other bucket. Ideally…

amazon-web-services amazon-s3 amazon-iam amazon-policy

asked Jun 28 '16 at 15:47

Bernie Lenz

1,967
23
45

votes

0 answers

AWS Policies not working on the reverse

So I've 2 policies pretty much doing exactly the same thing but one works and one doesn't within the IAM policy simulator even though I'm setting the ARN and IpAddress as the same in both queries; Working Policy; { "Version": "2012-10-17", …

amazon-web-services amazon-iam amazon-policy

asked May 19 '16 at 11:58

r0bb077

votes

2 answers

AWS allow policy to create tags for instances on a particular VPC

I want to be able to apply tags only to instances running in EC2 on a particular VPC (vpc-11111111). I tried to use the policy { "Version": "2012-10-17", "Statement": [ { "Sid": "EC2TagNonresourceSpecificActions", …

amazon-web-services amazon-ec2 amazon-policy

asked Apr 27 '16 at 13:28

Jason Quinn

2,443
3
28
36

votes

1 answer

ASW IAM Policy and Amazon API Gateway says two different thing

I have policy: AmazonAPIGatewayInvokeFullAccess and user is associate with this policy but when I simulate action to invoke API it says access denied, can anyone help me understand what is the problem here?? Find simulator image here

amazon-web-services amazon-iam aws-api-gateway amazon-policy

asked Apr 13 '16 at 13:42

joev

-1

votes

1 answer

AWS CloudFormation error: iam:PutRolePolicy

I'm getting this error while modifying the stack change API: iam:PutRolePolicy User: arn:aws:sts::769558805:assumed-role/AWS-QuickSetup-StackSet-Local-AdministrationRole/AWSCloudFormation is not authorized to perform: iam:PutRolePolicy on resource:…

amazon-web-services aws-cloudformation amazon-policy

asked Jul 25 '22 at 14:30

Henry.

-1

votes

1 answer

Show user friendly message on EC2 console if policy restricts instance creation

I have written a policy to enforce two tags test1 and test2. The policy restricts creation of new instances without these tags but it shows an encrypted error message which does not make any sense. Can anything be done to show a human readable…

amazon-web-services amazon-ec2 amazon-iam amazon-policy

asked Jan 18 '18 at 09:05

sidnandan

Prev 1 2 3 4 5