Stack Overflow
Stack Overflow

Questions tagged [aws-iam-policy]

98 questions
0
votes
0 answers

'MalformedPolicyDocument Error on CreatePolicyCommand for AWS SDK V3

I am trying to pass an array of buckets of another AWS account A to a policy of account B.I am getting error: Error: { Type: 'Sender', Code: 'MalformedPolicyDocument', Message: 'The policy failed legacy parsing', message: 'The policy failed legacy…
B Kalra
  • 821
  • 6
  • 17
0
votes
1 answer

Unable to fetch iam role/policy in aws lambda

I am trying fetch IAM role in aws lambda function, like const iamClient = new IAMClient({ region: "us-west-2" }); const role = await iamClient.getRole({ RoleName: roleName }); But I am getting below…
Mangesh Tak
  • 346
  • 1
  • 6
  • 22
0
votes
0 answers

Angular application deployed to AWS lambda gives internal server error

I've deployed angular application to aws lambda getting deployed successfully and getting url ( example-aws-url.amazonaws.com/production) This is giving error { "message": "Internal server error" } Given roles are shown in image even not able to see…
Hitesh Shine
  • 21
  • 5
0
votes
1 answer

AWS Step Functions CDK IAM role circular dependency with distributed map state

I'm using AWS Step Functions with CDK (TypeScript) and I need to add a Distributed Map state. Unfortunately, CDK does not support this state yet (https://github.com/aws/aws-cdk/issues/23216). Since I would like to create something a bit more…
Simone Serra
  • 181
  • 1
  • 14
0
votes
0 answers

How to grant user full access to specific region but readonly access to all other regions

I have a requirement to restrict access to all regions(except for s3 bucket item modifications) except for eu-west-2. the user can view all regions on the console but their access will be readonly for the most part, apart from being able to modify…
Farhad-Taran
  • 6,282
  • 15
  • 67
  • 121
0
votes
0 answers

AWS IAM policy based on PermissionSet mapping

How can I create AWS SCP conditions which restrict the scope of the policy only to AzureAD users which are members of AD group associated with a specific PermissionSet? For example, let's assume I have AD user John@domain.com, member of…
wizard
  • 1,456
  • 1
  • 11
  • 20
0
votes
1 answer

I can not filter things by attribute values in iot core

I have a problem regarding the filtering things by attribute name and attribute value via aws cli. I have two different environments and I am able to use the following cli commands in one of from them succesfully as below: aws iot list-things aws…
Onur
  • 414
  • 1
  • 11
  • 31
0
votes
0 answers

Terraform: AWS IAM role with 1 or multiple policy passed as input

I have a task to refactor current usual IAM module to IAM module with option to send 1 or more policy as input from Terragrunt. I am trying to use latest resources from aws:…
Oleksadr S
  • 13
  • 4
0
votes
0 answers

Correct setup for IAM Roles and Permissions in AWS for data science team

In my job, we are in the process of migrating to AWS services. I belong to a data science team that recently received an EC2 instance for use as a development/production server. However, we encountered an issue where our team was provided only one…
Ariel
  • 19
  • 2
0
votes
0 answers

How do I properly configure IAM roles for AWS Cognito to allow for login into an identity and user pool from a mobile app?

how would I go about properly configuring an IAM role to allow a user to sign into Cognito from my Swift app? I am currently getting the error: "Invalid identity pool configuration. Check assigned IAM roles for this pool." when I try to use the…
Car Lord VR
  • 7
  • 3
0
votes
0 answers

Can I create an AWS IAM policy that acts differently when using access key or user/pass credentials?

I wanted to try a new approach to configuring and enforcing some actions from my AWS IAM users in which they are denied access to certain actions on console unless they have performed a specific action (like adding a tag to themselves or activating…
Szzaass
  • 1,090
  • 1
  • 7
  • 10
0
votes
0 answers

Connecting AWS IoT Core and Cognito for Data Sending and Authorization

I am sending data to AWS IOT Core with MQTT. I used to use X.509 certificate file to connect to AWS IoT Core MQTT but now I want to use Cognito instead of this certificate. I want users in Cognito to only send user1 to topic1 and user2 to topic2.…
Kubra Kkartal
  • 17
  • 7
0
votes
0 answers

Get temp creds in Lambda that live longer that 1 hour and avoid Role Chaining issue

Issue: My use case is to authenticate user programatically in Lambda and fetch his credentials using AssumeRoleWithSAML API. Post this I want to use this credential to assume another role in lambda and generate temporary credentials that live longer…
Piyush Pandey
  • 11
  • 2
0
votes
0 answers

IAM policy to startinstance in specific vpc

Can anyone help me how to write the IAM policy for starting the instances which are in a specific vpc (some specific vpc-id) I couldn't find the vpc specific conditions while mentioning resource type as instance.( **Problem is that I can't use tags…
Bunny
  • 1
0
votes
0 answers

IAM policy for KMS to restrict users and roles

I need to add a policy in KMS to allow only few users/roles to read from KMS CMK. But I also need to have a policy where in I can pass a role ARN with a wildcard. When I do this using below, I cannot pass wildcard because a wildcard is not allowed…
Pavan Kumar
  • 129
  • 7
1
2
3 4 5 6 7