amazon-iam

问题 I need to create some role policy for AWS using Terraform, the basic role works fine, but when I add S3 and logs, I get a malformed error: aws_iam_role.lambda_exec_role_s3: Error creating IAM Role lambda_exec_role_s3: MalformedPolicyDocument: Has prohibited field Resource status code: 400 This is the role policy that is failing: assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "lambda.amazonaws.com" }, "Effect":

问题 I have created a policy that allows access to a single S3 bucket in my account. I then created a group that has only this policy and a user that is part of that group. The user can view, delete and upload files to the bucket, as expected. However, the user does not seem to be able to grant public read access to uploaded files . When the Grant public read access to this object(s) option is selected, the upload fails. The bucket is hosting a static website and I want to allow the frontend

问题 I have created a policy that allows access to a single S3 bucket in my account. I then created a group that has only this policy and a user that is part of that group. The user can view, delete and upload files to the bucket, as expected. However, the user does not seem to be able to grant public read access to uploaded files . When the Grant public read access to this object(s) option is selected, the upload fails. The bucket is hosting a static website and I want to allow the frontend

问题 I have created a few environments before so I know how the Amazon EBS works however lately I have been having the following issue while creating an environment: The instance profile aws-elasticbeanstalk-ec2-role associated with the environment has no role. Please attach a role to the instance profile. I follow the steps to create a new environment. When it gets to the Permissions page, I create a new role as there are no existing ones. Then I follow the rest of the steps and eventually it

问题 I have created a few environments before so I know how the Amazon EBS works however lately I have been having the following issue while creating an environment: The instance profile aws-elasticbeanstalk-ec2-role associated with the environment has no role. Please attach a role to the instance profile. I follow the steps to create a new environment. When it gets to the Permissions page, I create a new role as there are no existing ones. Then I follow the rest of the steps and eventually it

问题 I have created a few environments before so I know how the Amazon EBS works however lately I have been having the following issue while creating an environment: The instance profile aws-elasticbeanstalk-ec2-role associated with the environment has no role. Please attach a role to the instance profile. I follow the steps to create a new environment. When it gets to the Permissions page, I create a new role as there are no existing ones. Then I follow the rest of the steps and eventually it

问题 I want to attach one of the pre-existing AWS managed roles to a policy, here's my current code: resource "aws_iam_role_policy_attachment" "sto-readonly-role-policy-attach" { role = "${aws_iam_role.sto-test-role.name}" policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess" } Is there a better way to model the managed policy and then reference it instead of hardcoding the ARN? It just seems like whenever I hardcode ARNs / paths or other stuff like this, I usually find out later there was a

问题 I have a camel rest api. I was trying to create an IAM User using apache camel framework. The code is like so -> .post("iam-create-user") .route() .process(new Processor(){ @Override public void process(Exchange exchange) throws Exception { exchange.getIn().setHeader("CamelAwsIAMUsername", "new-user"); }) .to("aws2-iam://current-user?accessKey=insert&secretKey=insert&operation=createUser") .endRest(); I am getting this error java.lang.NullPointerException: null . What is the correct way of

问题 NOTE: similar question asked here, but no proper solution provided. I setted up an EKS cluster via eksctl tool with single EC2 node. Deploy a Pod inside the EC2 node, this Pod writes the logs into s3 bucket. All worked fine when I used IAM user with key and secret. But now I want this Pod to use IAM Role instead. This Pod uses a newly created role with AmazonS3FullAccess permissions named prod-airflow-logs . According to the Docs, I also added "ec2.amazonaws.com" in this role's trust

问题 I'm using the Ruby SDK (V2), but I guess my question is more general than the specific implementation as I couldn't find an answer in any of the SDKs. How do I get the username (and/or IAM user) that my session currently belongs to? I let the SDK run its default behaviour for choosing credentials (ENV vars, then 'default' profile or other if specified and then machine role). Then I initialize my client and run commands. I'd like to know 'who is running the commands'. I expect to get the AWS