111 questions
0
votes
1
answer
46
views
IAM Policy for edit EC2 tags of instance
I want an IAM policy that allows an EC2 instance to modify it's own name tag. It should not have permission to modify the tags of any other instance.
It is my understanding that this should work. ...
- 41
0
votes
1
answer
48
views
Restrict S3 bucket Access to all the Roles except specific Role
I have around 150 roles in my AWS Account. I have created a new S3 bucket under existing bucket
Primary-Bucket/New-Bucket
I wanted to restrict access to New-Bucket for all other roles except couple of ...
- 5,251
0
votes
1
answer
54
views
How to provide limited view to AWS IAM resources
Hello: I'm managing an AWS account for students to practice AWS's resources management. Each student has it's own IAM user with PowerUserAccess permissions (TL;DR: Allows anything except users and ...
- 1,314
1
vote
1
answer
348
views
Issue while adding VPC to AWS Lambda function: The provided execution role does not have permissions to call CreateNetworkInterface on EC2
So, something weird is happening which I can't seem to wrap my head around.
I have a lambda function, whose execution role has the AWS Managed AWSLambdaVPCAccessExecutionRole in it.
This role has ec2:...
0
votes
2
answers
99
views
Why is this IAM policy denying access with an MFA session?
We've been modifying our IAM policies for the rest of the team. They should only be allowed to do most things if MFA is active for their session. Even when they have an MFA session, they cannot access ...
0
votes
1
answer
247
views
How can see what request context looks like for an AWS request?
I was reading some documentations, but could not find a way to see them. I was trying to use Cloudtrail, but it seems like it only shows an event record for the api call performed.
{
"...
- 578
0
votes
1
answer
74
views
AWS IAM-Policy to restrict only remote repository/branch deletion
Iam trying to write an IAM policy to restrict user on deleting branch/repo using below.But could see delete operation of branch is executed using command git push origin --delete test-delete-branch .
...
0
votes
1
answer
95
views
AWS KMS ECC keys access control
Is it in any way possible to restrict AWS KMS signing operation with a EC private key to a particular AWS Nitro Enclave? That is, make is such that only the enclave with a given PCR hash is capable/...
1
vote
1
answer
52
views
AWS policies are being weird
{
Effect = "Allow",
Action = [
"s3:*",
],
Resource = "arn:aws:s3:::lab-etl-s3",
}
I am creating a S3 bucket and a login user with terraform and aws. ...
0
votes
2
answers
326
views
How can I add a trust policy to a role using boto3?
This question is somewhat connected to the discussion found here:
How can I use the AWS CLI to add a trust policy to a role?
Previously, I encountered a problem adding a policy via the AWS CLI. It was ...
- 88
0
votes
1
answer
959
views
How can I use the AWS CLI to add a trust policy to a role?
I am attempting to update the trust policy for a role to include a user.
I have successfully achieved this using the AWS Management Console.
However, when attempting to do the same using the AWS CLI, ...
- 88
1
vote
0
answers
832
views
Minimum right for AWS IAM User to invoke Bedrock API
I am new to AWS but I plan to access LLMs on Bedrock via AWS API. I already made the root user and an IAM user.
I am struggling with what rights should I assign to the IAM user to be able to make API ...
- 119
3
votes
2
answers
235
views
Configure access role for IAM user
I have a S3 java client which I want to run. But I get error during startup:
Caused by: com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: User: arn:aws:iam::123456789:user/...
- 1,074
1
vote
1
answer
686
views
Permission issues with AWS lambda function, s3-lambda-ffmpeg-mov-to-mp4-s3
SO I am new to AWS Lambda, so bear with me. I am working on a personal project to convert .mov files in to .mp4 files. I was able to find an already built application that did this, s3-lambda-ffmpeg-...
0
votes
1
answer
175
views
AWS policy grantig access to one CodeArtifact package
I'm trying to create a policy granting read-only access to one python package on CodeArtifact.
This is what I've got so far, but it seems to be granting access to all packages in the repository (and ...
- 506
-1
votes
1
answer
51
views
I want AWS IAM USERS not to see each other services
I have the following Json Code
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action&...
- 111
0
votes
1
answer
70
views
Cannot create a resource following AWS IAM policy enforcement using CloudFormation
The following IAM enforcement policy is attached with the AWS IAM role that I assume as an SSO user. When I use AWS CLI, I can create the Security group. But when I try to create this security group ...
- 1,710
1
vote
2
answers
2k
views
AWS : User is not authorized to perform <Action> on on resource <Resource>
I'm trying to invoke Entity Resolution APIs
IAM User Details:
IAM User: user1
Policy Name: AssumeRolePolicy
I generated Access key and secret for user1 and using those in my spring boot application.
...
- 1,146
0
votes
1
answer
454
views
error creating Batch Compute Environment (<name>) Error executing request, Exception : arn:aws:iam::xxx:role/xyz role is not authorised
I'm creating an AWS IAM role with the following terraform block. This enables AmazonECSTaskExecutionRolePolicy permission.
resource "aws_iam_role" "my_ecs_task_execution_role" {
...
0
votes
1
answer
175
views
Unable to fetch iam role/policy in aws lambda
I am trying fetch IAM role in aws lambda function,
like
const iamClient = new IAMClient({
region: "us-west-2"
});
const role = await iamClient.getRole({
RoleName: ...
- 396
1
vote
1
answer
1k
views
Restrict RDS IAM DB Auth to specific db users
Referring to the doc https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.html, below command can be used to generate auth token for a user and use it to ...
- 13
0
votes
0
answers
50
views
AWS IAM policy based on PermissionSet mapping
How can I create AWS SCP conditions which restrict the scope of the policy only to AzureAD users which are members of AD group associated with a specific PermissionSet?
For example, let's assume I ...
- 1,572
8
votes
2
answers
11k
views
Amazon Bedrock class can't load my credentials when called via Lambda function
So I created a lambda function for a script that essentially that allows a user to pass a query to amazon titan LLM on Amazon bedrock. Here is the content of my main.py file in my deployment package.
...
0
votes
0
answers
293
views
Terraform: AWS IAM role with 1 or multiple policy passed as input
I have a task to refactor current usual IAM module to IAM module with option to send 1 or more policy as input from Terragrunt.
I am trying to use latest resources from aws: https://registry.terraform....
- 43
0
votes
0
answers
71
views
Can I create an AWS IAM policy that acts differently when using access key or user/pass credentials?
I wanted to try a new approach to configuring and enforcing some actions from my AWS IAM users in which they are denied access to certain actions on console unless they have performed a specific ...
- 1,342