amazon-iam

问题 I have some app configuration stored in a file in an S3 bucket (api keys). I have the S3 bucket configured to only allow access via a specific VPC endpoint, which ties the keys to specific environments, and prevents e.g. production keys being accidentally used in a staging or test environment. However occasionally I need to amend these keys, and it's a pain. Currently the bucket policy prevents console access, so I have to remove the bucket policy, update the file, then replace the policy.

问题 I am trying to use "listObjects" operation on a bucket. This is accessed thru a WebService and I don't want to give user Console Access. Role Policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mobileanalytics:PutEvents", "cognito-sync:*", "cognito-identity:*" ], "Resource": [ "*" ] }, { "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::BucketName" ], "Condition": { "StringLike": { "s3:prefix": [ "${cognito-identity.amazonaws.com:sub}

问题 I'm trying to run the following PHP code on my server: require 'aws_sdk_php/aws-autoloader.php'; use Aws\Ses\SesClient; echo 'teste1'; $client = SesClient::factory(array( 'key' => 'xxxxx', 'secret' => 'yyyyy', 'region' => 'us-east-1' )); echo 'teste2'; echo $client->listIdentities(); echo 'teste3'; echo $client->verifyEmailIdentity(array( 'EmailAddress' => 'my_email@gmail.com' )); I created a user with permission to send emails using SMTP (ses:SendRawEmail) and it works just fine. However the

问题 I am new to IAM in AWS. And, i desire to restrict the Query for various users to only table entries where primary key matches the cognito id. To achieve this, I created the policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAccessToOnlyItemsMatchingUserID", "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem" ], "Resource": [ "arn:aws:dynamodb:us

问题 I am very new to AWS. I created an IAM role which has full access to S3 . I assigned this role to a Windows Server EC2 instance. I then installed CLI on that instance. I then remoted into that instance using RDP, and started a CMD windows, and typed in aws s3 ls It complained that Unable to locate credentials. You can configure credentials by running "aws configure". Now that this EC2 has been assigned the role that has full access to S3, why can't I directly access S3? 回答1: To use AWS CLI

问题 I'm trying to automate a db backup upload to s3 on an ubuntu machine. I have the db backup generating correctly, but when I try to upload to s3 I get the following error: A client error (InvalidAccessKeyId) occurred when calling the PutObject operation: The AWS Access Key Id you provided does not exist in our records. I used the command line aws configure command to configure my credentials, then opened the ~/.aws/config file and made sure it was correct. I also ran aws configure list and

问题 I have a brand new IAM user that I want to give upload & read access to my newly created bucket - myapp . This is the policy I am using for my user now: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::myapp" ] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource"

问题 I am creating a new user through android app programatically using amazon web-service. here is my code(asynctask): private class S3RegisterNewUser extends AsyncTask<String, Void, String> { ProgressDialog dialog; String email; public S3RegisterNewUser(String email) { // TODO Auto-generated constructor stub this.email=email; } protected void onPreExecute() { dialog = new ProgressDialog(S3UploaderActivity.this); dialog.setMessage(S3UploaderActivity.this .getString(R.string.plswait)); dialog

问题 I follow this link documentation http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html#ex5 I want to provide a user specific Image Launch permission which specified tag, "department=dev". { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": [ "arn:aws:ec2:region::image/ami-*" ], "Condition": { "StringEquals": { "ec2:ResourceTag/department": "dev" } } }, { "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": [

问题 I have a few instances on AWS that are associated with the same IAM Role. I'm looking to write a code that returns these instances. Based from this document: http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html, I see that there is an available filter iam-instance-profile.arn . I'm just not sure how I would go about using that or if that is what I should be using. This is an example where instances are filtered by tags. conn = boto.ec2.connect_to_region('ap