amazon-iam

I get the following error while setting up Firebase as an AWS IAM Identity Provider using OpenID Connect. We encountered the following errors while processing your request: Please check .well-known/openid-configuration of provider: https://securetoken.google.com/ <Project ID > is valid. The AWS IAM Identity Provider setup requires two input parameters, to which I plugged in the following: Provider URL: https://securetoken.google.com/ <Firebase Project ID > Audience: <Firebase Client ID > To troubleshoot the error, I opened http:// <Provider URL >/.well-known/openid-configuration in a browser

I want to create a new user in IAM, and allow him to be able to create new EC2 instances, but be able to view/administer only those instances that he creates. Is this possible with IAM? This is the group policy I tried: { "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeAvailabilityZones" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances","ec2:RunInstances", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances", "DescribeInstanceAttribute", "DescribeInstanceStatus"

I am getting an acccess denied error from S3 AWS service on my Lambda function. This is the code: // dependencies var async = require('async'); var AWS = require('aws-sdk'); var gm = require('gm').subClass({ imageMagick: true }); // Enable ImageMagick integration. exports.handler = function(event, context) { var srcBucket = event.Records[0].s3.bucket.name; // Object key may have spaces or unicode non-ASCII characters. var key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, " ")); /* { originalFilename: <string>, versions: [ { size: <number>, crop: [x,y], max: [x, y], rotate:

I'm new to AWS. I'm build chatbot using aws lex and aws lambda c#. I'm using sample aws lambda C# program namespace AWSLambda4 { public class Function { /// <summary> /// A simple function that takes a string and does a ToUpper /// </summary> /// <param name="input"></param> /// <param name="context"></param> /// <returns></returns> public string FunctionHandler(string input, ILambdaContext context) { try { return input?.ToUpper(); } catch (Exception e) { return "sorry i could not process your request due to " + e.Message; } } } } I created a slot in aws lex to map first parameter input . But

This is a follow on from How can i enforce file type uploads with an AWS S3 bucket policy When applying the bucket policy: { "Version":"2008-10-17", "Statement": [ { "Sid":"AddPerm", "Effect":"Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:group/admins" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::bucket/*.txt" } ] } The group "admins" definitely exists, but I get the error: "Invalid principal in policy - "AWS" : "arn:aws:iam::111122223333:group/admins"" Why is it not recognised? It's not possible to use groups in Principal at the moment. See https://forums.aws.amazon.com

I am trying a small example with AWS API Gateway and IAM authorization. The AWS API Gateway generated the below Endpoint : https://xyz1234.execute-api.us-east-2.amazonaws.com/Users/users with POST action and no parameters. Initially I had turned off the IAM for this POST Method and I verified results using Postman it works. Then I created a new IAM User and attached AmazonAPIGatewayInvokeFullAccess Policy to the user thereby giving permission to invoke any API's. Enabled the IAM for the POST Method. I then went to Postman - and added Authorization with AccessKey, Secret Key, AWS Region as us

I have files stored on S3 and wrote .ebextensions config to automatically copy the them to new instances. I'm receiving this error in the Elastic Beanstalk console: [Instance: INSTANCEID Module: AWSEBAutoScalingGroup ConfigSet: null] Command failed on instance. Return code: 1 Output: [CMD-AppDeploy/AppDeployStage0/EbExtensionPreBuild] command failed with error code 1: Error occurred during build: Failed to retrieve https://s3-us-west-1.amazonaws.com/ MyBucket / MyFolder /_MyFile.txt : HTTP Error 403 : AccessDenied My .ebextension config file has this section: files: "/target/file/path" : mode:

I have a user foo with the following privileges (it's not a member of any group): { "Statement": [ { "Sid": "Stmt1308813201865", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::bar" } ] } That user however seem unable to upload or do much of anything until I grant full access to authenticated users (which might apply to anyone). This still doesn't let the user change permission as boto is throwing an error after an upload when it tries to do do key.set_acl('public-read') . Ideally this user would have full access to the bar bucket and nothing else, what am I doing wrong?

IAM policy variables are quite cool and let you create generic policys to, for example, give users access to paths in an S3 bucket based on their username, like this: { "Version": "2012-10-17", "Statement": [ { "Action": ["s3:GetObject","s3:PutObject","s3:DeleteObject"], "Effect": "Allow", "Resource": "arn:aws:s3:::fooCorp-user-files/${aws:username}/*" }, { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": "arn:aws:s3:::fooCorp-user-files" } ] } My question is, how can this be done using roles (attached to EC2 instances) instead of user accounts? I have a number of app servers with