Stack Overflow
Stack Overflow

Questions tagged [aws-permissions]

30 questions
3
votes
2 answers

Which AWS Permissions are needed to see ECR Enhanced Image Scan Findings

I recently enabled Enhanced Image Scanning for one of my ECR repositories on AWS. My user can see the images in the repository and next to each image there is a "See findings" link. When I click on the link, another page opens that shows all the…
e-mre
  • 3,305
  • 3
  • 30
  • 46
2
votes
1 answer

Give AWS Lambda an AWS Managed Policy with CDK

I have a Lambda function defined in CDK. I'm using this Lambda to invoke a State Machine and for that I would need to provide it some Policies. The way I tried was the following: const stepFunctionsPolicy = new PolicyStatement({ effect:…
ReactNewbie123
  • 143
  • 6
2
votes
1 answer

Add permission boundaries to the stack

When I deploy a CDK stack - it creates several roles, both explicitly e.g. via iam.Role construct, and implicitly e.g. when roles are created internally by Level 2 constructs. Is there a way to attach an existing permission boundary to all the roles…
Yuriy Galanter
  • 38,833
  • 15
  • 69
  • 136
2
votes
2 answers

s3 bucket policy to access object url

What is s3 bucket policy permission to provide an IAM user to access object url which is basically an HTTPs url for the object that i have uploaded to S3 bucket. { "Version": "2012-10-17", "Statement": [ { "Sid":…
maddy23
  • 138
  • 2
  • 13
1
vote
2 answers

AWS CDK Lambda function_from_arn not working as expected

I have this Lambda and this DynamoDB table my_lambda = lambda_.Function( self, "my_lambda", function_name="my_lambda", description="A Lambda to test permissions", code=lambda_code, memory_size=512, …
Kawobi
  • 13
  • 4
1
vote
2 answers

Is it possible to configure AWS Cognito to send SMS messages from a different AWS account?

I want to have a script which programmatically creates an AWS account and creates a Cognito user pool within that account. I want this user pool to support multi-factor authentication via SMS. Cognito sends SMS messages using the SNS service. When…
fblundun
  • 987
  • 7
  • 19
1
vote
1 answer

(DJANGO + S3) + ZAPPA An error occurred (400) when calling the HeadObject operation: Bad Request

I have a project with django and s3(acl enable private, public), the deployment is done with zappa when i try to upload a file to a specific s3 bucket through the django admin. i got the following error error: ClientError at…
Luis Rosero
  • 21
  • 4
1
vote
0 answers

How should AWS permission boundaries be created?

I have an AWS SAM very simple project that has a permission boundary defined in this way; Globals: Function: PermissionsBoundary: !Sub 'arn:${AWS::Partition}:iam::${AWS::AccountId}:policy/${AppId}-${AWS::Region}-PermissionsBoundary' During…
Pablo Fernandez
  • 279,434
  • 135
  • 377
  • 622
1
vote
2 answers

AccessDeniedException on sagemaker:CreateDomain in AWS SageMaker Studio, despite having SageMakerFullAccess

I am trying to use the AWS SageMaker Studio > Get Started > Quick Start, as an IAM user with the AmazonSageMakerFullAccess policy attached, but I am getting the following error: User: arn:aws:iam:::user/ is not authorized to…
Riley Bolen
  • 55
  • 1
  • 6
1
vote
1 answer

Can't edit permission JSON on AWS, despite it telling me I can

I am hoping to set a time limit on AWS permissions for my users. But I cannot edit the policy JSON file, despite it saying I can: Note the line You can still view or edit the JSON policy document. But then it says read-only. Is there a way to…
Cybernetic
  • 12,628
  • 16
  • 93
  • 132
1
vote
0 answers

AWS DocumentDB- How to restrict access to a collection from only one microservice?

I a newbie to AWS. My requirement is to add field-level, document-level, and collection-level permissions for reads and writes for AWS DocumentDB. One collection should accessible only from one microservice and the document should be modified only…
rajashekar
  • 609
  • 5
  • 19
0
votes
0 answers

AWS ORG policy to enforce CMK key

I would like to create a SCP policy on all the accounts in my AWS org that enfoces the use of customer managed key for the encryptions of new buckets i found that this should have worked { "Version": "2012-10-17", "Statement": [ { …
Dvir
  • 13
  • 3
0
votes
1 answer

In AWS, can you enforce creation of Roles that can only act on things with a certain tag?

Is there any way in AWS policies to enforce that, when someone creates a role, that its policies have a condition (e.g. only accessing resources with a certain tag)? like "you can create any resource, and any role/etc to act on things, so long as…
New Alexandria
  • 6,951
  • 4
  • 57
  • 77
0
votes
0 answers

What values and parameters should write to limit the access of user to his own resources?

I would like to create the following policy but I am not able to find resource that can help me set up the condition nor identify which values should I use for Action, Resource keys. RDS - Rwite Data in DataBase RDS - Full Access: To resources that…
aidonsnous
  • 1,475
  • 4
  • 19
  • 41
0
votes
0 answers

AWS - s3 bucket policy - Access: errror

I did a stupid thing. In my s3 bucket I changed object onwership to 'ACLs disabled' and added s3 bucket policy to deny all resources and for all users.. Now I haven't access to list, permissions and even can't change bucket policy. Is any options…
xiobi
  • 1
1
2