Questions tagged [amazon-iam]
IAM is Amazon Web Services' Identity and Access Management service
266
questions
0
votes
0
answers
18
views
How can I configure an AWS user so that they are not allowed to create an S3 bucket outside the us-west-2 region?
How can I configure an AWS user so that they are not allowed to create an S3 bucket outside the us-west-2 region?
0
votes
0
answers
43
views
Cant restrict SMTP connection by IP in Amazon SES
I use Amazon SES to send transactional emails (using SMTP connection) from my app and I wanna improve the credentials security by restricting access from specific IPs.
I've created an IAM Policy for ...
0
votes
0
answers
46
views
AWS IAM policy for partial username match (extract username from SSO)
We are using single sign-on for AWS users, so when a user logs in they assume a role, and they don't have an actual IAM user account.
We use CodeCommit, which requires an SSH key added to an IAM user.
...
0
votes
0
answers
41
views
AWS CodeBuild user doesn't take on service role
I am working on setting up a build project in CodeBuild that creates a Docker container from a GitHub repo, and pushes it to ECR. This build process uses a container built previously that's stored in ...
0
votes
0
answers
26
views
AWS Automatic IAM Roles for Service Users
I have an EC2 instance that has an assigned/assumed role. When I run:
aws sts get-caller-identity
as the main login user or with sudo it returns the account information expected. However, I have a ...
0
votes
1
answer
25
views
How to get friend/business partner to view and edit Lex bots with me in AWS?
Long story short, I want my friend who's also my partner in my startup to help me with developing, testing, and deploying AI chatbots in Amazon Lex via AWS. I have him registered as a user in Identity ...
0
votes
0
answers
35
views
IAM Roles AnyWhere
I've been using the IAM roles anywhere.
To Authenticate from your environment Your non AWS workloads authenticate via a certificate trusted by your trust anchor and obtain temporary credentials from a ...
0
votes
1
answer
55
views
Local terraform repository, remote ec2 with assumed role
My current setup is:
My local machine (actually one for each developper)
A git repository containing my terraform configuration
An EC2 instance which assumes an IAM role which grants it permissions ...
1
vote
0
answers
37
views
AWS API Gateway + Cognito + IAM
I'm working on an API for my company. I'm trying to restrict external users from accessing specific methods of a specific endpoint using IAM + Cognito. Currently I have a single Cognito user pool, ...
0
votes
1
answer
930
views
Cross Account SSM session: AccessDeniedException
I have two AWS accounts and one role in each account: Account-A have RoleA and Account-B have RoleB.
RoleA will assume the RoleB to be able to connect in an EC2 instance in Account-B through ssm start-...
0
votes
2
answers
242
views
How can I set up AWS Client VPN using IAM roles for authentication?
Context: I am trying to set up Postgres RDS in a private_isolated subnet of a VPC. I want to use pgAdmin to do work on it, which means I either need a bastion or a VPN connection. A bastion requires a ...
1
vote
1
answer
642
views
AWS IAM: deny users from creating policies on specific resources
I want to be able to give my admin users the permission to create policies in IAM, but I want to make sure that they aren't able to create a policy that affects a specific resource.
To be more ...
0
votes
1
answer
221
views
How to fix permission error of Ebs volume using Amazon Data lifecycle manager?
I applied the terraform code in this link, which contains code to apply the specific roles and permission s to service dlm lifecycle for ebs volumes.
But still I am getting access errors.
Please ...
0
votes
0
answers
90
views
Switch to a different AWS accounts in the UI
I currently have AWS configuration set up with my access key id and secret access key (i.e. I see this when going to 'aws configure' in the CLI). I then login through my company's OKTA to then access ...
0
votes
0
answers
114
views
Mimic user permissions on AWS EC2 instances using IAM roles
I'm setting up an AWS account with several users. Each of these users has policies attached that restrict their access to specific S3 buckets/objects and the EC2 instance types / Autoscaling Groups ...