amazon-iam

Let me explain my question first. I bought a certificate from a CA and used the following format to generate the csr and the private key: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr When I open the server.key file, I see that it begins with "-----BEGIN PRIVATE KEY-----" I use the SSL cert on my server and everything looks fine. Now I want to upload the same cert to AWS IAM so that I can use it for by beanstalk load balancer. I use the following command from this aws doc http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#SubmitCSRCertAuth iam

During account linking process, Alexa user is redirected and presented with a form to enter his credentials (ID and/or password). Based on what's provided, the user is then being validated by the authentication flow, upon which success an accessToken is embedded in Alexa request and the user is redirected to the OAuth resource. Is there a way to pass the ID of the user obtained in the above interaction as part of the Alexa request (JSON session\user\userId ), instead of (or in addition to) it being a userId that gets generated during user's enabling their skill on a device? Or can the userId

I'm trying to create an IAM role and assign it to an EC2 instance according to Attach an AWS IAM Role to an Existing Amazon EC2 Instance by Using the AWS CLI . The policy looks like below: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } But it gives this error: This policy contains the following error: Has prohibited field Principal There is a similar question here but it couldn't fix this issue. Any help would be appreciated. The easiest way to create a Service Role is: Go to the IAM Console Click

I have some EC2 instances that I don't really know who launched them. Is there a way to know who launched a specific instance? Unfortunately this information is not directly available via an API call - you currently have two options: depending on your needs, you could approximate your goal by using the DescribeInstances API action to look at the key-name used for starting that instance (if any, it's optional, though usually in place) - assuming you have followed security best practices and are using a dedicated EC2 key pair per IAM user (rather than sharing keys), the key should usually denote

I am trying to see which user was responsible for changes in S3 (at buckets level). I could not find a audit trail for actions done at S3 bucket level or EC2 who created instances. Beanstalk has a log of the actions the machine performed, but not which user. Is there a way around AWS that we can see this information in IAM or any other location ? P.S: I am not interested to know about S3 log buckets which provide access logs Update AWS has just announced AWS CloudTrail , finally making auditing API calls available as of today (and for free), see the introductory post AWS CloudTrail - Capture