All Questions
Tagged with amazon-s3 amazon-iam
43
questions
1
vote
1
answer
379
views
AWS IAM: deny users from creating policies on specific resources
I want to be able to give my admin users the permission to create policies in IAM, but I want to make sure that they aren't able to create a policy that affects a specific resource.
To be more ...
- 113
0
votes
0
answers
62
views
Mimic user permissions on AWS EC2 instances using IAM roles
I'm setting up an AWS account with several users. Each of these users has policies attached that restrict their access to specific S3 buckets/objects and the EC2 instance types / Autoscaling Groups ...
- 101
0
votes
0
answers
29
views
How to assign an IAM role having the same permission set as the IPs have?
How to update the IAM policy below so that the IAM role, arn:aws:iam::7574333677569:role/dev-abc-webserver, also have permissions?
{
"Version": "2012-10-17",
"Id":...
- 59
1
vote
1
answer
1k
views
RDS PostgreSQL Import+Export to/from S3
Is it possible to enable both importing and exporting with an RDS PostgreSQL instance to an S3 bucket? I've been able to use the following pattern to enable one or the other with consistent success:
...
- 394
1
vote
1
answer
1k
views
S3 access control based on bucket tags
i hope you can help me out. I have read a couple of docs now, and I am still unsure whether this actually works.
I want to give access in different levels to AWS users based on S3 tags.
Example:
S3 ...
- 203
0
votes
1
answer
814
views
AWS Policy to Read/write RDS
In my scenario , I want a policy that will allow reading and writing of abc-database-backups/rds/postgresql-backup on S3? We'll want the my servers to have that access added.
Is creating a role and ...
- 1
0
votes
1
answer
150
views
S3 Logs event Issue
Is there a way to see what actions the 'g2' IAM user is performing in S3, and which IP(s) they are running from? I have already enabled the logging of S3 actions.
One point I’m still not able to ...
- 81
0
votes
2
answers
248
views
Best Practice for AWS IAM access keys for use with AWS SDK
I want to know the best practice used by big company's for programmatic access for multiple AWS services as there are multiple programs needing access to different-2 services so how it is managed? Did ...
- 49
1
vote
0
answers
3k
views
Converting specific folder of S3 into browsable directory list without making it public
I have a bucket that I'd like to access using a browser similar to http://data.openspending.org/
and I'd like only a subfolder to be visible.
So if Bucket1 has multiple folders, I only wanna show and ...
- 113
1
vote
1
answer
1k
views
AWS S3 Policy: One non-public bucket, separate sub-folders for each user, restricted access
at the moment I'm struggling how to create a secure policy for my Amazon S3 bucket.
My plan is to have one bucket with several sub-folders for separate (IAM) users.
Access should only be ...
2
votes
2
answers
1k
views
s3 bucket/IAM user policy "Deny takes priority above all other access"?
Two policies, got one "Deny", I should not be able to do any operations to bucket,
but I can still list and view bucket objects. Why? Thanks
S3 bucket policy
{
"Sid": "...
- 21
0
votes
1
answer
2k
views
Access Denied using S3 upload function
I have a lambda function with the following policy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket"
],
"...
- 121
0
votes
1
answer
301
views
Grant access to role in another AWS account to all objects in my bucket
So I want to grant a role that exists in account A the get-object permission on items in a bucket owned by account B.
I read The AWS docs' example policies and created a bucket policy like this:
{
...
- 101
0
votes
1
answer
784
views
What permissions are required to run AWS TransferUtility?
Using the AWS .NET SDK's TransferUtility, I can download files using an access key ID for myself, but when I set up a restricted user with read-only access, I get "The remote server returned an error: ...
- 91
1
vote
0
answers
447
views
AWS organization accounts, full AWS access, and S3 permissions
I have an Organization that has three accounts in it, and I have attached a FullAWSAccess control policy to one of those accounts A. This policy grants * action to * resources.
