amazon-iam

Is it possible to expose Amazon S3 account bucket (shared by ACL setings) to the users setup using new Amazon AIM API under different account? I'm able to create working IAM policy when related to the users and objects belonging to a single account. But as it seems this no longer works when two different accounts are involved - despite account 2 being able to access account 1's bucket directly. Sample policy is: { "Statement": [ { "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::test1234.doom", "arn:aws:s3:::test.doom" ], "Condition": {} } ] } In this case AIM user is able

Perhaps I'm going a bridge to far here but heres what I got: An AWS API Gateway Method that has AWS_IAM set for Authorization. A Policy that allows access to that Method. An EC2 Role that has that policy attached to it. An EC2 Launched with that Role. I would like to have my NodeJS program (or any language for that matter) on that EC2 to be able to call that API without hardcoding an AccessKey and SecretKey in the code. I have used this approach to use the aws-sdk to put/get records on S3, and do other AWS functionality (like all the steps I mentioned above), However, invoking an API Gateway

I have two users User1 and User2 that each have an IAM account in AWS. I have an s3 bucket "external_bucket.frommycompany.com". In that bucket is a folder for each user account "User1" and "User2". I want to grant R/W access to User1 to the User1 folder only and R/W access to User2 to the User2 folder only. I don't want them to be able to see each others' folders in the root directory of external_bucket.frommycompany.com. Is there a way to set up their IAM Policies such that this is possible? My goal is to enable our users to connect to the S3 bucket from an S3 browser app like cloudberry so

I have an API deployed on AWS API Gateway. I will have multiple subscribers using my API and each customer would be unique. Is it possible that each customer will have a separate API key unique to him? Or will I have to create those many IAM users in order for them to be unique? If yes for the IAM users, then what is the upper limit of the number of users? I will be doing all this programmatically. By unique, if you mean that you should be able to identify which request came from who, then you can generate one API Key per subscriber. You can generate up to 10000 API keys per AWS account. More

I have created a policy which allows users to do all ec2 actions but restricts user to runinstances and createvolumes and terminate instances only when they pass the given tag key-values pairs with a explicit deny. ec2 full permissions policy { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "ec2:*", "Resource": "*" } ] } ec2 run instance and create volumes explicit deny with conditions. { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Deny", "Action": [ "ec2:RunInstances", "ec2:CreateVolume" ], "Resource": [ "arn:aws