amazon-iam

问题 I have two users User1 and User2 that each have an IAM account in AWS. I have an s3 bucket "external_bucket.frommycompany.com". In that bucket is a folder for each user account "User1" and "User2". I want to grant R/W access to User1 to the User1 folder only and R/W access to User2 to the User2 folder only. I don't want them to be able to see each others' folders in the root directory of external_bucket.frommycompany.com. Is there a way to set up their IAM Policies such that this is possible?

问题 I'm using the AWS JavaScript SDK . Both - var s3 = new AWS.S3(); var dynamodb = new AWS.DynamoDB(); Works fine. When I try - var iam = new AWS.IAM(); I am presented with: TypeError: AWS.IAM is not a constructor 回答1: This means that IAM is not part of the SDK that you downloaded. In the current SDK builder, IAM is not enabled by default. Go to this page and add the services that you need and download a new version. SDK Builder 来源： https://stackoverflow.com/questions/47081457/aws-iam-is-not-a

问题 I'm using the AWS JavaScript SDK . Both - var s3 = new AWS.S3(); var dynamodb = new AWS.DynamoDB(); Works fine. When I try - var iam = new AWS.IAM(); I am presented with: TypeError: AWS.IAM is not a constructor 回答1: This means that IAM is not part of the SDK that you downloaded. In the current SDK builder, IAM is not enabled by default. Go to this page and add the services that you need and download a new version. SDK Builder 来源： https://stackoverflow.com/questions/47081457/aws-iam-is-not-a

问题 I want to assign different permissions for different functions listed in my serverless.yml functions: hello: handler: handler.hello crawl-distributor: handler: CrawlDistributor.handler product-scanner: handler: ProductScanner.handler iamRoleStatements: - Effect: Allow Action: - dynamodb:* - lambda:* Resource: "*" This doesn't seem to work. When I add the iamRoleStatements at the provider level, it works, but ends up applying the permissions to all the functions. provider: name: aws runtime:

问题 Precisely following the step-by-step instructions on this page I am trying to export contents of one of my DynamoDB tables to an S3 bucket. I create a pipeline exactly as instructed but it fails to run. It seems that it has trouble identifying/running an EC2 resource to do the export. When I access EMR through AWS Console, I see entries like this: Cluster: df-0..._@EmrClusterForBackup_2015-03-06T00:33:04Terminated with errorsEMR service role arn:aws:iam::...:role/DataPipelineDefaultRole is

问题 Is there a way to get the User Name attached to the Access Key for the credentials you're using to access AWS via Java? I would like to be able to get the User Name that's defined in the IAM Users section so that I can setup user-specific buckets/folders and then dynamically point the script to them based on the access key's User Name (so I can change the access key in the future, if necessary, without changing the bucket/folder name). 回答1: I've now found a much better method of getting the

问题 Do you have a problem understanding S3 IAM Policies and Directives ? Can't quite wrap your head around their documentation ? I did. I had a situation where I had to lock out several IAM users from a particular folder, and several buckets, except one, and most of their solutions and example solutions were about as clear as mud as far as I was concerned. After scouring the web and not finding what I was looking for I came upon a resource (http://blogs.aws.amazon.com/security/post

问题 Does AWS Identity and Access Management (IAM) provide a way so that a user can only edit or delete the items in an Amazon DynamoDB table he added before? 回答1: This became possible after AWS added Fine-Grained Access Control for Amazon DynamoDB, which facilitates AWS Identity and Access Management (IAM) policies to regulate access to items and attributes stored in DynamoDB tables . The introductory blog post illustrates the outstanding granularity of this feature and resulting simplifications

问题 I want to call an AWS API Gateway Endpoint that is protected with AWS_IAM using the generated JavaScript API SDK . I have a Cognito UserPool and a Cognito Identity Pool . Both properly synced via ClientId . I use this code to Sign in and get the Cognito Identity AWS.config.region = 'us-east-1'; // Region AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: 'us-east-1:XXXXXXXXXXXXXXXXXXXXXXXX' // your identity pool id here }); AWSCognito.config.region = 'us-east-1';

问题 When running code on an EC2 instance, the SDK you use to access AWS resources, automagically talks to a locally linked web server on 169.254.169.254 and gets that instances AWS credentials(access_key, secret) that are needed to talk to other AWS services. Also there are other options, like setting the credentials in ENV variables or passing them as command line args ... What is the best practice here? I really prefer to let the container access the 169.254.169.254 (by routing the requests) or