amazon-iam

问题 I want to get user details from AWS IAM so I have created a lambda function but there is an error with response code 502. My code is as below. var AWS = require('aws-sdk'); var iam = new AWS.IAM(); AWS.config.loadFromPath('./config.json'); let getUsers = async (event, callback) => { var params = { UserName: "5dc6f49d50498e2907f8ee69" }; iam.getUser(params, (err, data) => { if (err) { callback(err) } else { console.log(data) callback(data) } }) }; 回答1: Since your function already is async you

问题 I have been trying for the past days to publish a sns however no matter what i code i just cant get it to send. Be aware i am not a coder, i just do this for fun. I have set up an IAM policy and rule as below and ran it with the policy simulator and it works fine. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sns:Publish", "Resource": "arn:aws:sns:us-east-1:*******:CallBell" } ] } i have this at the beginning of my code. var AWS = require("aws-sdk"); var sns = new

问题 I am trying to fetch the list of services that is allowed by a role. I see the AWS console has the Access Advisor information which fits my needs but I see no API support. Anyone know a way to call policy summary call (or something similar) that can provide that information without having to do this manually on the client side? 回答1: You are correct. There is no API call that provides information similar to the Access Advisor. The closest option is the ability to fetch the IAM policy, but you

问题 I am new to AWS world and still learning. It's been only a month that I am trying things. I have been looking for it for quite a few days now and haven't been able to find a correct and more appropriate solution. Therefore it would be great if somebody can help me by giving a sample code, provide some pointer or guide in the right direction. I have a AWS RDS MySQL instance and a database created. I have configured " IAM DB AUthentication Enabled " to "Yes". Created an IAM Role and Policy as

问题 My developer has created an EC2 instance on AWS and I want to be able to access it via my own dashboard. What I did is: As a root user, I created an IAM account for me and him and assigned us both to a group named PowerUsers I created an Organizational Unit and added his account to it When he goes to his EC2 dashboard, he sees his created instances. But when I go to my EC2 dashboard, I see nothing. We both selected the correct region. I hope someone can help us out here, I can't seem to get

问题 i'm trying to upload a file (an image for my tests) to my s3 bucket with a pre-signed post generated with AWS SDK PHP. Firstable i generate the pre-signed post, then i manually create the request with given PostObjectV4 datas with Postman or via a simple html form... After filling everything, the request result in Access Denied :-(. The user associated with the client to generate the PostObjectV4 has Allowed s3:PutObject policy on the corresponding bucket. I've already tried to : Set my

问题 i'm trying to upload a file (an image for my tests) to my s3 bucket with a pre-signed post generated with AWS SDK PHP. Firstable i generate the pre-signed post, then i manually create the request with given PostObjectV4 datas with Postman or via a simple html form... After filling everything, the request result in Access Denied :-(. The user associated with the client to generate the PostObjectV4 has Allowed s3:PutObject policy on the corresponding bucket. I've already tried to : Set my

问题 I use an Elastic Beanstalk environment for deploying a web application, and I've set up an IAM role for the instances the application will run on. Everything works flawlessy 99.99% of the time, however intermittently I will see errors in our logs with request failures showing botocore errors like the following: File "/opt/python/run/venv/local/lib/python3.6/site-packages/boto3/resources/factory.py", line 339, in property_loader self.load() File "/opt/python/run/venv/local/lib/python3.6/site

问题 As per AWS documentation, When you use an AWS account identifier as the principal in a policy, you delegate authority to the account. This delegation works fine when an AWS account identifier is specified in the Principal element of an Allow statement of a Bucket policy. In this case, it is not required to specify the individual IAM users in the Principal element (Of course, there must be an IAM policy that grants the IAM users access to bucket). However, this delegation does not appear to

问题 I am looking for a Java database connection pool that allows me to use AWS IAM Database Authentication for my Aurora MySQL. The pool should be able to work Tomcat context.xml file. I have looked at Tomcat DBCP, dbcp2, HikariCP and c3p0. But they all seem to asume the username and password is known at application startup and does not change in the lifetime of the application. For IAM database authentication the credentials change every 15 minutes so the pool needs to ask the AWS IAM for a new