Stack Overflow
Stack Overflow

Questions tagged [aws-policies]

223 questions
0
votes
1 answer

How to create an IAM user with full access except for admin

I want to add an IAM user to AWS with all permissions policies except for the ability to see billing and close account or change any information they don't need, that the root user has. What policies should I add to this new group that the IAM user…
Joseph Caruana
  • 39
  • 5
0
votes
0 answers

AWS Security Group Policy not working when I specify an ARN

I am trying to setup a policy for a User group in IAM so that they can insert/delete/update policies in a Security Group. I currently have it working if I leave the resource as the default any…
user68288
  • 702
  • 2
  • 6
  • 27
0
votes
1 answer

aws sso user can't use kms:GenerateDataKey

I have an sso user, this user assume a role that has these rights : { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketLocation", "s3:ListBucket", …
nomopo
  • 53
  • 1
  • 10
0
votes
0 answers

How to find correct policies for aws_api_gateway_integration Terraform resource?

I want to create infra and find the minimum permissions required for the user to perform terraform deployment and follow best practices. The issue is with AWS API Gateway, which makes me puzzled about the permissions I need to give users. The idea…
Dmytro Chasovskyi
  • 3,209
  • 4
  • 40
  • 82
0
votes
1 answer

No ParameterStore access with sub path definition

I have the following policy in place which works fine on any parameter within /network/testnet/* { "Statement": [ { "Action": [ "ssm:DescribeParameters" ], "Resource": "*", …
Chris
  • 3,581
  • 8
  • 30
  • 51
0
votes
1 answer

Setup AWS IAM instace role policy to GetObject based only on bucket policy

I'm not able to change IAM role policy in our corporate environment. So I want to be able to change role's permissions to S3 based on bucket policy. I want to setup AWS IAM instance role to have Allow on "s3:GetObject" based on this bucket policy. I…
Michael
  • 23
  • 4
0
votes
1 answer

How do I get all users that can perform certain AWS actions (e.g. iam-CreateAccessKey, ec2-AssociateIamInstanceProfile)?

Is this possible? If not, maybe I can do it the other way around like getting the AWS actions per user? I tried the below command but this doesn't have any action info. :( for user in $(aws iam list-users | jq -r '.Users[].UserName'); do echo '{…
jayteezer
  • 115
  • 2
  • 13
0
votes
1 answer

SCP to deny all resources except certain resources in AWS Organization

I want to block all resources except EC2, RDS and global services in AWS Organization. Below is my SCP Policy. { "Version": "2012-10-17", "Statement": [ { "Sid": "DenyAllOutsideEU", "Effect": "Deny", "NotAction": [ "iam:*", …
Lakshminarayanan S
  • 85
  • 1
  • 14
0
votes
0 answers

MalformedPolicyDocument error while trying to create IAM user with policy permissions

{ "Version": "2012-10-17", "Statement": [ { "Sid": "SrcBucket", "Effect": "Allow", "Action": "s3:*", "Resource": ["arn:aws:s3:::"] } ] } I am using a script…
Pradyot Dhulipala
  • 21
  • 1
  • 3
0
votes
1 answer

How to allow access to an api resource with api gateway in aws?

I have an api gateway configuration with cognito authorization. I enabled a general proxy path for all my api calls which end up with v1. So all api resources under v1 need to be authorized. But I have a couple of endpoints which I don't need…
Gustavo
  • 3,461
  • 7
  • 26
  • 41
0
votes
0 answers

Access Lambda Environment variables in IAM Policy?

Is it possible to use Lambda function environment variables in IAM policy conditions.???. Basically, In my app each user has a to-do-list which can update. In database (dynamoDB), I have a table (todo table). So each user can update the record…
M. Said Nur
  • 1
0
votes
1 answer

My AWS lifecycle policy doesn't implement due to a bucket policy

I have an s3 bucket where I have a policy in place to prevent anyone from getting access to the objects if they are not from my VPC, However, now when I put a lifecycle policy on the bucket it doesn't apply Here is the current policy I have on the…
user17733554
  • 57
  • 1
  • 6
0
votes
1 answer

Terraform depends_on aws_iam_policy

I have a module that create some aws policy from json files. Terraform plan return an error when it try to attach the new resources (policies) to the role it is creating. The "for_each" value depends on resource attributes that cannot be determined…
Daniele
  • 538
  • 1
  • 5
  • 17
0
votes
1 answer

AWS StringLike or condtion for UserAgent

We have a policy for our S3 bucket with StringLike condition. We allow requests from users who have 'Home' in their request and currently the policy works well. But we want to add or condition to the policy and we want to accept 'House' value as…
birdcage
  • 2,638
  • 4
  • 35
  • 58
0
votes
1 answer

required policies for running step function

I want to create a step function that runs a lambda function. These are the policies I have attached to my state machine and role for now: resource "aws_iam_role_policy" "sfn_policy" { policy = jsonencode( { "Version": "2012-10-17", …
x89
  • 2,798
  • 5
  • 46
  • 110
1 2 3
14 15