amazon-iam

问题 In our application, we access the aws APIs with custom roles. In the developer environment, we provide access Key and secret key in the app.config and it works great. In the prod environment, we have setup an IAM role with necessary permissions to the custom roles and the EC2 instance is launched with that IAM role. When we try to switch role using the code, then we are getting below error Message: User: arn:aws:sts::XXXXXXXXX:assumed-role//i-0490fbbb5ea7df6a8 is not authorized to perform:

问题 I am getting the error after I create an IAM user with AdministratorAccess or AmazonEC2FullAccess : Your authentication information is incorrect. Please try again I was able to create a user without a problem two weeks ago, while having active users. Now adding more new users gives me this error. I have tried creating new users using Copy permissions from existing user too but these new users also error out. (Picture of aws iam steps taken with error) I apologize if this is a duplicate but an

问题 I am getting the error after I create an IAM user with AdministratorAccess or AmazonEC2FullAccess : Your authentication information is incorrect. Please try again I was able to create a user without a problem two weeks ago, while having active users. Now adding more new users gives me this error. I have tried creating new users using Copy permissions from existing user too but these new users also error out. (Picture of aws iam steps taken with error) I apologize if this is a duplicate but an

问题 I am getting the error after I create an IAM user with AdministratorAccess or AmazonEC2FullAccess : Your authentication information is incorrect. Please try again I was able to create a user without a problem two weeks ago, while having active users. Now adding more new users gives me this error. I have tried creating new users using Copy permissions from existing user too but these new users also error out. (Picture of aws iam steps taken with error) I apologize if this is a duplicate but an

问题 I am trying to create an API that logs JSON request bodies in an SQS queue. I have set up a basic queue in SQS in both the FIFO and non-FIFO layouts. I have the same problem each time. My policy for the SQS queue is as follows: { "Version": "2012-10-17", "Id": "arn:aws:sqs:us-east-1:2222222222222:API-toSQS.fifo/SQSDefaultPolicy", "Statement": [ { "Sid": "Sid22222222222", "Effect": "Allow", "Principal": "*", "Action": "SQS:*", "Resource": "arn:aws:sqs:us-east-1:2222222222222:API-toSQS.fifo" }

问题 I am trying to create an API that logs JSON request bodies in an SQS queue. I have set up a basic queue in SQS in both the FIFO and non-FIFO layouts. I have the same problem each time. My policy for the SQS queue is as follows: { "Version": "2012-10-17", "Id": "arn:aws:sqs:us-east-1:2222222222222:API-toSQS.fifo/SQSDefaultPolicy", "Statement": [ { "Sid": "Sid22222222222", "Effect": "Allow", "Principal": "*", "Action": "SQS:*", "Resource": "arn:aws:sqs:us-east-1:2222222222222:API-toSQS.fifo" }

问题 What could be an alternative to custom federation broker on aws in azure and google. In AWS I am able to create a url that permits federated user to login and access resources like this - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html How we could create the same in azure and google? 回答1: This answer covers Google Cloud Platform. The basic foundational identity for Google Cloud (GCP) is Google Accounts. This means that the users are required

问题 Is there a way to define a permission/policy/role in AWS which allows to create a CloudFormation Stack using only a specific template (which is updated on S3)? I've seen AWS Service Roles but I think it's not what I'm looking for. In fact I don't see which is the benefit (in terms of security) of using it. If a user can not create a resource directly, but the same user can create the resource through the CloudFormation where is the benefit? However, if there were a way to limit the templates

问题 The aws-auth configmap in AWS EKS performs a mapping between IAM users/roles to kubernetes RBAC roles. However, the documentation does not specify anything on adding IAM groups to the configmap. We use multiple namespaces, each namespace managed by a different team. I created a set of kubernetes RBAC roles, limited to the different namespaces. Now I want to give everbody in the teams IAM group that specific role. Is it possible to add IAM groups in the aws-auth configmap? If not, what would

问题 The aws-auth configmap in AWS EKS performs a mapping between IAM users/roles to kubernetes RBAC roles. However, the documentation does not specify anything on adding IAM groups to the configmap. We use multiple namespaces, each namespace managed by a different team. I created a set of kubernetes RBAC roles, limited to the different namespaces. Now I want to give everbody in the teams IAM group that specific role. Is it possible to add IAM groups in the aws-auth configmap? If not, what would