amazon-policy

AccessDenied: User is not authorized to perform: cloudfront:CreateInvalidation

人盡茶涼 提交于 2021-02-20 17:03:44
问题 I'm trying to deploy an ember app to AWS CloudFront using ember-cli-deploy and ember-cli-deploy-cloudfront. I set up my bucket and user in AWS, gave my user AmazonS3FullAccess policy. Set up my .env.deploy.production file to look like this: AWS_KEY=<my key> AWS_SECRET=<my secret> PRODUCTION_BUCKET=<app.<my domain>.com PRODUCTION_REGION=us-east-1 PRODUCTION_DISTRIBUTION=<my cloudfront distribution id> My config/default.js looks like this: /* jshint node: true */ module.exports = function

AccessDenied: User is not authorized to perform: cloudfront:CreateInvalidation

假如想象 提交于 2021-02-20 17:02:54
问题 I'm trying to deploy an ember app to AWS CloudFront using ember-cli-deploy and ember-cli-deploy-cloudfront. I set up my bucket and user in AWS, gave my user AmazonS3FullAccess policy. Set up my .env.deploy.production file to look like this: AWS_KEY=<my key> AWS_SECRET=<my secret> PRODUCTION_BUCKET=<app.<my domain>.com PRODUCTION_REGION=us-east-1 PRODUCTION_DISTRIBUTION=<my cloudfront distribution id> My config/default.js looks like this: /* jshint node: true */ module.exports = function

AccessDenied: User is not authorized to perform: cloudfront:CreateInvalidation

ⅰ亾dé卋堺 提交于 2021-02-20 17:02:07
问题 I'm trying to deploy an ember app to AWS CloudFront using ember-cli-deploy and ember-cli-deploy-cloudfront. I set up my bucket and user in AWS, gave my user AmazonS3FullAccess policy. Set up my .env.deploy.production file to look like this: AWS_KEY=<my key> AWS_SECRET=<my secret> PRODUCTION_BUCKET=<app.<my domain>.com PRODUCTION_REGION=us-east-1 PRODUCTION_DISTRIBUTION=<my cloudfront distribution id> My config/default.js looks like this: /* jshint node: true */ module.exports = function

Configure AWS Role to switch between Organization Accounts

给你一囗甜甜゛ 提交于 2020-12-15 07:21:06
问题 I'm trying to follow the instructions in How can I allow a Group to assume a Role?, but run into the following error when I try to switch roles: Invalid information in one or more fields. Check your information or contact your administrator. In this scenario I have three AWS Accounts with example ids CompanyMain - 000000000001 CompanyProd - 000000000002 CompanyDev - 000000000003 Where the main account has an organization that includes the the prod and dev accounts What I'd like to do is set

Restrict the AWS ElasticSearch access to an auto scaling group

南楼画角 提交于 2020-01-07 06:06:55
问题 I have an AutoScaling group who must have the access to the AWS ElasticSearch Service, But as you know, using IP address as access policies will not work in this case (The ip change every time). I wonder if there is a way to use IAM Roles or Security groups to limit the access to the auto scaling group. If there is can you give me an example? Thank you in advance 回答1: You specify which IAM users or roles should have access to your domain. All requests to the domain must be signed with AWS

Restrict the AWS ElasticSearch access to an auto scaling group

房东的猫 提交于 2020-01-07 06:06:05
问题 I have an AutoScaling group who must have the access to the AWS ElasticSearch Service, But as you know, using IP address as access policies will not work in this case (The ip change every time). I wonder if there is a way to use IAM Roles or Security groups to limit the access to the auto scaling group. If there is can you give me an example? Thank you in advance 回答1: You specify which IAM users or roles should have access to your domain. All requests to the domain must be signed with AWS

Grant EC2 instance access to S3 Bucket

偶尔善良 提交于 2019-12-24 02:04:55
问题 I want to grant my ec2 instance access to an s3 bucket. On this ec2 instance, a container with my application is launched. Now I don't get permission on the s3 bucket. This is my bucket policy { "Version": "2012-10-17", "Id": "Policy1462808223348", "Statement": [ { "Sid": "Stmt1462808220978", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::714656454815:role/ecsInstanceRole" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::bucket-name/*", "Condition": { "IpAddress": { "aws

Allow lambda to access particular s3 bucket in serverless config

好久不见. 提交于 2019-12-21 20:42:35
问题 How can I allow specific lambda to access to a particular s3 bucket in the serverless.yml? For example, I am porting file upload functionality to lambda by using serverless. To upload a file to a particular s3 bucket, I need to allow lambda to access to that s3 bucket. How can I do this in the serverless.yml? 回答1: From Serverless Framework - AWS Lambda Guide - IAM: To add specific rights to this service-wide Role, define statements in provider.iamRoleStatements which will be merged into the

AWS S3 Trying to understand permission given to a Policy

删除回忆录丶 提交于 2019-12-11 22:05:46
问题 I'm trying to create a policy to be used by an application deployed in a ECS, to getObject/Put/Delete some files inside the bucket. The policy i'm creating looks like this: { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:DeleteObject", "s3:PutObjectAcl", "s3:ListBucket", "s3:ListMultipartUploadParts", "s3:PutObject", "s3:GetObject", "s3:ListBucketVersions", "s3:ListBucketMultipartUploads" ], "Resource": [ "arn:aws:s3:::name-of-bucket", ] But i still get Access

AWS IAM applicable policies and attached entities

无人久伴 提交于 2019-12-11 17:09:09
问题 After asking this question I did some digging and found a couple of policies with: { "Effect":"Allow", "Action":"*", "Resource":"*" } in them. Reading through the policies evaluation logic page again the second step stands out to me: Evaluate all applicable policies. The first part of my question is: How does AWS determine what policies are applicable? To my understanding this is done by looking at the Principle and/or Resource keys. BUT: in IAM these policies have attached entities which are