Stack Overflow
Stack Overflow

Questions tagged [aws-access-policy]

48 questions
6
votes
3 answers

AWS Cross Account SNS Publish

We have two accounts 111111111111 and 222222222222. Requirement - Account 111111111111 will create a snapshot of a RDS on a daily basis. Once the snapshot is taken, we want account 111111111111 to publish to the SNS topic created in account…
DaDeem
  • 161
  • 1
  • 2
  • 5
5
votes
1 answer

Can't create/delete/publish Lambda on Amazon (aws), getting 403 Access denied

Faced with unknown before issue on my aws root account : When i trying to create/delete lambda through the aws site - it shows me 403 error. Almost the same, when trying to delete created before lambdas : Last create lambda was about 2 months ago,…
Nigrimmist
  • 10,289
  • 4
  • 52
  • 53
5
votes
3 answers

What is difference between aws:SourceAccount and aws:SourceOwner AWS SNS access policy statements

AWS documentation has examples of different SNS access control configurations. There are two similar configuration examples: The first one allows to publish notifications from another account's S3 bucket to SNS topic: { "Effect": "Allow", …
Aleksei Chernenkov
  • 991
  • 1
  • 8
  • 23
5
votes
2 answers

Message isn't sent to SQS when I specify Principal in access policy

I have an infrastructure where SNS topic sends messages to SQS (using SNS subscription of course). When I setup the following access policy it works. { "Version": "2012-10-17", "Id": "__default_policy_ID", "Statement": [ { "Sid":…
AlexeyBogdan
  • 98
  • 10
5
votes
1 answer

Add multiple domain access policy to AWS Elasticsearch Service (Static IP and Lambda ARN)

After setting up AWS Elasticsearch, I installed Logstash and Kibana proxy on a static IP server, and added this domain access policy on ES and it's working fine: { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect":…
Jubba Smail
  • 1,201
  • 11
  • 15
3
votes
1 answer

Boto3: How to assume IAM Role to access other account

Looking for some guidance with regards to uploading files into AWS S3 bucket via a python script and an IAM role. I am able to upload files using BOTO3 and an aws_access_key_id & aws_secret_access_key for other scripts. However, I have now been…
MdM
  • 81
  • 2
  • 9
3
votes
1 answer

AWS SNS topic access policy does not prevent from users to subscribe

I have the access policy set up like the below for an SNS topic. I thought I have allowed only the user2 to subscribe to the topic but user1 can subscribe the topic. How can I configure this for what I want to do? { "Version": "2008-10-17", …
jiminssy
  • 2,149
  • 6
  • 28
  • 45
3
votes
1 answer

Access AWS Elasticsearch from AWS Beanstalk

I have an Elasticsearch Service instance on AWS and an Elastic Beanstalk one. I want to give read-only access to beanstalk however beanstalk doesn't have a static ip address be default and with a bit of googling it is too much trouble to add one. I…
user9801251
3
votes
1 answer

How get object and operation from AWS access denied exception in javascript?

Any aws service can throw AcceeDenied Exception. Which is logged like that: somePromise.catch((err) => { console.error(`Failed to store logs into CloudWatch`, err); callback(err); }) Cloud watch logs show: { "errorMessage": "Access…
Cherry
  • 31,309
  • 66
  • 224
  • 364
2
votes
0 answers

AWS: Enforce MFA for Console users but not CLI

I am trying to give admin rights to a specific user group and enforcing MFA for the same group. MFA should be only enforced for console users though, not when using the AWS CLI. These are the policies I have been testing with: Policy 1 -…
Oleg
  • 654
  • 1
  • 7
  • 16
2
votes
1 answer

SNS and SQS access problem, no messages received

I've been through the AWS SNS/SQS subscription instructions multiple times, and have gone through a few different blogs and StackOverflow posts trying various things. However, no matter how many times I try to publish a message to SNS and…
JackR
  • 141
  • 10
2
votes
1 answer

Certificate chain for AWS ACM using Cloudflare

I'm trying to Import a certificate from Cloudflare using the AWS Web UI and I'm stuck in this page: I read that the equivalent in Cloudflare to Certificate Chain is Origin Certificates (not 100% sure on this), so I created one and chose the RSA…
ElKePoN
  • 822
  • 11
  • 21
2
votes
2 answers

AWS S3 Bucket Policy - Only Allow Certain File Types In Folder

I have a specific folder in my bucket that I would like to restrict to only certain file types. I currently have the following: { "Version": "2012-10-17", "Id": "Policy1464968545158", "Statement": [ { "Sid":…
Lloyd Banks
  • 35,740
  • 58
  • 156
  • 248
2
votes
2 answers

AWS API Gateway Policy to only allow a specific host URL to access

I have configured an API Gateway endpoint in AWS, and am trying to secure it using its access policy. I am aware that it's possible to limit the access of the endpoint to specific IP addresses, but is it also possible to restrict access based on…
himi64
  • 1,069
  • 3
  • 12
  • 23
1
vote
1 answer

Grant cross account access to dynamodb table without using sts:AssumeRole

Essentially, I want an Iam role from AccountA to be able to manage a dynamodb table in AccountB, but the deployment that I am using does not support sts:AssumeRole (not my choice). I faced this same issue with an S3, but I was able to add an S3…
Pugs08
  • 21
  • 5
1
2 3 4