Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [amazon-iam]

IAM is Amazon Web Services' Identity and Access Management service

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Using IAM, you can create and manage AWS users, groups and roles and use permissions to allow and deny their access to AWS resources.

253 questions
5
votes
1 answer

AWS Permissions: Lambda access Denied to S3

I have created a Lambda Python function through AWS Cloud 9 but have hit an issue when trying to write to an S3 bucket from the Lambda Function. When I test in Cloud 9 the Python codes runs fine and writes to the S3 bucket perfectly. When I push…
W. Walford
  • 53
  • 1
  • 5
5
votes
1 answer

ElasticBeanstalk permissions needed to deploy new version via AWS CLI

I have an IAM policy setup that I thought provided the right permissions to deploy a new version to an Elastic Beanstalk application. I'm still getting InsufficientPrivilegesException, specifically: aws elasticbeanstalk update-environment…
Sam
  • 720
  • 2
  • 8
  • 18
5
votes
1 answer

How can I tell where an Amazon AWS key is being used?

I have inherited an Amazon AWS environment in which the Root account key has been widely distributed for the purposes of making backups to S3 buckets. I need to track down where the key is being used, so that I can replace it with a key with limited…
Garreth McDaid
  • 3,399
  • 26
  • 41
5
votes
0 answers

IAM Action for `Get-EC2Instance` command in Powershell SDK

Calling Get-EC2Instance from EC2 instance and getting Get-EC2Instance : You are not authorized to perform this operation. Which IAM action do I need to add to my policy?
jaywayco
  • 151
  • 2
5
votes
1 answer

How can I chain AWS IAM AssumeRole API calls?

There are a number of AWS accounts which I don't control. I've had the account owners deploy an IAM Role, TrustingSecurityAuditor, into their accounts which grants the right to assume the TrustingSecurityAuditor role to a different IAM role in my…
gene_wood
  • 483
  • 5
  • 15
5
votes
2 answers

Getting files from an s3 bucket using IAM role credentials

I am trying to retrieve some files from a private s3 bucket to a filesystem location elastic beanstalk ec2 instance, but with no success. I've created a bucket named dev-config containing a file named local.properties. I've created a IAM policy…
diffa
  • 141
  • 1
  • 10
5
votes
3 answers

IAM policy to restrict access to one VPC

I am trying to restrict users to a single VPC. I went through Controlling Access to Amazon VPC Resources and came up with the following policy but it does not work. Can someone point out the errors in it? I should mention that IAM Policy Simulator…
Satie Sharma
  • 53
  • 1
  • 1
  • 4
4
votes
2 answers

Restrict access to S3 bucket folders to specific website users? (not using IAM Users)

I have a website where users need to log in. They can upload and delete their own pictures BUT these pictures are supposed to be private so images are not set to public that anyone can view. I know that we can use IAM policies to restrict access to…
Dora
  • 341
  • 1
  • 3
  • 14
4
votes
2 answers

Failed registering Scalable Target when defining auto scale option for ECS

But I am getting this error: Failed registering Scalable Target Scalable Target could not register scalable target: 1 validation error detected: Value '' at 'roleARN' failed to satisfy constraint: Member must have length greater than or …
Anthony Kong
  • 2,976
  • 10
  • 53
  • 91
4
votes
5 answers

Ansible AWS dynamic inventory: `./ec2.py --list` unauthorized

I'm trying to use Ansible's ./ec2.py --list --refresh-cache to list my AWS EC2 instances. Via documentation, I've run through this checklist: AWS (docs via Amazon's Controlling Access to Amazon EC2 Resources & Error Codes) Create an IAM User and…
Morgan Delaney
  • 141
  • 1
  • 5
4
votes
4 answers

Creating temporary access keys for federeated IAM users

We have set up IAM roles that allow federated users that are authenticated with Okta to gain access to the AWS Console. Some of the users need temporary AWS access keys to use the AWS command line tools locally. Is there any way for those users to…
thesamet
  • 317
  • 1
  • 2
  • 7
4
votes
1 answer

How can I use IAM pollicies to restrict a user to only launch instances with a specific set of AMIs?

I have the AMIs I want to allow tagged with the "type" tag. Here's the policy I tried: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:StartInstances" ], …
fields
  • 690
  • 1
  • 10
  • 21
4
votes
2 answers

How can I give an AWS IAM user permissions to manage his own security credentials?

Specifically, I want the user to be able to create/delete his own access keys ("Action": ["iam:*AccessKey*"]) in the AWS console, but without giving them a full user list view in the IAM dashboard. The instructions listed in the AWS documentation…
dorian
  • 397
  • 1
  • 7
  • 22
3
votes
2 answers

Securely storing AWS access credentials in an on-premise server

What is the best way to store AWS IAM access credentials in a physical/virtual server so services running in it can access it? This is a problem which was fixed long ago for EC2 instances through instance profiles but I don't know what the best…
scetoaux
  • 1,269
  • 2
  • 12
  • 25
3
votes
4 answers

AWS IAM: Restrict Console Access to only One Instance

I am trying to create an IAM user for the AWS Console with permission to list and perform action on only 1 instance. So I have a total of 6 Instances and I tried hiding 5 of them via IAM Policies by adding the below policy: Breakdown 1. First took…
ServerInsights
  • 51
  • 2
  • 6
1 2
3
16 17