amazon-iam

I know that you can set up an IAM policy to restrict access to services. However, is it possible to set up a policy to allow access to a part of a service. E.g. I am two EC2 instances. I need to create two users such that they have an access to the AWS console, but only to one EC2 instance each. EFeit Yes you can do this with Resource-Level Permissions for EC2 The structure of the resource is stated in the documentation as follows: arn:aws:[service]:[region]:[account]:resourceType/resourcePath Here is how you would structure the IAM policies for each user: User 1 { "Version": "2012-10-17",

I've two AWS Cloudformation stacks, one for IAM roles and the second to create an AWS service and import the respective roles into it using Cloudformation. When 10+ services are deployed the following error appears randomly on 1 or 2 of the services - AWS::ECS::Service service Unable to assume role and validate the listeners configured on your load balancer. Please verify that the ECS service role being passed has the proper permissions. If all the services are torn down and the services redployed to the ECS cluster, the error appears but for different services. The AWS fix for this can be

So I have a mobile app that uses AWS's IAM infrastructure that effectively allows me to provide temporary access tokens to anonymous mobile devices, so that they can run queries against AWS services directly from the mobile device. Does anyone know if Windows Azure has a drop in replacement for this sort of thing too? I've read about Windows Azure Access Control but all examples seem to focus on allowing authentication via the likes of Facebook, Twitter or Windows Live etc. In my case, I don't want the mobile user to have to "log-in" anywhere, I just want them to be able to access Azure

Through the AWS Identity and Access Management, I have a user account to the AWS account of my CTO (who is credited with some money). I wanted to use this IAM user account to set up my own instances to ssh to it and run some BeautifulSoup python scripts. However, following this tutorial , when arriving to the part where I need to go on the Security Credentials page, I can't access this page and I'm told I do not have the authorization to view it. I checked my permissions with the IAM Manager, and I have administration rights, the highest possible clearance (so it seems to me). What can I do to

I was editing my CloudFormation templates and suddenly AWS tells me I need CAPABILITY_NAMED_IAM . I am curious as to which change triggers this? What is a named IAM resource? Before I already "name" my resources like RoleName: !Sub '${PipelineName}-codebuild' I am not asked to add this capability, I think until I add Parameters: AppName: Type: String Description: Prefix for resources Resources: LambdaRole: Type: AWS::IAM::Role Properties: RoleName: !Ref AppName To my SAM application template. But arent they the "same" except one uses !Ref ? Or maybe some other change triggered this? For