Stack Overflow
Stack Overflow

Questions tagged [amazon-iam]

AWS Identity and Access Management (IAM) is an access control service for Amazon Web Services. Tag questions about using the AWS CLI, writing JSON for IAM, and using IAM SDKs.

IAM is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. Use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

5421 questions
290
votes
3 answers

How to test credentials for AWS Command Line Tools

Is there a command/subcommand that can be passed to the aws utility that can 1) verify that the credentials in the ~/.aws/credentials file are valid, and 2) give some indication which user the credentials belong to? I'm looking for something generic…
smitelli
  • 6,835
  • 3
  • 31
  • 53
266
votes
5 answers

How to choose an AWS profile when using boto3 to connect to CloudFront

I am using the Boto 3 python library, and want to connect to AWS CloudFront. I need to specify the correct AWS Profile (AWS Credentials), but looking at the official documentation, I see no way to specify it. I am initializing the client using the…
Nader A. Jabbar
  • 2,856
  • 2
  • 12
  • 7
241
votes
24 answers

AccessDenied for ListObjects for S3 bucket when permissions are s3:*

I am getting: An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied When I try to get folder from my S3 bucket. Using this command: aws s3 cp s3://bucket-name/data/all-data/ . --recursive The IAM permissions…
user1411335
  • 3,139
  • 3
  • 18
  • 24
203
votes
34 answers

How can I resolve the error "The security token included in the request is invalid" when running aws iam upload-server-certificate?

I cd into the directory where all the pem/key files are and run the following: aws iam upload-server-certificate --server-certificate-name certificate_name --certificate-body file://webservercertificate.pem --private-key…
Killesk
  • 2,734
  • 3
  • 22
  • 29
173
votes
12 answers

The provided execution role does not have permissions to call DescribeNetworkInterfaces on EC2

When I input any code in this function (e.g. console.log();) and click "Save", an error occurs: The provided execution role does not have permissions to call DescribeNetworkInterfaces on EC2 exports.handler = (event, context, callback) => { …
fish
  • 2,173
  • 2
  • 13
  • 18
154
votes
4 answers

Quick way to get AWS Account number from the AWS CLI tools?

Looking for a quick way to pull my account number, I had originally thought of using aws iam get-account-authorization-details --max-items 1 but there are several issues with doing it this way. Is there a way to do this that might not cross account…
ehime
  • 8,025
  • 14
  • 51
  • 110
137
votes
3 answers

Terraform: correct way to attach AWS managed policies to a role?

I want to attach one of the pre-existing AWS managed roles to a policy, here's my current code: resource "aws_iam_role_policy_attachment" "sto-readonly-role-policy-attach" { role = "${aws_iam_role.sto-test-role.name}" policy_arn =…
Shorn
  • 19,077
  • 15
  • 90
  • 168
134
votes
3 answers

Difference between AWS Elastic Container Service's (ECS) ExecutionRole and TaskRole

I'm using AWS's CloudFormation, and I recently spent quite a bit of time trying to figure out why the role I had created and attached policies to was not enabling my ECS task to send a message to a Simple Queue Service (SQS) queue. I realized that…
johnklawlor
  • 1,708
  • 2
  • 13
  • 15
126
votes
9 answers

AccessDeniedException: User is not authorized to perform: lambda:InvokeFunction

I'm trying to invoke a lambda function from node. var aws = require('aws-sdk'); var lambda = new aws.Lambda({ accessKeyId: 'id', secretAccessKey: 'key', region: 'us-west-2' }); lambda.invoke({ FunctionName: 'test1', Payload:…
Arjun Komath
  • 2,802
  • 4
  • 16
  • 24
120
votes
2 answers

How long should I wait after applying an AWS IAM policy before it is valid?

I'm adding and removing AWS IAM user policies programmatically, and I'm getting inconsistent results from the application of those policies. For example, this may or may not succeed (I'm using the Java 1.6.6 SDK): Start with a user that can read…
Ed Norris
  • 4,233
  • 5
  • 27
  • 29
115
votes
3 answers

How to convert a private key to an RSA private key?

Let me explain my question first. I bought a certificate from a CA and used the following format to generate the csr and the private key: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr When I open the server.key file, I…
Silent User
  • 2,657
  • 7
  • 29
  • 36
108
votes
7 answers

Proper access policy for Amazon Elastic Search Cluster

I've recently started using the new Amazon Elasticsearch Service and I can't seem to figure out the access policy I need so that I can only access the services from my EC2 instances that have a specific IAM role assigned to them. Here's an example…
hartfordfive
  • 1,275
  • 2
  • 11
  • 18
105
votes
17 answers

Unable to select Custom SSL Certificate (stored in AWS IAM)

I am going to create a new distribution at CloudFront. Already I have uploaded my SSL certificate at AWS IAM using AWS CLI. That certificate appears in the Custom SSL Certificate dropdown on new distribution page but it is DISABLED. Can someone tell…
theGeekster
  • 6,081
  • 12
  • 35
  • 47
99
votes
6 answers

How enable access to AWS STS AssumeRole

I am getting an error when calling to assume role method of STS. It says that the user is not authorized to perform sts:AsumeRole on resource xxx. I did the following: I created a role to access to S3 bucket. I ran a test over policy simulator and…
Vladimir Venegas
  • 3,894
  • 5
  • 25
  • 45
91
votes
6 answers

AWS CloudFormation Stack update error: Requires capabilities : [CAPABILITY_IAM]

When creating a stack with CloudFormation, I get this error: Stack update error: Requires capabilities : [CAPABILITY_IAM] I can't find a template for adding CAPABILITIES_IAM to the CloudFormation configuration. What are the options for resolving…
Eric Nord
  • 4,674
  • 3
  • 28
  • 56
1
2 3
99 100