Stack Overflow
Stack Overflow

Questions tagged [aws-access-policy]

48 questions
1
vote
1 answer

How do you grant permission to a child account for SAML provider of other account?

I will start by stating that I have no experience configuring cross account permissions.(trying to remedy that) I have set up a multi account infrastructure in AWS. I have a root account that has the SAML provider and it successfully allows me to…
Lewis Ayers
  • 11
  • 2
1
vote
0 answers

How can an SCP allow users to create buckets but deny making them public?

I want to prevent the users in my organization from creating public buckets as well as changing existing buckets to give them any public access. { "Version": "2012-10-17", "Statement": [ { "Sid": "S3-whitelist", "Effect":…
peer
  • 4,171
  • 8
  • 42
  • 73
1
vote
1 answer

How do I rotate my AWS IAM user access and secret key using boto3?

We are using the Python AWS SDK (boto3) to connect to S3. We have a static access and secret token, however my network is not safe. I can't use another network for sending requests so is there a way to change the access and secret keys after every…
User12
  • 138
  • 8
1
vote
1 answer

How to update aws elasticsearch access policy from serverless.yaml configuration?

I am trying to update AWS elasticsearch access policy through serverless yaml configuration: resources: Resources: ELInstanceName: Type: "AWS::Elasticsearch::Domain" Properties: ElasticsearchVersion: "7.1" …
Nikhil Shinde
  • 11
  • 2
1
vote
0 answers

AmazonSQSException: Value aws:arn for parameter Condition must be from Global context key list

I am trying to set SQS access policy where everyone expect me in the organization can not access the SQS. Below is the policy I am trying to set "Statement": { "Sid": "DenyEveryone", "Effect": "Deny", "Principal": "*", …
BrownTownCoder
  • 1,312
  • 5
  • 19
  • 25
1
vote
0 answers

AWS Elasticsearch Access Policy ridiculously fickle

I want to create an AWS Elasticsearch with this policy, to enable specific access from IAM roles, set admin IPs, and public read only. ES Console keeps returning an error "Error setting policy". I can't work out why this would not be allowed? { …
Tobin
  • 1,698
  • 15
  • 24
1
vote
3 answers

modify the Access policy SNS for inpector

how to modify the sns topic policy to permission to access to aws inspector in us-east-1?Assessment Templates has no permission to sns topic. I got this error: The Inspector Account was denied access to the requested topic Grant account xxxxxxxxx…
Pzowghi
  • 15
  • 4
1
vote
1 answer

CloudFront "MalformedPolicy" error with signed URLs

I need to create signed CloudFront URLs with a custom policy using PHP, but no matter what I do apparently my policy is "malformed". Here is an example policy generated in the…
Eva Lauren Kelly
  • 403
  • 1
  • 4
  • 15
0
votes
0 answers

My AWS CLI access stop working suddenly Error : AWS was not able to validate the provided access credentials

PS C:\Users\Test123> (Get-EC2Region).RegionName Get-EC2Region : AWS was not able to validate the provided access credentials At line:1 char:2 + (Get-EC2Region).RegionName + ~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation:…
rupesh kolatwar
  • 5
  • 1
0
votes
0 answers

elasticsearch ip access policy: how to allow query by POST yet prevent altering of data with POST

I have an ElasticSearch ip based access policy. I know I can deny based on resources and actions (GET, POST, DELETE, etc). POST, however is a specific beast and can be used to both query and alter data. How do I allow queries to occur and yet…
Jennifer Crosby
  • 185
  • 1
  • 1
  • 14
0
votes
0 answers

python helpers.scan() raises an error when elasticserach resource-based policy implements explicit deny of eshttpdelete , why?

I was implementing least privileges on ElasticSearch using an IP-based access policy using deny ESHttpDelete. It was discovered, in running some code, that helpers.scan() raised this error: {"Message":"User: anonymous is not authorized to perform:…
Jennifer Crosby
  • 185
  • 1
  • 1
  • 14
0
votes
1 answer

AWS ElasticSearch Access Policy Explicit Deny

Below I have an IP-based Access Policy that allows everything for 6 ip addresses, and then allows deletion for only one of those ip addresses. It was thought that it would give an explicit deny for delete to all the other ip addresses and then the…
Jennifer Crosby
  • 185
  • 1
  • 1
  • 14
0
votes
0 answers

Access Policy-Getting Error "User:anonymous is not authorized to perform:es:ESHttpGet because no resource-based policy allows the es:ESHttpGet action"

I am trying to avoid having to implement fine-grained ElasticSearch policy until we absolutely need it since it is irreversible. So, I am implementing a Domain JSON defined access policy with the conditions noting the IpAddress allowed or denied. …
Jennifer Crosby
  • 185
  • 1
  • 1
  • 14
0
votes
0 answers

How to modify the ccess token expire date time based on user group in aws

How to update the access token expire time based on user group in aws cognito. For a specific user group I need to assign different expiry time for access token Can we use Lambda function to check the user role and update the aws access token expire…
user1696555
  • 83
  • 2
  • 12
0
votes
1 answer

Create AWS Policies-serverless framework

I am trying to create policies using serverless framework. The idea is to access S3 services, depending on the user's company. I tried to deploy my serverless.yaml with the policy: - PolicyName: IAM_AWS_S3 PolicyDocument: …
Meli
  • 13
  • 4
1
2
3 4