aws-access-policy

问题 Faced with unknown before issue on my aws root account : When i trying to create/delete lambda through the aws site - it shows me 403 error. Almost the same, when trying to delete created before lambdas : Last create lambda was about 2 months ago, and about month ago my free tier was expired, i got email. But how it is relates - don't know, all should work fine, but no. Also, i can create/delete dynamoDB tables without any issues, for example. The same 403 i am receiving when trying to

问题 Faced with unknown before issue on my aws root account : When i trying to create/delete lambda through the aws site - it shows me 403 error. Almost the same, when trying to delete created before lambdas : Last create lambda was about 2 months ago, and about month ago my free tier was expired, i got email. But how it is relates - don't know, all should work fine, but no. Also, i can create/delete dynamoDB tables without any issues, for example. The same 403 i am receiving when trying to

问题 Faced with unknown before issue on my aws root account : When i trying to create/delete lambda through the aws site - it shows me 403 error. Almost the same, when trying to delete created before lambdas : Last create lambda was about 2 months ago, and about month ago my free tier was expired, i got email. But how it is relates - don't know, all should work fine, but no. Also, i can create/delete dynamoDB tables without any issues, for example. The same 403 i am receiving when trying to

问题 In my use case, I want to access DynamoDB table created in AWS account A and Lambda created in account B. For this I have followed many references on Internet which suggests me to use AWS assume role feature. I have added following permission in Lambda execution role { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::aws-account-A-number:role/test-db-access" } } Following is the trust relationship of Lambda { "Version": "2012-10

问题 I have an SQS to which i want to limit the access of services allowed to send/receive. After reading and trying out I have found that this should be doable by using an Access Policy on the SQS. The policy i wrote: "Version": "2012-10-17", "Id": "arn:aws:sqs:eu-west-1:123456789:HACKsqs03/SQSDefaultPolicy", "Statement": [ { "Sid": "Sid456789", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789:role/HACKiam01" }, "Action": "SQS:ReceiveMessage", "Resource": "arn:aws:sqs:eu-west-1