Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

253 questions
8
votes
2 answers

Automating the MFA Device Activation for IAM Users

I am creating more than 20 IAM users and I want to enable virtual MFA device for them. Is there any way I can do it at once for all of them or any way to automate this task ? I want to make it mandatory for all IAM users to use MFA and without…
Yeleshwar
  • 81
  • 3
8
votes
1 answer

AWSLambdaExecute policy definition

Foreword: I'm not asking for configuration help. My use case is covered and working fine. This is a theoretical question. On AWS there is a policy called AWSLambdaExecute which is defined as follows: { "Version": "2012-10-17", "Statement": [ …
Notinlist
  • 217
  • 2
  • 10
8
votes
1 answer

How do I generate an IAM policy for making snapshots?

I have volumes mounted on EC2 instances of which I would like to make snapshots. I created a new IAM user with the following policy: { "Statement": [ { "Sid": "...", "Effect": "Allow", "Action": [ …
juuga
  • 203
  • 2
  • 3
  • 6
7
votes
1 answer

How can one configure an AWS ElasticSearch access policy using CloudFormation?

The AWS documentation on ElasticSearch access control talks about how to grant access to the ES domains subresources while preventing changes to the domain's configuration by creating an ES domain resource policy and setting the resource to the ES…
gene_wood
  • 483
  • 5
  • 15
7
votes
1 answer

generate permissions for cloudformation stack deployment

I have CloudFormation stack, which is frequently updated by a script (changing source AMIs for launch configuration). I would love to have it deployed by the same script, executed by non-privileged user/instance role. Currently all updates are made…
stimur
  • 894
  • 5
  • 11
7
votes
4 answers

How to know if an AWS IAM role is actually being used

I'm doing some cleanup on an AWS account and I see many roles that I'm almost positive are not being used. The account has many services being used so a manual check is impractical. Is there a way to know how many times a particular AWS Role is…
Julian
  • 505
  • 3
  • 6
  • 15
6
votes
1 answer

Why does AWS Lambda need to pass ecsTaskExecutionRole to ECS task

I am writing an AWS Lambda function to trigger an ECS Fargate task. I am following the example provided at Run tasks with AWS Fargate and Lambda. While my setup works, there is one of the parts involving IAM roles that I do not understand. One of…
user35042
  • 2,601
  • 10
  • 32
  • 57
6
votes
2 answers

AWS elastic beanstalk: Errno 404 downloading file from S3 on deployment

I'm following the docs on fetching certificates from s3 when a new instance is deployed to elastic beanstalk. The instructions are fairly straightforward: create a config file under app-root/.ebextensions that reads: Resources: …
AlexanderF
  • 211
  • 1
  • 9
6
votes
3 answers

Determine IAM requirements for Cloudformation Stack

I'm currently developing and launching a relatively simple cloudformation stack. Just some simple RDS stuff, triggered through and external CI+CD service. However, my current cycle for development is incredibly inefficient, purely because I don't…
SCB
  • 161
  • 6
6
votes
3 answers

What is the permission for a IAM user to create a ECR repository?

My IAM user is getting this error User: arn:aws:iam::123456789:user/admin is not authorized to perform: ecr:CreateRepository on resource: * when I try to create a repository. I have already grant AmazonEC2ContainerServiceFullAccess to the group…
Anthony Kong
  • 2,976
  • 10
  • 53
  • 91
6
votes
1 answer

Create an IAM Policy that allows everything except IAM except PassRole

I'm attempting to modify an IAM Policy so that users can associate an IAM Role with EC2 instances that allows Read Only rights to our S3 buckets. Our teams do quite a bit of R&D with AWS, and so I'm loathe to restrict access to any AWS services…
Dan Caseley
  • 163
  • 1
  • 4
6
votes
2 answers

I can't upload server certificate on AWS IAM

I got AWS iam working on my server, and trying to upload some certificates: aws iam upload-server-certificate --server-certificate-name domain2014 --certificate-body file:///var/www/html/certificate.pem --private-key…
Diego Sarmiento
  • 183
  • 2
  • 9
6
votes
2 answers

Amazon AWS IAM Policy for single VPC Subnet

I want to create an IAM policy that allows a user deploy instances as follows: They can only use 1 AMI They can only deploy to 1 specific VPC subnet They can only use 1 specific VPC security group This scenario is addressed in the VPC…
Garreth McDaid
  • 3,399
  • 26
  • 41
6
votes
2 answers

Restrict the visibility of EC2 instances using IAM accounts

I'm looking for a way to restrict the visibility ec2 instances to certain IAM accounts. I'd really like a way for a particular account to only be able to see the instances that it has created i.e. when it does a describeInstances only those it has…
sgargan
  • 235
  • 3
  • 5
5
votes
1 answer

AWS: How to figure out where an explicit deny is coming from?

So my manager have left the company a few months back, leaving me to manage things on my own, and now, I'm looking through cloud trail events, and found that in one of our accounts, I have an explicit deny from viewing them. Here is some background.…
Tom Klino
  • 601
  • 1
  • 7
  • 14
1
2
3
16 17