Stack Overflow
Stack Overflow

Questions tagged [amazon-iam]

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM you can create and manage AWS users and groups and use permissions to allow and deny their permissions to AWS resources

Amazon AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM you can create and manage AWS users and groups and use permissions to allow and deny their permissions to AWS resources.

IAM also enables identity federation between your corporate directory and AWS services. This lets you use existing corporate identities to grant secure access to AWS resources, such as Amazon S3 buckets, without creating new AWS identities for those users.

Resources:

3730 questions
1
vote
1 answer

Programmatically Examine Trust Relationships

Is there a way to get the trust relationship policy document using boto3? I am trying to audit the roles that allow third party access to my AWS environment. I have been scouring the boto3 APIs to find an applicable function call, and have tried…
Bri
  • 336
  • 3
  • 12
1
vote
2 answers

Execute ssm.send_command to EC2 from Lambda. IAM problems

I have problems with execution command on Windows machine from Lambda function using ssm.send_command in Python. This Lambda functions should execute simple command on windows machine: import boto3 ssm = boto3.client('ssm') region =…
Alexandr Borisenko
  • 25
  • 1
  • 5
1
vote
1 answer

Adding IAM Group to aws-auth configmap in AWS EKS

The aws-auth configmap in AWS EKS performs a mapping between IAM users/roles to kubernetes RBAC roles. However, the documentation does not specify anything on adding IAM groups to the configmap. We use multiple namespaces, each namespace managed by…
Blokje5
  • 3,297
  • 1
  • 7
  • 26
1
vote
2 answers

How to access S3 using IAM role from my local machine

I have a AWS account (id : 111111) and I have a ARN role created (aws id : arn:aws:iam::222222:role/developenv). From the AWS CLI I am able to access the resource created in id : 222222 by using --profile. But I am not sure how to achieve it in Java…
lava575
  • 13
  • 5
1
vote
1 answer

Boto3 IAM waiter isn't waiting

I'm using boto3 to create an IAM user, wait until the IAM user is created, then update the login profile of that user. My python code to create the user works fine, and the user is created successfully. IAM is eventually consistent, so I know that I…
ricksebak
  • 83
  • 1
  • 6
1
vote
1 answer

How do you prevent a Role from being associated with an EC2 without a specific tag?

I created an AWS IAM Role and it included the following AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: …
Jared
  • 596
  • 9
  • 19
1
vote
1 answer

Restrict IAM user to access specific Cognito user pool(s)

I have three user pools in Cognito - one for DEV, one for UAT and one for PROD. I have crated an IAM user to programatically access the user pools using the Cognito API. This works fine but I want to restrict this user to only be able to access a…
Pseudo
  • 181
  • 2
  • 14
1
vote
1 answer

Why I’m getting an `AccessDenied` when trying to upload to my S3 bucket with `PutObject` permissions?

Any idea why I’m getting an AccessDenied error when trying to upload to my S3 bucket? serverless.yml: service: foo-service custom: bucket: my-bucket-name provider: name: aws iamRoleStatements: - Effect: Allow Action: -…
noetix
  • 4,140
  • 2
  • 22
  • 43
1
vote
1 answer

Amazon Dynomo DB: BatchPutItem because of APPSYNC_ASSUME_ROLE and type mismatch error

I'm building a React app using AWS Amplify. I use Cognito User Pools for by authentication and a GraphQL AppSync backend for my backend. I'm trying to write a custom resolver to batch mutations. Here is the schema that I use: type Todo @model…
J. Hesters
  • 8,261
  • 15
  • 78
  • 164
1
vote
1 answer

AWS root account cannot access organizational accounts

I am writing an application for AWS platform, which was planned to be launched from the root account, with root credentials. At this point I need to stop some of the machines started by the AWS organizations member accounts. By default AWS…
guser
  • 294
  • 2
  • 10
1
vote
0 answers

How to config AWS with cognito logins? - nodejs

I am trying to access s3 through Cognito logins. This is how I config the AWS: AWS.config.update({ region: 'us-west-2', userPoolId: "us-west-2*******1", userPoolWebClientId: "2******************n", credentials: new…
Lusha Li
  • 718
  • 1
  • 7
  • 16
1
vote
1 answer

Cloudformation template is unable to execute retrieval of mount target

I have the following command in the userdata of my cloudformation template: MOUNT_TARGET_IP=$(aws efs describe-mount-targets --file-system-id fs-xxxxxxx --query 'MountTargets[*].IpAddress' --output text) Also in my template, I have the following…
niketp
  • 189
  • 1
  • 13
1
vote
1 answer

Karate: Signing AWS HTTP requests & add the generated headers to the 'request headers'

The internal API's we test need to go through the process of signing them (i.e., get AWS Signature) & add the signed headers to 'request headers' before we do any CRUD operation. Signing the requests can happen through AWS-SDK or using something…
Sud
  • 118
  • 9
1
vote
0 answers

Cloudformation for a kube2iam role

I'm having trouble creating a role for kube2iam, everything seems to work fine I deploy the stack with the role and the pods spin up but whenever a pod tries to perform an authorized action (put an item into dynamo in this case) I get an error that…
Lev Kuznetsov
  • 2,972
  • 2
  • 14
  • 31
1
vote
1 answer

AWS CloudFormation launch Hyperledger Fabric Failed with Error: failed to create: [EC2InstanceForDev]

Following the aws documentation: https://docs.aws.amazon.com/blockchain-templates/latest/developerguide/blockchain-templates-hyperledger.html Using the IAM policy from the document: { "Version": "2012-10-17", "Statement": [ { …
user1598922
  • 51
  • 4
1 2 3
99
100