Stack Overflow
Stack Overflow

Questions tagged [aws-iam-policy]

98 questions
0
votes
1 answer

How to attach all the EC2 instances with same role programmatically AWS CLI way?

I am trying to tag all the EC2 instances that don't have any role to be attached to an existing role. Is there an AWS CLI for it? So, far I am trying with boto3 with no luck.
Sai Teja Makani
  • 21
  • 6
0
votes
0 answers

update AWS IAM policy with ansible

I got the following playbook to update IAM policy and it works fine. But it wipes out what the IAM policy has currently and replaces it with what I have. I want to just append to the policy. How do I do it? --- - name: test hosts: localhost …
wwe34124
  • 11
  • 4
0
votes
1 answer

how to use regular expressions in terraform to denote multiple resources

I have a statement in terraform that is as follows: statement { sid = "DenyDelete" effect = "Deny" actions = [ "iam:Delete*" ] resources = [ "arn:aws:iam::123456789012:user/(?!userA|userB)", ] } With this…
Sabo Boz
  • 1,683
  • 4
  • 13
  • 29
0
votes
0 answers

AWS: missing Policy Reassignment,

Itis my first time attempting to create a ML model ... its been a rough ride ... here is the error that I am getting... Policy arn:aws:iam::796406704065:policy/AWSDataExchangeService does not exist or is not attachable. (Service:…
Jose Huertas
  • 1
  • 1
0
votes
2 answers

Terraform Loop over list of objects

I am trying to build an IAM policy document by using a list of objects to allow multiple statements in the policy document. s3_access = [ { ext_principal_arn = "arn:aws:iam::111111111111:role/someiamrole", allowed_prefix =…
bafuwan
  • 1
  • 1
0
votes
0 answers

Trouble allowing lambda api to use Secrets Manager

I have built a .NET lambda api. The API works and uses secrets manager when run from the sam cli (after giving my profile permissions), but it is unable to use secrets manager after deployment. I get a 500 error code whenever I try to access the…
Pap113
  • 37
  • 1
  • 7
0
votes
0 answers

Injecting Session policies during AWS IAM role assumption using SAML

In our organization we use corporate identities to log into the AWS console using SAML. The users are authenticated by our internal IDP which generates a SAML assertion and posts it to the console sign in URL. The user is then presented an AWS page…
Sameer
  • 1
  • 1
0
votes
0 answers

how to update existing CDKMetadata Modules from cdkv1 to cdkv2?

how to update existing CDKMetadata Modules from cdkv1 to cdkv2? I am seeing stack failed error while deployment after migrating to cdkv2 and suspect below code block has issue. But I am not sure how to replace modules part of it. Do I still require…
KJ21
  • 63
  • 7
0
votes
1 answer

AWS IAM Policy to give ReadOnly access if MFA is not enabled

We are trying to implement mandatory MFA for all IAM users. If user does not have MFA, they we have only 'Read' access to all services. Tried to create custom policy using adminaccess policy as base. We added condition that says if…
Cloud Wanderer
  • 177
  • 7
0
votes
0 answers

How to remove IAM policy from IAM user group of different AWS accounts under the same organisation efficienctly

I have created IAM policy and attach it to user group with the same name in AWS accounts under organisation with Cloudformation indivdually. Now I want to delete the IAM policy in every AWS accounts but hope to do it efficiently. I could not simply…
Kin.Yip
  • 3
  • 1
0
votes
0 answers

How do I convert AWS IAM policy into casbin policy?

I want to use the AWS IAM type policy and use casbin for authentication. How to convert the AWS IAM policy into a casbin policy ? Is there a sdk that can be used for conversion? The iam policy like this: { "Version": "2012-10-17", …
yzhengwei
  • 67
  • 2
  • 6
0
votes
1 answer

MongoDB Atlas failing, could not find user

I’m trying to connect to the atlas cluster from mongoDb compose I keep getting the following error. What might be the reason for this? and what will help to resolve this problem? Error: Could not find user "arn:aws:iam::123545332123:user/iam_user"…
AutoMationKing
  • 53
  • 7
0
votes
0 answers

Cloudformation with role chaining (by assuming additional roles) not able to GetSecretValue in another account

Consider central_secrets_account with AWS account id XXXXXXXXXXXX that holds secrets that need to be shared with a blue_green_account YYYYYYYYYYYYY. I wish to create a cloudformation stack in blue_green_account that will access a secret in…
rnoodle
  • 534
  • 2
  • 5
  • 21
0
votes
1 answer

Why am I getting CredentialsProviderError creating a presigned url for s3 via lambda

I am trying to create presigned urls for clients to upload files via s3. I want these files to be created using lambda so I can verify client authorisation prior to generating the url. When I run the code locally, everything works perfectly.…
Michael
  • 75
  • 8
0
votes
1 answer

DataDog CloudTrail integration missing ListObject permission

I installed the DataDog AWS CloudTrail Integration on my AWS account today (it creates a CloudFormation stack and creates, amongst other things, a Lambda that forwards logs from your CloudTrails logs in S3 onto your DataDog account). After…
hotmeatballsoup
  • 385
  • 6
  • 58
  • 136
1 2
3
4 5 6 7