amazon-iam

AWS Cloudformation Role is not authorized to perform AssumeRole on Role

可紊 提交于 2021-02-18 10:14:14
问题 I am trying to execute a cloudformation stack which contains the following resources: Codebuild project Codepipeline pipeline Roles needed While trying to execute the stack, it fails with the following error: arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole is not authorized to perform AssumeRole on role arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole (Service: AWSCodePipeline; Status Code: 400; Error Code: InvalidStructureException; Request ID: 7de2b1c6-a432-47e6-8208-2c0072ebaf4b) I created the

AWS Cloudformation Role is not authorized to perform AssumeRole on Role

[亡魂溺海] 提交于 2021-02-18 10:10:57
问题 I am trying to execute a cloudformation stack which contains the following resources: Codebuild project Codepipeline pipeline Roles needed While trying to execute the stack, it fails with the following error: arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole is not authorized to perform AssumeRole on role arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole (Service: AWSCodePipeline; Status Code: 400; Error Code: InvalidStructureException; Request ID: 7de2b1c6-a432-47e6-8208-2c0072ebaf4b) I created the

My AS3 Bucket Policy only applies to some Objects

流过昼夜 提交于 2021-02-17 06:22:07
问题 I'm having a really hard time setting up my bucket policy, it looks like my bucket policy only applies to some objects in my bucket. What I want is pretty simple: I store video files in the bucket and I want them to be exclusively downloadable from my webiste. My approach is to block everything by default, and then add allow rules: Give full rights to root and Alice user. Give public access to files in my bucket from only specific referers (my websites). Note: I manually made all the objects

How can I deny public access to an AWS API gateway while allowing access by only a specific role?

◇◆丶佛笑我妖孽 提交于 2021-02-11 04:38:09
问题 I would like to deny public access to an AWS API Gateway and only allow access when the API is invoked with a specific role. In my test there are two gateways, and one calls the other: Public Gateway -> Private Gateway I want to be able to visit Public Gateway endpoints in a browser and receive a 2XX response, and when visiting the Private Gateway directly I should receive a 4XX response. The only way to access the Private Gateway should be via the Public Gateway (which proxies to the Private

How can I deny public access to an AWS API gateway while allowing access by only a specific role?

老子叫甜甜 提交于 2021-02-11 04:37:15
问题 I would like to deny public access to an AWS API Gateway and only allow access when the API is invoked with a specific role. In my test there are two gateways, and one calls the other: Public Gateway -> Private Gateway I want to be able to visit Public Gateway endpoints in a browser and receive a 2XX response, and when visiting the Private Gateway directly I should receive a 4XX response. The only way to access the Private Gateway should be via the Public Gateway (which proxies to the Private

How can I deny public access to an AWS API gateway while allowing access by only a specific role?

做~自己de王妃 提交于 2021-02-11 04:37:12
问题 I would like to deny public access to an AWS API Gateway and only allow access when the API is invoked with a specific role. In my test there are two gateways, and one calls the other: Public Gateway -> Private Gateway I want to be able to visit Public Gateway endpoints in a browser and receive a 2XX response, and when visiting the Private Gateway directly I should receive a 4XX response. The only way to access the Private Gateway should be via the Public Gateway (which proxies to the Private

Karate: Signing AWS HTTP requests & add the generated headers to the 'request headers'

家住魔仙堡 提交于 2021-02-11 00:23:07
问题 The internal API's we test need to go through the process of signing them (i.e., get AWS Signature) & add the signed headers to 'request headers' before we do any CRUD operation. Signing the requests can happen through AWS-SDK or using something like this https://github.com/lucasweb78/aws-v4-signer-java (if our tests are written completely in Java) What would be the optimum way of achieving this in Karate DSL. Please suggest. 回答1: Read the docs: https://github.com/intuit/karate#http-basic

Adding SQS Permissions with conditions using AWS CLI Command

﹥>﹥吖頭↗ 提交于 2021-02-10 18:43:03
问题 How can I add the below listed SQS permission using AWS CLI command? "Statement": [ { "Sid": "Sid8390000202", "Effect": "Allow", "Principal": "*", "Action": "SQS:*", "Resource": "arn:aws:sqs:us-east-1:12345678:example-queue", "Condition": { "ArnEquals": { "aws:SourceArn": "arn:aws:sns:us-east-1:73628827939:MySNS" } } } ] 回答1: You can save the file locally as set-queue-attributes.json with the following policy. { "Id": "Policy1564523767951", "Version": "2012-10-17", "Statement": [ { "Sid":

Error creating IAM Role. MalformedPolicyDocument: Has prohibited field Resource. Terraform

南笙酒味 提交于 2021-02-10 06:28:06
问题 I have seen several links, but I have to see an example. I have: resource "aws_iam_role" "role" { name = "role" assume_role_policy = <<-EOF { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1590217939125", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::wwe" }, { "Sid": "Stmt1590217939125", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::wwe/*" }, { "Sid": "Stmt1577967806846", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetRandomPassword",

Terraform using IAM role assume

大城市里の小女人 提交于 2021-02-10 05:07:59
问题 I have been using access/secret keys with terraform to create/manage our infrastructure in AWS. However, I am trying to switch to using IAM role instead. I should be able to use a role in my account and assume the role in another account and should be able to run plan, apply etc to build infra in the other account. Any ideas, please suggest. So far, I am testing with https://www.terraform.io/docs/providers/aws/, but for some reason, it is not working for me or the instructions are not clear