amazon-iam

问题 When trying to configure which instances can be listed using policies, I remark the following issue: When the condition is not implemented, all instances are visible. When any condition is implemented, nothing is visible. The example policy with condition is included: { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1461235889000", "Effect": "Allow", "Action": [ "ec2:DescribeInstances" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "ec2:InstanceType": "r3.xlarge" } } } ] }

问题 When trying to configure which instances can be listed using policies, I remark the following issue: When the condition is not implemented, all instances are visible. When any condition is implemented, nothing is visible. The example policy with condition is included: { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1461235889000", "Effect": "Allow", "Action": [ "ec2:DescribeInstances" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "ec2:InstanceType": "r3.xlarge" } } } ] }

问题 I have a Amazon dynamodb table with partition key composed of the user's id (from facebook or google) and other characters. I know wildcard can be used to specify the properties of a fine-grained access policy, but I couldn't get the wildcard in the dynamodb:LeadingKeys working. Here is the working policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem",

问题 I'd like to require the usage of MFA to IAM users when they log into the AWS Console. I know that's possible to do that for API access, but not sure whether is possible to achieve the same when logging into the Console. 回答1: Update You can enforce your requirement with an IAM Policy based on an IAM condition that specifies the aws:MultiFactorAuthAge key as outlined in section IAM Policies with MFA Conditions within Configuring MFA-Protected API Access - you can enforce this at two levels:

问题 This question is essentially a duplicate of Adding IAM Group to aws-auth configmap in AWS EKS. However, the question does not have an accepted answer and I would like to provide more context. I know that aws-auth ConfigMap object does not allow mapping AWS Group directly. A workaround would be to map an AWS Role instead. I tried that but were unable to get it working. Mapping an AWS User works without issues. I setup an AWS Role arn:aws:iam::027755483893:role/development-readwrite with

问题 My TF code is giving me an error: /* * Policy: AmazonEC2ReadOnlyAccess */ assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "autoscaling:Describe*", "Resource

问题 Is it possible to create an AWS IAM policy that provides access to the DynamoDB console only for specific tables? I have tried: { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt0000000001", "Action": [ "dynamodb:DescribeTable", "dynamodb:ListTables", <other actions> ], "Effect": "Allow", "Resource": [ "arn:aws:dynamodb:<region>:<account>:table/FooTable", "arn:aws:dynamodb:<region>:<account>:table/BarTable" ] } ] } but for a user with this policy attached, the DynamoDB tables list says

问题 Is it possible to create an AWS IAM policy that provides access to the DynamoDB console only for specific tables? I have tried: { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt0000000001", "Action": [ "dynamodb:DescribeTable", "dynamodb:ListTables", <other actions> ], "Effect": "Allow", "Resource": [ "arn:aws:dynamodb:<region>:<account>:table/FooTable", "arn:aws:dynamodb:<region>:<account>:table/BarTable" ] } ] } but for a user with this policy attached, the DynamoDB tables list says

问题 I want to access s3 from spark, I don't want to configure any secret and access keys, I want to access with configuring the IAM role, so I followed the steps given in s3-spark But still it is not working from my EC2 instance (which is running standalone spark) it works when I tested [ec2-user@ip-172-31-17-146 bin]$ aws s3 ls s3://testmys3/ 2019-01-16 17:32:38 130 e.json but it did not work when I tried like below scala> val df = spark.read.json("s3a://testmys3/*") I am getting the below error

问题 Setup Serverless.com Framework Goal Create AWS Elastic Beanstalk trough serverless Code serverless.yml service: aws-beanstalk-sls description: Test stack deployment 😀 provider: name: aws stage: running region: eu-central-1 profile: beanstalk-test-deployment resources: Resources: sampleApplication: Type: AWS::ElasticBeanstalk::Application Properties: Description: AWS Elastic Beanstalk Sample Application sampleApplicationVersion: Type: AWS::ElasticBeanstalk::ApplicationVersion Properties: