amazon-iam

问题 I'm working on an iOS App. I would like to setup user authentication. i.e. User provides a username and password, and gets authenticated with TVM. The user access to AWS resources is regulated based on their credentials. How do I set this up? Is IAM with TVM enough to setup a Username/Password authentication? Do I need a third party authentication provider like Singly or StormPath? I would like the user to get authenticated and receive a "profile" which may include firstName, lastName, etc.

问题 Background: IAM policies can be created in two ways: Managed policies(newer way) AWS managed policies Customer managed policies Inline policies(older way) Below SAM template is creating inline policy: Resources: HelloWorldFunction: Type: AWS::Serverless::Function Properties: CodeUri: hello-world/ Handler: app.LambdaHandler Runtime: nodejs8.10 Policies: - Statement: - Sid: AccessToS3Policy Effect: Allow Action: - s3:GetObject - s3:GetObjectACL Resource: 'arn:aws:s3:::some-bucket/*' in the

问题 I have an AWS mobile hub project and am attempting to upload a file into the protected folder of the autogenerated bucket. S3 Bucket private protected public uploads I am using the AWSS3TransferUtility to upload files currently after my user has authenticated. I looked at the docs and the website left inside the folders upon creation. They have setup the permissions to protect the data in different ways in different folders. I was able to upload files to the uploads folder with no problem. I

问题 Below authentication can be implemented using certificates(client & server), for any human user using docker client that talks to docker daemon: But, jenkins pipeline also run docker commands to talk to docker daemon. How to authenticate jenkins pipeline to run specific docker commands? where this pipeline is launched as jenkins slave container in AWS EC2 on every new commit in Git..... Does ECS cluster approach in launching pipeline task help in authentication? 回答1: You can run docker login

问题 We have node service(V8.15.1) deployed on AWS EC2 containers using ECS.We have AWS_ACCESS_KEY setup in environment as well as a role is mapped to EC2 instances. I am supposed to use EC2 instance role to access AWS SSM. So, i tried below: AWS.config.credentials = new AWS.EC2MetadataCredentials(); and tried to read parameter from SSM. i get below error: { "msg": "User: arn:aws:sts::AccountID:assumed-role/role-name/i-*****92a is not authorized to perform: ssm:GetParameter on resource: arn:aws

问题 I want to deploy an application in AWS EKS using kubernetes. My application needs to access the SQS and AWS S3. I am not sure how to allow the kubernetes application to access the SQS and S3. I looked into RBAC but I guess RBAC only provides access to manage the cluster, namespace or pods. I am trying to pass the access key and secret key as the secrets to the environment variable and allow the permission. But I think this is not a good idea. Is there any other way like creating the IAM role

问题 After asking this question I did some digging and found a couple of policies with: { "Effect":"Allow", "Action":"*", "Resource":"*" } in them. Reading through the policies evaluation logic page again the second step stands out to me: Evaluate all applicable policies. The first part of my question is: How does AWS determine what policies are applicable? To my understanding this is done by looking at the Principle and/or Resource keys. BUT: in IAM these policies have attached entities which are

问题 I'm working on a setup where I need to terminate AWS instances because of inactivity (i.e. nothing new in web-server access logs since a period of time). Those instances are testing instances and are created automatically by CI/CD software. I would like those instances to identify themselves that they become abandoned and terminate themselves. I want to assign a generic iam-role to each of them that will only allow the instance the termination of itself and not the peer instances. So far I've

问题 I can not login with new IAM user who has console access: I have downloaded credentials and when trying to login using given console url( https://My_AWS_Account_ID.signin.aws.amazon.com/console/ ) and I am receiving following error: Your authentication information is incorrect. Please try again. This is a policy summary for user: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "my-s3-arn" } ] } I have tried to manage and change password for this

问题 Answer did not help Resource policy for s3 bucket bucket1 is: { "Version": "2012-10-17", "Statement": [{ "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::bucket1/*", "Condition": { "Bool": { "aws:SecureTransport": "false" } } }, { "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::bucket1/*", "Condition": { "StringNotEquals": { "s3:x-amz-server-side-encryption": "AES256" } } }, { "Effect": "Deny", "Principal": "*", "Action":