Skip to main content

All Questions

Filter by
Sorted by
Tagged with
0 votes
0 answers
31 views

AWS IAM policy for partial username match (extract username from SSO)

We are using single sign-on for AWS users, so when a user logs in they assume a role, and they don't have an actual IAM user account. We use CodeCommit, which requires an SSH key added to an IAM user. ...
Malvineous's user avatar
  • 1,145
0 votes
0 answers
33 views

AWS CodeBuild user doesn't take on service role

I am working on setting up a build project in CodeBuild that creates a Docker container from a GitHub repo, and pushes it to ECR. This build process uses a container built previously that's stored in ...
HighElfWisard's user avatar
0 votes
0 answers
26 views

AWS Automatic IAM Roles for Service Users

I have an EC2 instance that has an assigned/assumed role. When I run: aws sts get-caller-identity as the main login user or with sudo it returns the account information expected. However, I have a ...
thaimin's user avatar
  • 123
0 votes
1 answer
25 views

How to get friend/business partner to view and edit Lex bots with me in AWS?

Long story short, I want my friend who's also my partner in my startup to help me with developing, testing, and deploying AI chatbots in Amazon Lex via AWS. I have him registered as a user in Identity ...
user avatar
0 votes
1 answer
53 views

Local terraform repository, remote ec2 with assumed role

My current setup is: My local machine (actually one for each developper) A git repository containing my terraform configuration An EC2 instance which assumes an IAM role which grants it permissions ...
Camusensei's user avatar
1 vote
0 answers
37 views

AWS API Gateway + Cognito + IAM

I'm working on an API for my company. I'm trying to restrict external users from accessing specific methods of a specific endpoint using IAM + Cognito. Currently I have a single Cognito user pool, ...
Devin Gardner's user avatar
0 votes
2 answers
236 views

How can I set up AWS Client VPN using IAM roles for authentication?

Context: I am trying to set up Postgres RDS in a private_isolated subnet of a VPC. I want to use pgAdmin to do work on it, which means I either need a bastion or a VPN connection. A bastion requires a ...
Adam A's user avatar
  • 151
1 vote
1 answer
627 views

AWS IAM: deny users from creating policies on specific resources

I want to be able to give my admin users the permission to create policies in IAM, but I want to make sure that they aren't able to create a policy that affects a specific resource. To be more ...
Jamie Forrest's user avatar
0 votes
1 answer
217 views

How to fix permission error of Ebs volume using Amazon Data lifecycle manager?

I applied the terraform code in this link, which contains code to apply the specific roles and permission s to service dlm lifecycle for ebs volumes. But still I am getting access errors. Please ...
Meghana d's user avatar
0 votes
0 answers
86 views

Switch to a different AWS accounts in the UI

I currently have AWS configuration set up with my access key id and secret access key (i.e. I see this when going to 'aws configure' in the CLI). I then login through my company's OKTA to then access ...
KristiLuna's user avatar
0 votes
0 answers
111 views

Mimic user permissions on AWS EC2 instances using IAM roles

I'm setting up an AWS account with several users. Each of these users has policies attached that restrict their access to specific S3 buckets/objects and the EC2 instance types / Autoscaling Groups ...
Marcelo Villa's user avatar
0 votes
1 answer
761 views

Is it impossible to access rds and elasticache redis in AWS fargate only by setting a role?

I tried to access the aws service rds and elasticache redis through fargate's task role. I connected the full access of the service to the task role, but it was not connected, so I allowed the subnet ...
john_smith's user avatar
0 votes
1 answer
93 views

Limit what kind of policies and roles an admin role can create in AWS

Is there a way in AWS to limit what kind of roles and policies another role can create? In my setup, I have two kinds of admin roles: AccountAdmin and InfraAdmin. The AccountAdmin one having more ...
mikoni's user avatar
  • 103
0 votes
0 answers
41 views

How to assign an IAM role having the same permission set as the IPs have?

How to update the IAM policy below so that the IAM role, arn:aws:iam::7574333677569:role/dev-abc-webserver, also have permissions? { "Version": "2012-10-17", "Id":...
sam23's user avatar
  • 59
1 vote
1 answer
2k views

EC2 instance won't recognize IAM role?

I'm trying to download ECR images on my EC2 instance without having to provide a credentials file. So I created a role with the policy AmazonEC2ContainerRegistryReadOnly and attached to my running ...
rodorgas's user avatar
1 vote
1 answer
2k views

RDS PostgreSQL Import+Export to/from S3

Is it possible to enable both importing and exporting with an RDS PostgreSQL instance to an S3 bucket? I've been able to use the following pattern to enable one or the other with consistent success: ...
Jerbot's user avatar
  • 394
1 vote
1 answer
622 views

How can I call "complete-lifecycle-action"?

