Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

253 questions
0
votes
2 answers

Best Practice for AWS IAM access keys for use with AWS SDK

I want to know the best practice used by big company's for programmatic access for multiple AWS services as there are multiple programs needing access to different-2 services so how it is managed? Did they create multiple access keys for each…
Rocky
  • 49
  • 1
  • 9
0
votes
1 answer

How to use aws-iam-authenticator with remote Terraform Cloud Runs?

I am already successfully using Terraform with the Kubernetes provider to manage various part of and services on an EKS cluster in AWS. I would like to use Terraform Cloud to manage it (and take advantage of the nice Github/VCS integrations).…
Adam C
  • 5,132
  • 2
  • 28
  • 49
0
votes
0 answers

Increasing general AWS console timeout

The AWS console appears to kick you out after 24-hours, and I'd like to increase it slightly. This has nothing to do with SSO. Is this a fundamental requirement or can it be tweaked somewhere?
Dustin Oprea
  • 510
  • 1
  • 7
  • 19
0
votes
0 answers

Can i access an EKS cluster , if i don't have access to iam user that created it?

An AWS admin , created an IAM user , and that user created an EKS cluster. Now , we don't have access to that IAM user. If , we try to execute , kubectl , commands on that EKS cluster from a new IAM user that has admin level permissions, we still…
Dawood Abbas
  • 1
  • 1
0
votes
1 answer

AWS-IAM - How to give a combining specific access to specific region with some resource tags

Hello I am trying to combine some rights access for a user using IAM policies: Full access to one region ONLY (i.e: ap-east-1) ReadOnlyAccess to another region (i.e: us-east-1) Write access only to (i.e: us-east-1) region with a tag like:…
serialp
  • 13
  • 3
0
votes
1 answer

AWS Resource deletion should require 2 user's approval

We have a business requirement wherein the deletion of resources in AWS account should require approval of 2 users - may be an admin and the manager. There doesn't seem to be a straightforward, out-of-the-box way to do this. We can manage the…
amolkul
  • 111
  • 5
  • 9
0
votes
1 answer

AWS ec2 instance IAM user but root user not seeing

I have a client and he has given me IAM access to my email to his AWS account. and I have logged in successfully and then lunch an EC2 instance to his account as IAM user. But the client not seeing the instance to his side as a root user. What is…
how recepes
  • 103
  • 2
0
votes
1 answer

AWS IAM policy to allow user to edit one specific Security Group only

I'm trying to allow a user to modify inbound rules on one particular security group. Here's what I tried. I thought it would be straight forward, but this doesn't work. What other permissions do I need to provide? { "Version": "2012-10-17", …
BadHorsie
  • 127
  • 2
  • 8
0
votes
0 answers

IAM for restricting specific request values

I would like to make an IAM user which was access to the AWS Lightsail CreateInstances API, but only if they make a request where bundleId is nano_2_0. I am aware of condition keys in AWS, but according to the documentation on that, only tag-related…
Mathias Lykkegaard Lorenzen
  • 341
  • 2
  • 4
  • 10
0
votes
1 answer

Billing access denied, tho Ive granted all access to an IAM user

I currently cant watch or edit Billing (through IAM User Access to Billing Information) because the AWS console says that I dont have permissions. I am the only user in the account, with a full IAM access in the group and directly on the user as…
dash
  • 101
0
votes
1 answer

AWS- adding organisation members in a specific OU

We have multiple OU's in our AWS organisation. We use AWS cli to create new AWS organisation members. For eg. aws organizations create-account --email test@example.com --account-name "testaccount" Everytime a new member account is created, it is…
Axel
  • 323
  • 1
  • 6
  • 17
-1
votes
2 answers

AWS CLI EC2 describe-address with IAM restriction

I'm trying to find a way of listing/describing the public IP (doesn't have to be an EIP) of an EC2 instance. I've read about Describe* and I'm aware of the limitation of not being able to specify the resource in the policy. So my question is: While…
t988GF
  • 101
  • 2
-2
votes
1 answer

IAM policy for restricting Glue resources

I want to limit a user to a specific database. User should be able to do all the actions to that database and its tables. All the examples I found in the documentations limit the Action, but never Resource. The example below gives user access to all…
Aidin
  • 97
  • 4
1 2 3
16
17