amazon-iam

I have two AWS account (A and B). On my account A, I have a lambda function which need to access to resources of account B. Precisely, my lambda on my account A, need to update a record in a Route53 zone hosted on my account B. Contrary to S3, I don't see any resource access policy in Route53. So I'm a bit lost. I tried to play with IAM cross account roles, but that does not seems to work with lambda. How can I allow a lambda function on an account A to access resources of my account B? You can create a Role in account B and permit your User (in account A) to assume it. Create a Role in

I know services such as Auth0 can act as both SAML IdPs and integrate with third party IdPs. It would seem that Cognito can only integrate with other third party IdPs as a service provider, it can actually perform the role of an IdP. The use case is we have our apps creating users in Cognito. We'd like to use a third party application which can integrate with a SAML IdP to support SSO. Is this possible with Cognito or would we need to use something like Auth0? Currenlty, Cognito is an OIDC IdP and not a SAML IdP. If an application supports OIDC, you can use Cognito to connect to that. We have

What the title says. Within the master AWS account, I have several personal accounts, i.e. AWS Identity and Access Management (IAM) users. I would like to assign certain IAM users to groups and prevent them from terminating certain Amazon EC2 instances , de-registering certain Amazon Machine Images (AMIs) , etc. I don't mind if they're playing with their own stuff, but I don't want them to touch my stuff. Is that possible? Update AWS has just announced Resource-Level Permissions for Amazon EC2 and Amazon RDS to address this long standing shortcoming of IAM support within EC2 and RDS (in

I am trying out a simple example suggested by AWS documentation to create a role using a policy json file http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html And I get the error A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource Here's the command, >> aws iam create-role --role-name test-service-role --assume-role-policy-document file:///home/ec2-user/policy.json A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource The policy is the

I don't know how (or where also) to grant read and write permission to the user from AWS so users can post pictures on sample_app in production enviroment. This is final task in 11th chapter, it isn't covered by tutorial and I can't find solution anywhere. This is carrier_wave.rb file: if Rails.env.production? CarrierWave.configure do |config| config.fog_credentials = { # Configuration for Amazon S3 :provider => 'AWS', :aws_access_key_id => ENV['lalala'], :aws_secret_access_key => ENV['oloalle'] } config.fog_directory = ENV['name of bucket'] end end This is procedure from tutorial: 1) create