amazon-iam

I am trying to complete a codepipeline with the cloudformation service and this error is generated. It must be said that the separate cloudformation service works well. The complete error is: JobFailed Requires capabilities: [CAPABILITY_AUTO_EXPAND] (Service: AmazonCloudFormation; Status Code: 400; Error Code: InsufficientCapabilitiesException; Request ID: 1a977102-f829-11e8-b5c6-f7cc8454c4d0) The solutions I have is to add the CAPABILITY_AUTO_EXPAND --capabilities parameter but that only applies to CLI and my case is by web console. Ran into the same problem, I could not find a way to do it

Do you have a problem understanding S3 IAM Policies and Directives ? Can't quite wrap your head around their documentation ? I did. I had a situation where I had to lock out several IAM users from a particular folder, and several buckets, except one, and most of their solutions and example solutions were about as clear as mud as far as I was concerned. After scouring the web and not finding what I was looking for I came upon a resource ( http://blogs.aws.amazon.com/security/post/Tx1P2T3LFXXCNB5/Writing-IAM-policies-Grant-access-to-user-specific-folders-in-an-Amazon-S3-bucke ) that was clear

I'm trying to figure out how to create a new user with AWS APIs for Java, but i can't figure out what i need to do. So far i managed to write this code that gives me a CreateUserRequest, a CreateAccessKeyRequest and a BasicAWSCredentials with all the fields filled. I just can't figure out what to do next. Do I have to use CreateUserResult? How? CreateUserRequest user = new CreateUserRequest("userName"); CreateAccessKeyRequest key = new CreateAccessKeyRequest(); BasicAWSCredentials cred = new BasicAWSCredentials("access", "secret"); key.withUserName(user.getUserName()); key

Does AWS Identity and Access Management (IAM) provide a way so that a user can only edit or delete the items in an Amazon DynamoDB table he added before? Steffen Opel This became possible after AWS added Fine-Grained Access Control for Amazon DynamoDB , which facilitates AWS Identity and Access Management (IAM) policies to regulate access to items and attributes stored in DynamoDB tables . The introductory blog post illustrates the outstanding granularity of this feature and resulting simplifications for many real world use cases: Horizontal - You can selectively hide or expose specific

I can not figure out how to launch an EC2 instance in Boto3 with a specified IAM role. Here is some sampe code of how I have been able to successfully create an instance so far: import boto3 ec2 = boto3.resource('ec2', region_name='us-west-2') ec2.create_instances(ImageId='ami-1e299d7e', InstanceType='t2.micro',\ MinCount=1, MaxCount=1, SecurityGroupIds=['Mysecuritygroup'], KeyName='mykeyname') Note : Some Boto3 versions accept either Arn or Name but all versions accept Name . I suggest using the role name only. IamInstanceProfile={ 'Arn': 'string', 'Name': 'string' } If your profile name is

I'm trying to integrate S3 and Cognito into my iOS App, so far not successfully. I believe the error is connected to my IAM Policy for Auth and Unauth users. So here's my policy: { "Version": "2012-10-17", "Statement": [{ "Effect":"Allow", "Action":"cognito-sync:*", "Resource":["arn:aws:cognito-sync:us-east-1:XXXXXXXXXXXX:identitypool/${cognito-identity.amazonaws.com:aud}/identity/${cognito-identity.amazonaws.com:sub}/*"] }, { "Effect":"Allow", "Action": "s3:*", "Resource": ["arn:aws:s3:::my_bucket", "arn:aws:s3:::my_bucket/*"] } ] } here is where I call S3: AWSS3GetObjectRequest