amazon-iam

Which user launched EC2 instance?

我的未来我决定 提交于 2019-11-27 23:48:44
问题 I have some EC2 instances that I don't really know who launched them. Is there a way to know who launched a specific instance? 回答1: Unfortunately this information is not directly available via an API call - you currently have two options: depending on your needs, you could approximate your goal by using the DescribeInstances API action to look at the key-name used for starting that instance (if any, it's optional, though usually in place) - assuming you have followed security best practices

can AWS Lambda connect to RDS mySQL database and update the database?

我的梦境 提交于 2019-11-27 17:20:40
I am trying to connect AWS Lambda function to RDS mysql database. I just wanted to update the database from my lambda function. Is it possible to access RDS by specifiying IAM Role and access Policy?. I can connect to mysql databse using mysql client.but when i try on lambda i can't do that. here is my code. console.log('Loading function'); var doc = require('dynamodb-doc'); var dynamo = new doc.DynamoDB(); var mysql = require('mysql'); exports.handler = function(event, context) { //console.log('Received event:', JSON.stringify(event, null, 2)); var operation = event.operation; delete event

Using Firebase OpenID Connect provider as AWS IAM Identity Provider

穿精又带淫゛_ 提交于 2019-11-27 16:58:44
问题 I get the following error while setting up Firebase as an AWS IAM Identity Provider using OpenID Connect. We encountered the following errors while processing your request: Please check .well-known/openid-configuration of provider: https://securetoken.google.com/ <Project ID > is valid. The AWS IAM Identity Provider setup requires two input parameters, to which I plugged in the following: Provider URL: https://securetoken.google.com/ <Firebase Project ID > Audience: <Firebase Client ID > To

How to convert a private key to an RSA private key?

久未见 提交于 2019-11-27 09:13:20
问题 Let me explain my question first. I bought a certificate from a CA and used the following format to generate the csr and the private key: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr When I open the server.key file, I see that it begins with "-----BEGIN PRIVATE KEY-----" I use the SSL cert on my server and everything looks fine. Now I want to upload the same cert to AWS IAM so that I can use it for by beanstalk load balancer. I use the following command from

Proper access policy for Amazon Elastic Search Cluster

僤鯓⒐⒋嵵緔 提交于 2019-11-27 06:17:29
I've recently started using the new Amazon Elasticsearch Service and I can't seem to figure out the access policy I need so that I can only access the services from my EC2 instances that have a specific IAM role assigned to them. Here's an example of the access policy I currently have assigned for the ES domain: { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::[ACCOUNT_ID]:role/my_es_role", ] }, "Action": "es:*", "Resource": "arn:aws:es:us-east-1:[ACCOUNT_ID]:domain/[ES_DOMAIN]/*" } ] } But as I said, this doesn't work. I log into

AWS s3 bucket policy invalid group principal

这一生的挚爱 提交于 2019-11-27 03:09:00
问题 This is a follow on from How can i enforce file type uploads with an AWS S3 bucket policy When applying the bucket policy: { "Version":"2008-10-17", "Statement": [ { "Sid":"AddPerm", "Effect":"Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:group/admins" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::bucket/*.txt" } ] } The group "admins" definitely exists, but I get the error: "Invalid principal in policy - "AWS" : "arn:aws:iam::111122223333:group/admins"" Why is it not

Signature expired: is now earlier than error : InvalidSignatureException

只谈情不闲聊 提交于 2019-11-27 01:30:30
问题 I am trying a small example with AWS API Gateway and IAM authorization. The AWS API Gateway generated the below Endpoint : https://xyz1234.execute-api.us-east-2.amazonaws.com/Users/users with POST action and no parameters. Initially I had turned off the IAM for this POST Method and I verified results using Postman it works. Then I created a new IAM User and attached AmazonAPIGatewayInvokeFullAccess Policy to the user thereby giving permission to invoke any API's. Enabled the IAM for the POST

I need an Amazon S3 user with full access to a single bucket

Deadly 提交于 2019-11-27 01:15:26
问题 I have a user foo with the following privileges (it's not a member of any group): { "Statement": [ { "Sid": "Stmt1308813201865", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::bar" } ] } That user however seem unable to upload or do much of anything until I grant full access to authenticated users (which might apply to anyone). This still doesn't let the user change permission as boto is throwing an error after an upload when it tries to do do key.set_acl('public-read') .

can AWS Lambda connect to RDS mySQL database and update the database?

妖精的绣舞 提交于 2019-11-26 22:33:37
问题 I am trying to connect AWS Lambda function to RDS mysql database. I just wanted to update the database from my lambda function. Is it possible to access RDS by specifiying IAM Role and access Policy?. I can connect to mysql databse using mysql client.but when i try on lambda i can't do that. here is my code. console.log('Loading function'); var doc = require('dynamodb-doc'); var dynamo = new doc.DynamoDB(); var mysql = require('mysql'); exports.handler = function(event, context) { //console

Granting access to S3 resources based on role name

时光怂恿深爱的人放手 提交于 2019-11-26 22:00:22
问题 IAM policy variables are quite cool and let you create generic policys to, for example, give users access to paths in an S3 bucket based on their username, like this: { "Version": "2012-10-17", "Statement": [ { "Action": ["s3:GetObject","s3:PutObject","s3:DeleteObject"], "Effect": "Allow", "Resource": "arn:aws:s3:::fooCorp-user-files/${aws:username}/*" }, { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": "arn:aws:s3:::fooCorp-user-files" } ] } My question is, how can this be done
订阅 amazon-iam