There is an AWS EC2 instance which is launched by an auto-scaling-group. I wish to put this instance to Pending state during initialization. This is very easy with the lifecycle hooks: This hook will ...
Daniel's user avatar
  • 201
0 votes
1 answer
455 views

A user is blocked from using MFA though I added the permissions for their AWS IAM account

I hold admin powers on one of the AWS accounts that we use at the company where I work. I am trying to make MFA mandatory for all users. I followed this tutorial: https://docs.aws.amazon.com/IAM/...
charlottesville's user avatar
0 votes
1 answer
180 views

Automatic EC2 Role Assignment

Trying to understand AWS IAM resources/concepts a little better. I know there is a way to configure an EC2 (either possibly via its underlying AMI or a launch template) so that when it launches for ...
hotmeatballsoup's user avatar
1 vote
2 answers
794 views

Sharing an AWS "instance role" across accounts, as with other resources?

What works We have several EC2 instances that pull things out of an S3 bucket on boot (and at other times). To allow this, we have an IAM policy granting read-only access... "Effect": "...
Ti Strga's user avatar
  • 111
1 vote
1 answer
2k views

S3 access control based on bucket tags

i hope you can help me out. I have read a couple of docs now, and I am still unsure whether this actually works. I want to give access in different levels to AWS users based on S3 tags. Example: S3 ...
flypenguin's user avatar
1 vote
1 answer
916 views

Quicksight Error: This user name already exists in this account

When I want to login to view my Quicksight dashboard I get this error: This user name already exists in this account. Contact your QuickSight administrator, and ask them to invite you with a unique ...
Fariman Kashani's user avatar
0 votes
1 answer
249 views

Best practice for AWS root account or superuser?

Normally, we have the rule of 3 people having superuser access with 3 username/passwords and if anyone is ever offboarded(they leave or are fired), on vacation, out sick, different time-zone, someone ...
Dean Hiller's user avatar
6 votes
3 answers
9k views

Getting "Fargate requires task definition to have execution role ARN to support ECR images." when creating Fargate task but the role is defined

I am trying to deploy a very simple web application to AWS Fargate. I have pushed a docker image of the backend of the application to ECR and I am trying to setup a Fargate task definition for the ...
Brandon's user avatar
  • 181
0 votes
1 answer
1k views

AWS Policy to Read/write RDS

In my scenario , I want a policy that will allow reading and writing of abc-database-backups/rds/postgresql-backup on S3? We'll want the my servers to have that access added. Is creating a role and ...
samtech's user avatar
1 vote
1 answer
529 views

Safely store AWS IAM User Keys (Access and Secret) created by IaC

I've the following setup: Infrastructure is setup using AWS CDK; I've one Stack/Environment (Production, Staging...); Each Stack has a different S3 Bucket (used for website hosting); I've a Stack ...
viniciuskneves's user avatar
2 votes
1 answer
227 views

How do you set a self-destruct or maximum uptime in AWS?

Situation We have a sandbox AWS account for trying things out. It is not for production, purely just for playing around with all the toys that AWS provide. We want to encourage everyone to explore and ...
James Geddes's user avatar
0 votes
1 answer
85 views

AWS CLI Usage Issue

In our scenario, We previously had some AWS keys. The IAM interface show/showed no usage for it but the employee has been able to upload resources. Could anyone advise how to check if the interface is ...
samtech 2021's user avatar
0 votes
0 answers
142 views

Individual Local Accounts on AWS

I'm my scenario, Currently, we have all developers connect to ec2 instances using the ec2-user account. Is there a better way to do this so we can see which actions developers take on the machines? I'...
samtech 2021's user avatar
0 votes
1 answer
190 views

S3 Logs event Issue

Is there a way to see what actions the 'g2' IAM user is performing in S3, and which IP(s) they are running from? I have already enabled the logging of S3 actions. One point I’m still not able to ...
samtech 2021's user avatar
0 votes
0 answers
22 views

AWS IAM user with special permissions

I am having following task to do. I want to create 10 IAM users each user should have login username and password and each IAM user should have separate ec2 instance that can not be visible to others. ...
anil's user avatar
  • 15
0 votes
2 answers
277 views

Best Practice for AWS IAM access keys for use with AWS SDK

I want to know the best practice used by big company's for programmatic access for multiple AWS services as there are multiple programs needing access to different-2 services so how it is managed? Did ...
Rocky's user avatar
  • 49
3 votes
1 answer
10k views

Is it possible to grant a "read everything" role in AWS?

Is there a default policy that can provide read-only access to all services with AWS? Is there are naming convention for permissions that could be followed such as "Allow" : "Get*" ...
Andrew Theken's user avatar
0 votes
1 answer
337 views

How to use aws-iam-authenticator with remote Terraform Cloud Runs?

