Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

253 questions
31
votes
6 answers

Can you require MFA for AWS IAM accounts?

Is it possible to require Multi-factor Authentication (MFA) be enabled for specific/all IAM accounts in Amazon Web Services? There are options for password requirements and it's clear how one can choose to add it to one's account, but it's not…
Joe
  • 823
  • 1
  • 7
  • 20
27
votes
9 answers

Is it possible to restrict AWS users/accounts to a specific region?

We run a number of AWS services in the eu-west-1 region. Unfortunately it seems that a lot of our developers and other employees who need to create temporary resources forget about this aspect of AWS and don't select this region before launching…
Bruce P
  • 2,163
  • 3
  • 16
  • 21
24
votes
1 answer

How to let user upload files to S3 bucket, but not overwrite or delete?

I have the following IAM policy for a user { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1395161912000", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:*" ], …
Znarkus
  • 1,087
  • 2
  • 18
  • 32
21
votes
2 answers

How to specify an IAM role for an Amazon EC2 instance being launched via the AWS CLI?

I am using the "aws ec2 run-instances" command (from the AWS Command Line Interface (CLI)) to launch an Amazon EC2 instance. I want to set an IAM role for the EC2 instance I am launching. The IAM role is configured and I can use it successfully…
Skaperen
  • 1,064
  • 2
  • 11
  • 21
18
votes
3 answers

Confused by the role requirement of ECS

I am trying to set up a ECS but so far I have encountered a few permission issue for which I have created some questions on this forum already. I think I am stuck so far because honestly I cannot find out all these role requirements in one place…
Anthony Kong
  • 2,976
  • 10
  • 53
  • 91
18
votes
3 answers

Amazon Route 53, restrict IAM user access to single record set

I would like to programmatically change the CNAME of a Record Set inside an Hosted Zone on Amazon Route 53, but I would like to restrict the access of the user ONLY to that record set. For what I have seen on the documentation IAM allow to specify…
Fabrizio S
  • 353
  • 3
  • 9
17
votes
5 answers

Use IAM to Allow User to Edit AWS / EC2 Security Groups?

I am trying to grant an IAM group the ability to edit our EC2 Security Groups, but I have been unable to get this working without granting access to everything in EC2. I have tried several versions of this: { "Version": "2012-10-17", …
Chris
  • 333
  • 1
  • 4
  • 10
13
votes
3 answers

Which permissions/policies for IAM role to be used with CloudWatch monitoring script

With CloudWatch monitoring script (mon-put-instance-data.pl) it's possible to specify a IAM role name to provide AWS credentials (--aws-iam-role=VALUE). I'm creating a IAM role for this purpose (to run mon-put-instance-data.pl on an AWS instance),…
Céline Aussourd
  • 590
  • 1
  • 5
  • 14
11
votes
2 answers

Managing IAM security credentials for multiple docker containers

Within plain EC2 environment, managing access to other AWS resources is fairly straightforward with IAM roles and credentials (automatically fetched from instance metadata). Even easier with CloudFormation, where you can create roles on the fly when…
Alex B
  • 1,654
  • 2
  • 16
  • 29
11
votes
3 answers

Is it possible to send email via the amazon ses smtp service with a iam role account?

I have an IAM role with the following policy attached: { "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" } ] } As you can see, full access is granted. I use the following python to get the convert…
Wren T.
  • 327
  • 3
  • 5
10
votes
4 answers

Cloudformation can I create a new role referencing an existing policy?

At the moment I have a shared S3 bucket which has specific access to particular key paths (i.e. folders) for different instances. I've been able to create instance profile with my new role and test no problem limiting to access to that folder. My…
hughmcmanus
  • 201
  • 1
  • 2
  • 3
10
votes
2 answers

Give EC2 IAM role read access to S3 bucket

I have an AWS Elastic Beanstalk Rails app that I am configuring via the config script to pull some files from an S3 bucket. When I start up the application, I keep receiving the following error in the logs (bucket name has been changed for…
dignoe
  • 201
  • 1
  • 2
  • 4
9
votes
2 answers

AWS add option group

I asked this on the AWS forum but not getting much traction. My root problem is that I'm trying to restore a MS SQL Server RDS database and getting the error message "Database backup/restore option is not enabled yet or is in the process of being…
nasch
  • 141
  • 1
  • 1
  • 9
8
votes
4 answers

AWS IAM won't let my users change their passwords

My password policy is configured to allow users to change their passwords, but when I create a new user with the "must change password" option, the user gets told they need "iam:ChangePassword" permission. They get a similar message when they try to…
scottb
  • 181
  • 1
  • 1
  • 2
8
votes
1 answer

Why does my created Amazon IAM user get "We can not find an account with that email address" when trying to log in?

In the Amazon IAM Management Console, I created a new IAM user, and assigned that user permissions and a password. However, when an attempt to log in with that new IAM user is made via the Amazon AWS login page at…
Jon Schneider
  • 303
  • 2
  • 9
1
2 3
16 17