Stack Overflow
Stack Overflow

Questions tagged [aws-policies]

223 questions
0
votes
1 answer

IAM Policy to allow deletion only from specific folders of a S3 bucket

I have a bucket: s3://mybucket I want to allow deletion only for objects under s3://mybucket/test I tried the following policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1604573937792", "Action":…
Vivek Vijayan
  • 1
  • 1
0
votes
1 answer

AWS IAM: Adding "exeption" for identity-based policy

following AWS documentation I attached a policy to my group admin to enforce that the group's permissions are only available for those users that have MFA enabled { "Version": "2012-10-17", "Statement": [ { "Sid":…
jbbb
  • 35
  • 5
0
votes
1 answer

Is there a way to delete a number of AWS IAM customer managed policies in one shot using CLI or GUI?

I am trying to delete all of my customer managed policies but I am not able to figure out a way to delete all of them in one click or using only one command
DeathRanger
  • 3
  • 3
0
votes
1 answer

AWS lambda set function access policy programmatically

I am trying to set user specific lambda policies using this example. Can someone tell me why this resource specification to access only a single lambda is wrong? resource = "arn:aws:region:*:*:function:orderinputapi-alpha-writeMe"; when I…
Rilcon42
  • 9,584
  • 18
  • 83
  • 167
0
votes
2 answers

Permissions needed to run "aws sync" command

I am trying to limit access of an IAM user to only 3 buckets.I'm working to create an IAM policy on AWS that enables the IAM user to sync files onto and from AWS S3. I have written the following policy out but every time I run an aws sync command to…
Viv
  • 1
  • 2
0
votes
2 answers

AWS CloudFormation create RDS cluster and add its ARN to a policy in the same template

I'm creating an RDS cluster and, in the same template, a policy with some permissions to allow particular actions over that cluster. Statement: - Effect: Allow Actions: - 'rds-data:BatchExecuteStatement' -…
Peter
  • 2,004
  • 2
  • 24
  • 57
0
votes
1 answer

How to define a policy/role/permission in AWS which only allows to create stack with a predefined template

Is there a way to define a permission/policy/role in AWS which allows to create a CloudFormation Stack using only a specific template (which is updated on S3)? I've seen AWS Service Roles but I think it's not what I'm looking for. In fact I don't…
Ignasi
  • 5,887
  • 7
  • 45
  • 81
0
votes
1 answer

How can I add IP restrictions to s3 bucket(in the bucket Policy) already having a User restriction

I have a few s3 buckets, for which I have given access to only a specific IAM user. I did it by setting the following bucket policies : Effect : "Deny" NotPrincipal : { "AWS " : "" } I'm able to access the buckets only from the IAM…
Raghav Mishra
  • 429
  • 6
  • 15
0
votes
1 answer

AWS provide proxy for Elasticsearch VPC domain

We created a VPC Elasticsearch domain. We would like to be able to access the logs (kibana) from the Internet. I found this question: AWS Elasticsearch VPC connectivity The answer suggests an nginx proxy facing the Internet and sitting on the VPC…
transient_loop
  • 5,984
  • 15
  • 58
  • 117
0
votes
1 answer

Deny Access to a DynamoDB table

I try to create a policy which denies access to a dynamodb table. I've added ReadOnlyAccess (full) and I want that the user can not read/use/put data in one table The policy looks like this { "Version": "2012-10-17", "Statement": [ …
mealesbia
  • 845
  • 2
  • 12
  • 28
0
votes
3 answers

To use AWS condition keys, is it mandatory that they are present in the Request Context?

When I look at a 'Request Context' in Cloudtrail, I see record contents listed here. Is there a mapping between the 'Request Context' record contents and the Condition keys? Or is it correct to say that it is not mandatory for a condition to…
Abhishek Palakkal Kaliyath
  • 567
  • 9
  • 23
0
votes
1 answer

AWS: Policy Conditional Statement Ignored

So i m trying to run a policy but its never being invoked when setting the conditional to both true and false most likely missing something but when I ommit the conditional statement all together I get the desired policy enforcement. Option 1:…
MrX
  • 424
  • 5
  • 15
0
votes
1 answer

aws autscaling api access policy via terraform

Using an aws autoscaling group which is controlled by a server, predicting upcoming load and scaling up/down to it needs. The server needs permissions to the autoscaling api with the least amount of needed privileges. My issues are with restricting…
Obi-Wan
  • 846
  • 1
  • 11
  • 26
0
votes
1 answer

AWS IoT - AMQJS0008I Socket closed - AUTHORIZATION_FAILURE

I am trying to configure AWS IoT to use with AWS Amplify. I always see error as "AMQJS0008I Socket closed.” and CloudWatch says “ AUTHORIZATION_FAILURE”. This is what I configured I AM policy for authenticated Cognito Identity Pool { …
reku
  • 753
  • 9
  • 17
0
votes
1 answer

AssumeRole Action in a Role's Trust Relationship Policy

As per AWS documentation, A user who wants to access a role in a different account must also have permissions that are delegated from the user account administrator. The administrator must attach a policy that allows the user to call…
Abhishek Palakkal Kaliyath
  • 567
  • 9
  • 23
1 2 3
14
15