Stack Overflow
Stack Overflow

Questions tagged [aws-policies]

223 questions
1
vote
0 answers

How to allow only specific OpenID Connect provider in AWS with AWS SCP?

I'm trying to limit the possibility of adding new providers to an AWS account. I'm also using Bitbucket to deploy my app via Bitbucket Pipelines and I use OpenID Connect as a secure way for the deployments. Now I have created a SCP to deny…
kapale
  • 535
  • 1
  • 7
  • 15
1
vote
0 answers

I'm able to assume AWS role in Console but not in cli

I have AWS organization with users (id: 111111111111) and dev (id: 222222222222) accounts. Users first login to the users account, and then able to switch to the dev account. The problem: Users are able to switch role via console (website), but NOT…
Yagel
  • 1,184
  • 2
  • 18
  • 41
1
vote
1 answer

login Alert at AWS Root Account

I am trying to create a policy that if AWS ROOT account try to login, it should sent me alert. What will be the best way to do this. Thanks Malik Adeel Imtiaz
Malik
  • 23
  • 6
1
vote
1 answer

How to make a resource-based policy to allow a single user to access only one repository in AWS ECR

I have created an IAM user (let's call it here "user1") and I want this user to have full access to ECR actions but only on a single repository that is already created (let's call it here "repo1"). This is the json policy: { "Version":…
André Lourenço
  • 313
  • 1
  • 9
1
vote
1 answer

How to run CloudFormation for a specific AWS Account

I am trying to create a CloudFormation template for a custom-managed policy where whenever I run the template, it'll create the policy in the account I specified. For example, I have 10 AWS accounts and I want to create a template in our main…
Ahana26
  • 13
  • 2
1
vote
2 answers

AWS S3 Bucket Policy to allow only lowercase files

Is it possible to limit s3 bucket to lowercase files/directories only? Some downstream systems are case insensitive so I want to prevent any issues. There's a Lambda workaround, but is it possible to specify this requirement as a bucket policy? { …
rfg
  • 1,331
  • 1
  • 8
  • 24
1
vote
1 answer

AWS S3 restrict access based on object age

I know I can allow date based access to S3 files, however is it possible to allow access to certain files in S3 by the age of the object itself? E.g. something like: { "Version": "2012-10-17", "Statement": [ { "Effect":…
pyCthon
  • 11,746
  • 20
  • 73
  • 135
1
vote
0 answers

How to setup IAM policy on a specific AWS Amplify environment

Currently, I have an Amplify app that has 3 back-end environments: Prod Staging Dev What would be the IAM policies that should be applied on a new IAM user in order to give access only to one single back-end environment, let's say Dev? Each…
Citrix
  • 257
  • 4
  • 14
1
vote
1 answer

AWS credentials missing when running userdata in a new EC2

Using terraform scripts, I create a new EC2, add policy to access an S3 bucket, and supply a userdata script that runs aws s3 cp s3://bucket-name/file-name . to copy a file from that S3 bucket, among other commands. In /var/log/cloud-init-output.log…
Andrey
  • 20,487
  • 26
  • 108
  • 176
1
vote
1 answer

SageMaker: AccessDeniedException ClientError when calling CreateModel

ClientError: An error occurred (AccessDeniedException) when calling the CreateModel operation: User: arn:aws:sts::0123456789:assumed-role/sagemakeraccesstoservices/SageMaker is not authorized to perform: sagemaker:CreateModel on resource:…
user1867459
  • 423
  • 2
  • 8
  • 27
1
vote
0 answers

Does AWS AWSDenyAll Policy Also Blocks Public Access to public files under s3 buckets?

Recently we discovered AWS Budgets and we added some budget controls for our account. We are using AWS mainly for file storage (s3) and we have quite a lot of files there. Since AWS charges network fees for s3 file access, it occurred us that a…
Uğur
  • 13
  • 2
1
vote
1 answer

Dynamic permission policy to access sqs queue based from name

I want to create a dynamic permission policy with attributes substitution that allows access to respective customer's queue (indicated as part of the SQS queue name) For example: SQS queue name:…
unacorn
  • 827
  • 10
  • 27
1
vote
0 answers

How to make service control policy immune for certain user

I have created an SCP for tag enforcement in EC2 instance, and it doesn't work for elastic beanstalk because I can't manually add the enforced tags to ec2 in elastic beanstalk. so I am trying to immune that policy for certain user.
Pamoda
  • 146
  • 1
  • 7
1
vote
1 answer

Does S3WritePolicy allow multiple buckets in AWS SAM template?

After reading S3WritePolicy documentation, it's not clear if it allows multiple buckets. I'm currently doing this: SampleLambdaFunction: Type: AWS::Serverless::Function Properties: Policies: - S3WritePolicy: BucketName:…
andres
  • 73
  • 6
1
vote
0 answers

AWS IAM Policy for restricting access to particular groups in AWS SSO

I have multiple groups in AWS SSO as in image below. Individual groups contains users of individual customer. AWS SSO Groups I want to create a create a custom Policy in IAM. The policy should have the below definition – a. Allow Add User in AWS…
Ayush Agarwal
  • 19
  • 4
1 2 3
14 15