Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

253 questions
0
votes
1 answer

Automatic EC2 Role Assignment

Trying to understand AWS IAM resources/concepts a little better. I know there is a way to configure an EC2 (either possibly via its underlying AMI or a launch template) so that when it launches for the first time it is automatically assigned the…
hotmeatballsoup
  • 143
  • 6
0
votes
1 answer

Pod assigned node role instead of service account role on AWS EKS

First some info about the setup: EKS version: 1.21 eksctl version: 0.77.0 AWS Go SDK verion: v1.44.28 Deploying using kubectl I have a k8s cluster on AWS EKS on which I am deploying a custom k8s controller for my application. Using instructions…
asr9
  • 111
  • 5
0
votes
2 answers

Sharing an AWS "instance role" across accounts, as with other resources?

What works We have several EC2 instances that pull things out of an S3 bucket on boot (and at other times). To allow this, we have an IAM policy granting read-only access... "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ …
Ti Strga
  • 101
  • 3
0
votes
1 answer

Quicksight Error: This user name already exists in this account

When I want to login to view my Quicksight dashboard I get this error: This user name already exists in this account. Contact your QuickSight administrator, and ask them to invite you with a unique name. I have searched this error online but there…
Fariman Kashani
  • 117
  • 9
0
votes
1 answer

Best practice for AWS root account or superuser?

Normally, we have the rule of 3 people having superuser access with 3 username/passwords and if anyone is ever offboarded(they leave or are fired), on vacation, out sick, different time-zone, someone has access still and we are never crippled. When…
Dean Hiller
  • 841
  • 4
  • 14
  • 31
0
votes
0 answers

AWS EKS - EIA attached on node not reachable by Pod

I'm using a standard AWS EKS cluster, all cloud based (K8S 1.21) with multiple node groups, one of which uses a Launch Template that defines an Elastic Inference Accelerator attached to the instances (eia2.medium) to serve some kind of Tensorflow…
simone201
  • 1
  • 1
0
votes
1 answer

AWS Policy to Read/write RDS

In my scenario , I want a policy that will allow reading and writing of abc-database-backups/rds/postgresql-backup on S3? We'll want the my servers to have that access added. Is creating a role and attaching it to the servers is best or adding a key…
samtech
  • 1
  • 2
0
votes
0 answers

AWS CLI restrict restart of only one instance at a time

We have hub and spoke model in our AWS environment. We are allowed to perform AWS CLI commands from our HUB instances on all other instances. This includes Stop/Start, so we would like to restrict stop/start activity to only one instance at a time.
Rajiv Nakkana
  • 23
  • 1
  • 1
  • 5
0
votes
0 answers

AWS/IAM: Implementing 2-person rule with IAM permissions

I would like to implement a 2-person rule with IAM permissions in AWS. Essentially, for certain privileged operations exposed by AWS services, I would like to require the approval of a second individual. Is there a way to do this? Thanks!
Andrés Fernández
  • 101
0
votes
1 answer

AWS CLI Usage Issue

In our scenario, We previously had some AWS keys. The IAM interface show/showed no usage for it but the employee has been able to upload resources. Could anyone advise how to check if the interface is just erring or if they were perhaps not using…
samtech 2021
  • 61
  • 4
0
votes
0 answers

Individual Local Accounts on AWS

I'm my scenario, Currently, we have all developers connect to ec2 instances using the ec2-user account. Is there a better way to do this so we can see which actions developers take on the machines? I'm wanting to be able to identify who executes…
samtech 2021
  • 61
  • 4
0
votes
1 answer

S3 Logs event Issue

Is there a way to see what actions the 'g2' IAM user is performing in S3, and which IP(s) they are running from? I have already enabled the logging of S3 actions. One point I’m still not able to figure out is that when I’m trying to find logs in…
samtech 2021
  • 61
  • 4
0
votes
0 answers

IAM Profile allows create VPC IPV6 Subnet in some regions. Why does it fail in other regions?

In a test environment to mockup a larger issue, I have an IAM user with a directly attached IAM profile. I have also tried with the profile attached to an IAM Role which the IAM user has assumed. The profile allows CloudFormation to create a VPC…
glenschler
  • 101
  • 2
0
votes
0 answers

AWS IAM user with special permissions

I am having following task to do. I want to create 10 IAM users each user should have login username and password and each IAM user should have separate ec2 instance that can not be visible to others. for an example: user1 user2 user2 ....…
anil
  • 15
  • 6
0
votes
0 answers

Accessing HTTP API using IAM policy

I am using an HTTP API Gateway with {proxy+} route, $default stage and ANY method with IAM Authorization. Before activating IAM Authorization the API responds to every request and to none after activation as expected However, after adding an IAM…
Matias Haeussler
  • 113
  • 5
1 2 3
16
17