aws-iam | 易学教程

Terraform provisioned IAM user created with IAM Console access disabled

阅读更多关于 Terraform provisioned IAM user created with IAM Console access disabled

问题 I'm generating credentials via keybase.io PGP in my Terraform config. I can confirm access via aws-cli is successful for the new user. However, Console access remains disabled. Is there a way to create a user with Terraform with the console access enabled? I appreciate that's a bit of an anti-pattern for Terraform, but I'd like my new user to be able to log in to the Console UI to validate/debug. UPDATE 1 Terraform module: https://registry.terraform.io/modules/terraform-aws-modules/iam/aws/0

What is the ARN of an assumed role assumed by a Lambda function?

阅读更多关于 What is the ARN of an assumed role assumed by a Lambda function?

问题 I am trying to use the NotPrincipal element in my bucket policy to explicitly deny access to my s3 bucket while whitelisting a particular lambda that accesses the bucket. I specified the role ARN and assumed role ARN for the lambda's role in the NotPrincipal element: "arn:aws:iam::{Account ID}:role/service-role/{Lambda role name}", "arn:aws:sts::{Account ID}:assumed-role/{Lambda role name}/{role session name}" This doc explains the structure of the assumed role ARNs: https://docs.aws.amazon

Getting permissions exception when calling amazondax service

阅读更多关于 Getting permissions exception when calling amazondax service

问题 I'm using the amazondax service from an AWS Lambda method, and getting an exception that indicates missing permissions - but I don't know what permissions are necessary for this. Both the Lambda method and my DAX cluster are setup with the same VPC subnets and security groups. I'm getting the following exception: [ERROR] 2018-12-11T23:06:50.457Z 70c80374-fd99-11e8-bac1-318371e7b8ed Failed to retrieve endpoints Traceback (most recent call last): File "/var/task/amazondax/Cluster.py", line 211,

Configure EMR to use s3a instead of s3 for spark.sql calls

阅读更多关于 Configure EMR to use s3a instead of s3 for spark.sql calls

问题 All my calls to spark.sql("") fails with the error in the stacktrace (1) below Update - 2 I have zeroed in on the problem, it is AccessDenied for sts:AssumeRule, any leads appreciated User: arn:aws:sts::00000000000:assumed-role/EMR_EC2_XXXXX_XXXXXX_POLICY/i-3232131232131232 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::00000000000:role/EMR_XXXXXX_XXXXXX_POLICY When the same location is accessed with spark.read.parquet("s3a://xxx.xxx-xxx-xx.xxxxx-xxxxx/xxx/") I was

Signature4 signing for elastic search in aws

阅读更多关于 Signature4 signing for elastic search in aws

问题 I'm using the aws managed elasticsearch/ I'm using the high-level java client for elastic search. Is there a way to use aws signature4 signing for the requests made with the high level client? 回答1: All you need to do perform the signing calculations and add the appropriate headers to your request. See Examples: Signature Calculations in AWS Signature Version 4 for Java and C# examples. I took took this code and put my own interface on top: import net.craigcaulfield.awsutils.signing.auth

AWS RDS MySQL connection using IAM Role is not working

阅读更多关于 AWS RDS MySQL connection using IAM Role is not working

问题 Would like to inform upfront that I am new to AWS in general. For my project I am trying to use AWS RDS MySQL using IAM Authentication (IAM Role) from a Java application deployed on Tomcat on an EC2 instance. Before trying it from Java I am trying it from the command prompt on the EC2 instance. I am following this link to do it: https://aws.amazon.com/premiumsupport/knowledge-center/users-connect-rds-iam/ I have done the following so far (please pardon if I am not using correct terminologies)

Create a single IAM user to access only specific S3 bucket

阅读更多关于 Create a single IAM user to access only specific S3 bucket

问题 I have many S3 buckets in my AWS account. But now I created an IAM user and a new S3 bucket, I would like to give this user the ability to access the new S3 bucket using a client like CyberDuck. I tried to create so many policies. But after that this user getting permission to list all my other buckets also. How can I give access to listing and writing access to a single S3 bucket? 回答1: First you create a Policy to allow access to a single S3 bucket (IAM -> Policies -> Create Policy). You can

Create a single IAM user to access only specific S3 bucket

阅读更多关于 Create a single IAM user to access only specific S3 bucket

I have many S3 buckets in my AWS account. But now I created an IAM user and a new S3 bucket, I would like to give this user the ability to access the new S3 bucket using a client like CyberDuck. I tried to create so many policies. But after that this user getting permission to list all my other buckets also. How can I give access to listing and writing access to a single S3 bucket? First you create a Policy to allow access to a single S3 bucket (IAM -> Policies -> Create Policy). You can use AWS Policy Generator ( http://awspolicygen.s3.amazonaws.com/policygen.html ), it should look something

Accessing AWS RDS using IAM Authentication and Spring JDBC (DataSource and JdbcTemplace)

阅读更多关于 Accessing AWS RDS using IAM Authentication and Spring JDBC (DataSource and JdbcTemplace)

I am not able to figure out how to implement this. Any help and/or pointers will be greatly appreciated. Currently, my Java/Spring application backend is deployed on EC2 and accessing MySQL on RDS successfully using the regular Spring JDBC setup. That is, storing database info in application.properties and configuring DataSource and JdbcTemplate in @Configuration class. Everything works fine. Now, I need to access MySQL on RDS securely . RDS instance has IAM Authentication enabled. I have also successfully created IAM role and applied inline policy . Then, following the AWS RDS documentation