Stack Overflow
Stack Overflow

Questions tagged [aws-policies]

223 questions
0
votes
2 answers

AWS iam policy for limiting access to only special folders

I have a bucket "mybucket" in which there is a folder "myfolder". In the same bucket there is also another folder "notmyfolder". This is the policy that I think "should" work. { "Statement": [ { "Action": [ …
Jack-of-some
  • 309
  • 3
  • 12
0
votes
1 answer

In AWS, can you enforce creation of Roles that can only act on things with a certain tag?

Is there any way in AWS policies to enforce that, when someone creates a role, that its policies have a condition (e.g. only accessing resources with a certain tag)? like "you can create any resource, and any role/etc to act on things, so long as…
New Alexandria
  • 6,951
  • 4
  • 57
  • 77
0
votes
2 answers

AWS Secrets manager resource policy access for user

I'm trying to make an AWS Secrets Manager resource to be accesed only by certain user by writing a resource policy for the Secrets Manager but I can't make it work, I have tried a policy with Allow and Deny with Principal and NotPrincipal, a Deny…
Felipe Buccioni
  • 19,109
  • 2
  • 28
  • 28
0
votes
1 answer

How to use an AWS IAM policy to deny actions in a CodeCommit repository if it has a given tag, unless that tag's value matches your username?

I'm trying to create an AWS IAM policy to help my team lock down our CodeCommit repositories. The idea is, any repository which needs to be locked down will have an "Owner" tag, the value of which will be he username of the only user who will have…
Cailean Parker
  • 123
  • 8
0
votes
0 answers

Why some AWS IAM Policies cannot be attached to Roles or Users

the reason why I'm asking the question is because, for example this 'policy' (AWSServiceRolePolicyForBackupReports) cannot be attached to any users or roles. As you can see it clearly says: You cannot attach this policy to your users, groups, or…
brian enno
  • 400
  • 5
  • 16
0
votes
1 answer

S3 in Bucket/Folder preview files and download them, but not let save changes, with NetDrive

I have a Bucket with a folder, I want to give read permissions, preview but do not allow saving changes, download the file from NetDrive, is it viable as a local drive? The bucket has a folder that is shared but it must allow viewing the document,…
Oswaldo Gaitán Araque
  • 1
0
votes
1 answer

PermissionError Forbidden reading from s3 bucket from lambda function

So the problem I'm encountering is that I built a docker image that will run an etl pipeline. When I run the image locally it works fine but when I deploy my image to ECR on AWS and I run my lambda function that uses this image it returns a…
david backx
  • 163
  • 1
  • 9
0
votes
1 answer

Amazon Kinesis Data Application throws "not authorized to perform: cloudwatch:PutMetricData" error

I have an AWS Kinesis data application running Apache Flink 1.13 project. I have provided the following access in the policy attached to the IAM role. I have verified that the IAM role has this policy attached in the AWS console. AWS Role for…
Shankar
  • 2,625
  • 3
  • 25
  • 49
0
votes
0 answers

Allow ec2:CreateSecurityGroup only if request contain specific tag

I'm trying to write a IAM policy to ensure that a resource (a security group in the example) can't be created unless it is tagged with a specific tag with a specific value. Here is my policy: { "Version": "2012-10-17", "Statement": [ …
Michele Amati
  • 46
  • 1
  • 4
0
votes
0 answers

AWS S3 CORS Configuration does not working properly for AccessDenied situation

I want to configure my-bucket on AWS S3 that can be reachable with only one domain. Let's call it http://example.com. So I have generated a CORS Policy and also Bucket Policy for this reason. But somehow it works for all other domain if I specifies…
smartdjango
  • 1
  • 1
0
votes
0 answers

AWS AccessPoint Cross Account Access to more than 1000 external accounts

I'm trying to give access to more than 5000 external accounts, my s3 bucket access point. How can I achieve it? using access points to give permissions to specific folder in S3 Bucket adding all accounts in the policy principle will increase the…
manny
  • 59
  • 1
  • 1
0
votes
0 answers

Adding AWS::ElasticLoadBalancingV2::TargetGroupAttachment into SAM template

I need to refer already created ALB into MY SAM Template to do that i add AWS::ElasticLoadBalancingV2::TargetGroupAttachment resource and do the needfull. Then when im deploy it using SAM CLI it will getting error by saying that -> [ ex: Waiter…
Kalana Elapatha
  • 11
  • 2
0
votes
0 answers

Cross Account S3 Bucket Object copy gives (403) when calling the HeadObject operation: Forbidden

I have a lambda found in the destination account that copies s3 objects from source_A to destination_B. For the source bucket I have attached the permissions { ## permission for source bucket "Version": "2012-10-17", "Statement": [ …
zafar
  • 129
  • 1
  • 4
0
votes
0 answers

What values and parameters should write to limit the access of user to his own resources?

I would like to create the following policy but I am not able to find resource that can help me set up the condition nor identify which values should I use for Action, Resource keys. RDS - Rwite Data in DataBase RDS - Full Access: To resources that…
aidonsnous
  • 1,475
  • 4
  • 19
  • 41
0
votes
1 answer

AWS PowerShell CLI: How to obtain list of Policies applied to an Instance

I have a lot of instances running an an AWS Account. Each is attached to a different IAM Role (1). I can review the Role via the Management Console (2) and see the attached Policies (3). I want to obtain a list of these programmatically. I have…
MickyD
  • 41
  • 3
1 2 3
14 15