amazon-iam

问题 Given the input of just an AWS Access Key and an AWS Secret Key, how can I use the AWS SDK to lookup what kind of permissions that the account can do? I want do XYZ for a customer so the customer needs to give the access key and secret key to me to perform XYZ programmatically. However, before trying to do any of those actions, I'd like to verify that the credentials they gave me have access to certain privileges, such as being able to create S3 objects or being able to launch an EC2 instance

问题 I have created a policy which allows users to do all ec2 actions but restricts user to runinstances and createvolumes and terminate instances only when they pass the given tag key-values pairs with a explicit deny. ec2 full permissions policy { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "ec2:*", "Resource": "*" } ] } ec2 run instance and create volumes explicit deny with conditions. { "Version": "2012-10-17", "Statement": [ { "Sid":

问题 I have an AWS API Gateway that I would like to secure using IAM Roles . I am looking for a package to help me accessing it using Python. I am trying to avoid implementing the entire Version 4 Signing Process. I am sure there must be some library I can use. I looked into aws-requests-auth but it requires a "aws_service" to generate the signature. I looked also to boto3 but I am not able to find any way to just add authentication headers to a general request. 回答1: You can use aws-requests-auth

问题 I'm trying to integrate S3 and Cognito into my iOS App, so far not successfully. I believe the error is connected to my IAM Policy for Auth and Unauth users. So here's my policy: { "Version": "2012-10-17", "Statement": [{ "Effect":"Allow", "Action":"cognito-sync:*", "Resource":["arn:aws:cognito-sync:us-east-1:XXXXXXXXXXXX:identitypool/${cognito-identity.amazonaws.com:aud}/identity/${cognito-identity.amazonaws.com:sub}/*"] }, { "Effect":"Allow", "Action": "s3:*", "Resource": ["arn:aws:s3:::my

问题 I'm trying to deploy my django app via amazon Elastic BeanStalk(using this tutorial), but getting the following error. ERROR: Elastic Beanstalk could not find any platforms. Ensure you have the necessary permissions to access Elastic Beanstalk. How can i fix this issue? Thanks! 回答1: Problem is, as @helloV said, your user does not have access. Now this was a complete surprise to me because I was using the root (which I really shouldn't) and I ASSUMED it would just have access. So solution is

问题 I need to fetch all the aws user's, their corresponding groups, policies and then if mfa is activated for them or not. Can anyone tell me how it can be done via aws cli or boto. I have a script that fetches out just the all user's in aws. import boto3 from boto3 import * import argparse access_key = '' secret_key = '' def get_iam_uses_list(): client = boto3.client('iam', aws_access_key_id=access_key, aws_secret_access_key=secret_key) my_list=list() iam_all_users = client.list_users(MaxItems

问题 I need to fetch all the aws user's, their corresponding groups, policies and then if mfa is activated for them or not. Can anyone tell me how it can be done via aws cli or boto. I have a script that fetches out just the all user's in aws. import boto3 from boto3 import * import argparse access_key = '' secret_key = '' def get_iam_uses_list(): client = boto3.client('iam', aws_access_key_id=access_key, aws_secret_access_key=secret_key) my_list=list() iam_all_users = client.list_users(MaxItems

问题 we have someAWSAccount assuming someaccountrole with instance profile name p in AWS. Managed policy by name some-permission-boundary is created in this account( someAWSAccount ). Purpose of creating this boundary policy in this account is mentioned below. Requirement is, Resources: HelloWorldFunction: Type: AWS::Serverless::Function Properties: CodeUri: hello-world/ Handler: app.LambdaHandler Runtime: nodejs8.10 Events: MySQSEvent: Type: SQS Properties: Queue: !GetAtt SomeQueue.Arn BatchSize:

问题 So I have a mobile app that uses AWS's IAM infrastructure that effectively allows me to provide temporary access tokens to anonymous mobile devices, so that they can run queries against AWS services directly from the mobile device. Does anyone know if Windows Azure has a drop in replacement for this sort of thing too? I've read about Windows Azure Access Control but all examples seem to focus on allowing authentication via the likes of Facebook, Twitter or Windows Live etc. In my case, I don

问题 So I have a mobile app that uses AWS's IAM infrastructure that effectively allows me to provide temporary access tokens to anonymous mobile devices, so that they can run queries against AWS services directly from the mobile device. Does anyone know if Windows Azure has a drop in replacement for this sort of thing too? I've read about Windows Azure Access Control but all examples seem to focus on allowing authentication via the likes of Facebook, Twitter or Windows Live etc. In my case, I don