Questions tagged [amazon-policy]

Amazon policy - is a document that formally states one or more permissions.

To assign permissions to a user, group, role, or resource, you create a policy, which is a document that explicitly lists permissions. In its most basic sense, a policy lets you specify the following:

Actions: what actions you will allow. Each AWS service has its own set of actions. For example, you might allow a user to use the Amazon S3 ListBucket action, which returns information about the items in a bucket. Any actions that you don't explicitly allow are denied.

Resources: which resources you allow the action on. For example, what specific Amazon S3 buckets will you allow the user to perform the ListBucket action on? Users cannot access any resources that you have not explicitly granted permissions to.

Effect: what the effect will be when the user requests access—either allow or deny. Because the default is that resources are denied to users, you typically specify that you will allow users access to resource.

For more see here

86 questions

votes

5 answers

Correct S3 Policy For Pre-Signed URLs

I need to issue pre-signed URLs for allowing users to GET and PUT files into a specific S3 bucket. I created an IAM user and use its keys to create the pre-signed URLs, and added a custom policy embedded in that user (see below). When I use the…

amazon-s3 amazon-iam amazon-policy

asked Sep 25 '16 at 15:10

alphadogg

12,762
9
54
88

votes

1 answer

Getting "Missing required field Principal" when adding policy to S3 bucket

I'm following amplify docs on how to configure Storage. When adding the policy to the document I'm getting the following error: Missing required field Principal I'm not sure why...? Policy document (from the docs): { "Version": "2012-10-17", …

amazon-s3 amazon-policy

asked Mar 30 '20 at 18:01

haxpanel

4,402
4
43
71

votes

1 answer

CloudFormation IAM Role -- AssumeRolePolicyDocument

So I'm constructing a cf stack for a role in AWS and I don't know how to go about the AssumeRolePolicyDocument field when designing a role that is not resource-based. All the examples I've tried to look up each have a specific AWS resource…

amazon-web-services aws-cloudformation amazon-iam amazon-policy

asked Jan 31 '17 at 15:55

Sam S.

votes

1 answer

AccessDenied: User is not authorized to perform: cloudfront:CreateInvalidation

I'm trying to deploy an ember app to AWS CloudFront using ember-cli-deploy and ember-cli-deploy-cloudfront. I set up my bucket and user in AWS, gave my user AmazonS3FullAccess policy. Set up my .env.deploy.production file to look like…

amazon-web-services amazon-s3 deployment amazon-cloudfront amazon-policy

asked Nov 14 '15 at 16:27

Sophie DeBenedetto

votes

2 answers

IAM Policy with `aws:ResourceTag` not supported

I am trying to create an IAM policy that gives users complete access to dynamodb with the caveat that the tables must have the tag Stage with value Dev on it. Basically you can create a table but you should add tag Stage with value Dev on it. You…

amazon-web-services amazon-iam amazon-policy

asked Nov 22 '19 at 11:41

Shwetabh Shekhar

2,608
1
23
36

votes

1 answer

Allow lambda to access particular s3 bucket in serverless config

How can I allow specific lambda to access to a particular s3 bucket in the serverless.yml? For example, I am porting file upload functionality to lambda by using serverless. To upload a file to a particular s3 bucket, I need to allow lambda to…

amazon-web-services amazon-s3 aws-lambda serverless amazon-policy

asked Jul 02 '18 at 03:31

Snipper03

1,484
4
15
29

votes

1 answer

Retain owner and file permissions info when syncing to AWS S3 Bucket from Linux

I am syncing a directory to AWS S3 from a Linux server for backup. rsync -a --exclude 'cache' /path/live /path/backup aws s3 sync path/backup s3://myBucket/backup --delete However, I noticed that when I want to restore a backup like so: aws s3…

linux amazon-web-services amazon-s3 synchronization amazon-policy

asked Dec 25 '16 at 16:48

Yevgen

votes

3 answers

AWS IAM - How to show describe policy statements using the CLI?

How can I use the AWS CLI to show an IAM policy's full body including the Effect, Action and Resource statements? "aws iam list-policies" command lists all the policies but not the actual JSON E,A,R statements contained within the policy. I could…

amazon-web-services amazon-iam aws-cli amazon-policy

asked May 24 '20 at 12:54

belfunk

votes

1 answer

Is it possible to have an "Allow" effect override a "Deny"?

I have an S3 bucket that has a structure like this: top_level_name sub_level_1 sub_level_2 sub_level_3 I would like to do a blanket Deny of all actions on top_level_name (in order to exclude IAM policies that would otherwise have access to…

amazon-web-services amazon-s3 amazon-policy

asked Apr 01 '19 at 22:54

chris.mclennon

votes

1 answer

Configuring AWS Lambda to access S3 Bucket

I just can't figure out what is wrong with my Bucket Policy in AWS. Trying to let a Lambda function to access and read an email from the S3 Bucket. But I keep getting "Access Denied" Please note that I notice the email file is being created in the…

amazon-web-services amazon-s3 aws-lambda bucket amazon-policy

asked Sep 17 '17 at 14:24

aviv

2,719
7
35
48

votes

2 answers

ERROR 1045 (28000): Access denied for user 'db_user'@'ip' (using password: YES) while connecting to a RDS DB instance using IAM DB Authentication

Following is a quick summary of the question. Read the full description section for the underlying details. Condensed description: Assume you have an IAM user already existing and the user is already able to access other AWS services, such as S3,…

amazon-web-services amazon-iam aws-cli amazon-aurora amazon-policy

asked Apr 08 '20 at 06:20

Ronnie

votes

1 answer

Can a CloudFormation nested template reach a private S3 object without Presigned URL?

In Cloudformation, a nested template must supply an https:// URL to an S3 object. It appears s3:// URLs are not supported. Stack Template Parameter Is there any way for a nested stack to work with an S3 object that does not have a public read ACL,…

amazon-web-services amazon-s3 aws-cloudformation amazon-policy

asked Jul 07 '18 at 00:34

kbluck

11,530
4
25
25

votes

3 answers

How to delete an iam policy with multiple versions on the command line with one command?

I am trying to delete a policy with multiple versions of the command line like so: function iam-list-versions () { aws iam list-policy-versions --query "Versions[].VersionId" --policy-arn $1 --output text } function iam-delete-policy-versions ()…

amazon-iam amazon-policy

asked Jun 26 '20 at 10:59

Derrops

7,651
5
30
60

votes

0 answers

Amazon Policy Generator - Policy has Invalid resource

After attempting to apply a bucket policy generated by Amazon's policy generator, I receive the error "Policy has invalid resource". Everything seems valid after using the policy documentation to check my policy's validity. Here's my simple policy…

json amazon-web-services amazon-s3 amazon-policy

asked Nov 19 '18 at 01:06

Dylan Landry

1,150
11
27

votes

1 answer

S3 bucket policy restricting to IP CIDR range

I'm attempting to restrict S3 bucket access to EC2 instances that are within a few different subnets: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Principal":…

amazon-web-services amazon-s3 amazon-ec2 amazon-policy

asked Nov 21 '17 at 17:10

Eric

2 3 4 5 6 Next