Stack Overflow
Stack Overflow

Questions tagged [aws-policies]

223 questions
1
vote
0 answers

How to programmatically set up EventsBridge events for Lambdas

I have set up 2 lambda functions, deployed with AWS SAM. The first one uses the JS AWS SDK to run putRule and putTarget to trigger the second lambda with a cron job. When I run the first lambda, I see both the rule and target correctly set up in…
akai
  • 352
  • 1
  • 6
  • 16
1
vote
2 answers

How to require users to set their role_session_name with scp

Using scp, I would like to require role_session_name to users who assume roles in my organization accounts when running terraform template. The role_session_name value need to be equals to their iam username. I have attached below scp in my…
Jean-Pascal MEWENEMESSE
  • 649
  • 2
  • 8
  • 25
1
vote
0 answers

AWS Polly Policy json for polly:SynthesizeSpeech IAM

I am trying to set up the proper policy json for IAM programmatic access, but the following runs into the below error ... I have tried it also without sid and with Resource as an array. "Version": "2012-10-17", "Statement": { …
ina
  • 19,167
  • 39
  • 122
  • 201
1
vote
1 answer

AWS Policies explained?

I am learning AWS and I have the following task in an online training course: Configure the MongoDB VM as highly privileged – configure an instance profile to the VM and add the permission “ec2:*” as a custom policy. I am trying to work out what…
Bryon
  • 939
  • 13
  • 25
1
vote
1 answer

Jobs from specific AWS Batch permissions

How to allow only jobs from a certain AWS Batch queue (and based on a specific job description) to publish to the specific SNS topic? I though about attaching to jobs IAM policy with the statement: { "Effect": "Allow", "Action":…
MarKed
  • 167
  • 1
  • 7
1
vote
1 answer

IAM policy problem I want to attach only one policy and deny others

I have created policy like below. I want to allow to CreateRole with snowflake_access policy only. Every time I'm executing the lambda code I can also attach other policies to this role. I don't know why because clearly I have denied other policies…
wilkux
  • 109
  • 1
  • 8
1
vote
0 answers

AWS KMS Policy implicitly allows cross-account access

It seems that KMS key policies implicitly allow public access to services. My setup is as follows: Account A (my account) Account B (external Account) KMS key, customer-managed SNS Topic SQS Queue, encrypted The SQS-Queue subscribes…
Marco K
  • 43
  • 5
1
vote
1 answer

The AWS KMS key policy does not grant CloudTrail sufficient access multiple accounts

I am trying to configure a CloudTrail in a master AWS account and an AWS s3 bucket in a logging account. I've configured the s3 bucket policy in the logging account such that the master account CloudTrail resource has access to write to it. However,…
Evan Gertis
  • 1,796
  • 2
  • 25
  • 59
1
vote
2 answers

AWS S3 deny access to objects based on user name

There are multiple S3 buckets in the aws account. All users are assigned a group policy which gives S3 all access. But now the requirement is -> there is one S3 bucket which should be limited access to the all users. In this bucket there are folders…
amar
  • 11
  • 2
1
vote
1 answer

Is it possible to add an exception in explicit deny in AWS IAM?

Is it possible to exclude a volume from explicit deny in AWS IAM Policy { "Sid": "DenyCreationOfUnencryptedEBSVOL", "Effect": "Deny", "Action": "ec2:CreateVolume", "Resource": "*", "Condition": { "Bool": { …
DeclanG
  • 240
  • 2
  • 6
  • 21
1
vote
1 answer

Why bucket ARN ending with /* needs to be mentioned for resource in bucket Policy to allow user to upload the file

I created S3 bucket and I have added one user in IAM. Suppose my bucuket name sample123. When in bucket ploicy I mentioned resource like below statement user is not able to upload document. Resource": "arn:aws:s3:::sample123" But when resource is…
Aravind Babu Konda
  • 103
  • 1
  • 1
  • 9
1
vote
1 answer

AWS Policy for MFA Required for console but not CLI

I am trying to figure out an AWS Policy that will make it so MFA is enforced for Console users but not for CLI users, anyone have any ideas for this? No matter what I do I can't seem to exclude CLI users. This is what I have been using. I have tried…
Norrec
  • 11
  • 2
1
vote
1 answer

How to obtain Principle value within Policy Generator?

For creating a new bucket policy within my Policy Generator, do I need to create a IAM user to obtain the Principle value from or is there another way to get this Principle value?
asd32324
  • 63
  • 3
1
vote
1 answer

Cannot create Amazon S3 access policy with terraform

I'm trying to create the following policy to give full access to Amazon S3 to one of my task definitions (ECS). This is the terraform code I'm using: data "aws_iam_policy_document" "inline_policy_s3" { version = "2012-10-17" statement { sid …
Antonio Gamiz Delgado
  • 1,871
  • 1
  • 12
  • 33
1
vote
1 answer

AWS - how to list resources a user has access to

I'm looking for a quick and efficient way to retrieve and display the names of all existing resources a user has access to, based on their roles, policies and groups. Wondering if aws-sdk has any such capability to do it…
Abhishek Tirkey
  • 435
  • 1
  • 6
  • 12
1 2 3
14 15