Stack Overflow
Stack Overflow

Questions tagged [aws-iam-policy]

98 questions
7
votes
4 answers

Creating custom AWS IAM actions

Can AWS IAM be used to control access for custom applications? I heavily rely on IAM for controlling access to AWS resources. I have a custom Python app that I would like to extend to work with IAM, but I can't find any references to this being…
Ethan
  • 707
  • 3
  • 8
  • 17
6
votes
1 answer

Correct way to write multiple Principal AWS in AWS IAM Role TrustEntity Relation

I am new to AWS IAM Roles. Here scenario is, I have an IAM Role (DDBReadRole) for DynamoDB read access (in Account P lets say). And we have 2 lambda execution roles L1,L2 in Account B, Account C respectively. Now these 2 lambda executions roles need…
parhau
  • 87
  • 2
  • 7
3
votes
2 answers

Amazon Bedrock class can't load my credentials when called via Lambda function

So I created a lambda function for a script that essentially that allows a user to pass a query to amazon titan LLM on Amazon bedrock. Here is the content of my main.py file in my deployment package. from langchain.llms.bedrock import Bedrock import…
Mustapha Unubi Momoh
  • 125
  • 1
  • 9
2
votes
1 answer

AWS CDK: Property 'policy' does not exist on type 'IKey': TypeScript

I'm creating an app in AWS CDK that has a KMS IKey with an IAM policy with PolicyStatements attached. My code doesn't attach them to the PolicyDocument, however when it comes back to me, it has two PolicyStatements that are effectively the same with…
bensonnd
  • 21
  • 2
1
vote
1 answer

Restrict RDS IAM DB Auth to specific db users

Referring to the doc https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.html, below command can be used to generate auth token for a user and use it to login to the database aws rds generate-db-auth-token…
Visa2Learn
  • 13
  • 3
1
vote
1 answer

IAM Policy for Parameter Store using Parameter tag

I am quite new to whole AWS ecosystem so please bear with me. I am trying to come up with IAM policy by which I will allow certain groups to manage parameters in AWS Systems Manager Parameter Store. I will have group for each "supplier" and they…
Random Guy
  • 51
  • 5
1
vote
1 answer

How to fix Athena GetWorkGroup permission error while accessing the console

I created an access policy based on least privileges so that the user is only able to run queries in an Athena workgroup, called "finance-analyst-dev": { "Version": "2012-10-17", "Statement": [ { "Sid": "S3Permissions", "Effect":…
Luís Gama
  • 13
  • 3
1
vote
0 answers

AWS Lambda Alias in Role Policy

Is there a way to design a Lambda execution role policy to restrict access by using Lambda alias name. For example, I want to have an alias "Prod" and only executions of function with that alias would have permissions to write to a particular…
Aleksandr Krymskiy
  • 48
  • 4
1
vote
0 answers

How can I create an IAM policy on AWS Secrets Manager to grant a group least privilege access. I only grant access to secrets created or owned. Thnx(:

How can I create an IAM policy on AWS Secrets Manager to only give a group/role least privilege access. I want them to only access the secrets they created and own and not any other secrets. Thank you for your help or guidance in advance ! I have…
samaws
  • 11
  • 1
1
vote
1 answer

Using aws:ResourceTag in conditions on an IAM policy for lambda functions does not work

I need a role assigned to developers to only be able to read lambda functions that have specific tags. To do this, I have assigned the following tags on all resources: Tag Value team developers, devops, etc... environment dev, stg,…
Álvaro
  • 21
  • 4
1
vote
1 answer

AWS S3 restrict access based on object age

I know I can allow date based access to S3 files, however is it possible to allow access to certain files in S3 by the age of the object itself? E.g. something like: { "Version": "2012-10-17", "Statement": [ { "Effect":…
pyCthon
  • 11,746
  • 20
  • 73
  • 135
1
vote
1 answer

How do you grant permission to a child account for SAML provider of other account?

I will start by stating that I have no experience configuring cross account permissions.(trying to remedy that) I have set up a multi account infrastructure in AWS. I have a root account that has the SAML provider and it successfully allows me to…
Lewis Ayers
  • 11
  • 2
1
vote
1 answer

How to create an AWS IAM role with JSON formatted trust policy string from a variable

I am trying to create an AWS IAM role, supplying the assume role trust policy from a JSON formatted string instead of a JSON file. More specifically, in aws iam create-role command, when I use the option --assume-role-policy-document…
Rafiq
  • 1,380
  • 4
  • 16
  • 31
1
vote
1 answer

AWS Policy that allows only one SSO user to access a resource

We are in a process to move all of our IAM users to aws SSO we used to have this IAM policy for sagemaker : " { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", …
Dvir
  • 13
  • 3
1
vote
1 answer

Dynamic permission policy to access sqs queue based from name

I want to create a dynamic permission policy with attributes substitution that allows access to respective customer's queue (indicated as part of the SQS queue name) For example: SQS queue name:…
unacorn
  • 827
  • 10
  • 27
1
2 3 4 5 6 7