All Questions
39
questions
0
votes
0
answers
26
views
AWS Automatic IAM Roles for Service Users
I have an EC2 instance that has an assigned/assumed role. When I run:
aws sts get-caller-identity
as the main login user or with sudo it returns the account information expected. However, I have a ...
- 123
0
votes
0
answers
114
views
Mimic user permissions on AWS EC2 instances using IAM roles
I'm setting up an AWS account with several users. Each of these users has policies attached that restrict their access to specific S3 buckets/objects and the EC2 instance types / Autoscaling Groups ...
- 101
1
vote
1
answer
2k
views
EC2 instance won't recognize IAM role?
I'm trying to download ECR images on my EC2 instance without having to provide a credentials file. So I created a role with the policy AmazonEC2ContainerRegistryReadOnly and attached to my running ...
- 81
1
vote
2
answers
808
views
Sharing an AWS "instance role" across accounts, as with other resources?
What works
We have several EC2 instances that pull things out of an S3 bucket on boot (and at other times). To allow this, we have an IAM policy granting read-only access...
"Effect": "...
- 111
0
votes
0
answers
149
views
Individual Local Accounts on AWS
I'm my scenario, Currently, we have all developers connect to ec2 instances using the ec2-user account. Is there a better way to do this so we can see which actions developers take on the machines?
I'...
- 81
0
votes
1
answer
1k
views
AWS ec2 instance IAM user but root user not seeing
I have a client and he has given me IAM access to my email to his AWS account.
and I have logged in successfully and then lunch an EC2 instance to his account as IAM user.
But the client not seeing ...
- 103
0
votes
1
answer
1k
views
AWS IAM policy to allow user to edit one specific Security Group only
I'm trying to allow a user to modify inbound rules on one particular security group.
Here's what I tried. I thought it would be straight forward, but this doesn't work. What other permissions do I ...
- 137
1
vote
1
answer
3k
views
How to restrict AWS SSM access by EC2 tag
https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html#awssystemsmanager-policy-keys
I cant find an answer that clears this up for me
Im looking at this example: https://docs.aws....
- 4,273
2
votes
2
answers
746
views
How can switch to an EC2 instance role locally as a user?
I apply ec2 instance roles to my servers but I want to switch to those roles myself locally first to test permissions
Id tried switching to one but I get an error:
aws sts assume-role --role-arn arn:...
- 4,273
3
votes
0
answers
305
views
Can an instance profile's condition reference EC2 instance's tags?
I'm trying to setup an instance profile for an EC2 instance that limits its access to a particular path within an S3 bucket, based on the Name tag of that EC2 instance. I've gotten a policy that's ...
- 355
2
votes
1
answer
8k
views
AWS system manager : Verify that the IAM instance profile attached to the instance includes the required permissions
I am trying to access an ec2 instance using AWS systems manager for that I've created a role attached to the following policies.
AmazonEC2RoleforSSM
AmazonSSMAutomationApproverAccess
...
3
votes
4
answers
5k
views
AWS IAM: Restrict Console Access to only One Instance
I am trying to create an IAM user for the AWS Console with permission to list and perform action on only 1 instance.
So I have a total of 6 Instances and I tried hiding 5 of them via IAM Policies by ...
0
votes
1
answer
271
views
Ssh key management in AWS like gcp
Google Cloud really Nails the SSH Key Management thing out of the box and AWS leaves it all up to you.
In gcp your gcp login credentials are also used for SSH access. gcp automatically creates SSH ...
- 4,273
0
votes
1
answer
457
views
IAM policy for ansible dynamic inventory in ec2
So, I am using the
ec2.py
script (provisioned by Ansible) for generating dynamic inventories. I have created the following IAM policy:
{
"Version": "2012-10-17",
"...
1
vote
1
answer
1k
views
IAM policy to enforce tagging not working
0
down vote
favorite
I have created an IAM policy to deny creating EBS volumes if it is not tagged with both the keys "empname" and "team". The policy is attached to a test user.
When I try to create ...
- 764