Questions tagged [amazon-iam]

-2 votes
0 replies
Resell service AWS
I want to Resell AWS service like resell instance EC2 but I don't know what should I control user account with policies or organization. Anyone c...
0 votes
1 replies
c# BasicAWSCredentials object does not have SecureString parameter for SecretKey
According to the documentation here - https://docs.aws.amazon.com/sdkfornet1/latest/apidocs/html/T_Amazon_Runtime_BasicAWSCredentials.htm The Ba...
asked 1 month ago
0 votes
1 replies
Can i use wildcards to define a resource in an AWS IAM role?
Im specifying a role in CloudFormation but need to be able to access multiple resources. So for example i may have 5 repos named myrepos1, myrep...
0 votes
1 replies
Could not find S3 endpoint or NAT gateway for subnetId
I am unable to connect AWS Glue with RDS VPC S3 endpoint validation failed for SubnetId: subnet-7e8a2. VPC: vpc-4d2d25. Reason: Could not fin...
0 votes
0 replies
Set resource for iamRoleStatements to my Lambda function in Serverless Framework
I'm using Serverless for my Lambda deployment and when creating my iamRoleStatements I want the resource to be set to my Lambda's ARN. I've trie...
0 votes
0 replies
How to link CodeBuild with CodeCommit repo in different account?
I'm trying to set up CodeBuild with a CodeCommit source that lives in another AWS account. I believe this can be done using AssumeRole but I've h...
0 votes
0 replies
How to secure dynamically created and named “directories” per user inside an Aws S3 bucket
i’m looking for help on how to how to secure dynamically created and named "directories" per user inside an Aws S3 bucket. I looked a lot of AWS...
1 votes
1 replies
DynamoDB deny access to everyone but administrators and Lambda functions
I have several AWS Lambda functions, each one containing the following aliases (stages): dev, qa and prod. Each of these functions have some env...
0 votes
1 replies
IAM permission for user to only view their own instance
I want to define an IAM User that can view and access only their own instance and not another one. I have created a user root to control users a...
1 votes
0 replies
Grant Cloudformation permissions to only resources that are part of the stack
At my company, our CI/CD pipleline can only connect to AWS via an assumed IAM role. I'm trying to lock down this role so that it can only update...
1 votes
1 replies
How to look up the IAM Actions needed for a given AWS API call?
Is there a way to look up the permissions you'll need enabled in order to make a call to the AWS API? For example, I want to call PutMetricAlarm...
asked 2 months ago
1 votes
1 replies
IAM Roles for Sagemaker?
I'm trying to get AWS SageMaker to call AWS Comprehend. I'm getting this message in SageMaker: ClientError: An error occurred (AccessDeniedEx...
0 votes
0 replies
S3 Bucket Policy to Allow access to specific AWS services and users and restrict other all
I have a bucket policy which is restricting other users to access. But I want, For aws services it should be accessible like EMR etc. I found sam...
0 votes
1 replies
aws cross account dynamodb access with IAM role
I have an aws ecs ec2 instance in one account and it is trying to access the dynamob db tables on another aws account. I am not using any aws acc...
1 votes
1 replies
Change User Agent of AWS SDK in Java
Is it possible to change the user-agent of AWS SDK services when we initiate services such as S3 or IAM? The reason is that using the SDK any act...
0 votes
1 replies
Cannot use generate_service_last_accessed_details with Boto3
I'm trying to get the last accessed details for an IAM Role. self.client = boto3.client('iam') resources = self.client.list_roles().get('Roles')...
asked 2 months ago
0 votes
1 replies
How to fix datetime TypeError in python
I'm pulling cert information out of IAM in AWS and trying to format the expiration date. However, when trying to slice up the date, i'm getting t...
asked 2 months ago
-4 votes
1 replies
Cloudfoundry Password - Code vulnerability
Below is the GO code used from client library to connect to Cloud foundry. c := &cfclient.Config{ ApiAddress: "https://x.y.z.cloud",...
0 votes
0 replies
ARN structure of AWS Client VPN Endpoint
I'm trying to set up an IAM policy which will allow exporting the client configuration from a Client VPN Endpoint: { "Version": "2012-10-17"...
asked 2 months ago
0 votes
0 replies
Is there a way to allow IAM users to view a single Codedeploy application?
I have created a custom IAM policy to attempt to allow trusted IAM users to run deployments on AWS. Since these IAM users are outside of our AWS...
0 votes
0 replies
How to build AWS Opsworks permission for specific application
I would like to create Deny permissions for "opsworks:UpdateApp" and "opsworks:DeleteApp" to a specific Stack's application. The format for Opsw...
0 votes
0 replies
Capturing IAM logs specific to Event types in cloud trail
I am using cloud trail to track IAM changes and put in S3 bucket. Is there any way to save logs only for event type as AttachUserPolicy? As cloud...
0 votes
2 replies
How to enable read write amazon s3 bucket permission
I want to connect my ghost blog made with heroku to my s3 bucket in aws to be able to upload images in posts. I have my user ARN: arn:aws:iam::...
1 votes
1 replies
Cloudformation template is unable to execute retrieval of mount target
I have the following command in the userdata of my cloudformation template: MOUNT_TARGET_IP=$(aws efs describe-mount-targets --file-system-id fs...
0 votes
2 replies
Execute ssm.send_command to EC2 from Lambda. IAM problems
I have problems with execution command on Windows machine from Lambda function using ssm.send_command in Python. This Lambda functions should exe...