Stack Overflow
Stack Overflow

Questions tagged [aws-policies]

223 questions
1
vote
1 answer

AWS S3 and Cyberduck and MFA

We have a policy in place for our users to limit them access to AWS without having MFA enabled on their account. So currently everyone is forced to enable MFA on their account and use that whenever they login to AWS and need to access anything. This…
Mo Baqeri
  • 333
  • 2
  • 16
1
vote
1 answer

Multiple conditions for aws secrets manager policy

I write a policy that allows specific actions on secrets starts with the word project1. How can I add another condition for example project2to this policy? { "Version": "2012-10-17", "Statement": [ { "Action": [ …
Kingindanord
  • 1,754
  • 2
  • 19
  • 48
1
vote
0 answers

AWS MFA policy explicit Deny effecting whole account

I am trying to add an MFA policy to an existing policy which is created for cloud trail to put trail logs in an S3 bucket, These are the things I tried: If I use "*" in principal for My MFA policy it basically denying for everything even for trails…
sunny
  • 11
  • 2
1
vote
1 answer

Which managed policy does kms:ListAliases belong?

I am getting this notice when trying to create an Aurora instance: Error loading KMS Keys User: arn:aws:iam::xxx:user/xxx is not authorized to perform: kms:ListAliases on resource: * Does any one know which managed policy does kms:ListAliases…
IMB
  • 15,163
  • 19
  • 82
  • 140
1
vote
1 answer

Lambda policy to access S3

Can anyone advise on this? I'm trying to access an S3 bucket from a lambda function. I have created the following policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { …
amir
  • 331
  • 2
  • 9
  • 20
1
vote
0 answers

AWS API Gateway Cross Account

I have API gateway set up in account A and I have linked my lambda in account B with my api method in account A (added the correct permissions to account B). It always used to worked perfectly. Now when I tried to deploy a change to the api gateway…
Clarissa
  • 11
  • 2
1
vote
0 answers

'all images for the production variant AllTraffic exist, the execution role used to create the model has permissions to access them'

I saw this link: https://github.com/aws/sagemaker-python-sdk/issues/912, it's similar to my question but not the same, my error is: Please make sure all images included in the model for the production variant AllTraffic exist, and that the execution…
wawawa
  • 2,835
  • 6
  • 44
  • 105
1
vote
1 answer

How to create an IAM Policy for a specific Role and give access to s3bucket get and put operations

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "*" } ] } this is my amazons3fullaccess policy but now i want to give only get put and…
deeno james
  • 27
  • 9
1
vote
1 answer

Multiple tag value in AWS

It is possible to set multiple value in a aws:PrincipalTag for IAM policy ? Currently, I have federated users with a project attribute ​​in their JWT and depending on this value ​​I can give access to a specific "folders" in my s3 bucket. For a JWT…
rootmout
  • 23
  • 5
1
vote
0 answers

Why does S3 CRR or SRR use Roles to perform replication instead of Bucket Policies?

Generally, S3 permissions from other services are managed via a Bucket Policy for example: allowing Cloudtrail to send logs to S3. However, for CRR (Cross-Region replication) or SRR (Same-Region replication), AWS thought of using Roles for S3…
Abhishek Palakkal Kaliyath
  • 567
  • 9
  • 23
1
vote
0 answers

AWS CodeArtifact - Ip whitelist instead of authentication?

I would like to setup CodeArtifact to be easy to use for Windows developers. Problem is it appears CodeArtifact relies on an token that expires, and I can't get rid of this token. I would prefer to not use an authentication token and instead…
Apeiron
  • 694
  • 7
  • 13
1
vote
1 answer

Why does an SNS access control policy require a Resource element to be specified - Is it not implicit?

An Identity based policy does not require "Principal" to be specified as it is implicit. Applying the same justification to an SNS access control policy (which is a resource based policy), why is it required to specify the same SNS topic as…
Abhishek Palakkal Kaliyath
  • 567
  • 9
  • 23
1
vote
2 answers

permissions required to copy S3 file through console?

I am trying to rename an object in S3 through the AWS Console. I have a role to which I attached two policies. A "read" permission { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ …
Eric Mamet
  • 2,681
  • 2
  • 13
  • 43
1
vote
2 answers

AWS policy error -- Number of resources is greater than maximum allowed

Below is my code to add policy but not sure what's wrong as its givng error while running for cloud formation as error occurred (ValidationError) when calling the ValidateTemplate operation: Template format error: Number of resources, 201, is…
aroy
  • 452
  • 2
  • 10
1
vote
3 answers

Is aws:SourceVpc condition key present in the request context when interacting with S3 over web console?

I have a Bucket Policy (listed below) that is supposed to prevent access to an S3 bucket when accessed from anywhere other than a specific VPC. I launched an EC2 instance in the VPC, tested and confirmed that S3 access works fine. Now, when I access…
Abhishek Palakkal Kaliyath
  • 567
  • 9
  • 23
1 2 3
14 15