Stack Overflow
Stack Overflow

Questions tagged [aws-policies]

223 questions
0
votes
1 answer

How to apply acl policies using aws s3api to subfolders in S3 bucket

I have few folders in S3 bucket where I want to apply the below policy and also to the subfolders inside the specified path. aws s3api put-object-acl --bucket BUCKET_NAME --key "FOLDER_PATH/" --grant-read…
SUBHAS PATIL
  • 176
  • 1
  • 13
0
votes
0 answers

aws account id-region table for a policy

I'm pretty new with AWS for devs. I worked with elb and created a policy for access logs as described here: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html one of the permissions is: { "Effect":…
keren
  • 29
  • 2
0
votes
2 answers

How to only allow one Service Role to PutObjects to an Amazon S3 bucket

I have an Amazon S3 bucket "my-bucket" on a AWS account. Right now everyone on the account can download and put objects to "my-bucket. However, I would like everyone to be able to download/delete objects from the bucket, and only one service role…
smallbirds
  • 877
  • 12
  • 35
0
votes
1 answer

how to restrict access to serverless api via resource policy?

a serverless api gateway stack built via cloudformation template ( see below) . I added a resource policy to whitelist a particular IP address. Does this block all other IP address, without specifying a black list or do I have add a IpRangeBlacklist…
ozil
  • 599
  • 7
  • 31
0
votes
1 answer

how to allow cognito authenticated users to get public access to s3 bucket

I want my Cognito authenticated users (through google identity provider) to access bucket objects publically without needing any x-Amz-Security or Signature token. In my app, authenticated users upload 100 images daily, and I can't store each image…
HackRx
  • 198
  • 2
  • 14
0
votes
1 answer

S3: How to grant public write access to an existing bucket file, but not the putObject permission (Private CRUD, Public Read/Update)

So, I want to have a service that creates files in an S3 bucket with specific links, and then allow anyone with a link to a file to write to the file and read it. But it must not be a public privilege to create files, only editing/reading already…
Andreas Rudolph
  • 1,226
  • 19
  • 28
0
votes
1 answer

error creating IAM policy example_policy: MalformedPolicyDocument: Policy document should not specify a principal

I am trying to create bucket policy to grants a CloudFront origin access identity (OAI) permission to get (read) all objects in your Amazon S3 bucket. But I am facing this error as "An error occurred: Error: error creating IAM policy…
bhamichi
  • 331
  • 1
  • 4
  • 16
0
votes
1 answer

Restrict access to ressources from AWS Secrets Manager to a group

I have in my AWS Secrets Manager a few keys that need to be accessed from a EC2 instance using the command : aws secretsmanager get-secret-value --secret-id Test/Dev-key I have created a IAM user that will only be used for this purpose and created a…
JeremP
  • 47
  • 1
  • 13
0
votes
0 answers

AWS IAM Policy name is same as resource name defined in AWS Policy ARN?

If i am generating a IAM policy using AWS policy generator as below { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1628236330667", "Action": [ "eks:CreateCluster", "eks:DescribeAddon", …
Paresh Jena
  • 1
0
votes
2 answers

What AWS Role Policies do I need to be able to run AWS CLI commands

When ever I run a command to get DeviceFarm projects or Schedule a run I get errors stating that I do not have permissions to run the commands and that there is an explicit deny on my user. I am in the role settings and cannot find any policy to add…
pnizzle
  • 6,243
  • 4
  • 52
  • 81
0
votes
2 answers

Do IAM roles by default have access to resources , for which root account has access?

I am new to AWS and trying to understand IAM. I have a doubt which goes like this. for example there is a s3 bucket in account A and in it's resource policy another AWS account B (root user) is given permission for a certain set of actions. Now…
user16516902
  • 1
0
votes
1 answer

Error: error listing tags for SNS Topic while policy grants the permission for that arn

I have the below policy attached to user: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticloadbalancing:CreateLoadBalancer", …
Vikas Shaw
  • 155
  • 1
  • 8
0
votes
2 answers

Convert from template to terraform

I'm trying to apply a role to a Kubernetes Service Account and as part of that I'm trying to convert the following json { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Federated":…
user672009
  • 4,379
  • 8
  • 44
  • 77
0
votes
1 answer

Granting AWS Config access to the Amazon S3 Bucket

I would like to create the AWS Config access grant to the Amazon S3 Bucket and the policy is provided below that I write according to the link https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html: { "Version":…
Arefe
  • 11,321
  • 18
  • 114
  • 168
0
votes
1 answer

how to apply Deny policy on "tag:UntagResources" Action in AWS

I have this policy which should prevent users to remove tagging from any recourses in AWS. but tags are still being removed from resources. { "Version": "2012-10-17", "Statement": [ { "Action": [ …
markin jason
  • 45
  • 11
1 2 3
14 15