amazon-iam

问题 Below is the custom execution role( some-role-serv-LogicalID-GDGGGGGBMW2 ) created for lambda function( AWS::Serverless::Function ) written using SAM template: { "permissionsBoundary": { "permissionsBoundaryArn": "arn:aws:iam::111222333444:policy/some-permission-boundary", "permissionsBoundaryType": "Policy" }, "roleName": “some-role-serv-LogicalID-GDGGGGGBMW2”, "policies": [ { "document": { "Version": "2012-10-17", "Statement": [ { "Action": "sqs:*", "Resource": "arn:aws:sqs:us-east-1

问题 Below is the custom execution role( some-role-serv-LogicalID-GDGGGGGBMW2 ) created for lambda function( AWS::Serverless::Function ) written using SAM template: { "permissionsBoundary": { "permissionsBoundaryArn": "arn:aws:iam::111222333444:policy/some-permission-boundary", "permissionsBoundaryType": "Policy" }, "roleName": “some-role-serv-LogicalID-GDGGGGGBMW2”, "policies": [ { "document": { "Version": "2012-10-17", "Statement": [ { "Action": "sqs:*", "Resource": "arn:aws:sqs:us-east-1

问题 I am looking to enforce all IAM users(local and remote) to enable and activate their MFA devices. I want them all to enable MFA to do their respective tasks. I am trying with the following policy { "Effect": "Allow", "Action": "*", "Resource": "*", "Condition": {"Bool": {"aws:MultiFactorAuthPresent": "true"}} } However; this policy applies irrespective of how you are accessing the services, through console or through APIs There is a lot of automation done by all users and their automation

问题 I have an AutoScaling group who must have the access to the AWS ElasticSearch Service, But as you know, using IP address as access policies will not work in this case (The ip change every time). I wonder if there is a way to use IAM Roles or Security groups to limit the access to the auto scaling group. If there is can you give me an example? Thank you in advance 回答1: You specify which IAM users or roles should have access to your domain. All requests to the domain must be signed with AWS

问题 I have an AutoScaling group who must have the access to the AWS ElasticSearch Service, But as you know, using IP address as access policies will not work in this case (The ip change every time). I wonder if there is a way to use IAM Roles or Security groups to limit the access to the auto scaling group. If there is can you give me an example? Thank you in advance 回答1: You specify which IAM users or roles should have access to your domain. All requests to the domain must be signed with AWS

问题 I'm a newbie to AWS, I'm building an application where the users should be logged in via AWS account. So I created a user pool and authenticated via AWS SDK using the federated identities. But the users were created manually in the Cognito UI.But the requirement is to authenticate the user if they already resides in AWS as an IAM user. But AWS cognito does not provide a workflow to import the IAM users to cognito pool. So is there another way to accomplish this via AWS ? Thanks in Advance.

问题 I have created a policy for restricting access of a user to a single instance as: { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1392113879000", "Effect": "Allow", "Action": [ "ec2:*" ], "Resource": [ "arn:aws:ec2:us-east-1:account:instance/instance_id" ] } ] } But I am getting this error: You are not authorized to describe Running Instances You are not authorized to describe Elastic IPs You are not authorized to describe Volumes You are not authorized to describe Snapshots You are

问题 I have a question about writing IAM policies on AWS S3 that was partially answered here, in this nice post by Jim Scharf: https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/ Taking Jim's post as a starting point, what I am trying to achieve is preventing a user from even knowing about the existence of other users that have access to the same bucket while using S3's console. Jim's solution, as well as others I've found,

问题 I have a question about writing IAM policies on AWS S3 that was partially answered here, in this nice post by Jim Scharf: https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/ Taking Jim's post as a starting point, what I am trying to achieve is preventing a user from even knowing about the existence of other users that have access to the same bucket while using S3's console. Jim's solution, as well as others I've found,

问题 We have have an existing application and we are developing the new APIs required for our application in AWS. We want to enable role based access control to our AWS API without migrating our users to AWS Cognito. We think we might need to use Developer Identity Provider and IAM Roles, but not sure how the users from our application will be attached to IAM Roles. Any help in this direction will be appreciable. Thanks in advance. Note: I am new to AWS. 回答1: I think you should have a look at API