Stack Overflow
Stack Overflow

Questions tagged [aws-policies]

223 questions
0
votes
1 answer

Understanding AWS cache key for specific scenario

Imagine the following scenario: A customer is using AWS CloudFront and is serving a site that expects and ordinarily receives no query strings. Essentially the entire site is static and the CDN is purely enabling performance by caching and…
Klaptrap
  • 311
  • 3
  • 19
0
votes
1 answer

aws IAM role is not authorized to perform: route53:ListHostedZones

When I try to deploy terraform script using gitlab runner I am getting the following error Error: Error finding Route 53 Hosted Zone: AccessDenied: User: arn:aws:sts::12345678:assumed-role/dev-runner/i-01b2f123f1e1a127c is not authorized to perform:…
LP13
  • 30,567
  • 53
  • 217
  • 400
0
votes
1 answer

Two contardicting aws policies?

I've got a theoretic question regarding AWS IAM policies. What happens when two polices contradict each other? One ALLOW using a resource, and another DENY the resource? Thanks, Omer
omer727
  • 7,117
  • 6
  • 26
  • 39
0
votes
1 answer

AWS Policy deny access on all production resources

In our team, we have both our production and development stack in the same AWS account. These stacks are distinguished by their resource name. For example, we have a S3 bucket example-dev-bucket and example-prod-bucket . Al these resources are thus…
JanJetze
  • 13
  • 2
  • 5
0
votes
0 answers

AWS - s3 bucket policy - Access: errror

I did a stupid thing. In my s3 bucket I changed object onwership to 'ACLs disabled' and added s3 bucket policy to deny all resources and for all users.. Now I haven't access to list, permissions and even can't change bucket policy. Is any options…
xiobi
  • 1
0
votes
0 answers

Expire S3 objects but prefix for the path is not standard and its changing

Trying to create lifecylce policy on the path such as {UUID}/latest/{Run_id}/test_1.csv in the above path- UUID is always changing, latest folder remains same for each of the path, Run ID is also dynamic. How I should expire objects in this…
Madhu
  • 367
  • 2
  • 7
  • 20
0
votes
0 answers

Set permission AWS s3 to only creator

Is there a way to set access permissions (READ/WRITE) to only the creators of the buckets/objects? We are working on a project that requires storing the data only for specific users. (I know about setting permissions to the specific groups - Admin,…
L ' Labradon
  • 59
  • 4
0
votes
1 answer

How to setup Dev Test Prod AWS ENVs same Organization

I am using the IAM role to switch between AWS environments. I have 3 assumed roles those match with 3 environments: Dev, Test, Prod. Those assumed roles have the same permission such as EC2, S3, ... So how I can limit users who trust the dev,…
Nightt
  • 392
  • 1
  • 4
  • 18
0
votes
0 answers

AWS S3 Post Policy with SSE-C Algorithm, Key and Md5

I am trying to add SSE-C algorithm, Key and Md5 to an already working policy - { "expiration" : "2022-11-22T18:00:16.383Z", "conditions" :[ {"bucket" : ""}, {"key" : ""}, {"x-amz-algorithm" : "AWS4-HMAC-SHA256"}, …
Anand
  • 601
  • 2
  • 7
  • 17
0
votes
1 answer

aws policy for ec2:RunInstances with multiple conditions result in rejected request

I want to be able to restrict ec2:* operations (specifically ec2:RunInstances) only in a specific AWS account and prevent them against existing ec2 instances having a dedicated tag. I have the following policy: { "Sid":…
DmitrySemenov
  • 9,204
  • 15
  • 76
  • 121
0
votes
1 answer

AWS S3 bucket policy should deny actions from ec2

I am trying to deny uploads from an ec2 instance (while SSH in it) to an s3 bucket using policy bucket. My ec2 uploads a file from the CLI with the following command: "aws s3 cp text.txt s3://bucket-name". The bucket policy in place is the…
Christos Dragios
  • 3
  • 2
0
votes
1 answer

How do i fix terraform invalid JSON policy

I am trying to use a file which contains load balancer iam policy for my AWS in terraform. However when i run the terraform script, i get an error stating: Error: "policy" contains an invalid JSON policy │ │ with…
floormind
  • 1,868
  • 5
  • 31
  • 85
0
votes
1 answer

Action does not apply to any resource(s) in statement - how to allow users to only list sub folders named with their IAM name?

So I was wanting to have folders that would be named the same as a logged in IAM user - so if I had a user named "Bob", the key structure would be: - My Bucket - Bob - Bob's stuff - Mary - Mary's stuff and I wanted a policy…
Shmack
  • 1,933
  • 2
  • 18
  • 23
0
votes
0 answers

check for existence of an AWS ARN from within an IAM policy and execute actions based upon this

I need to to be able to do this "pseudo code" from within an IAM policy If (ARN exists) then Execute actions block on listed resoures else Do nothing and continue fi My idea. ARN1 is an SSO permissioon set looking like (say) - listed below. a clean…
ivan
  • 11
  • 1
0
votes
1 answer

Limit AssumeRole by IAM User Group

I'm trying to create a trust relationship on a role I created in AWS, but I want it to only be accepted by an IAM User Group, instead of creating another account that has limited access to resources. Right now, the JSON looks like this: { …
Lineker Calseverini
  • 1
1 2 3
14 15