Category "amazon-iam"

AWS Secrets Manager Resource Policy to Deny all roles Except one Role

I have a secret in secrets manager and there are multiple IAM roles in the system. I only want only one role to access the scecret. Unfortunately there are some

How can I restrict my AWS SES verified domain to only a specific VPC IP range?

I have a verified domain that works with the IAM user I have created. Emails go out successfully. I am looking to lock this down, so I have first created a VPC

Amplify API REST with AWS_IAM: Request failed with status code 403

I'm trying to execute API calls from ReactNative AWS Amplify to API Gateway endpoint using AWS_IAM authorization. I do it by calling (all Amplify initialization

aws cli fails to return a role policy

I am copying the name of a policy a created (and attached to a role) and running the following command: ▶ aws iam get-role-policy --role-name MyRole --po

S3 programmatic access via Java

I'd need to create out of my Java program a private S3 bucket and an IAM user that is allowed to access that bucket only. So I'd have some admin account creden

Create AWS Lambda function using Terraform

I faced with a problem concerning of creation of Lambda function using Terraform. I tried to follow a standard documentation of Terraform to configure it, but i

RDS Proxy IAM role unable to retrieve credentials from secret

I am trying to implement a proxy to our Aurora RDS instance, but having difficulty getting the IAM access to work properly. We have a microservice in an ECS con

User cannot get resource "services" in API group - Jenkins pipeline EKS deployment

I'm trying to deploy my docker image into the cluster using Jenkins. my Jenkins application is running in an EC2 ubuntu server. Initially, when I tried I was ge

Attributes for access control are null on AWS Identity Pool

Short question: How should I map user attributes of a user pool to IAM PrincipalTag? I'm trying to access my API with credentials from an Identity Pool. My iden

Cross account access to a CodeArtifact repo

I have an IAM user in account A with admin privileges and arn:aws:iam::aws:policy/AWSCodeArtifactReadOnlyAccess attached for good measure. The iam user from acc

The IAM authentication failed for the role postgres. Check the IAM token for this role and try again

I'm facing a hard time connecting Python Lambdas to RDS proxy. I have rest api that has a few Javascript and python lambdas and I manage and deploy everything u

How enable access to AWS STS AssumeRole

I am getting an error when calling to assume role method of STS. It says that the user is not authorized to perform sts:AsumeRole on resource xxx. I did the fo

AWS S3/IAM CORS/Prefetch error when Uploading Image

I'm having problems setting up an S3 and IAM so that I can upload media files to the bucket. I've been following a video (https://www.youtube.com/watch?v=yGYeYJ

clone AWS codecommit repo via HTTP

I have set 2 repositories in AWS Codecommit and using before SourceTree from Windows, setting up access via HTTP protocol was and everything was working fine.

Athena queries between tables in different accounts

I can individually access two different Athena tables using two different IAM roles because each lie in different accounts. Is there a way to run a single quer

Restrict Lambda function URL access to CloudFront

AWS have recently released the Lambda function URLs feature which allows a function to be invoked via a URL. I would like to allow my function to be invoked via

AWS IAM Lambda "is not authorized to perform: lambda:GetFunction"

When I have my IAM Policy for my lambda execution role set to: { "Version": "2012-10-17", "Statement": [ { "Action": [

Why is my access denied on s3 (using the aws-sdk for Node.js)?

I'm trying to read an existing file from my s3 bucket, but I keep getting "Access Denied" with no explanation or instructions on what to do about it. Here is th

IAM Role + Boto3 + Docker container

As far I as I know, boto3 will try to load credentials from the instance metadata service. If I am running this code inside a EC2 instance I expected to hae no