Stack Overflow
Stack Overflow

Questions tagged [aws-policies]

223 questions
2
votes
2 answers

Reference arn of a Elasticache cluster in cloudformation

I would like to reference the arn of a "going-to-be-created" Redis ElastiCache cluster in a cloud formation template. This is the ElasticacheCluster template (tested and working in cloudFormation) ElasticacheCluster: Type:…
Cr4zyTun4
  • 625
  • 7
  • 18
2
votes
0 answers

How to restrict kms:TagResource in AWS policy only to creation of new key, preventing tagging of existing keys?

When you create a AWS KMS key you can provide tags for it. Creation alone needs kms:CreateKey permission, for providing the tags during the creation you need the kms:TagResource permission in addition. - I want to write a policy which only allows…
sleepomeno
  • 193
  • 8
2
votes
1 answer

Terraform create and attach aws iam policies

I need to create several iam policies from json files. So, I've a file called iam_policies.tf with many of these code: resource "aws_iam_policy" "name" { name = "policy-name" description = "Policy desc xxx" path = "/" policy…
Daniele
  • 538
  • 1
  • 5
  • 17
2
votes
1 answer

MalformedPolicyDocument: Policy document should not specify a principal

I am trying to create a state function with terraform. First I create a policy and assign it to an existing role processing_lambda_role. resource "aws_iam_role_policy" "sfn_policy" { policy = jsonencode( { "Version": "2012-10-17", "Statement":…
x89
  • 2,798
  • 5
  • 46
  • 110
2
votes
1 answer

aws sagemaker error on Create labelling job

I uploaded a csv file to S3, created a role with S3FullAccess and SageMakerFullAccess. While creating labelling job, I chose Automated data setup and chose the bucket that the csv had uploaded. Then Data type: text and chose the IAM Role. Then…
Sang Yeoun Lee
  • 87
  • 1
  • 1
  • 4
2
votes
2 answers

s3 bucket policy to access object url

What is s3 bucket policy permission to provide an IAM user to access object url which is basically an HTTPs url for the object that i have uploaded to S3 bucket. { "Version": "2012-10-17", "Statement": [ { "Sid":…
maddy23
  • 138
  • 2
  • 13
2
votes
1 answer

Why did my IAM policy not attach to my IAM role using terraform?

Part of our Terraform deployment is supposed to create a policy and a role, and then attach the one to the other. Our current tf is: resource "aws_iam_role" "module_role" { name = var.lambda_role assume_role_policy = var.lambda_trust tags =…
208_man
  • 1,440
  • 3
  • 28
  • 59
2
votes
1 answer

AWS IAM Execution role does not have permissions to call CreateNetworkInterface on EC2 for a specific VPC

I'm getting this error: Error: Error creating Lambda function: InvalidParameterValueException: The provided execution role does not have permissions to call CreateNetworkInterface on EC2 when trying to create a lambda with IAM permissions like this…
ozn
  • 1,990
  • 3
  • 26
  • 37
2
votes
1 answer

How to set ARN as s3 policy resource AWS

I have a bucket called "payroll-manager". I am able to put objects, etc using cognito authenticated users, I modified the role of my identity pool to have full access to s3 (I followed this example). So far so good. Now I need to change my policy to…
Fernando Santiago
  • 2,128
  • 10
  • 44
  • 75
2
votes
3 answers

AWS SCP for EC2 type

I want to allow users only to create t2.micro/small/medium for development and allow them to use only spot instances. Have created IAM policy to restrict type/size of instances. In addition I want to put restriction on "on-demand" instances (team…
Keyur
  • 399
  • 3
  • 10
2
votes
1 answer

Use templatefile in Terraform on AWS policy which uses IAM policy variables

I am trying to build a cloud infrastructure in AWS using Terraform. I want to add a policy for a S3 bucket which uses attribute based authorization (ABAC) via the templatefile function of terraform. My problem is that the variable syntax used by…
mat
  • 1,645
  • 15
  • 36
2
votes
2 answers

Cannot assign KMS grant to role in AWS

I have an encryption key in KMS and two roles: One KeyAdmin role which should be allowed to create a grant to the KeyUser role which should then be able to encrypt/decrypt with the key. Here is what I am doing: $ aws kms create-key { …
mat
  • 1,645
  • 15
  • 36
1
vote
1 answer

Unable to create an AWS role in a specific PATH CLI

My user has a policy that allows him to iam:CreateRole and iam:DeleteRole but when I launch this command : aws iam create-role --role-name MyRole --path /projects/ --assume-role-policy-document file://MyRoleTrust.json But I have this error : An…
Zokulko
  • 211
  • 4
  • 25
1
vote
1 answer

Attaching a json policy to a s3 bucket with CDK and typescript

I have a policy statement which I can add to my bucket: const statement = new PolicyStatement({ effect: Effect.ALLOW, principals: '*', actions: ["s3:GetObject"], resources:…
TommyD
  • 913
  • 3
  • 17
  • 32
1
vote
1 answer

AWS IAM rule to allow user to list and edit one S3 bucket

I created the following AWS policy in order to give a user access to my-backup bucket. The user can see all objects in the bucket and edit them, but he cannot go to the overview page. I thought that by giving the ListBucket action, he would be able…
andreas
  • 7,844
  • 9
  • 51
  • 72
1 2
3
14 15