A logged in to the AWS ...
- 141
2
votes
2
answers
15k
views
How can I 'aws s3 sync' two buckets, which are located in different accounts
I'm trying to use 'aws s3 sync' on the awscli between two accounts.
Account A, I own. Account B, Owned by a third party.
Account B has given a user:jon on account A permission to a bucket through a ...
- 21
5
votes
1
answer
8k
views
AWS Permissions: Lambda access Denied to S3
I have created a Lambda Python function through AWS Cloud 9 but have hit an issue when trying to write to an S3 bucket from the Lambda Function. When I test in Cloud 9 the Python codes runs fine and ...
- 53
0
votes
1
answer
638
views
Can I use existing AWS IAM role to create S3 bucket via Cloudformation template?
I want to create a S3 Bucket via CloudFormation template. I found there is a way to do it for EC2 instance on this link.
Do we have a way to create S3 bucket using existing IAM role via ...
0
votes
1
answer
544
views
How can I create Cloudtrail trail to log events of only a specific user/resource
How can we monitor API usage only a specific user in Amazon-Web-Services.
I tried creating Cloudtrail trail but it logs events of all users' all activity to the s3 bucket I configured to log it to.
I ...
- 101
1
vote
2
answers
1k
views
Reverting S3 BucketPolicy
I was playing around with AWS S3 BucketPolicy. My intention was to allow access to bucket only to my username. I wrote following incorrect policy:
{
"Id": "Policy1542608345364",
"Version": "2012-...
- 111
4
votes
2
answers
2k
views
Restrict access to S3 bucket folders to specific website users? (not using IAM Users)
I have a website where users need to log in. They can upload and delete their own pictures BUT these pictures are supposed to be private so images are not set to public that anyone can view.
I know ...
- 341
1
vote
1
answer
147
views
How would I determine that an S3 bucket and key is accessible to a redshift cluster?
I'm trying to determine if there is a connection from a redshift cluster is possible between a S3 bucket+key and a redshift cluster. Additionally I would love to find out if it has read and/or write ...
- 357
6
votes
2
answers
2k
views
AWS elastic beanstalk: Errno 404 downloading file from S3 on deployment
I'm following the docs on fetching certificates from s3 when a new instance is deployed to elastic beanstalk. The instructions are fairly straightforward: create a config file under app-root/....
- 211
0
votes
1
answer
261
views
IAM user policy to RW to specific folders
I am trying out CloudBerry Drive tool to attach S3 buckets as my network drive. I have a bucket and 2 folders inside that, assuming the bucket name as environment and 2 folders as dev and prod. I have ...
- 764
1
vote
1
answer
1k
views
Minimum AWS policy actions required for retrieving Glacier files through S3?
I'm trying to create a policy for an IAM account that will allow an employee to have full read permissions for our S3 (lifecycled to Glacier) buckets, with no unnecessary write abilities as to avoid ...
- 123
2
votes
2
answers
7k
views
How to find owner of a aws account with account number
I inherited a couple of AWS environments. I have been recently doing security audits of s3 and found several policies with principals containing aws account numbers I don't know and nobody at my ...
- 63
2
votes
1
answer
6k
views
IAM Policy + S3 bucket tag conditions
Attempting to use a tag at the bucket level to use in an IAM policy that would give individuals xyz access inside the bucket. Seems like it should be possible: AWS documentation.
Here is the actual ...
- 235
1
vote
1
answer
3k
views
AWS S3 access denied to actual object when simulator says access is allowed
I have a user, I'll call Alfred User, with attached IAM policy as follows
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
...
- 2,608
1
vote
1
answer
551
views
Allow access to S3 bucket via VPC or via console?
I want my S3 bucket to be accessible in two ways:
Via the console when I'm logged in, so I can modify files
Via EC2 instances in a certain VPC (IAM roles are set up correctly for this)
Here's the ...