I am already successfully using Terraform with the Kubernetes provider to manage various part of and services on an EKS cluster in AWS. I would like to use Terraform Cloud to manage it (and take ...
Adam C's user avatar
  • 5,242
0 votes
0 answers
464 views

Increasing general AWS console timeout

The AWS console appears to kick you out after 24-hours, and I'd like to increase it slightly. This has nothing to do with SSO. Is this a fundamental requirement or can it be tweaked somewhere?
Dustin Oprea's user avatar
1 vote
0 answers
3k views

Converting specific folder of S3 into browsable directory list without making it public

I have a bucket that I'd like to access using a browser similar to http://data.openspending.org/ and I'd like only a subfolder to be visible. So if Bucket1 has multiple folders, I only wanna show and ...
Kohini's user avatar
  • 113
3 votes
0 answers
1k views

EKS - Use IAM roles for service accounts on multiple clusters

I am trying to use IAM roles for service accounts in EKS. https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html When it comes to create the IAM role to be assigned to a ...
signaleleven's user avatar
3 votes
1 answer
9k views

AWS IAM Roles: What is a trusted entity exactly?

I have a role attached to a LaunchConfiguration for an EC2 instance, that gives the EC2 instance privs to do certain things like do Cloudwatch logs (the context isn't important to the question). In ...
spinkus's user avatar
  • 207
0 votes
0 answers
506 views

Can i access an EKS cluster , if i don't have access to iam user that created it?

An AWS admin , created an IAM user , and that user created an EKS cluster. Now , we don't have access to that IAM user. If , we try to execute , kubectl , commands on that EKS cluster from a new IAM ...
Dawood Abbas 's user avatar
1 vote
1 answer
1k views

AWS S3 Policy: One non-public bucket, separate sub-folders for each user, restricted access

at the moment I'm struggling how to create a secure policy for my Amazon S3 bucket. My plan is to have one bucket with several sub-folders for separate (IAM) users. Access should only be ...
keitaro.urashima's user avatar
2 votes
0 answers
304 views

Facilitating arbitrary code execution on AWS Lambda

I am developing a SaaS where a user will be able to upload a custom JavaScript function that runs when an event happens. In order to preserve the integrity of the system, I am using AWS Lambda to run ...
Nexuist's user avatar
  • 121
2 votes
2 answers
1k views

Permissions for choosing tags in Cloudwatch

When trying to create a Cloudwatch dashboard I get "You don't have permission to access tags and properties. Retry". What permissions does my IAM account have to have in order to be able to ...
jshbrntt's user avatar
  • 121
0 votes
1 answer
503 views

AWS-IAM - How to give a combining specific access to specific region with some resource tags

Hello I am trying to combine some rights access for a user using IAM policies: Full access to one region ONLY (i.e: ap-east-1) ReadOnlyAccess to another region (i.e: us-east-1) Write access only to (...
serialp's user avatar
  • 13
1 vote
0 answers
76 views

Autoscaling - lifecylehook implementation

I'm trying to implement my first ASG with a lifecycle hook and I am having this issue: LifecycleHandlerFunction: Encountered unsupported property Role The following resource(s) failed to create: [...
serialp's user avatar
  • 13
7 votes
3 answers
6k views

Impossible to delete AWS backup vault, backup plans?

I swear, I've read all the docs I can find, and have tried everything including the AWS policy generator UI and manually editing policy JSON, but no matter what I try, when I try to delete any of ...
Tom Wilson's user avatar
2 votes
1 answer
2k views

How do I enforce a policy to block access to specific regions without updating all of my policies?

I want to block all user access to almost all aws regions. You cant "disable" a region that is enabled by default. Also I am aware of permissions that are account level and cant be ...
red888's user avatar
  • 4,273
2 votes
1 answer
2k views

AWS: How do I restrict deployment to ECS clusters using IAM

I have multiple Fargate clusters in a single AWS account. I wish to ensure that a given service account (used by the build pipeline) can only update Services within a given Fargate clusters. The IAM ...
Alastair Irvine's user avatar
0 votes
1 answer
187 views

AWS Resource deletion should require 2 user's approval

We have a business requirement wherein the deletion of resources in AWS account should require approval of 2 users - may be an admin and the manager. There doesn't seem to be a straightforward, out-of-...
amolkul's user avatar
  • 111
0 votes
1 answer
1k views

AWS ec2 instance IAM user but root user not seeing

I have a client and he has given me IAM access to my email to his AWS account. and I have logged in successfully and then lunch an EC2 instance to his account as IAM user. But the client not seeing ...
how recepes's user avatar
0 votes
1 answer
1k views

AWS IAM policy to allow user to edit one specific Security Group only

I'm trying to allow a user to modify inbound rules on one particular security group. Here's what I tried. I thought it would be straight forward, but this doesn't work. What other permissions do I ...
BadHorsie's user avatar
  • 137

1
2 3 4 5