5,639 questions
1
vote
0
answers
19
views
How to capture IAM user identity in Aurora MySQL audit logs when connecting through AWS TEAM elevated access?
I’m using TEAM elevated access for AWS in my organization to temporarily access an Aurora MySQL cluster.
TEAM provides database access through a tunneled MySQL session using a generic database ...
0
votes
1
answer
48
views
AWS S3 SCP Policy to Prevent Disabling Public Access Block but Allow Re-enabling
I need to create an AWS IAM policy that prevents users from disabling the "Block all public access" configuration on S3 buckets, but still allows them to re-enable it if it was already ...
2
votes
3
answers
12k
views
How to enable billing permission for IAM in AWS?
I have already assign billing permission and full administrator permission to IAM role but still I IAM user getting permission issue. How I can solve this problem?
- 525
9
votes
8
answers
34k
views
AWS Systems Manager - Instance not showing
Could anyone help me investigate an issue with EC2 instance profile? I have create an EC2 instance and I put an IAM role.
But, when I check on the instance I see: No roles attached to instance profile:...
- 129
2
votes
3
answers
2k
views
How to allow AWS user to start instances only in one VPC by ID or TAG?
I have multiple VPCs, one for each environment. I want that a user in Dev group should only be able to launch instances in that one VPC. Similarly for other environments as well. How to accomplish ...
- 1,021
1
vote
1
answer
45
views
IAM Policy to allow update on a deeply nested attribute in DynamoDB
This article talks about fine-grained column and row level access control with DynamoDB.
However, what if I want to allow a user to UPDATE only a deeply nested attribute inside a column of DynamoDB ?
...
- 357
0
votes
2
answers
805
views
Deny Access to AWS Console if not in IP
I'd like to deny access to AWS console if a user is outside of our network or VPN. I found this policy but I'm running into random issues where a user gets an explicit deny even though they are in the ...
- 4,352
5
votes
3
answers
10k
views
ERROR 1045 (28000): Access denied for user 'db_user'@'ip' (using password: YES) while connecting to a RDS DB instance using IAM DB Authentication
Following is a quick summary of the question. Read the full description section for the underlying details.
Condensed description:
Assume you have an IAM user already existing and the user is ...
CommunityBot
- 1
0
votes
2
answers
985
views
Decrypt parameter store secrets conditionally
I am trying to create a policy to allow users to view all the parameter store values unless it is encrypted by the dev kms key. The following is the policy that I've written.
{
"Version": &...
- 20.2k
14
votes
4
answers
19k
views
Where to locate an aws_iam_instance_profile in aws console?
Because of a timeout issue, terraform failed to create an ec2 instance.
In order to recover from it I have manually removed the ec2 instance from aws console as well as the terraform state file.
...
- 294
84
votes
9
answers
75k
views
Difference between IAM role and IAM user in AWS [closed]
What is the difference between an IAM role and an IAM user? The IAM FAQ has an entry explaining it, but it was vague and not very clear:
An IAM user has permanent long-term credentials and is used ...
- 10
-1
votes
2
answers
895
views
How to create aws-ebs-csi-driver with eks_blueprints_addons by Terraform?
I created AWS EBS CSI Driver addon with eks_blueprints_addons by Terraform:
module "eks_cluster" {
source = "terraform-aws-modules/eks/aws"
version = "~> ...
- 5,778
1
vote
1
answer
9k
views
Unable to get IAM security credentials from EC2 Instance Metadata Service
I am using Aws Cognito User Pool and its various service for my asp net core application
I have added one Aws Toolkit to do all the api call for development purpose and added one profile as a default ...
CommunityBot
- 1
-1
votes
1
answer
59
views
AWS IAM permission policy for EC2 instances access doesn't work [closed]
I'm new to AWS and I want to restrict access for a group of users to have full access to EC2 services only. Below are the steps I did:
Created a IAM group named "EC2 Admins"
Created an ...
12
votes
6
answers
6k
views
Difference between AWS IAM "Identity" and "Entity"
I am reading through the AWS documentation Understanding how IAM works and I'm confused about the definitions for identities and entities.
Identities
The IAM resource objects that are used to ...
- 11.4k
0
votes
1
answer
46
views
IAM Policy for edit EC2 tags of instance
I want an IAM policy that allows an EC2 instance to modify it's own name tag. It should not have permission to modify the tags of any other instance.
It is my understanding that this should work. ...
- 36
11
votes
1
answer
14k
views
Invalid policy document. Please check the policy syntax and ensure that Principals are valid
Attempting to create a Resource Policy document for an API Gateway.
I have the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"...
CommunityBot
- 1
4
votes
11
answers
19k
views
AWS Lambda Create Function - Request failed with status code 403
Trying to create a new AWS Lambda Function with the root account for the first time using management console. I am receiving the error "Request failed with status code 403" no matter how ...
- 1,536
12
votes
5
answers
31k
views
AWS IAM error : 'Your authentication information is incorrect. Please try again'
I am getting the error after I create an IAM user with AdministratorAccess or AmazonEC2FullAccess:
Your authentication information is incorrect. Please try again
I was able to create a user without ...
- 837
1
vote
5
answers
7k
views
AWS EKS Cluster & Nodes creation IAM Role
When You try and create an EKS Cluster there is a box for IAM Role, likewise when you try and create worker nodes there is a box for IAM Role. The box is blank with a pulldown menu. I am not ...
- 1
3
votes
2
answers
1k
views
Keda Operator Access Denied for SQS [closed]
I am using SQS scaler for Keda to scale a deployment. At present I am using operator based identityOwner for scaledObject. I have build an IAM role with following permissions and trust relationship :-
...
- 666
2
votes
0
answers
155
views
Unable to connect to EMR cluster from SageMaker Unified Studio using runtime role – credentials are null
I'm trying to connect to an existing EMR cluster from SageMaker Unified Studio to run SQL queries via JupyterLab.
SageMaker requires that the EMR cluster be runtime role-enabled to integrate with ...
- 315
4
votes
2
answers
2k
views
Unable to assume specified IAM Role when deploying with AWS Amplify using GitHub
I was trying to deploy my application with AWS Amplify using github and I got this error :
2020-07-03T10:39:32.225Z [ERROR]: !!! Unable to assume specified IAM Role. Please ensure the selected IAM ...
1
vote
0
answers
40
views
AWS CLI syncing S3 buckets
I have two S3 buckets owned by two different accounts. I am trying to use aws sync to sync the content in both but I am facing some issues with permissions. I am aware that this command only allows ...
- 1,103
0
votes
1
answer
2k
views
Cognito Identity Pools - Attribute-based access control with "dynamic" attributes
I have hundreds of S3 buckets and dozens of users in Cognito User Pool. I want to be able to select which user can access which S3 bucket, for example:
user_a can access bucket_1, bucket_2, bucket_3
...