Stack Overflow
Stack Overflow

Questions tagged [aws-policies]

223 questions
12
votes
1 answer

AWS - Give readonly permissions for all services

Is there a way in AWS to give readonly permissions to all services via a central policy? Currently, am forced to do this per service, like for IAM below - { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action":…
sppc42
  • 2,994
  • 2
  • 31
  • 49
10
votes
1 answer

Why is sts:AssumeRole in the Trust Policy and not the Permissions Policy of a role?

I am new to AWS, but from my understanding a role contains both a permissions policy and a trust policy. The permissions policy seems pretty straight forward - What you can do. IE: "iam:CreatePolicy", "iam:GetRole", …
SteelerKid
  • 304
  • 1
  • 4
  • 15
6
votes
3 answers

How to insert a variable inside an AWS policy in terraform

I have a policy defined in terraform for AWS resources like so: device-status-policy = <
Mamun
  • 2,322
  • 4
  • 27
  • 41
6
votes
1 answer

Different between transfer:HomeFolder and transfer:HomeDirectory in AWS policies

When creating a scope-down policy for users in an AWS Transfer SFTP server, one can use the policy variables ${transfer:HomeFolder} and ${transfer:HomeDirectory} in that policy, according to the documentation. However, I couldn't find any…
Björn Pollex
  • 75,346
  • 28
  • 201
  • 283
5
votes
2 answers

Administrator cannot encrypt/decrypt in AWS KMS

I am using the Key Management service (KMS) in AWS and am currently setting up key policies. I created two roles KmsUser and KmsAdmin and attached the following key policy to my CMK: { "Version": "2012-10-17", "Statement": [ { "Sid":…
mat
  • 1,645
  • 15
  • 36
4
votes
0 answers

Access denied to S3 bucket with s3-bucket-ssl-requests-only bucket policy

I am running an application on AWS EKS cluster and one of the pods has access to my S3 bucket. It works fine until I add a bucket policy. When I add s3-bucket-ssl-requests-only bucket policy (like this one:…
jtcnw
  • 81
  • 1
  • 4
4
votes
3 answers

failed to satisfy constraint: Member must satisfy regular expression pattern: [\w+=,.@-]+

I am trying to apply a policy for an identity pool in AWS. I am using awc-cli to set up the policy but it constantly gives me this exception from the title: An error occurred (InvalidRequestException) when calling the AttachPrincipalPolicy…
Angel Hadzhiev
  • 664
  • 2
  • 6
  • 20
4
votes
0 answers

AWS Bucket Policy permissions to Load Balancer denied

So far my S3 Bucket policy looks like this which I have got from the Generator Policy, I included my Account ID as the Principle to generate the policy but when I go to add this within my Load Balancer attributes it says that "Access Denied for…
asd32324
  • 63
  • 3
4
votes
2 answers

Include tags on aws_iam_policy resource on Terraform

I'm trying to create a policy following the Terraform documentation resource "aws_iam_policy" "policy" { name = "test_policy" path = "/" description = "My test policy" policy = jsonencode({ Version = "2012-10-17" …
fpaganetto
  • 55
  • 5
4
votes
0 answers

How can I set default authorizer for all function in serverless.yml

I have a problem with policy size of jwt authorizer lambda function so I want to reduce policy size by config serverless.yml file to generate policy using wildcard(*) instead. Can I set global authorizer for all functions in serverless.yml. Here is…
Bunpot Darawankul
  • 155
  • 1
  • 10
4
votes
2 answers

What are the permission required for EC2 create Instance

I am trying to create a policy for giving the user the permission to create Ec2 instance but I dont wan't to give all the permission inside write. Please verify if these permissions are enough or if some permission is extra { "Version":…
HMT
  • 2,093
  • 1
  • 19
  • 51
4
votes
2 answers

Why is Role switching not allowed when logged in as AWS root user?

As per AWS documentation here - You cannot switch roles when you sign in as the AWS account root user. If we go by AWS best practices i.e. not to use root user to perform actions, this restriction makes sense & supports why AWS does not allow role…
Abhishek Palakkal Kaliyath
  • 567
  • 9
  • 23
4
votes
1 answer

Why is my AWS IoT SDK thing shadow update request timing out using the Node SDK?

Following an AWS example here and referencing a balena.io example, I'm attempting to to get a "thing" (currently a script on my Mac) to update a thing shadow on AWS. I'm getting close. So far I can successfully register interest in a thing shadow…
Christopher Stevens
  • 1,214
  • 17
  • 32
4
votes
2 answers

How to attach Cognito Identity ID to the AWS IoT Policy?

I am trying to make a connection between AWS IoT and my React JS APP. I followed this tutorial (https://medium.com/serverlessguru/serverless-real-time-reactjs-app-aws-iot-mqtt-17d023954045), and it is not clear to me how to attach the Cognito…
Jose Guilherme
  • 325
  • 8
  • 16
3
votes
3 answers

Decoding an Encrypted Authorization/Error message in AWS

Some actions that involve IAM permissions may return a Client.UnauthorizedOperation responses.
Pamoda
  • 146
  • 1
  • 7
1
2 3
14 15