- 575
0
votes
1
answer
110
views
can I attach IAM role to instance after launching it?
Getting error :
root@omp_affiliate_backend ~]# s3cmd get s3://admarvel-noc/all-users/nrpe-plugins.tar.gz .
s3://admarvel-noc/all-users/nrpe-plugins.tar.gz -> ./nrpe-plugins.tar.gz [1 of 1]
ERROR:...
- 277
0
votes
0
answers
350
views
How to not conflict between policies on AWS?
I'm trying to make my AWS environment safer. So, I just created a bucket, no modifications at all, on S3, and want to give a minimal set of permission to my application users.
So, I have created an ...
- 190
2
votes
1
answer
2k
views
Access S3 bucket from my EC2 instance using CF::Init via IAM role not working
I have a CloudFormation template I'm using to set up an ECS cluster and I am trying to drop some config files onto the box using CloudFormation::Init on the ASG and pulling them out of S3.
"...
- 1,199
0
votes
1
answer
327
views
Create AWS S3 bucket upload policy
I want to be able to let AWS upload billing CSV to S3. This requires an IAM policy. I have one IAM user that I gave AmazonS3FullAccess. In the bucket properties I can add a policy. Then a policy ...
- 571
0
votes
1
answer
872
views
Amazon S3 putObject bucket policy
I am trying to create a User who only has access to PutObject to an S3 bucket called "desking".
In IAM I have created a User, and applied this policy:
{
"Version": "2012-10-17",
"Statement": ...
- 111
1
vote
1
answer
4k
views
Deploy to Elastic Beanstalk from S3 gives "You do not have permission" -- who is "You"?
I'm testing out AWS and Elastic Beanstalk and have Beanstalk running a version that was manually uploaded.
When I try to update the version via the command line, the command line returns ok but ...
- 720
5
votes
1
answer
1k
views
How can I tell where an Amazon AWS key is being used?
I have inherited an Amazon AWS environment in which the Root account key has been widely distributed for the purposes of making backups to S3 buckets.
I need to track down where the key is being used,...
- 3,489
0
votes
0
answers
72
views
How to securely allow web apps to read/write to S3? (the new way with IAM)
I've been banging my head against a wall on this for two hours. It's frustrating that Amazon has made this so complicated when it doesn't need to be.
Let's say I have a bucket called "test," and a ...
- 658
1
vote
1
answer
2k
views
Can I use an IAM role to grant my Heroku app access to my Amazon S3 bucket?
Heroku: Using AWS S3 to Store Static Assets and File Uploads suggests using my AWS security credentials to enable my Heroku app to access my Amazon S3 bucket.
However, isn't it better practice (as ...
- 799
0
votes
1
answer
300
views
Limit my S3 bucket read access to EC2 instances run by others?
For instance, if I store data in US Standard, the S3 Pricing Page indicates that it is $0.00 per GB transferred out to Amazon EC2 in the Northern Virginia Region.
And it looks like GET requests are $...
- 101
5
votes
2
answers
7k
views
Getting files from an s3 bucket using IAM role credentials
I am trying to retrieve some files from a private s3 bucket to a filesystem location elastic beanstalk ec2 instance, but with no success.
I've created a bucket named dev-config containing a file ...
- 141
25
votes
1
answer
20k
views
How to let user upload files to S3 bucket, but not overwrite or delete?
I have the following IAM policy for a user
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1395161912000",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
...
- 1,127
0
votes
3
answers
2k
views
Can I limit user access to AWS S3 buckets?
I'm working on a site that is probably destined for AWS hosting. This leads to a question about access rights to stuff that would be stored in S3 buckets:
I set up an EC2 server for the site, and an ...
- 713
10
votes
2
answers
10k
views
Give EC2 IAM role read access to S3 bucket
I have an AWS Elastic Beanstalk Rails app that I am configuring via the config script to pull some files from an S3 bucket. When I start up the application, I keep receiving the following error in the ...
- 201