Stack Overflow
Stack Overflow

Questions tagged [aws-policies]

223 questions
1
vote
1 answer

Full access to AWS S3 bucket for all operations except for 1 folder

I have a group policy that allows full access to several S3 buckets. This policy allows read and write to the bucket. The team that uses these buckets wants that one of the folders will be read-only for their group without the ability to write or…
Yoni Maymon
  • 11
  • 2
1
vote
0 answers

AWS Cognito user access permission for Kinesis WebRTC Signaling channel

I would like to restrict access permission for a number of AWS Cognito users to specific Kinesis WebRTC Signalling channel. Basically I need to define that for particular organisation that spans multiple AWS Cognito users, they have access only to…
Jernej Jerin
  • 3,179
  • 9
  • 37
  • 53
1
vote
2 answers

ec2 service policy to restrict the creation of inbound ssh public access

I need to create a AWS service control policy to restrict the creation of inbound rule for ssh with public access via the security group. I have tried with this JSON script bellow, but I messed up with that. { "Version": "2012-10-17", …
Benjamine Sahayanathan
  • 29
  • 4
1
vote
2 answers

AWS S3 Allows reading of all objects except a specific folder

How can I allow reading of all objects except a single folder and its contents? The rule below blocks me the whole bucket.. (can't read the bucket) If this feature isn't possible, how can I allow reading on files at the root but deny on all…
Rod
  • 712
  • 2
  • 12
  • 36
1
vote
1 answer

How to go from a AWS-console-derived policy to a working terraform-scripted policy?

I have a terraform script that provides a lambda function on aws to send emails. I pieced this terraform script from tutorials and templates on the web to use AWS SES, Api Gateway, Lambda and Cloudwatch services. To get permissions to work though, I…
Magnus
  • 3,086
  • 2
  • 29
  • 51
0
votes
0 answers

CloudFormation create stack error "Error occurred while GetObject."

I want to create a CloudFormation stack. It creates all the resources inside the template. But when it comes to lambda functions it fails with the error message: Resource handler returned message: "Error occurred while GetObject. S3 Error Code:…
nicklee
  • 55
  • 1
  • 7
0
votes
1 answer

How to allow IAM user to access lambda function in another account?

I have two AWS accounts. AccountA where IAM user devuser is created, In another account AccountB where lambda is hosted. In account AccountA I have the following permission policy attached to IAM user devuser { "Version": "2012-10-17", …
LP13
  • 30,567
  • 53
  • 217
  • 400
0
votes
1 answer

Is resource arn required in the policy attached to the same resource

I want to attach a File system policy to an AWS EFS (Elastic File System) named fs-01ab01ab01ab123. Essentially, this is the policy. File system policy "Statement": [ { "Sid": "Mytest", "Effect": "Allow", …
Learner
  • 1,503
  • 6
  • 23
  • 44
0
votes
0 answers

AWS Crawler Error: User does not have access to target s3://gurpreet-cross-account-bucket/

I am getting below error while running AWS crawler, I have assigned proper IAM roles, trust account access permission Crawler Error: User does not have access to target s3://gurpreet-cross-account-bucket/
Gurpreet Singh Johar
  • 1
0
votes
1 answer

AWS SCP to mandate rds encryption with cmk

I'm trying to write a scp to mandate rds encryption with specific kms cmk. I came up with following policy but the below policy is accepting default encryption as well. I'm trying to mandate encryption with specific cmk. { "Version":…
Beginner
  • 1
  • 3
0
votes
1 answer

Creating an additional AWS policy within a lambda child module gives invalid index

Forgive me if this question is a little basic, I'm quite new to both AWS and Terraform. I'm trying to create a lambda function via a terraform module. The source of the module is pointing at this repo…
16069229
  • 11
  • 3
0
votes
0 answers

AWS ORG policy to enforce CMK key

I would like to create a SCP policy on all the accounts in my AWS org that enfoces the use of customer managed key for the encryptions of new buckets i found that this should have worked { "Version": "2012-10-17", "Statement": [ { …
Dvir
  • 13
  • 3
0
votes
0 answers

IAM policy for KMS to restrict users and roles

I need to add a policy in KMS to allow only few users/roles to read from KMS CMK. But I also need to have a policy where in I can pass a role ARN with a wildcard. When I do this using below, I cannot pass wildcard because a wildcard is not allowed…
Pavan Kumar
  • 129
  • 7
0
votes
0 answers

Is there an AWS SCP to deny Transfer of elastic IP's from one account to another?

I have done research and came across the scp below but after implementation, i am still able to transfer an elastic IP from one account to another. Is there any change i need to make the policy? the goal is to deny transfer of elastic IP's entirely…
Larry
  • 1
0
votes
1 answer

AWS TransferFamily and policy parameters in Terraform

I am trying to create an SFTP server in AWS TransferFamily using Terraform. I have set the home_directory_type to logical. According to AWS: "If you are using logical directories—that is, the user's homeDirectoryType is LOGICAL—these policy…
Niklas
  • 11
  • 2
1 2 3
14 15