amazon-iam

问题 I am trying resize images with a cloudfront distribution accoring to article : https://aws.amazon.com/tr/blogs/networking-and-content-delivery/resizing-images-with-amazon-cloudfront-lambdaedge-aws-cdn-blog/ I created project folder with given Origin-Response and Viewer-Request functions on article and I downloaded dependencies, deployed the zip package with cloudformation template. IAM Role, s3 bucket, bucket policy, distribution with lambda@edge functions were created without any error and

问题 I am trying resize images with a cloudfront distribution accoring to article : https://aws.amazon.com/tr/blogs/networking-and-content-delivery/resizing-images-with-amazon-cloudfront-lambdaedge-aws-cdn-blog/ I created project folder with given Origin-Response and Viewer-Request functions on article and I downloaded dependencies, deployed the zip package with cloudformation template. IAM Role, s3 bucket, bucket policy, distribution with lambda@edge functions were created without any error and

问题 I've created my API with serverless, after I deployed my API into lambda, and we I try to test the endpoint via the "Test" button in the GatewayAPI, I get the error: "User: arn:aws:sts::245912153055:assumed-role/pets-service-dev-us-east-1-lambdaRole/pets-service-dev-listPets is not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:us-east-1:245912153055:table/Pets" I should probably need to give the permission to Lambda, but I'm a little bit lost ... 回答1: As already stated,

问题 I'm trying to follow the instructions in How can I allow a Group to assume a Role?, but run into the following error when I try to switch roles: Invalid information in one or more fields. Check your information or contact your administrator. In this scenario I have three AWS Accounts with example ids CompanyMain - 000000000001 CompanyProd - 000000000002 CompanyDev - 000000000003 Where the main account has an organization that includes the the prod and dev accounts What I'd like to do is set

问题 The role configured on CodeBuild project works fine with the runtime environment but doesn't work when we run a command from inside the container, it says "unable to locate credentials". Let me know how can we use the role out of the box inside the container. 回答1: You can make use of credential source "EcsContainer" to assume role seamlessly without having to export new credentials in your buildspec.yml. credential_source - The credential provider to use to get credentials for the initial

问题 Trying to create a new AWS Lambda Function with the root account for the first time using management console. I am receiving the error "Request failed with status code 403" no matter how many different options I tried. I've already tried changing my region, creating the function with default role(basic lambda permissions), new role, existing role and with the options "Author from Scratch", "Use a blueprint", "Serverless app repository" but still getting the same error. How can i troubleshoot

问题 I am using aws toolkit for eclipse 2.0. using the options ( window -> preference -> aws toolkit) I have configured IAM/login user api access key id and secret access key. According to our aws configuration, this IAM user has to assume role to view/access any resources in our environment. I am doing it using aws cli with "–-profile " option. How to do the same thing in aws toolkit for eclipse ? 回答1: Looks like I figured it out with help from an AWS expert. Basically you do 2 things: generate

问题 We have this requirement came out of pen testing. I have a lambda function say "add_address" and a role "account_management_role". I want to make "account_management_role" assumable only by "add_address" lambda function. I do not want any other lambda function to assume this role. I tried different things, I tried adding this entry in "Trust Relationship" of IAM role. This did not work. Any one has any idea how to get this to work? { "Statement": [ { "Effect": "Allow", "Principal": { "Service

问题 I'm new to AWS. I'm developing an application using Spring boot. I use AWS cognito for the sign in and sign up. I created a group called ROLE_ADMIN in cognito and connect with IAM role which was also created by me as ROLE_ADMIN_IAM . I'm using AWS Api gateway (HTTP Apis, but similarly REST Apis) to communicate with Apis. Then integrated the Cognito jwt authorizer in Api gateway. Everything working perfectly. The problem I'm facing now is, when a user sign in, I need to prevent few Apis based

问题 I'm new to AWS. I'm developing an application using Spring boot. I use AWS cognito for the sign in and sign up. I created a group called ROLE_ADMIN in cognito and connect with IAM role which was also created by me as ROLE_ADMIN_IAM . I'm using AWS Api gateway (HTTP Apis, but similarly REST Apis) to communicate with Apis. Then integrated the Cognito jwt authorizer in Api gateway. Everything working perfectly. The problem I'm facing now is, when a user sign in, I need to prevent few Apis based